Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a "Sirefef.EV trojan"


  • This topic is locked This topic is locked
23 replies to this topic

#1 OpenCover

OpenCover

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 23 July 2012 - 08:10 PM

Hello and thank you in advance for volunteering to help! Recently I did battle with the "Live Security Platinum" virus by following steps given in a forum post on this website. I used RKill and Malwarebyte's Antimalware to remove it. However my computer still seems to be infected with another virus. Everytime I boot my computer, ESET antivirus alerts me of an attack from "a variant of the Win32/Sirefef.ev trojan", which has something in working memory that it was unable to delete. I also occasionally get redirected when surfing the web, so presumably my computer is infected with multiple viruses. Here are the logs!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Justin at 20:17:55 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.2124 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Justin\QvodPlayer\QvodTerminal.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PPStream\PPSAP.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QvodExtend: {a8502600-b272-4f68-a67b-a0305d46d297} - c:\users\justin\qvodplayer\QvodExtend.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QvodTerminal] "c:\users\justin\qvodplayer\QvodTerminal.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
LSP: mswsock.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{9E93FB58-655F-4895-A900-39C69EE3317E} : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{9E93FB58-655F-4895-A900-39C69EE3317E}\A43525 : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{E63A7659-506F-4C67-8396-73CB8C3AD3C8} : DhcpNameServer = 24.25.5.60 24.25.5.61
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\1kqp0c0c.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\justin\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\users\justin\qvodplayer\npQvodInsert.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ARUpdate;Tencent AddressBar Update Service;c:\program files\tencent\addrupdate\AddrUpdate.exe [2012-4-25 116624]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-20 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-13 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2012-5-12 9856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-20 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 VKbms;Razer Gaming Device;c:\windows\system32\drivers\VKbms.sys [2012-5-12 10240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-24 96896]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-11-12 25832]
S3 krait03;Razer krait USB Filter Driver;c:\windows\system32\drivers\krait.sys [2010-4-16 13324]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
S3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1343400]
.
=============== Created Last 30 ================
.
2012-07-23 23:58:10 73728 ----a-w- c:\windows\system32\DeathAdder.cpl
2012-07-23 16:58:54 -------- d-----w- c:\users\justin\appdata\local\{20B3E565-F91F-49CE-ACF4-24233302CB6F}
2012-07-23 16:58:31 -------- d-----w- c:\users\justin\appdata\local\{2057FCFA-39C9-484F-8ED6-47313BEF8993}
2012-07-23 04:58:06 -------- d-----w- c:\users\justin\appdata\local\{3FF173AF-A152-450C-9FF4-C28E5BF25D72}
2012-07-22 16:57:41 -------- d-----w- c:\users\justin\appdata\local\{0A8EB867-91BE-4931-98AE-3AECB584E47C}
2012-07-22 16:57:30 -------- d-----w- c:\users\justin\appdata\local\{2EB669EF-9BBE-441C-93B8-81FA83282430}
2012-07-22 04:52:00 -------- d-----w- c:\users\justin\appdata\local\{29CF0630-D6B2-4AC3-BABD-44F60EDD4AF2}
2012-07-21 14:18:49 -------- d-----w- c:\users\justin\appdata\local\{188413CF-CB14-4E58-8CCA-E52CCEDD3F17}
2012-07-21 14:18:32 -------- d-----w- c:\users\justin\appdata\local\{36675937-F27F-4CED-8112-8D5189B4B18A}
2012-07-21 02:16:47 -------- d-----w- c:\users\justin\appdata\local\{922CBCD1-5D23-4BD3-987C-F636395936C8}
2012-07-21 02:16:24 -------- d-----w- c:\users\justin\appdata\local\{F36605C0-5600-4FD5-A1F2-A2B854B5F050}
2012-07-21 01:18:39 -------- d-----w- c:\users\justin\appdata\roaming\Malwarebytes
2012-07-21 01:18:14 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 01:18:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 01:18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 00:51:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-21 00:27:42 -------- d-----w- c:\programdata\6C82D12302CE71A5D90EB4E5F875F020
2012-07-20 14:15:57 -------- d-----w- c:\users\justin\appdata\local\{6FD0706B-BD4A-45E3-AD3C-326C6B166DB9}
2012-07-20 14:15:35 -------- d-----w- c:\users\justin\appdata\local\{021AD44F-25D9-404E-86B4-3C0B59F70824}
2012-07-20 13:44:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9de906e0-b3e0-4dc8-800e-3742ee40fdd6}\mpengine.dll
2012-07-20 02:15:10 -------- d-----w- c:\users\justin\appdata\local\{7F2CEE65-8DD6-4DE7-8119-437C97318F64}
2012-07-20 02:14:59 -------- d-----w- c:\users\justin\appdata\local\{F508E76E-0F22-4F66-8FE5-949729640C32}
2012-07-19 14:14:42 -------- d-----w- c:\users\justin\appdata\local\{F7C7A32D-ED62-4EA3-B5F6-8DA5F3E1B073}
2012-07-19 14:14:17 -------- d-----w- c:\users\justin\appdata\local\{ED8A5B4B-1AB8-4F37-B2CF-7FA744CEA05B}
2012-07-19 01:01:54 -------- d-----w- c:\users\justin\appdata\local\{C5CD362C-D6DC-4A58-A946-1FEBC68F0F78}
2012-07-19 01:01:32 -------- d-----w- c:\users\justin\appdata\local\{9D107F6A-7E04-49A2-98D9-7AED0F78F75D}
2012-07-18 13:01:00 -------- d-----w- c:\users\justin\appdata\local\{45721EA5-ADAE-42A0-9BEF-A1D42E4B6BE6}
2012-07-18 13:00:44 -------- d-----w- c:\users\justin\appdata\local\{9AA82212-CFAE-4100-B501-C5C29679885C}
2012-07-17 13:49:36 -------- d-----w- c:\users\justin\appdata\local\{10308D26-9D67-41AD-86BA-21BD64EBEFCD}
2012-07-17 13:49:22 -------- d-----w- c:\users\justin\appdata\local\{0E0623FD-F491-4B33-A842-009281EEEDAD}
2012-07-16 14:46:24 -------- d-----w- c:\users\justin\appdata\local\{59CE8A86-A365-42C5-A687-0C63CC7C89DB}
2012-07-16 14:46:09 -------- d-----w- c:\users\justin\appdata\local\{D8C52CDA-6153-476A-9A50-4A1B7EC57CFF}
2012-07-16 01:37:53 -------- d-----w- c:\users\justin\appdata\local\{658B1334-E9A5-4887-810F-562EBB724FE4}
2012-07-15 13:37:22 -------- d-----w- c:\users\justin\appdata\local\{74F19CE6-954F-47F5-B17B-56F5B12D4B59}
2012-07-15 13:37:08 -------- d-----w- c:\users\justin\appdata\local\{CE95384A-85A0-4EBC-9605-BABDFCDE6396}
2012-07-14 23:34:25 -------- d-----w- c:\users\justin\appdata\local\{3A930954-B077-41AF-A117-834DE02A8B4C}
2012-07-14 23:34:10 -------- d-----w- c:\users\justin\appdata\local\{F88B5473-D6FF-4AD0-B5FD-AED212268457}
2012-07-13 14:19:33 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-13 14:19:33 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-13 14:19:33 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-13 14:19:33 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-13 14:19:33 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-13 14:19:33 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-07-13 14:19:33 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-13 13:34:41 -------- d-----w- c:\users\justin\appdata\local\{327D5347-F990-4778-8143-95FDD3D5EC8A}
2012-07-13 13:34:19 -------- d-----w- c:\users\justin\appdata\local\{DD688006-CA40-4762-AFB8-790E69F895E1}
2012-07-12 14:41:27 -------- d-----w- c:\users\justin\appdata\local\{4DA15DC4-9CBA-4105-BD6E-38EFAF26730B}
2012-07-12 14:41:12 -------- d-----w- c:\users\justin\appdata\local\{083B382D-3D2E-47FB-8593-4A8E58BC6301}
2012-07-12 06:58:28 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:43:47 -------- d-----w- c:\users\justin\appdata\local\{50EFBDA7-98BF-47E6-9690-2B051DFDC8FC}
2012-07-11 14:43:30 -------- d-----w- c:\users\justin\appdata\local\{5B14121F-9022-4DD4-B6A7-7C868943BC13}
2012-07-10 14:19:07 -------- d-----w- c:\users\justin\appdata\local\{593DFA81-A154-4CCC-9DDA-59FAEEC1B6C7}
2012-07-10 14:18:45 -------- d-----w- c:\users\justin\appdata\local\{3D523838-12A4-48A3-ADD7-0B59FCCD2DB2}
2012-07-09 13:27:35 -------- d-----w- c:\users\justin\appdata\local\{852CF4AD-7049-4FED-A630-761A6FD6391E}
2012-07-09 13:27:17 -------- d-----w- c:\users\justin\appdata\local\{43D4325B-E83E-4DD7-85F2-BB69263D51F8}
2012-07-08 15:22:55 -------- d-----w- c:\users\justin\appdata\local\{3720DE39-881B-4655-ACF8-839DD443B605}
2012-07-08 15:22:33 -------- d-----w- c:\users\justin\appdata\local\{C3D48CC0-65E5-4558-BDF4-6129FF667502}
2012-07-08 03:22:08 -------- d-----w- c:\users\justin\appdata\local\{95E5F777-6865-4E05-B43B-5E9336F1C166}
2012-07-07 15:21:35 -------- d-----w- c:\users\justin\appdata\local\{A4EEF465-4D6D-4432-B555-87427EA8D725}
2012-07-07 15:21:17 -------- d-----w- c:\users\justin\appdata\local\{0A0D9B16-F69F-49D2-A726-217A2E50518C}
2012-07-06 04:03:36 -------- d-----w- c:\users\justin\appdata\local\{F7E1CFDB-1C29-4F71-93B7-7BE9389CB8B8}
2012-07-06 04:03:07 -------- d-----w- c:\users\justin\appdata\local\{88B178D7-5BB9-4D0F-B9A2-BF40F34F000C}
2012-07-05 16:02:41 -------- d-----w- c:\users\justin\appdata\local\{A29D2CA4-A65E-4D84-907C-9B92019CCF4D}
2012-07-05 16:02:18 -------- d-----w- c:\users\justin\appdata\local\{EC6621F0-F1BC-4056-8D82-0AA1FD5F0116}
2012-07-05 04:01:52 -------- d-----w- c:\users\justin\appdata\local\{C8D10A71-B4CB-4758-810E-DB433BD26DAD}
2012-07-05 04:01:40 -------- d-----w- c:\users\justin\appdata\local\{C0C32151-97CB-43B1-B541-A8F0D0D1BE6E}
2012-07-04 15:19:01 -------- d-----w- c:\users\justin\appdata\local\{E9A1BE70-8CC4-4A98-B28D-6ED22C5C32D1}
2012-07-04 15:18:39 -------- d-----w- c:\users\justin\appdata\local\{D6A8081C-AAA9-4049-9CC8-BEB1E4438ACE}
2012-07-04 03:18:13 -------- d-----w- c:\users\justin\appdata\local\{75D293D4-1724-4551-A26E-1BE8EFFD65F1}
2012-07-04 03:18:01 -------- d-----w- c:\users\justin\appdata\local\{F19FE737-B638-4DEA-8A67-0D40904401CF}
2012-07-03 11:58:42 -------- d-----w- c:\users\justin\appdata\local\{365BC0CC-6FC0-4372-8195-4ED145104F84}
2012-07-03 11:58:26 -------- d-----w- c:\users\justin\appdata\local\{CAB7B11A-0049-4F84-AB47-287E87ABBDA0}
2012-07-02 12:50:14 -------- d-----w- c:\users\justin\appdata\local\{9DC5B79A-580D-4D00-A38C-784A38C512EE}
2012-07-02 12:49:56 -------- d-----w- c:\users\justin\appdata\local\{56961A2D-0A39-459D-9669-659BCBB546F6}
2012-07-01 14:19:00 -------- d-----w- c:\users\justin\appdata\local\{49F694DA-5076-414F-84BB-13C8B3F7C505}
2012-07-01 14:18:46 -------- d-----w- c:\users\justin\appdata\local\{E7E4E275-A2D3-46B5-A1C0-89053DCFC47E}
2012-07-01 02:12:02 -------- d-----w- c:\users\justin\appdata\local\{8F7874AA-78FD-4D0B-9DF5-2E70AA0D82FF}
2012-06-30 14:11:28 -------- d-----w- c:\users\justin\appdata\local\{5C7C18BB-212C-4A05-B937-A36EA47E46FD}
2012-06-30 14:11:09 -------- d-----w- c:\users\justin\appdata\local\{ACF6CE59-14CE-4835-86A2-1280A493B152}
2012-06-29 13:07:54 -------- d-----w- c:\users\justin\appdata\local\{490F400C-1EF4-4C74-B831-224631B1B1CA}
2012-06-29 13:07:31 -------- d-----w- c:\users\justin\appdata\local\{30C6D1D0-2290-4B0D-A53D-50606AF1D59F}
2012-06-28 13:12:48 -------- d-----w- c:\program files\AutoHotkey
2012-06-28 13:02:20 -------- d-----w- c:\users\justin\appdata\local\{C4FA4D59-3B0B-4DEB-B51C-8D5634EDB0D9}
2012-06-28 13:01:58 -------- d-----w- c:\users\justin\appdata\local\{7CF5F106-E72F-4043-BE7A-F130337E388D}
2012-06-27 20:17:22 -------- d-----w- c:\users\justin\appdata\local\{3BC2FA6F-8801-4272-A2B4-B1CA52675EB1}
2012-06-27 20:17:08 -------- d-----w- c:\users\justin\appdata\local\{F69D117F-572B-487C-9967-6A0485262F83}
2012-06-27 03:00:19 -------- d-----w- c:\users\justin\appdata\local\{CCC2D970-34E6-4828-9184-2C084A15DD18}
2012-06-27 03:00:02 -------- d-----w- c:\users\justin\appdata\local\{25AC0959-3E33-4F80-8EC4-EDFAEE65145E}
2012-06-26 12:22:46 -------- d-----w- c:\users\justin\appdata\local\{7C7AECC4-1B2E-4D7F-8585-514A0D84641B}
2012-06-26 12:22:32 -------- d-----w- c:\users\justin\appdata\local\{92B33C9E-FDA1-4459-90A5-468FB1D06DA3}
2012-06-25 22:59:09 -------- d-----w- c:\users\justin\appdata\local\{4B7BB7AA-BA3D-4EB7-8E91-9F30DAF41EA2}
2012-06-25 22:58:46 -------- d-----w- c:\users\justin\appdata\local\{A1D9918D-84F4-4525-9EB4-9EAADAD0953B}
2012-06-24 15:46:20 -------- d-----w- c:\users\justin\appdata\local\{A94762FB-C7E9-4759-9749-4F6C8E51EA61}
2012-06-24 15:46:08 -------- d-----w- c:\users\justin\appdata\local\{5023B86D-5F37-47AA-B867-C6F0FAD51814}
.
==================== Find3M ====================
.
2012-07-11 21:36:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 21:36:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 21:21:10 770384 ----a-w- c:\windows\system32\msvcr100.dll
2012-07-03 21:21:10 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 15:53:26 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-27 15:53:26 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 06:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 20:18:26.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 24 July 2012 - 10:50 AM

please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 OpenCover

OpenCover
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 25 July 2012 - 11:07 PM

Hello and thank you for the quick response! Unfortunately no amount of f8 seems to work while starting up, I've tried both holding it down and tapping as fast as I can from the moment I turn on the computer. However f12 will get me to the BIOS screen. Even more unfortunate is I no longer have my windows cd available. A number of buttons like f9 and del also work while starting up all for different options, but can't seem to figure out how to get to command prompt.

Edited by OpenCover, 25 July 2012 - 11:07 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 26 July 2012 - 08:18 AM

The Recovery Environment may not be pre-installed on your machine

If you don't have your installation disk, then you can make one that will allow you access to the recovery environment

follow the instructions here: (it can be made from any Windows 7 machine)

http://www.howtogeek.com/howto/5409/create-a-system-repair-disc-in-windows-7/

Edited by CatByte, 26 July 2012 - 08:19 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 02 August 2012 - 03:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 04 August 2012 - 02:37 PM

This topic has been re-opened at the request of the person who originally posted.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 OpenCover

OpenCover
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 August 2012 - 03:06 PM

Thank you for reopening, here are the results of the frst scans:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 04-08-2012 14:24:51
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2145000 2010-03-24] (ESET)
HKLM\...\Run: [] [x]
HKLM\...\Run: [QvodTerminal] "C:\Users\Justin\QvodPlayer\QvodTerminal.exe" -autorun [1042320 2012-04-19] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [395144 2011-05-17] (Ask)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Justin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Justin\...\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe [214408 2010-02-23] (PPStream Inc)
HKU\Justin\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1353080 2012-08-03] (Valve Corporation)
HKU\Justin\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130

================================ Services (Whitelisted) ==================

2 ARUpdate; C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe /Service [116624 2012-03-30] (Tencent)
2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
2 CntvCBoxService; "C:\Program Files\CNTV\CBox\CntvCBoxService.exe" [1241000 2012-07-23] (???????)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [33560 2010-03-24] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [810120 2010-03-24] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 ExpatShieldService; C:\Program Files\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
2 ExpatSrv; C:\Program Files\Expat Shield\HssWPR\hsssrv.exe [363336 2012-01-04] (AnchorFree Inc.)
3 ExpatTrayService; C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
2 ExpatWd; C:\Program Files\Expat Shield\bin\hsswd.exe -product Expat [329544 2012-01-04] ()
2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1373576 2012-02-28] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1262400 2012-05-15] (NVIDIA Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-05-14] (NVIDIA Corporation)
3 DAUpdaterSvc; c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]

========================== Drivers (Whitelisted) =============

3 danewFltr; C:\Windows\System32\drivers\danew.sys [9856 2010-02-08] (Razer (Asia-Pacific) Pte Ltd)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133512 2010-03-24] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [114984 2010-03-24] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96896 2010-03-24] (ESET)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2012-01-04] (AnchorFree Inc.)
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [83296 2008-11-04] (JMicron Technology Corp.)
3 krait03; C:\Windows\System32\Drivers\krait.sys [13324 2005-12-07] (Razer (Asia-Pacific) Pte Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-13] ()
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
3 VKbms; C:\Windows\System32\DRIVERS\VKbms.sys [10240 2010-09-30] (Windows ® Win 7 DDK provider)
3 gdrv; \??\C:\Windows\gdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-04 07:13 - 2012-08-04 07:13 - 00000000 ____D C:\Users\Justin\AppData\Local\{C81348BC-AE1C-42A9-96A3-19C12AB6CED6}
2012-08-04 07:12 - 2012-08-04 07:13 - 00000000 ____D C:\Users\Justin\AppData\Local\{D274CDD9-5302-41F3-9DB4-1FB260A36C3F}
2012-08-03 19:12 - 2012-08-03 19:12 - 00000000 ____D C:\Users\Justin\AppData\Local\{81EC01AA-1A1B-47A4-AEA1-08E470720686}
2012-08-03 19:11 - 2012-08-03 19:12 - 00000000 ____D C:\Users\Justin\AppData\Local\{91AE49C5-450F-46C8-B86D-BE97D6A9AE54}
2012-08-03 07:11 - 2012-08-03 07:11 - 00000000 ____D C:\Users\Justin\AppData\Local\{C65822EE-1CC2-445D-BF1A-38A864AD099A}
2012-08-03 07:11 - 2012-08-03 07:11 - 00000000 ____D C:\Users\Justin\AppData\Local\{6B779C41-46E6-4ABD-AB55-2F8319FED393}
2012-08-02 19:10 - 2012-08-02 19:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{C1C3EEFE-8496-46CA-B999-91B939D512FE}
2012-08-02 19:10 - 2012-08-02 19:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{9ACD4A16-4DC2-46C2-BF20-60ACD14A81DA}
2012-08-02 07:09 - 2012-08-02 07:09 - 00000000 ____D C:\Users\Justin\AppData\Local\{520A47D8-2A64-4C32-9D65-121BC3089C98}
2012-08-02 07:09 - 2012-08-02 07:09 - 00000000 ____D C:\Users\Justin\AppData\Local\{405C30A0-1F58-4AD6-92DC-1C34C40102A3}
2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____D C:\Users\Justin\AppData\Local\{1289DDD2-30F0-43E1-8F9F-A110D14D7811}
2012-08-01 15:01 - 2012-08-01 15:02 - 00000000 ____D C:\Users\Justin\AppData\Local\{6BBE9092-CD4C-4022-964C-5E1B50E7B0BD}
2012-07-31 18:10 - 2012-07-31 18:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{4480D427-422F-4E3B-A361-AA651C47C689}
2012-07-31 18:10 - 2012-07-31 18:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{3C89A4FD-EC9A-4BC5-8AE0-E83EDC84AD61}
2012-07-31 06:09 - 2012-07-31 06:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{84BAF35D-F32A-45BF-BCFE-05079F154A58}
2012-07-31 06:09 - 2012-07-31 06:09 - 00000000 ____D C:\Users\Justin\AppData\Local\{38D62CF7-BCBE-45AB-9310-667D06195793}
2012-07-30 07:12 - 2012-07-30 07:12 - 00000000 ____D C:\Users\Justin\AppData\Local\{4BF10E0D-24D7-4C31-9772-95F862A01665}
2012-07-30 07:11 - 2012-07-30 07:12 - 00000000 ____D C:\Users\Justin\AppData\Local\{140D030D-2AE4-4F87-8C39-21EC84258BCE}
2012-07-29 19:11 - 2012-07-29 19:11 - 00000000 ____D C:\Users\Justin\AppData\Local\{E0AE0E94-BC10-4247-B024-85BF42A38E59}
2012-07-29 19:11 - 2012-07-29 19:11 - 00000000 ____D C:\Users\Justin\AppData\Local\{6EFB4E6D-8CC8-49C3-AABB-AAC6D3C44974}
2012-07-29 07:10 - 2012-07-29 07:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{9A547E90-3C4D-4EF8-8019-590161EEC982}
2012-07-29 07:09 - 2012-07-29 07:10 - 00000000 ____D C:\Users\Justin\AppData\Local\{39ACD784-71F1-4809-A5AF-3199966EF0CD}
2012-07-28 19:09 - 2012-07-28 19:09 - 00000000 ____D C:\Users\Justin\AppData\Local\{B6D8B97E-AC0A-4A63-AA46-0871881B872A}
2012-07-28 14:10 - 2012-07-28 14:10 - 00000000 ____D C:\Expat Shield
2012-07-28 14:09 - 2012-07-28 14:10 - 00000000 ____D C:\Program Files\Expat Shield
2012-07-28 14:09 - 2012-07-28 14:09 - 06990832 ____A C:\Users\Justin\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
2012-07-28 14:09 - 2012-07-28 14:09 - 00272072 ____A C:\Users\Justin\Downloads\DM-232.exe
2012-07-28 07:09 - 2012-07-28 07:09 - 00000000 ____D C:\Users\Justin\AppData\Local\{6FE487CB-F6B7-4393-ACF9-BAE40796EFBC}
2012-07-28 07:08 - 2012-07-28 19:09 - 00000000 ____D C:\Users\Justin\AppData\Local\{73AC93BD-997E-4612-A47B-3318F42AED28}
2012-07-27 15:53 - 2012-07-27 15:53 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-07-27 13:57 - 2012-07-27 13:57 - 09622688 ____A C:\Users\Justin\Downloads\SopCast-3.5.0.exe
2012-07-27 13:57 - 2012-07-27 13:57 - 00000949 ____A C:\Users\UpdatusUser\Desktop\SopCast.lnk
2012-07-27 13:57 - 2012-07-27 13:57 - 00000949 ____A C:\Users\Justin\Desktop\SopCast.lnk
2012-07-27 13:57 - 2012-07-27 13:57 - 00000000 ____D C:\Program Files\SopCast
2012-07-27 13:14 - 2012-07-27 13:18 - 00000000 ____D C:\Users\Justin\AppData\Roaming\CBox
2012-07-27 13:14 - 2012-07-27 13:14 - 00000000 ____D C:\Users\All Users\CBox
2012-07-27 13:14 - 2012-07-27 13:14 - 00000000 ____D C:\Program Files\CNTV
2012-07-27 13:12 - 2012-07-27 13:12 - 06384024 ____A (???????) C:\Users\Justin\Downloads\cboxbeta2.3.0.0.exe
2012-07-27 07:19 - 2012-07-27 07:19 - 00000000 ____D C:\Users\Justin\AppData\Local\{ED64B1BF-34D8-4656-89CE-FC73A527B96B}
2012-07-27 07:18 - 2012-07-27 07:19 - 00000000 ____D C:\Users\Justin\AppData\Local\{3814A23C-1DAE-42A2-9A0C-90D84E7366D5}
2012-07-25 19:30 - 2012-07-25 19:30 - 00000000 ____D C:\Users\Justin\AppData\Local\{A7E32AE0-65A7-423E-9EAD-3C125CDBE199}
2012-07-25 19:29 - 2012-07-25 19:30 - 00000000 ____D C:\Users\Justin\AppData\Local\{38FA52A3-B683-4551-A48B-64948F6A45EF}
2012-07-24 17:34 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Justin\AppData\Local\{D9D2589E-7CF9-4543-B4A1-37F2A8713625}
2012-07-24 17:33 - 2012-07-24 17:34 - 00000000 ____D C:\Users\Justin\AppData\Local\{514A69E9-38C8-4678-95E9-87F953E0EAF2}
2012-07-24 16:45 - 2012-07-24 16:45 - 00892822 ____A (Farbar) C:\Users\Justin\Downloads\FRST.exe
2012-07-24 05:33 - 2012-07-24 05:33 - 00000000 ____D C:\Users\Justin\AppData\Local\{FAEAF377-3879-4C3A-B20F-67E616AD70CE}
2012-07-24 05:33 - 2012-07-24 05:33 - 00000000 ____D C:\Users\Justin\AppData\Local\{BF53E078-5D0D-47F4-98F4-E6F485D150E7}
2012-07-23 16:52 - 2012-07-23 16:52 - 00011525 ____A C:\Users\Justin\Desktop\ark.log
2012-07-23 16:22 - 2012-07-23 16:22 - 00302592 ____A C:\Users\Justin\Desktop\eisntnxr.exe
2012-07-23 16:21 - 2012-07-23 16:21 - 00007279 ____A C:\Users\Justin\Desktop\Attach.txt
2012-07-23 16:20 - 2012-07-23 16:20 - 00023167 ____A C:\Users\Justin\Desktop\DDS.txt
2012-07-23 16:17 - 2012-07-23 16:17 - 00607260 ___RA (Swearware) C:\Users\Justin\Desktop\dds.scr
2012-07-23 16:16 - 2012-07-23 16:16 - 00050477 ____A C:\Users\Justin\Downloads\Defogger.exe
2012-07-23 16:16 - 2012-07-23 16:16 - 00000000 ____A C:\Users\Justin\defogger_reenable
2012-07-23 15:58 - 2006-11-23 01:55 - 00073728 ____A (Razer Inc.) C:\Windows\System32\DeathAdder.cpl
2012-07-23 08:58 - 2012-07-23 08:59 - 00000000 ____D C:\Users\Justin\AppData\Local\{20B3E565-F91F-49CE-ACF4-24233302CB6F}
2012-07-23 08:58 - 2012-07-23 08:58 - 00000000 ____D C:\Users\Justin\AppData\Local\{2057FCFA-39C9-484F-8ED6-47313BEF8993}
2012-07-22 20:58 - 2012-07-22 20:58 - 00000000 ____D C:\Users\Justin\AppData\Local\{3FF173AF-A152-450C-9FF4-C28E5BF25D72}
2012-07-22 08:57 - 2012-07-22 20:58 - 00000000 ____D C:\Users\Justin\AppData\Local\{2EB669EF-9BBE-441C-93B8-81FA83282430}
2012-07-22 08:57 - 2012-07-22 08:57 - 00000000 ____D C:\Users\Justin\AppData\Local\{0A8EB867-91BE-4931-98AE-3AECB584E47C}
2012-07-21 20:52 - 2012-07-21 20:52 - 00000000 ____D C:\Users\Justin\AppData\Local\{29CF0630-D6B2-4AC3-BABD-44F60EDD4AF2}
2012-07-21 06:18 - 2012-07-21 20:52 - 00000000 ____D C:\Users\Justin\AppData\Local\{36675937-F27F-4CED-8112-8D5189B4B18A}
2012-07-21 06:18 - 2012-07-21 06:19 - 00000000 ____D C:\Users\Justin\AppData\Local\{188413CF-CB14-4E58-8CCA-E52CCEDD3F17}
2012-07-20 18:16 - 2012-07-20 18:16 - 00000000 ____D C:\Users\Justin\AppData\Local\{F36605C0-5600-4FD5-A1F2-A2B854B5F050}
2012-07-20 18:16 - 2012-07-20 18:16 - 00000000 ____D C:\Users\Justin\AppData\Local\{922CBCD1-5D23-4BD3-987C-F636395936C8}
2012-07-20 17:18 - 2012-07-20 17:18 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-20 17:18 - 2012-07-20 17:18 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Malwarebytes
2012-07-20 17:18 - 2012-07-20 17:18 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-20 17:18 - 2012-07-20 17:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-20 17:18 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-20 17:17 - 2012-07-20 17:17 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-20 17:15 - 2012-07-20 19:05 - 00000450 ____A C:\rkill.log
2012-07-20 17:14 - 2012-07-20 17:14 - 01012656 ____A C:\Users\Justin\Downloads\iExplore.exe
2012-07-20 17:13 - 2012-07-20 17:13 - 00001205 ____A C:\Users\Justin\Downloads\registryfix.reg
2012-07-20 16:51 - 2012-07-20 16:51 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-20 16:27 - 2012-07-20 16:35 - 00000000 ____D C:\Users\All Users\6C82D12302CE71A5D90EB4E5F875F020
2012-07-20 06:15 - 2012-07-20 06:16 - 00000000 ____D C:\Users\Justin\AppData\Local\{6FD0706B-BD4A-45E3-AD3C-326C6B166DB9}
2012-07-20 06:15 - 2012-07-20 06:15 - 00000000 ____D C:\Users\Justin\AppData\Local\{021AD44F-25D9-404E-86B4-3C0B59F70824}
2012-07-19 18:15 - 2012-07-19 18:15 - 00000000 ____D C:\Users\Justin\AppData\Local\{7F2CEE65-8DD6-4DE7-8119-437C97318F64}
2012-07-19 18:14 - 2012-07-19 18:15 - 00000000 ____D C:\Users\Justin\AppData\Local\{F508E76E-0F22-4F66-8FE5-949729640C32}
2012-07-19 06:14 - 2012-07-19 06:14 - 00000000 ____D C:\Users\Justin\AppData\Local\{F7C7A32D-ED62-4EA3-B5F6-8DA5F3E1B073}
2012-07-19 06:14 - 2012-07-19 06:14 - 00000000 ____D C:\Users\Justin\AppData\Local\{ED8A5B4B-1AB8-4F37-B2CF-7FA744CEA05B}
2012-07-18 17:01 - 2012-07-18 17:02 - 00000000 ____D C:\Users\Justin\AppData\Local\{C5CD362C-D6DC-4A58-A946-1FEBC68F0F78}
2012-07-18 17:01 - 2012-07-18 17:01 - 00000000 ____D C:\Users\Justin\AppData\Local\{9D107F6A-7E04-49A2-98D9-7AED0F78F75D}
2012-07-18 05:01 - 2012-07-18 05:01 - 00000000 ____D C:\Users\Justin\AppData\Local\{45721EA5-ADAE-42A0-9BEF-A1D42E4B6BE6}
2012-07-18 05:00 - 2012-07-18 05:00 - 00000000 ____D C:\Users\Justin\AppData\Local\{9AA82212-CFAE-4100-B501-C5C29679885C}
2012-07-17 05:49 - 2012-07-17 05:49 - 00000000 ____D C:\Users\Justin\AppData\Local\{10308D26-9D67-41AD-86BA-21BD64EBEFCD}
2012-07-17 05:49 - 2012-07-17 05:49 - 00000000 ____D C:\Users\Justin\AppData\Local\{0E0623FD-F491-4B33-A842-009281EEEDAD}
2012-07-16 06:46 - 2012-07-16 06:46 - 00000000 ____D C:\Users\Justin\AppData\Local\{D8C52CDA-6153-476A-9A50-4A1B7EC57CFF}
2012-07-16 06:46 - 2012-07-16 06:46 - 00000000 ____D C:\Users\Justin\AppData\Local\{59CE8A86-A365-42C5-A687-0C63CC7C89DB}
2012-07-15 17:37 - 2012-07-15 17:38 - 00000000 ____D C:\Users\Justin\AppData\Local\{658B1334-E9A5-4887-810F-562EBB724FE4}
2012-07-15 05:37 - 2012-07-15 17:37 - 00000000 ____D C:\Users\Justin\AppData\Local\{CE95384A-85A0-4EBC-9605-BABDFCDE6396}
2012-07-15 05:37 - 2012-07-15 05:37 - 00000000 ____D C:\Users\Justin\AppData\Local\{74F19CE6-954F-47F5-B17B-56F5B12D4B59}
2012-07-14 15:34 - 2012-07-14 15:34 - 00000000 ____D C:\Users\Justin\AppData\Local\{F88B5473-D6FF-4AD0-B5FD-AED212268457}
2012-07-14 15:34 - 2012-07-14 15:34 - 00000000 ____D C:\Users\Justin\AppData\Local\{3A930954-B077-41AF-A117-834DE02A8B4C}
2012-07-13 06:19 - 2012-05-15 02:26 - 19607872 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-07-13 06:19 - 2012-05-15 02:26 - 17551680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-13 06:19 - 2012-05-15 02:26 - 15322432 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-07-13 06:19 - 2012-05-15 02:26 - 11354944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-13 06:19 - 2012-05-15 02:26 - 05982528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-13 06:19 - 2012-05-15 02:26 - 02524992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-13 06:19 - 2012-05-15 02:26 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-13 06:17 - 2012-07-13 06:18 - 124586272 ____A (NVIDIA Corporation) C:\Users\Justin\Downloads\301.42-desktop-win7-winvista-32bit-english-whql.exe
2012-07-13 05:34 - 2012-07-13 05:34 - 00000000 ____D C:\Users\Justin\AppData\Local\{DD688006-CA40-4762-AFB8-790E69F895E1}
2012-07-13 05:34 - 2012-07-13 05:34 - 00000000 ____D C:\Users\Justin\AppData\Local\{327D5347-F990-4778-8143-95FDD3D5EC8A}
2012-07-12 06:41 - 2012-07-12 06:41 - 00000000 ____D C:\Users\Justin\AppData\Local\{4DA15DC4-9CBA-4105-BD6E-38EFAF26730B}
2012-07-12 06:41 - 2012-07-12 06:41 - 00000000 ____D C:\Users\Justin\AppData\Local\{083B382D-3D2E-47FB-8593-4A8E58BC6301}
2012-07-11 23:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 23:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 23:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 23:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 23:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 23:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 23:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 23:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 23:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 23:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 23:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 23:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 23:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 23:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 22:58 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 06:47 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 06:47 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 06:47 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 06:47 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 06:47 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 06:47 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 06:47 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 06:47 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 06:47 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 06:47 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 06:43 - 2012-07-11 06:43 - 00000000 ____D C:\Users\Justin\AppData\Local\{5B14121F-9022-4DD4-B6A7-7C868943BC13}
2012-07-11 06:43 - 2012-07-11 06:43 - 00000000 ____D C:\Users\Justin\AppData\Local\{50EFBDA7-98BF-47E6-9690-2B051DFDC8FC}
2012-07-10 06:19 - 2012-07-10 06:19 - 00000000 ____D C:\Users\Justin\AppData\Local\{593DFA81-A154-4CCC-9DDA-59FAEEC1B6C7}
2012-07-10 06:18 - 2012-07-10 06:18 - 00000000 ____D C:\Users\Justin\AppData\Local\{3D523838-12A4-48A3-ADD7-0B59FCCD2DB2}
2012-07-09 05:27 - 2012-07-09 05:27 - 00000000 ____D C:\Users\Justin\AppData\Local\{852CF4AD-7049-4FED-A630-761A6FD6391E}
2012-07-09 05:27 - 2012-07-09 05:27 - 00000000 ____D C:\Users\Justin\AppData\Local\{43D4325B-E83E-4DD7-85F2-BB69263D51F8}
2012-07-08 07:22 - 2012-07-08 07:23 - 00000000 ____D C:\Users\Justin\AppData\Local\{3720DE39-881B-4655-ACF8-839DD443B605}
2012-07-08 07:22 - 2012-07-08 07:22 - 00000000 ____D C:\Users\Justin\AppData\Local\{C3D48CC0-65E5-4558-BDF4-6129FF667502}
2012-07-07 19:22 - 2012-07-07 19:22 - 00000000 ____D C:\Users\Justin\AppData\Local\{95E5F777-6865-4E05-B43B-5E9336F1C166}
2012-07-07 07:21 - 2012-07-07 19:22 - 00000000 ____D C:\Users\Justin\AppData\Local\{0A0D9B16-F69F-49D2-A726-217A2E50518C}
2012-07-07 07:21 - 2012-07-07 07:21 - 00000000 ____D C:\Users\Justin\AppData\Local\{A4EEF465-4D6D-4432-B555-87427EA8D725}
2012-07-05 20:03 - 2012-07-05 20:03 - 00000000 ____D C:\Users\Justin\AppData\Local\{F7E1CFDB-1C29-4F71-93B7-7BE9389CB8B8}
2012-07-05 20:03 - 2012-07-05 20:03 - 00000000 ____D C:\Users\Justin\AppData\Local\{88B178D7-5BB9-4D0F-B9A2-BF40F34F000C}
2012-07-05 08:02 - 2012-07-05 08:02 - 00000000 ____D C:\Users\Justin\AppData\Local\{EC6621F0-F1BC-4056-8D82-0AA1FD5F0116}
2012-07-05 08:02 - 2012-07-05 08:02 - 00000000 ____D C:\Users\Justin\AppData\Local\{A29D2CA4-A65E-4D84-907C-9B92019CCF4D}


============ 3 Months Modified Files ========================

2012-08-04 10:15 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-04 10:15 - 2009-07-13 20:39 - 00079459 ____A C:\Windows\setupact.log
2012-08-04 10:15 - 2009-07-13 20:34 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-04 10:15 - 2009-07-13 20:34 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-04 10:14 - 2010-04-15 14:20 - 01904559 ____A C:\Windows\WindowsUpdate.log
2012-08-04 09:36 - 2012-04-03 07:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 08:33 - 2010-04-15 20:55 - 00066368 ____A C:\Users\Justin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-02 19:36 - 2012-04-03 07:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 19:36 - 2011-05-17 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-28 14:09 - 2012-07-28 14:09 - 06990832 ____A C:\Users\Justin\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
2012-07-28 14:09 - 2012-07-28 14:09 - 00272072 ____A C:\Users\Justin\Downloads\DM-232.exe
2012-07-28 07:05 - 2010-04-15 21:08 - 00073592 ____A C:\Windows\PFRO.log
2012-07-27 15:53 - 2012-07-27 15:53 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-07-27 13:57 - 2012-07-27 13:57 - 09622688 ____A C:\Users\Justin\Downloads\SopCast-3.5.0.exe
2012-07-27 13:57 - 2012-07-27 13:57 - 00000949 ____A C:\Users\UpdatusUser\Desktop\SopCast.lnk
2012-07-27 13:57 - 2012-07-27 13:57 - 00000949 ____A C:\Users\Justin\Desktop\SopCast.lnk
2012-07-27 13:12 - 2012-07-27 13:12 - 06384024 ____A (???????) C:\Users\Justin\Downloads\cboxbeta2.3.0.0.exe
2012-07-25 19:59 - 2009-07-13 18:04 - 00000403 ____A C:\Windows\win.ini
2012-07-25 19:59 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-07-24 16:48 - 2010-04-15 14:31 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 16:45 - 2012-07-24 16:45 - 00892822 ____A (Farbar) C:\Users\Justin\Downloads\FRST.exe
2012-07-23 16:52 - 2012-07-23 16:52 - 00011525 ____A C:\Users\Justin\Desktop\ark.log
2012-07-23 16:22 - 2012-07-23 16:22 - 00302592 ____A C:\Users\Justin\Desktop\eisntnxr.exe
2012-07-23 16:21 - 2012-07-23 16:21 - 00007279 ____A C:\Users\Justin\Desktop\Attach.txt
2012-07-23 16:20 - 2012-07-23 16:20 - 00023167 ____A C:\Users\Justin\Desktop\DDS.txt
2012-07-23 16:17 - 2012-07-23 16:17 - 00607260 ___RA (Swearware) C:\Users\Justin\Desktop\dds.scr
2012-07-23 16:16 - 2012-07-23 16:16 - 00050477 ____A C:\Users\Justin\Downloads\Defogger.exe
2012-07-23 16:16 - 2012-07-23 16:16 - 00000000 ____A C:\Users\Justin\defogger_reenable
2012-07-23 15:58 - 2010-04-16 15:19 - 00052102 ____A C:\Windows\DPINST.LOG
2012-07-20 19:05 - 2012-07-20 17:15 - 00000450 ____A C:\rkill.log
2012-07-20 17:18 - 2012-07-20 17:18 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-20 17:17 - 2012-07-20 17:17 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-20 17:14 - 2012-07-20 17:14 - 01012656 ____A C:\Users\Justin\Downloads\iExplore.exe
2012-07-20 17:13 - 2012-07-20 17:13 - 00001205 ____A C:\Users\Justin\Downloads\registryfix.reg
2012-07-17 05:48 - 2009-07-13 20:53 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 07:27 - 2012-06-28 05:13 - 00002095 ____A C:\Users\Justin\Documents\AutoHotkey.ahk
2012-07-13 06:18 - 2012-07-13 06:17 - 124586272 ____A (NVIDIA Corporation) C:\Users\Justin\Downloads\301.42-desktop-win7-winvista-32bit-english-whql.exe
2012-07-12 06:40 - 2009-07-13 20:33 - 00289944 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 22:58 - 2010-04-15 15:17 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 21:27 - 2012-07-03 20:53 - 00000244 ____A C:\Users\Justin\Documents\comb.txt
2012-07-03 13:21 - 2011-06-10 22:58 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2012-07-03 13:21 - 2011-06-10 22:58 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2012-07-03 09:46 - 2012-07-20 17:18 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 05:12 - 2012-06-28 05:12 - 02047357 ____A C:\Users\Justin\Downloads\AutoHotkey104805_Install.exe
2012-06-11 18:40 - 2012-07-11 22:58 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-11 06:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-11 06:47 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 06:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 06:47 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-19 02:30 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 02:30 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 02:30 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 02:29 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 02:29 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 02:30 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 02:29 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 02:29 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-19 02:29 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-11 06:47 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 06:47 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 06:47 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 06:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 06:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 08:25 - 2010-04-15 15:16 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-27 07:53 - 2012-05-27 07:53 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-27 07:53 - 2012-05-27 07:53 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-27 07:53 - 2012-05-27 07:53 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-27 07:53 - 2012-05-27 07:53 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-27 07:53 - 2010-04-15 21:32 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-15 02:26 - 2012-07-13 06:19 - 19607872 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-05-15 02:26 - 2012-07-13 06:19 - 17551680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:26 - 2012-07-13 06:19 - 15322432 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-05-15 02:26 - 2012-07-13 06:19 - 11354944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:26 - 2012-07-13 06:19 - 05982528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:26 - 2012-07-13 06:19 - 02524992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:26 - 2012-07-13 06:19 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:26 - 2012-03-13 19:33 - 00061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:26 - 2012-02-03 20:48 - 01000768 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-05-15 02:26 - 2012-02-03 20:48 - 00883008 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-05-15 02:26 - 2010-06-01 11:55 - 00011190 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:26 - 2010-04-15 15:43 - 02368832 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-05-15 02:26 - 2009-07-13 14:09 - 08105280 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-05-15 01:28 - 2010-04-03 14:27 - 03931456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:28 - 2010-04-03 14:27 - 00645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:28 - 2010-04-03 14:27 - 00108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:28 - 2010-03-15 22:15 - 00062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:27 - 2010-04-03 14:27 - 02759488 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-05-14 22:21 - 2012-05-14 22:21 - 00423744 ____A C:\Windows\System32\nvStreaming.exe
2012-05-14 22:18 - 2012-05-12 16:15 - 00002508 ____A C:\Users\Justin\Documents\StatDiff.txt
2012-05-14 21:42 - 2012-05-14 21:42 - 00784784 ____A (Solid State Networks) C:\Users\Justin\Downloads\install_reader10_en_mssa_aih.exe
2012-05-14 12:27 - 2012-05-14 12:17 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-13 13:28 - 2012-05-13 13:26 - 123137160 ____A (NVIDIA Corporation) C:\Users\Justin\Downloads\296.10-desktop-win7-winvista-32bit-english-whql(1).exe
2012-05-12 14:08 - 2012-05-12 14:08 - 07336648 ____A (Blizzard Entertainment) C:\Users\Justin\Downloads\Diablo-III-8370-enUS-Installer-downloader.exe
2012-05-12 09:44 - 2012-05-12 09:44 - 12559800 ____A C:\Users\Justin\Downloads\DeathAdder_driver_v3.05_Eng.exe
2012-05-12 09:19 - 2012-05-12 09:19 - 10652624 ____A C:\Users\Justin\Downloads\Razer_DeathAdder_BlackEdition_Driver_v1.02.exe
2012-05-11 21:19 - 2010-04-18 10:15 - 00057624 ____A C:\img2-001.raw
2012-05-11 13:28 - 2012-05-11 13:28 - 00011264 ____A C:\Users\Justin\Downloads\Copy of Calc 251,17.xls
2012-05-11 13:28 - 2012-05-11 13:28 - 00011264 ____A C:\Users\Justin\Downloads\Copy of Calc 251, 16.xls
2012-05-11 13:28 - 2012-05-11 13:28 - 00010752 ____A C:\Users\Justin\Downloads\Copy of Calc 251, 18.xls
2012-05-09 19:26 - 2012-05-09 19:26 - 00000490 ____A C:\Users\Justin\Documents\phone.txt
2012-05-08 15:07 - 2012-05-08 15:07 - 00892360 ____A (Oracle Corporation) C:\Users\Justin\Downloads\jxpiinstall(1).exe


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 6%
Total physical RAM: 8190.3 MB
Available physical RAM: 7643.47 MB
Total Pagefile: 8188.58 MB
Available Pagefile: 7655.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:596.16 GB) (Free:383.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
4 Drive e: (KINGSTON) (Removable) (Total:3.9 GB) (Free:0.85 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 8 MB
Disk 1 Online 4000 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 596 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4000 MB 2048 B

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes






Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-04 14:32:52
Running from E:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\system32\services.exe
[2008-04-14 04:00] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

C:\Windows.old\Windows\system32\dllcache\services.exe
[2008-04-14 04:00] - [2009-02-06 03:11] - 0110592 ___AC (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

C:\Windows.old\Windows\$NtUninstallKB956572$\services.exe
[2009-12-23 23:06] - [2008-04-14 04:00] - 0108544 ___AC (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\Windows.old\Windows\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-12-22 16:38] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 04 August 2012 - 03:38 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 04 August 2012 - 03:38 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 OpenCover

OpenCover
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 August 2012 - 04:20 PM

ComboFix seems to terminate prematurely. It does the intitial "extracting files" phase, but when it tried to backup the registry it stops almost immediately. I disabled my antivirus, although the virus seems to be interfering with the antivirus somehow. I dunno if this is relevant but my windows firewall isn't working correctly.

*Edit* To be more precise I never actually see any blue screen when I try to run combofix, however it did create 2 folders C:\ComboFix, C:\321788R22FWJFW. However can't find "combofix.txt" anyway.

Edited by OpenCover, 04 August 2012 - 04:25 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 04 August 2012 - 04:23 PM

yes, the virus will have damaged the firewall

try running ComboFix in safe mode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


if it still wont run, please try the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under Additional options, put a check mark in the box next to Detect TDLFS File System
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 OpenCover

OpenCover
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 August 2012 - 05:23 PM

Safemode worked, and ComboFix ran successfully. Unfortunately I didn't realize my antivirus was still running in safemode, hopefully though this didn't cause any serious problems. ESET no longer complains about a virus when I boot my computer.

ComboFix 12-08-04.02 - Justin 08/04/2012 17:50:24.1.4 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.2661 [GMT -4:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\program files\RewardsArcade
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\RewardsArcade.ico
c:\program files\RewardsArcade\RewardsArcade.ini
c:\program files\RewardsArcade\RewardsArcadeGui.exe
c:\program files\RewardsArcade\RewardsArcadeInstaller.log
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\stdtbh.dat
C:\setup.exe
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome.manifest
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\background.html
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\browser.xul
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\crossrider.js
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\crossriderapi.js
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\dialog.js
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\options.js
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\options.xul
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\search_dialog.xul
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\chrome\content\update.html
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\defaults\preferences\prefs.js
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\install.rdf
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\locale\en-US\translations.dtd
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\button1.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\button2.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\button3.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\button4.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\button5.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\crossrider_statusbar.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\icon128.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\icon16.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\icon24.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\icon48.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\panelarrow-up.png
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\popup.css
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\popup.html
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\popup_binding.xml
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\skin.css
c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\extensions\crossriderapp498@crossrider.com\skin\update.css
c:\users\Justin\AppData\Roaming\SogouExplorer
c:\users\Justin\AppData\Roaming\SogouExplorer\confdll.dll
c:\windows\$NtUninstallKB28025$
c:\windows\$NtUninstallKB28025$\1880300906\@
c:\windows\$NtUninstallKB28025$\1880300906\Desktop.ini
c:\windows\$NtUninstallKB28025$\1880300906\L\00000004.@
c:\windows\$NtUninstallKB28025$\1880300906\L\1afb2d56
c:\windows\$NtUninstallKB28025$\1880300906\L\201d3dde
c:\windows\$NtUninstallKB28025$\1880300906\L\xadqgnnk
c:\windows\$NtUninstallKB28025$\1880300906\U\00000004.@
c:\windows\$NtUninstallKB28025$\1880300906\U\00000008.@
c:\windows\$NtUninstallKB28025$\1880300906\U\000000cb.@
c:\windows\$NtUninstallKB28025$\1880300906\U\80000000.@
c:\windows\$NtUninstallKB28025$\1880300906\U\80000032.@
c:\windows\$NtUninstallKB28025$\2052282588
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\sysprep\CRYPTBASE.dll_
.
Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 22:24 . 2012-08-04 22:24 -------- d-----w- C:\FRST
2012-08-04 21:59 . 2012-08-04 22:09 -------- d-----w- c:\users\Justin\AppData\Local\temp
2012-08-04 21:59 . 2012-08-04 21:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-04 21:59 . 2012-08-04 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 21:48 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-07-28 22:10 . 2012-07-28 22:10 -------- d-----w- C:\Expat Shield
2012-07-28 22:09 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-07-28 22:09 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-07-28 22:09 . 2012-07-28 22:10 -------- d-----w- c:\program files\Expat Shield
2012-07-28 22:09 . 2012-01-05 00:31 613704 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2012-07-28 22:09 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll
2012-07-28 22:09 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll
2012-07-28 22:09 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2012-07-27 21:57 . 2012-07-27 21:57 -------- d-----w- c:\program files\SopCast
2012-07-27 21:14 . 2012-07-27 21:18 -------- d-----w- c:\users\Justin\AppData\Roaming\CBox
2012-07-27 21:14 . 2012-07-27 21:14 -------- d-----w- c:\programdata\CBox
2012-07-27 21:14 . 2012-07-27 21:14 -------- d-----w- c:\program files\CNTV
2012-07-23 23:58 . 2006-11-23 09:55 73728 ----a-w- c:\windows\system32\DeathAdder.cpl
2012-07-21 01:18 . 2012-07-21 01:18 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2012-07-21 01:18 . 2012-07-21 01:18 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 01:18 . 2012-07-21 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 01:18 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 00:51 . 2012-07-21 00:51 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-21 00:27 . 2012-07-21 00:35 -------- d-----w- c:\programdata\6C82D12302CE71A5D90EB4E5F875F020
2012-07-20 13:44 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DE906E0-B3E0-4DC8-800E-3742EE40FDD6}\mpengine.dll
2012-07-13 14:19 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-13 14:19 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-13 14:19 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-13 14:19 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-13 14:19 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-13 14:19 . 2012-05-15 10:26 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-07-13 14:19 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-12 06:58 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 03:36 . 2012-04-03 15:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 03:36 . 2011-05-17 16:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 21:21 . 2011-06-11 06:58 770384 ----a-w- c:\windows\system32\msvcr100.dll
2012-07-03 21:21 . 2011-06-11 06:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-02 22:19 . 2012-06-19 10:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 10:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 10:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 10:29 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 10:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-19 10:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-04-15 23:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 15:53 . 2012-05-27 15:53 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-27 15:53 . 2010-04-16 05:32 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-20 15:52 . 2012-05-20 15:52 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:26 . 2012-03-14 03:33 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-02-04 04:48 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-02-04 04:48 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2010-04-15 23:43 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2009-07-13 22:09 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 09:28 . 2010-04-03 22:27 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2010-04-03 22:27 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2010-03-16 06:15 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2010-04-03 22:27 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2010-04-03 22:27 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-19 14:15 . 2011-05-06 03:01 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-03 1353080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-25 2145000]
"QvodTerminal"="c:\users\Justin\QvodPlayer\QvodTerminal.exe" [2012-04-19 1042320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 ARUpdate;Tencent AddressBar Update Service;c:\program files\TENCENT\AddrUpdate\AddrUpdate.exe [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 CntvCBoxService;CNTV CBox Service;c:\program files\CNTV\CBox\CntvCBoxService.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
R2 ExpatShieldService;Expat Shield Service;c:\program files\Expat Shield\bin\openvpnas.exe [x]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\Expat Shield\HssWPR\hsssrv.exe [x]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files\Expat Shield\bin\ExpatTrayService.EXE [x]
R3 krait03;Razer krait USB Filter Driver;c:\windows\system32\Drivers\krait.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 03:36]
.
.
------- Supplementary Scan -------
.
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\1kqp0c0c.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2012-08-04 18:13:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 22:13
.
Pre-Run: 411,227,205,632 bytes free
Post-Run: 413,674,496,000 bytes free
.
- - End Of File - - C28C4ABEDA06C4B4752F6697DD158AB5

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 04 August 2012 - 05:34 PM

very good,

let's still have a look with TDSSKiller,

then run the following as well:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 OpenCover

OpenCover
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 August 2012 - 07:28 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-PC [administrator]

8/4/2012 6:45:18 PM
mbam-log-2012-08-04 (18-45-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208641
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{F400EB39-F343-1215-3FCE-20A120B07BA6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F400EB39-F343-1215-3FCE-20A120B07BA6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{F400EB39-F343-1215-3FCE-20A120B07BA6} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\Tencent\SOSOAddr\ieaddr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


Here's the ESET online log file, hope I didn't forget to press delete files or anything after it ran.

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\serial.sys.vir Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\sysprep\CRYPTBASE.dll_.vir Win32/Sirefef.EY trojan cleaned by deleting - quarantined
C:\Users\Justin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\2f331ec0-69468567 a variant of Win32/Kryptik.AJFC trojan cleaned by deleting - quarantined
C:\Users\Justin\AppData\Roaming\Tencent\QQ\Temp\Setup\QQGameHallInstall.exe Win32/PSW.QQPass.NNJ trojan cleaned by deleting - quarantined
C:\Users\Justin\Downloads\BestVideoDownloaderSetup-OL.exe multiple threats cleaned by deleting - quarantined

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:17 AM

Posted 04 August 2012 - 07:32 PM

please run TDSSKiller as well

instructions from this post

http://www.bleepingcomputer.com/forums/topic462163.html/page__view__findpost__p__2792635


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 OpenCover

OpenCover
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 August 2012 - 07:57 PM

TDSSKiller was run and found nothing.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Justin (administrator) on 04-08-2012 at 20:54:45
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

??????? 6.1??? (Version: 6.1.0.6700)
??QQ2011 (Version: 1.60.2021.0)
· (Version: 6.1.0.2)
AaAaAA!!! - A Reckless Disregard for Gravity
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Reader 9.5.1 (Version: 9.5.1)
Ask Toolbar (Version: 1.12.2.0)
Audiosurf
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
Battle for Wesnoth 1.10.2 (Version: 1.10.2)
Bing Bar (Version: 7.1.361.0)
Bloodline Champions (Version: 1.0.0)
Braid
Catan Online World (Version: 3.637)
CGoban 3
Chinese Simplified Fonts Support For Adobe Reader 9 (Version: 9.0.0)
CNTV-CBox ӿͻ (Version: )
Counter-Strike: Source
D3DX10 (Version: 15.4.2368.0902)
Diablo II
Diablo III (Version: 1.0.3.10485)
DivX Web Player (Version: 1.5.0)
Dota 2
Dragon Age: Origins - Ultimate Edition
Driver Fetch
Dungeons of Dredmor
ESET NOD32 Antivirus (Version: 4.2.40.0)
ESET Online Scanner v3
EVGA Precision 1.9.1 (Version: 1.9.1)
Expat Shield 2.25 (Version: 2.25)
Geometry Wars: Retro Evolved
Gigabyte Raid Configurer (Version: 1.00.0000)
GOM Player (Version: 2.1.28.5039)
GOMTV Plug-in (Version: 1.0.0.3)
GOMTV Streamer (Version: 1.0.0.25)
Half-Life 2: Deathmatch
HOARD
IE (Version: 3.0.3.2)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
League of Legends (Version: 1.0020)
Livestream Procaster (Version: 20.0.65)
LogMeIn Hamachi (Version: 2.1.0.166)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Maple 14 (Version: 14.0.0.0)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.21.263.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft Windows Journal Viewer (Version: 1.5.2316.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mount & Blade: Warband
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Octoshape Streaming Services
Orcs Must Die!
Plants vs. Zombies
PokerStars.net
Portal
Portal 2
PPSϷ V1.0.1.298 (Version: 1.0.1.298)
PPStream V2.7.0.1210 Final (Version: 2.7.0.1210)
Puzzle Quest 2
QvodPlayer 5.1.90 (Version: 5.1.90)
Razer DeathAdder™ Mouse (Version: 3.05)
Realtek High Definition Audio Driver (Version: 6.0.1.5780)
Recettear: An Item Shop's Tale
Sid Meier's Civilization V
Skype 5.8 (Version: 5.8.158)
sodarace kiosk
SopCast 3.5.0 (Version: 3.5.0)
StarCraft
StarCraft II (Version: 1.4.2.20141)
StarCraft II Beta (Version: 0.21.0.16094)
Steam (Version: 1.0.0.0)
Super Meat Boy
Swords and Soldiers HD
Terraria
The Elder Scrolls V: Skyrim
The Wonderful End of the World
Toki Tori
Torchlight
TygemBaduk Remove
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Ventrilo Client (Version: 3.0.5)
VLC media player 2.0.1 (Version: 2.0.1)
Vuze (Version: 4.7)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver

**** End of log ****



Farbar Service Scanner Version: 04-08-2012 01
Ran by Justin (administrator) on 04-08-2012 at 20:55:44
Running from "C:\Users\Justin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users