Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection, BSOD


  • This topic is locked This topic is locked
14 replies to this topic

#1 tcsllc

tcsllc

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 01 August 2012 - 05:05 PM

I'm working on a computer that was infected with a rootkit not sure which one as it now just BSOD when booting up. The user tried to remove it himself and I'm just trying to help out but I'm stuck at the BSOD. I went ahead and ran FRST. Here is the log.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 10:53:31
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [AoboBlocker] C:\Program Files\AoboBlocker\AoboBlocker.exe [907264 2010-01-30] (Aobo)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [643592 2009-09-25] (Avid Technology, Inc.)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [227840 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [123392 2010-07-29] (Saitek)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
HKU\Daw\...\Run: [Google Update] "C:\Users\Daw\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-16] (Google Inc.)
HKU\Daw\...\Run: [OCCAgent] C:\Program Files\OCCAgent\OCCAgent.exe [x]
HKU\Daw\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Daw\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-14] (Google Inc.)
HKU\Daw\...\Run: [Kuvva] "C:\Program Files\Kuvva\Kuvva.exe" [666112 2012-02-13] (Kuvva)
HKU\Daw\...\Run: [dsesb] rundll32.exe "C:\Users\Daw\AppData\Roaming\dsesb.dll",HrIndexOfMonth [x]
HKU\Daw\...\Run: [tuati] "C:\Windows\System32\rundll32.exe" "C:\Users\Daw\AppData\Roaming\tuati.dll",CreatePatchMesh [x]
HKU\Video\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-14] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
ShortcutTarget: NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\wpn111.exe (NETGEAR)
Startup: C:\Users\Daw\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Daw\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Daw\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Daw\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 Ad-Aware Service; "C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe" [1239952 2012-07-12] (Lavasoft Limited)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [641832 2011-09-23] (Nero AG)
2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4174336 2011-09-09] (Native Instruments GmbH)
2 PaceLicenseDServices; "C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe" [2938880 2012-05-18] (PACE Anti-Piracy, Inc.)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
2 SBAMSvc; "C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472 2011-02-28] (NVIDIA Corporation)
2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2012-01-18] (VMware, Inc.)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2012-01-18] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.)
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2012-01-18] (VMware, Inc.)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [x]
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2012-06-09] ()
3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O)
3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [302472 2009-07-27] (Avid Technology, Inc.)
3 dhdusb.NTx86; C:\Windows\System32\DRIVERS\bcmusbdhdlh.sys [238072 2008-01-08] ()
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [21144 2012-05-16] ()
1 KProcessHacker2; \??\C:\Program Files\Process Hacker 2\kprocesshacker.sys [33352 2011-08-25] (wj32)
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-06-09] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
3 MAUSBFASTTRACKULTRA; C:\Windows\System32\DRIVERS\MAudioFastTrackUltra.sys [135816 2009-09-25] (Avid Technology, Inc.)
0 NBVol; C:\Windows\System32\DRIVERS\NBVol.sys [56496 2011-07-13] (Nero AG)
0 NBVolUp; C:\Windows\System32\DRIVERS\NBVolUp.sys [12464 2011-07-13] (Nero AG)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
3 RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [9088 2009-08-22] ()
3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)
3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2010-08-10] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2010-08-10] (Saitek)
2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [77816 2011-11-29] (GFI Software)
3 sbhips; C:\Windows\System32\drivers\sbhips.sys [93816 2011-12-19] (GFI Software)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [104648 2010-04-26] (MCCI Corporation)
3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [14920 2010-04-26] (MCCI Corporation)
3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [132424 2010-04-26] (MCCI Corporation)
3 SynasUSB; C:\Windows\System32\drivers\SynasUSB.sys [23696 2010-09-17] (Steinberg Media Technologies GmbH)
0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2012-01-18] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2012-01-18] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2012-01-18] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2012-01-18] (VMware, Inc.)
2 VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [23792 2012-01-18] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2012-01-18] (VMware, Inc.)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22792 2009-09-11] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14984 2009-09-11] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66056 2009-09-11] (Logitech Inc.)
3 WPN111; C:\Windows\System32\DRIVERS\WPN111v.sys [904192 2008-08-04] (Atheros Communications, Inc.)
1 ASPI32; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 14:40 - 2012-07-29 14:42 - 60209306 ____A C:\Users\Daw\Desktop\SHD_High-Impact.zip
2012-07-29 14:32 - 2012-07-29 14:32 - 00029785 ____A C:\Users\Daw\Downloads\Yuroun_Pads.zip
2012-07-29 13:16 - 2012-07-29 13:16 - 00000334 ____A C:\Windows\System32\CountScans.XML
2012-07-29 13:14 - 2012-07-29 13:14 - 00000254 ____A C:\Users\Daw\Desktop\to do.txt
2012-07-26 16:40 - 2012-07-26 16:40 - 00000000 ____D C:\Program Files\PACE Anti-Piracy
2012-07-26 16:18 - 2012-07-26 16:23 - 56650240 ____A (PACE Anti-Piracy) C:\Users\Daw\Downloads\DriverSetup.exe
2012-07-26 16:18 - 2012-07-26 16:21 - 29347840 ____A (PACE Anti-Piracy) C:\Users\Daw\Downloads\iLokClientHelperSetup.exe
2012-07-26 16:13 - 2012-07-26 16:53 - 00002168 ____A C:\Windows\WindowsUpdate.log
2012-07-26 16:13 - 2012-07-26 16:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iLokDrvr_01007.Wdf
2012-07-26 07:55 - 2012-07-26 07:55 - 00000000 ____D C:\Users\All Users\ATI
2012-07-26 07:55 - 2012-07-26 07:55 - 00000000 ____D C:\Users\All Users\AMD
2012-07-26 07:55 - 2012-07-26 07:55 - 00000000 ____D C:\Program Files\AMD AVT
2012-07-26 07:55 - 2012-07-26 07:55 - 00000000 ____D C:\Program Files\AMD APP
2012-07-26 07:48 - 2012-07-26 07:48 - 00000274 ____A C:\Users\Daw\.JavaPowUpload.properties
2012-07-26 07:48 - 2012-07-26 07:48 - 00000000 ____D C:\AMD
2012-07-25 17:10 - 2012-07-25 17:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Mozilla
2012-07-24 22:57 - 2012-07-24 22:57 - 00000000 ____D C:\Users\Daw\Documents\UVI
2012-07-24 22:15 - 2012-07-24 22:15 - 00000000 ____D C:\Users\Daw\AppData\Roaming\UVIWorkstation
2012-07-24 09:05 - 2012-07-24 09:05 - 00000000 ____D C:\Users\Daw\Desktop\CHECK OUT THE UVI WORKSTATION AND THAT NEW RETRO SYNTH
2012-07-24 09:05 - 2012-07-24 09:05 - 00000000 ____D C:\Users\All Users\PACE
2012-07-24 09:04 - 2012-07-24 09:04 - 00000000 ____D C:\Program Files\Common Files\PACE
2012-07-24 08:59 - 2012-07-24 08:59 - 00000123 ____A C:\Users\Daw\Desktop\Xtreme FX - UVI - UVI - sounds & software.url
2012-07-24 08:58 - 2012-07-24 22:53 - 00000000 ____D C:\Program Files\UVISoundBanks
2012-07-24 08:57 - 2012-07-24 08:58 - 00000000 ____D C:\Program Files\UVI Workstation
2012-07-24 08:57 - 2012-07-24 08:57 - 00000000 ____D C:\Program Files\Common Files\UVI
2012-07-24 08:57 - 2011-10-06 16:22 - 02275328 ____A C:\Windows\System32\libsndfile-1.dll
2012-07-24 08:46 - 2012-07-24 08:55 - 169044433 ____A (Univers Sons ) C:\Users\Daw\Downloads\uviworkstation-2-0-6.exe
2012-07-23 20:40 - 2012-07-23 20:40 - 00000764 ____A C:\Users\Public\Desktop\ManualStepper4free.jpg.lnk
2012-07-23 20:40 - 2012-07-23 20:40 - 00000724 ____A C:\Users\Public\Desktop\Manual A-T.jpg.lnk
2012-07-23 20:40 - 2012-07-23 20:40 - 00000718 ____A C:\Users\Public\Desktop\A-TRANSPIRANT.lnk
2012-07-23 20:40 - 2012-07-23 20:40 - 00000000 ____D C:\AT4free
2012-07-23 18:32 - 2012-07-23 18:32 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Xfer
2012-07-23 17:57 - 2012-07-23 17:58 - 58256880 ____A C:\Users\Daw\Downloads\Install_Nerve_VSTi_Demo.exe
2012-07-22 21:25 - 2012-07-22 21:25 - 00001190 ____A C:\Windows\System32\ServiceConfig.xml
2012-07-22 19:29 - 2012-07-22 19:29 - 00000000 ____D C:\Users\Daw\Audio
2012-07-22 15:31 - 2012-07-21 18:10 - 02044870 ____A C:\Users\Daw\Desktop\AlchemyFactoryPresets-1-06.CamelSounds
2012-07-21 17:53 - 2012-07-21 17:53 - 00001514 ____A C:\Users\Daw\Downloads\AlchemyDanceTrance.aky
2012-07-19 20:43 - 2012-07-25 23:29 - 00000000 ____D C:\Users\Daw\Documents\Dive to the Titanic
2012-07-19 20:43 - 2012-07-19 20:43 - 00000000 ____D C:\Users\Daw\AppData\Local\Dive to the Titanic
2012-07-19 18:55 - 2012-07-19 18:55 - 00001885 ____A C:\Users\Public\Desktop\Dive to the Titanic.lnk
2012-07-19 18:54 - 2012-07-19 18:55 - 00000000 ____D C:\Program Files\Dive to the Titanic
2012-07-19 07:49 - 2012-07-19 07:49 - 00290825 ____A C:\Users\Daw\Desktop\Download Titanic - Underwater Operation Simulator.exe
2012-07-18 17:11 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Wois
2012-07-18 17:11 - 2012-07-18 17:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Omdy
2012-07-18 17:11 - 2012-07-18 17:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ikebb
2012-07-18 16:52 - 2012-07-29 13:17 - 00001788 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-07-18 16:52 - 2012-07-18 16:52 - 00000000 ____D C:\Users\Daw\AppData\Local\adaware
2012-07-18 16:51 - 2012-07-18 18:52 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2012-07-18 16:51 - 2012-07-18 16:51 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2012-07-18 16:51 - 2011-12-19 11:44 - 00093816 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys
2012-07-18 16:49 - 2012-07-18 19:56 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ad-Aware Antivirus
2012-07-18 16:48 - 2012-07-18 16:48 - 04587128 ____A (Lavasoft Limited) C:\Users\Daw\Downloads\Adaware_Installer.exe
2012-07-18 16:45 - 2012-07-18 16:45 - 00000000 ____D C:\Users\Daw\AppData\Local\Sunbelt Software
2012-07-18 16:36 - 2012-07-18 16:37 - 69301701 ____A C:\Users\Daw\Desktop\ZG_Sabroso_Latin.zip
2012-07-18 07:11 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Xaozp
2012-07-18 07:11 - 2012-07-18 07:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Zoanal
2012-07-18 07:11 - 2012-07-18 07:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Repiv
2012-07-17 21:48 - 2012-04-18 20:45 - 00000000 ____D C:\Users\Daw\Desktop\The Deluge 0.552 WB Install
2012-07-17 17:24 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Lexi
2012-07-17 17:24 - 2012-07-17 17:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Nayxbo
2012-07-17 17:24 - 2012-07-17 17:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Lovoi
2012-07-17 07:24 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Avme
2012-07-17 07:24 - 2012-07-17 07:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ovute
2012-07-17 07:24 - 2012-07-17 07:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Enfiis
2012-07-16 21:13 - 2012-07-16 21:35 - 642331235 ____A C:\Users\Daw\Desktop\The_Deluge_0.552_WB_Install.zip
2012-07-16 20:09 - 2012-07-16 20:09 - 00145496 ____A C:\Windows\Minidump\071612-20248-01.dmp
2012-07-16 18:38 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Osalu
2012-07-16 18:38 - 2012-07-16 18:38 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Yqeg
2012-07-16 18:38 - 2012-07-16 18:38 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Hucoip
2012-07-16 17:48 - 2012-07-16 17:48 - 01210979 ____A C:\Users\Daw\Downloads\DSK_Chaos_Theory.zip
2012-07-15 08:18 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ugxigo
2012-07-15 08:18 - 2012-07-15 08:18 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Veulu
2012-07-15 08:18 - 2012-07-15 08:18 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Tyana
2012-07-12 08:21 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Qiogv
2012-07-12 08:21 - 2012-07-12 08:21 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Xuufk
2012-07-12 08:21 - 2012-07-12 08:21 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Wotia
2012-07-11 20:19 - 2012-07-11 20:19 - 00145496 ____A C:\Windows\Minidump\071112-18891-01.dmp
2012-07-11 19:30 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Itxii
2012-07-11 19:30 - 2012-07-11 19:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Utluyc
2012-07-11 19:30 - 2012-07-11 19:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Olepb
2012-07-10 21:29 - 2012-07-10 21:29 - 00010254 ____A C:\Users\Daw\Downloads\redemption code template.xlsx
2012-07-10 21:27 - 2012-07-10 21:29 - 00001368 ____A C:\Users\Daw\Downloads\redemption code template.csv
2012-07-10 21:22 - 2012-07-10 21:24 - 61020034 ____A C:\Users\Daw\Downloads\HE AWBH EP _ Laundromat _ Images.zip
2012-07-10 21:19 - 2012-07-10 21:19 - 00000498 ____A C:\Users\Daw\Downloads\redemption-codes.csv
2012-07-10 21:10 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Embey
2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ybhe
2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Muvios
2012-07-10 08:30 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Weku
2012-07-10 08:30 - 2012-07-10 08:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ipur
2012-07-10 08:30 - 2012-07-10 08:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Asfuyx
2012-07-09 16:51 - 2012-07-09 16:51 - 00010037 ____A C:\Users\Daw\Downloads\en.U-0087-01.30UpMailingLabel.0909-01ai.zip
2012-07-09 16:13 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Uzni
2012-07-09 16:13 - 2012-07-09 16:13 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Oduqsy
2012-07-09 16:13 - 2012-07-09 16:13 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Aqil
2012-07-08 22:29 - 2012-07-16 20:09 - 385407187 ____A C:\Windows\MEMORY.DMP
2012-07-08 22:29 - 2012-07-08 22:29 - 00186656 ____A C:\Windows\Minidump\070812-28906-01.dmp
2012-07-07 21:15 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Otxo
2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Uhle
2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Eluz
2012-07-07 11:14 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Orah
2012-07-07 11:14 - 2012-07-07 11:14 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Waem
2012-07-07 11:14 - 2012-07-07 11:14 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ebpu
2012-07-06 20:22 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Uqizhy
2012-07-06 20:22 - 2012-07-06 20:22 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Nyyr
2012-07-06 20:22 - 2012-07-06 20:22 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Iwyq
2012-07-05 21:58 - 2012-07-05 21:58 - 00001107 ____A C:\Users\Public\Desktop\NoLimits Simulator Demo.lnk
2012-07-05 21:58 - 2012-07-05 21:58 - 00001092 ____A C:\Users\Public\Desktop\NoLimits Editor Demo.lnk
2012-07-05 21:58 - 2012-07-05 21:58 - 00000000 ____D C:\Program Files\NoLimits Coasters Demo v1.8
2012-07-05 19:10 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Egzyr
2012-07-05 19:10 - 2012-07-05 19:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Tinyi
2012-07-05 19:10 - 2012-07-05 19:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Kuaph
2012-07-04 23:09 - 2012-07-04 23:16 - 25718638 ____A C:\Users\Daw\Desktop\1920@30fps@f5.0@1-50th.mp4
2012-07-04 22:50 - 2012-07-04 22:50 - 00000000 ____D C:\Users\Daw\AppData\Roaming\DivX
2012-07-04 22:49 - 2012-07-04 22:50 - 00000000 ____D C:\Program Files\DivX
2012-07-04 22:49 - 2012-07-04 22:50 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2012-07-04 22:48 - 2012-07-04 22:50 - 00000000 ____D C:\Users\All Users\DivX
2012-07-04 18:34 - 2012-07-04 18:38 - 28105030 ____A C:\Users\Daw\Desktop\1920@30@f11@1-60.mp4
2012-07-04 18:21 - 2012-07-04 18:21 - 00000056 ____A C:\Users\Daw\Desktop\Kevin Codd.txt
2012-07-04 17:45 - 2012-07-04 18:07 - 94634645 ____A C:\Users\Daw\Desktop\1280@60fps@f11@1-60th.mp4
2012-07-04 16:57 - 2012-07-04 16:57 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Canon
2012-07-04 16:56 - 2012-07-04 16:56 - 00002663 ____A C:\Users\Public\Desktop\Digital Photo Professional.lnk
2012-07-04 16:56 - 2012-07-04 16:56 - 00000000 ____D C:\Program Files\Canon
2012-07-04 16:49 - 2012-07-04 16:49 - 00000000 ____D C:\Program Files\Common Files\Canon
2012-07-04 12:11 - 2012-07-04 12:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Publish Providers
2012-07-04 11:51 - 2012-07-29 16:48 - 00000000 ____D C:\Users\Daw\Documents\Vegas Movie Studio HD Platinum 11.0 Projects
2012-07-04 11:50 - 2012-07-04 11:51 - 00000000 ____D C:\Users\Daw\AppData\Local\Sony
2012-07-04 11:50 - 2012-07-04 11:50 - 00000000 ____D C:\Users\All Users\Sony
2012-07-04 11:49 - 2012-07-04 22:53 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Sony
2012-07-04 11:21 - 2012-07-04 11:36 - 327139224 ____A (Sony Creative Software Inc.) C:\Users\Daw\Desktop\moviestudiope11.0.322.dvda.exe
2012-07-04 09:58 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Reyp
2012-07-04 09:58 - 2012-07-04 09:58 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Puut
2012-07-04 09:58 - 2012-07-04 09:58 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Acyn
2012-07-03 17:24 - 2012-07-03 17:24 - 00000870 ____A C:\Windows\PFRO.log
2012-07-02 09:06 - 2012-07-25 18:30 - 00000000 ____D C:\Users\Daw\Documents\ISI


============ 3 Months Modified Files ========================

2012-07-29 16:46 - 2012-06-30 09:30 - 00017561 ____A C:\Windows\setupact.log
2012-07-29 16:43 - 2010-08-27 15:32 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-29 16:43 - 2010-04-16 09:39 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383369860-1886445874-581753611-1000UA.job
2012-07-29 16:43 - 2010-04-16 09:39 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383369860-1886445874-581753611-1000Core.job
2012-07-29 14:42 - 2012-07-29 14:40 - 60209306 ____A C:\Users\Daw\Desktop\SHD_High-Impact.zip
2012-07-29 14:32 - 2012-07-29 14:32 - 00029785 ____A C:\Users\Daw\Downloads\Yuroun_Pads.zip
2012-07-29 13:24 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 13:24 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 13:23 - 2010-04-10 12:17 - 00796972 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 13:17 - 2012-07-18 16:52 - 00001788 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-07-29 13:17 - 2010-08-27 15:32 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-29 13:17 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 13:16 - 2012-07-29 13:16 - 00000334 ____A C:\Windows\System32\CountScans.XML
2012-07-29 13:14 - 2012-07-29 13:14 - 00000254 ____A C:\Users\Daw\Desktop\to do.txt
2012-07-27 16:37 - 2010-04-12 01:20 - 00002064 ___AH C:\Users\Daw\Documents\Default.rdp
2012-07-26 16:53 - 2012-07-26 16:13 - 00002168 ____A C:\Windows\WindowsUpdate.log
2012-07-26 16:23 - 2012-07-26 16:18 - 56650240 ____A (PACE Anti-Piracy) C:\Users\Daw\Downloads\DriverSetup.exe
2012-07-26 16:21 - 2012-07-26 16:18 - 29347840 ____A (PACE Anti-Piracy) C:\Users\Daw\Downloads\iLokClientHelperSetup.exe
2012-07-26 16:13 - 2012-07-26 16:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iLokDrvr_01007.Wdf
2012-07-26 07:48 - 2012-07-26 07:48 - 00000274 ____A C:\Users\Daw\.JavaPowUpload.properties
2012-07-24 08:59 - 2012-07-24 08:59 - 00000123 ____A C:\Users\Daw\Desktop\Xtreme FX - UVI - UVI - sounds & software.url
2012-07-24 08:55 - 2012-07-24 08:46 - 169044433 ____A (Univers Sons ) C:\Users\Daw\Downloads\uviworkstation-2-0-6.exe
2012-07-23 20:40 - 2012-07-23 20:40 - 00000764 ____A C:\Users\Public\Desktop\ManualStepper4free.jpg.lnk
2012-07-23 20:40 - 2012-07-23 20:40 - 00000724 ____A C:\Users\Public\Desktop\Manual A-T.jpg.lnk
2012-07-23 20:40 - 2012-07-23 20:40 - 00000718 ____A C:\Users\Public\Desktop\A-TRANSPIRANT.lnk
2012-07-23 17:58 - 2012-07-23 17:57 - 58256880 ____A C:\Users\Daw\Downloads\Install_Nerve_VSTi_Demo.exe
2012-07-22 21:25 - 2012-07-22 21:25 - 00001190 ____A C:\Windows\System32\ServiceConfig.xml
2012-07-21 18:10 - 2012-07-22 15:31 - 02044870 ____A C:\Users\Daw\Desktop\AlchemyFactoryPresets-1-06.CamelSounds
2012-07-21 17:53 - 2012-07-21 17:53 - 00001514 ____A C:\Users\Daw\Downloads\AlchemyDanceTrance.aky
2012-07-19 19:01 - 2012-05-24 07:26 - 00001010 ____A C:\Users\Public\Desktop\TeamViewer 5.lnk
2012-07-19 18:55 - 2012-07-19 18:55 - 00001885 ____A C:\Users\Public\Desktop\Dive to the Titanic.lnk
2012-07-19 07:49 - 2012-07-19 07:49 - 00290825 ____A C:\Users\Daw\Desktop\Download Titanic - Underwater Operation Simulator.exe
2012-07-18 16:48 - 2012-07-18 16:48 - 04587128 ____A (Lavasoft Limited) C:\Users\Daw\Downloads\Adaware_Installer.exe
2012-07-18 16:37 - 2012-07-18 16:36 - 69301701 ____A C:\Users\Daw\Desktop\ZG_Sabroso_Latin.zip
2012-07-18 16:18 - 2011-07-09 19:48 - 00058049 ____A C:\aaw7boot.log
2012-07-17 08:24 - 2011-07-12 16:55 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-07-17 08:24 - 2011-07-12 16:55 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-07-16 21:35 - 2012-07-16 21:13 - 642331235 ____A C:\Users\Daw\Desktop\The_Deluge_0.552_WB_Install.zip
2012-07-16 20:09 - 2012-07-16 20:09 - 00145496 ____A C:\Windows\Minidump\071612-20248-01.dmp
2012-07-16 20:09 - 2012-07-08 22:29 - 385407187 ____A C:\Windows\MEMORY.DMP
2012-07-16 17:48 - 2012-07-16 17:48 - 01210979 ____A C:\Users\Daw\Downloads\DSK_Chaos_Theory.zip
2012-07-15 08:36 - 2012-05-28 13:52 - 00000560 ____A C:\Users\Daw\Desktop\Livermore FREE.website
2012-07-15 08:19 - 2012-05-28 13:56 - 00000562 ____A C:\Users\Daw\Desktop\Pleasanton FREE.website
2012-07-11 20:19 - 2012-07-11 20:19 - 00145496 ____A C:\Windows\Minidump\071112-18891-01.dmp
2012-07-10 21:29 - 2012-07-10 21:29 - 00010254 ____A C:\Users\Daw\Downloads\redemption code template.xlsx
2012-07-10 21:29 - 2012-07-10 21:27 - 00001368 ____A C:\Users\Daw\Downloads\redemption code template.csv
2012-07-10 21:24 - 2012-07-10 21:22 - 61020034 ____A C:\Users\Daw\Downloads\HE AWBH EP _ Laundromat _ Images.zip
2012-07-10 21:19 - 2012-07-10 21:19 - 00000498 ____A C:\Users\Daw\Downloads\redemption-codes.csv
2012-07-09 16:51 - 2012-07-09 16:51 - 00010037 ____A C:\Users\Daw\Downloads\en.U-0087-01.30UpMailingLabel.0909-01ai.zip
2012-07-08 22:29 - 2012-07-08 22:29 - 00186656 ____A C:\Windows\Minidump\070812-28906-01.dmp
2012-07-05 21:58 - 2012-07-05 21:58 - 00001107 ____A C:\Users\Public\Desktop\NoLimits Simulator Demo.lnk
2012-07-05 21:58 - 2012-07-05 21:58 - 00001092 ____A C:\Users\Public\Desktop\NoLimits Editor Demo.lnk
2012-07-04 23:16 - 2012-07-04 23:09 - 25718638 ____A C:\Users\Daw\Desktop\1920@30fps@f5.0@1-50th.mp4
2012-07-04 18:38 - 2012-07-04 18:34 - 28105030 ____A C:\Users\Daw\Desktop\1920@30@f11@1-60.mp4
2012-07-04 18:21 - 2012-07-04 18:21 - 00000056 ____A C:\Users\Daw\Desktop\Kevin Codd.txt
2012-07-04 18:07 - 2012-07-04 17:45 - 94634645 ____A C:\Users\Daw\Desktop\1280@60fps@f11@1-60th.mp4
2012-07-04 16:56 - 2012-07-04 16:56 - 00002663 ____A C:\Users\Public\Desktop\Digital Photo Professional.lnk
2012-07-04 11:36 - 2012-07-04 11:21 - 327139224 ____A (Sony Creative Software Inc.) C:\Users\Daw\Desktop\moviestudiope11.0.322.dvda.exe
2012-07-03 17:24 - 2012-07-03 17:24 - 00000870 ____A C:\Windows\PFRO.log
2012-07-01 19:08 - 2012-07-01 19:08 - 00000941 ____A C:\Users\Public\Desktop\XviD4PSP 5.lnk
2012-06-30 09:30 - 2012-06-30 09:30 - 00000000 ____A C:\Windows\setuperr.log
2012-06-30 09:19 - 2012-06-30 09:19 - 00000927 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-26 08:54 - 2012-06-26 08:54 - 00000922 ____A C:\Users\Public\Desktop\PS3 Media Server.lnk
2012-06-26 08:44 - 2011-05-09 19:07 - 00025088 ____A C:\Users\Daw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 12:40 - 2010-09-12 20:31 - 00164320 ____A C:\Users\Video\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-21 08:58 - 2012-06-21 08:58 - 00000963 ____A C:\Users\Daw\Desktop\Hotel Eden info.txt
2012-06-21 08:52 - 2012-06-21 08:52 - 00011126 ____A C:\Users\Daw\Desktop\Report_634758943416342000.csv
2012-06-18 18:27 - 2012-06-18 18:27 - 06687941 ____A C:\Users\Daw\Desktop\Identity systems draft 1 (6.18.12).mov
2012-06-15 08:43 - 2009-07-13 20:33 - 01870416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 22:47 - 2010-05-10 09:55 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 12:50 - 2012-06-11 12:50 - 00159232 ____A C:\Windows\System32\clinfo.exe
2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo.dll
2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode.dll
2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
2012-06-11 12:48 - 2012-06-11 12:48 - 00050176 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-06-11 10:58 - 2012-06-11 10:58 - 08733696 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00058880 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-05-24 19:07 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx32.dll
2012-06-11 09:20 - 2011-05-24 19:04 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00468992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00217600 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00163840 ____A (AMD) C:\Windows\System32\atitmmxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\System32\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00020992 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2011-05-24 18:58 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx32.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl.dll
2012-06-11 08:45 - 2011-05-24 18:39 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdag.dll
2012-06-11 08:43 - 2011-05-24 18:50 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\System32\atiumdva.cap
2012-06-11 08:41 - 2012-06-11 08:41 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-06-11 08:41 - 2012-06-11 08:41 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:26 - 2011-05-24 18:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00295936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:25 - 2011-05-24 18:24 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-05-24 18:24 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom32.dll
2012-06-10 21:41 - 2012-06-10 21:41 - 00000033 ____A C:\Users\Daw\AppData\Roaming\mbam.context.scan
2012-06-10 21:31 - 2012-05-08 08:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-10 21:31 - 2011-06-11 16:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-09 21:19 - 2012-06-09 21:18 - 00279712 ____A C:\Windows\System32\Drivers\atksgt.sys
2012-06-09 21:18 - 2012-06-09 21:18 - 00025888 ____A C:\Windows\System32\Drivers\lirsgt.sys
2012-06-09 09:16 - 2012-06-09 09:16 - 00001095 ____A C:\Users\Daw\Desktop\X3 Terran Conflict.lnk
2012-06-06 07:37 - 2012-06-06 07:37 - 00000946 ____A C:\Users\Public\Desktop\SWiSH Max4.lnk
2012-06-02 14:19 - 2012-06-20 17:12 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:12 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:12 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:12 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:12 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-20 17:11 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-20 17:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 17:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-20 17:11 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 07:05 - 2012-05-31 07:04 - 00000166 ____A C:\Users\Daw\Desktop\song release strategies.txt
2012-05-31 07:04 - 2012-05-31 07:04 - 00022576 ____A C:\Users\Daw\Desktop\goals and meeting notes.txt
2012-05-25 07:36 - 2012-05-25 07:36 - 00060304 ____A C:\Users\Daw\g2mdlhlpx.exe
2012-05-21 21:14 - 2012-05-21 21:14 - 00001082 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-05-19 22:08 - 2012-05-19 22:08 - 00000124 ____A C:\Users\Daw\Desktop\copy for physical discs- laundromat prerelease.txt
2012-05-17 15:11 - 2012-06-14 22:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 22:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 22:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 22:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 22:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 22:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 22:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 22:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 22:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 22:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 22:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 22:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 10:14 - 2012-05-16 10:14 - 00021144 ____A C:\Windows\System32\Drivers\iLokDrvr.sys
2012-05-16 10:13 - 2012-05-16 10:13 - 00093336 ____A (PACE Anti-Piracy, Inc.) C:\Windows\System32\Drivers\TPkd.sys
2012-05-14 17:12 - 2012-06-12 21:04 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 23:24 - 2010-04-10 13:47 - 00164320 ____A C:\Users\Daw\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-10 21:24 - 2012-05-10 21:24 - 00001029 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-10 15:35 - 2012-05-10 15:35 - 00029184 ____A C:\Windows\System32\kdbsdk32.dll
2012-05-08 08:12 - 2012-02-20 23:57 - 00001946 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-05-07 17:56 - 2012-05-07 17:56 - 01011712 ____A C:\Users\Daw\Desktop\Classroom management database 2000.mdb
2012-05-07 17:56 - 2012-05-07 17:53 - 02789376 ____A C:\Users\Daw\Desktop\Classroom management database.mdb


ZeroAccess:
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}\@
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}\L
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}\U
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}\U\00000001.@
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}\U\80000000.@
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}\U\800000cb.@

ZeroAccess:
C:\Users\Daw\AppData\Local\{7560e05d-d485-f66d-5a56-fc55035e2954}
C:\Users\Daw\AppData\Local\{7560e05d-d485-f66d-5a56-fc55035e2954}\@
C:\Users\Daw\AppData\Local\{7560e05d-d485-f66d-5a56-fc55035e2954}\L
C:\Users\Daw\AppData\Local\{7560e05d-d485-f66d-5a56-fc55035e2954}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 2045.61 MB
Available physical RAM: 1381.69 MB
Total Pagefile: 2045.61 MB
Available Pagefile: 1393.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:465.67 GB) (Free:143.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:14.91 GB) (Free:11.18 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 94 MB 31 KB
Partition 2 Primary 465 GB 94 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 94 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 14 GB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-06-08 23:45

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 02 August 2012 - 05:07 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKU\Daw\...\Run: [dsesb] rundll32.exe "C:\Users\Daw\AppData\Roaming\dsesb.dll",HrIndexOfMonth [x]
HKU\Daw\...\Run: [tuati] "C:\Windows\System32\rundll32.exe" "C:\Users\Daw\AppData\Roaming\tuati.dll",CreatePatchMesh [x]
2012-07-18 17:11 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Wois
2012-07-18 17:11 - 2012-07-18 17:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Omdy
2012-07-18 17:11 - 2012-07-18 17:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ikebb
2012-07-18 07:11 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Xaozp
2012-07-18 07:11 - 2012-07-18 07:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Zoanal
2012-07-18 07:11 - 2012-07-18 07:11 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Repiv
2012-07-17 17:24 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Lexi
2012-07-17 17:24 - 2012-07-17 17:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Nayxbo
2012-07-17 17:24 - 2012-07-17 17:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Lovoi
2012-07-17 07:24 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Avme
2012-07-17 07:24 - 2012-07-17 07:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ovute
2012-07-17 07:24 - 2012-07-17 07:24 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Enfiis
2012-07-16 18:38 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Osalu
2012-07-16 18:38 - 2012-07-16 18:38 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Yqeg
2012-07-16 18:38 - 2012-07-16 18:38 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Hucoip
2012-07-15 08:18 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ugxigo
2012-07-15 08:18 - 2012-07-15 08:18 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Veulu
2012-07-15 08:18 - 2012-07-15 08:18 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Tyana
2012-07-12 08:21 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Qiogv
2012-07-12 08:21 - 2012-07-12 08:21 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Xuufk
2012-07-12 08:21 - 2012-07-12 08:21 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Wotia
2012-07-11 19:30 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Itxii
2012-07-11 19:30 - 2012-07-11 19:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Utluyc
2012-07-11 19:30 - 2012-07-11 19:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Olepb
2012-07-10 21:10 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Embey
2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ybhe
2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Muvios
2012-07-10 08:30 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Weku
2012-07-10 08:30 - 2012-07-10 08:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ipur
2012-07-10 08:30 - 2012-07-10 08:30 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Asfuyx
2012-07-09 16:13 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Uzni
2012-07-09 16:13 - 2012-07-09 16:13 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Oduqsy
2012-07-09 16:13 - 2012-07-09 16:13 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Aqil
2012-07-07 21:15 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Otxo
2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Uhle
2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Eluz
2012-07-07 11:14 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Orah
2012-07-07 11:14 - 2012-07-07 11:14 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Waem
2012-07-07 11:14 - 2012-07-07 11:14 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Ebpu
2012-07-06 20:22 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Uqizhy
2012-07-06 20:22 - 2012-07-06 20:22 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Nyyr
2012-07-06 20:22 - 2012-07-06 20:22 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Iwyq
2012-07-05 19:10 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Egzyr
2012-07-05 19:10 - 2012-07-05 19:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Tinyi
2012-07-05 19:10 - 2012-07-05 19:10 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Kuaph
2012-07-04 09:58 - 2012-07-31 18:59 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Reyp
2012-07-04 09:58 - 2012-07-04 09:58 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Puut
2012-07-04 09:58 - 2012-07-04 09:58 - 00000000 ____D C:\Users\Daw\AppData\Roaming\Acyn
C:\Windows\Installer\{7560e05d-d485-f66d-5a56-fc55035e2954}
C:\Users\Daw\AppData\Local\{7560e05d-d485-f66d-5a56-fc55035e2954}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 tcsllc

tcsllc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 02 August 2012 - 07:45 PM

I applied the FRST fixlist which allowed me to boot into windows but running ComboFix I received an error message while installing:

Error opening file for writing:

C:\32788R22FWJFW\handle.3XE

Click Abort, Retry, Ignore. I tried all 3, program terminates and doesn't do anything. I also tried to Run as Admin, same thing. Any ideas?

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 02 August 2012 - 07:50 PM

delete the copy of ComboFix that you have and download a fresh copy

delete the C:\combofix folder from your C:\ drive

now boot into safe mode and try it again (it may have been AV interference)

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 tcsllc

tcsllc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 02 August 2012 - 09:42 PM

ComboFix Log

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 03 August 2012 - 02:53 AM

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 tcsllc

tcsllc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 03 August 2012 - 06:59 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Daw :: BEEBEE2 [administrator]

8/3/2012 11:12:16 AM
mbam-log-2012-08-03 (11-12-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318538
Time elapsed: 24 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Battle of Britain II\Process.exe Win32/PrcView application
C:\FRST\Quarantine\{7560e05d-d485-f66d-5a56-fc55035e2954}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{7560e05d-d485-f66d-5a56-fc55035e2954}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\Users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42d6ad16-6301fada Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6b15f333-15eb2dda Java/Agent.AZ trojan
C:\Users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\69ae4dbf-599d0630 Java/Exploit.Agent.NCH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z9CKXW5\mx_nan_a[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FISZ6N5N\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9BL3GRZ\firstload_com[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\99[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\index7[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8W9EFKK\mx_nan_a[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BK3FK8\search_result[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\61484519[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\search_result[1].htm HTML/Iframe.B.Gen virus
D:\Apps and Demos\MediaCoder2011-R8-5185.zip Win32/OpenCandy application
D:\Apps and Demos\Battle.of.Britain.2.Wings.of.Victory-KRiG\bob2_update_v2.07_INT.EXE Win32/PrcView application
D:\Apps and Demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Ozone Key Generator.zip probably a variant of Win32/Agent.IOCKSGQ trojan
D:\Apps and Demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Spectron Key Generator.zip probably a variant of Win32/Agent.HXYHUKE trojan
D:\Apps and Demos\VST Plugins- Instruments and Effects\VST Effects\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\Keygens\keygen-xenon.exe a variant of Win32/Keygen.AD application
D:\Documents and Settings\Beebee\Desktop\PSP.Audioware.Xenon.VST.RTAS.1.1.9.rar a variant of Win32/Keygen.AD application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 03 August 2012 - 07:34 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42d6ad16-6301fada 
C:\Users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6b15f333-15eb2dda 
C:\Users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\69ae4dbf-599d0630 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z9CKXW5\mx_nan_a[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FISZ6N5N\cute-sleepy-kittens-meowing[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9BL3GRZ\firstload_com[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\99[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\index7[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8W9EFKK\mx_nan_a[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BK3FK8\search_result[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\61484519[1].htm 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\search_result[1].htm 
D:\Apps and Demos\MediaCoder2011-R8-5185.zip 
D:\Apps and Demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Ozone Key Generator.zip 
D:\Apps and Demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Spectron Key Generator.zip 
D:\Apps and Demos\VST Plugins- Instruments and Effects\VST Effects\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\Keygens\keygen-xenon.exe 
D:\Documents and Settings\Beebee\Desktop\PSP.Audioware.Xenon.VST.RTAS.1.1.9.rar 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 tcsllc

tcsllc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 03 August 2012 - 09:43 PM

ComboFix 12-07-31.06 - Daw 08/03/2012 18:34:26.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.951 [GMT -7:00]
Running from: c:\users\Daw\Desktop\ComboFix.exe
Command switches used :: c:\users\Daw\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42d6ad16-6301fada"
"c:\users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6b15f333-15eb2dda"
"c:\users\Daw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\69ae4dbf-599d0630"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z9CKXW5\mx_nan_a[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FISZ6N5N\cute-sleepy-kittens-meowing[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9BL3GRZ\firstload_com[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\99[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\index7[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8W9EFKK\mx_nan_a[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BK3FK8\search_result[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\61484519[1].htm"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\search_result[1].htm"
"d:\apps and demos\MediaCoder2011-R8-5185.zip"
"d:\apps and demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Ozone Key Generator.zip"
"d:\apps and demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Spectron Key Generator.zip"
"d:\apps and demos\VST Plugins- Instruments and Effects\VST Effects\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\Keygens\keygen-xenon.exe"
"d:\documents and settings\Beebee\Desktop\PSP.Audioware.Xenon.VST.RTAS.1.1.9.rar"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z9CKXW5\mx_nan_a[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FISZ6N5N\cute-sleepy-kittens-meowing[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9BL3GRZ\firstload_com[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\99[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNEXP16H\index7[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8W9EFKK\mx_nan_a[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BK3FK8\search_result[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\61484519[1].htm
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCMO33LK\search_result[1].htm
d:\apps and demos\MediaCoder2011-R8-5185.zip
d:\apps and demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Ozone Key Generator.zip
d:\apps and demos\VST Plugins- Instruments and Effects\VST Effects\Izotope Plugins\Spectron Key Generator.zip
d:\apps and demos\VST Plugins- Instruments and Effects\VST Effects\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1\Keygens\keygen-xenon.exe
d:\documents and settings\Beebee\Desktop\PSP.Audioware.Xenon.VST.RTAS.1.1.9.rar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 01:56 . 2012-08-04 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 01:56 . 2012-08-04 02:05 -------- d-----w- c:\users\Daw\AppData\Local\temp
2012-08-04 01:56 . 2012-08-04 01:56 -------- d-----w- c:\users\Video\AppData\Local\temp
2012-08-03 18:44 . 2012-08-03 18:44 -------- d-----w- c:\program files\ESET
2012-08-01 21:38 . 2012-08-02 15:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-08-01 18:53 . 2012-08-01 18:53 -------- d-----w- C:\FRST
2012-08-01 01:45 . 2012-08-01 21:45 -------- d-----w- C:\bd_logs
2012-07-27 00:40 . 2012-07-27 00:40 -------- d-----w- c:\program files\PACE Anti-Piracy
2012-07-26 15:55 . 2012-07-26 15:55 -------- d-----w- c:\programdata\ATI
2012-07-26 15:55 . 2012-07-26 15:55 -------- d-----w- c:\programdata\AMD
2012-07-26 15:55 . 2012-07-26 15:55 -------- d-----w- c:\program files\AMD AVT
2012-07-26 15:55 . 2012-07-26 15:55 -------- d-----w- c:\program files\AMD APP
2012-07-26 15:48 . 2012-07-26 15:48 -------- d-----w- C:\AMD
2012-07-25 06:15 . 2012-07-25 06:15 -------- d-----w- c:\users\Daw\AppData\Roaming\UVIWorkstation
2012-07-24 17:05 . 2012-07-24 17:05 -------- d-----w- c:\programdata\PACE
2012-07-24 17:04 . 2012-07-24 17:04 -------- d-----w- c:\program files\Common Files\PACE
2012-07-24 16:58 . 2012-07-25 06:53 -------- d-----w- c:\program files\UVISoundBanks
2012-07-24 16:57 . 2012-07-24 16:57 -------- d-----w- c:\program files\Common Files\UVI
2012-07-24 16:57 . 2011-10-07 00:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-07-24 16:57 . 2012-07-24 16:58 -------- d-----w- c:\program files\UVI Workstation
2012-07-24 04:40 . 2012-07-24 04:40 -------- d-----w- C:\AT4free
2012-07-24 02:32 . 2012-07-24 02:32 -------- d-----w- c:\users\Daw\AppData\Roaming\Xfer
2012-07-23 03:29 . 2012-07-23 03:29 -------- d-----w- c:\users\Daw\Audio
2012-07-20 05:46 . 2012-07-20 05:46 -------- d-----w- c:\program files\JoyToKey_en
2012-07-20 04:43 . 2012-07-20 04:43 -------- d-----w- c:\users\Daw\AppData\Local\Dive to the Titanic
2012-07-20 02:54 . 2012-07-20 02:55 -------- d-----w- c:\program files\Dive to the Titanic
2012-07-19 00:52 . 2012-07-19 00:52 -------- d-----w- c:\users\Daw\AppData\Local\adaware
2012-07-19 00:51 . 2011-12-19 19:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-19 00:51 . 2012-07-19 02:52 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-19 00:51 . 2012-07-19 00:51 -------- d-----w- c:\windows\system32\drivers\VDD
2012-07-19 00:49 . 2012-07-19 03:56 -------- d-----w- c:\users\Daw\AppData\Roaming\Ad-Aware Antivirus
2012-07-19 00:45 . 2012-07-19 00:45 -------- d-----w- c:\users\Daw\AppData\Local\Sunbelt Software
2012-07-06 05:58 . 2012-07-06 05:58 -------- d-----w- c:\program files\NoLimits Coasters Demo v1.8
2012-07-05 06:50 . 2012-07-05 06:50 -------- d-----w- c:\users\Daw\AppData\Roaming\DivX
2012-07-05 06:49 . 2012-07-05 06:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-07-05 06:49 . 2012-07-05 06:50 -------- d-----w- c:\program files\DivX
2012-07-05 06:48 . 2012-07-05 06:50 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2010-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 20:50 . 2012-06-11 20:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 20:48 . 2012-06-11 20:48 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-05-25 03:07 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2011-05-25 03:04 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-05-25 02:58 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-05-25 02:39 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-05-25 02:50 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2011-05-25 02:26 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-05-25 02:24 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-05-25 02:24 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-11 05:31 . 2012-05-08 16:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 05:31 . 2011-06-12 00:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-10 05:19 . 2012-06-10 05:18 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-10 05:18 . 2012-06-10 05:18 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-02 22:19 . 2012-06-21 01:11 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 01:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:12 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 01:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 01:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 01:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 01:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 03:41 . 2012-06-23 23:56 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8BD2DA-3235-4162-9530-7ABB55B1CA0A}\mpengine.dll
2012-05-31 03:26 . 2012-05-31 03:26 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-17 22:45 . 2012-06-15 06:44 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-15 06:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-15 06:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-15 06:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-15 06:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-16 18:14 . 2012-05-16 18:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 18:13 . 2012-05-16 18:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-15 01:12 . 2012-06-13 05:04 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 23:35 . 2012-05-10 23:35 29184 ----a-w- c:\windows\system32\kdbsdk32.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-03_02.30.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-11 03:40 . 2012-08-03 18:12 63008 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-04 02:06 44152 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-11 03:11 . 2012-08-04 02:06 18328 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3383369860-1886445874-581753611-1000_UserData.bin
+ 2009-07-14 04:34 . 2012-08-03 17:58 83688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-04-10 20:37 . 2012-08-04 01:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-10 20:37 . 2012-08-02 22:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-03 02:07 . 2012-08-03 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-03 17:55 . 2012-08-04 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-03 02:07 . 2012-08-03 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 17:55 . 2012-08-04 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2012-08-04 02:03 671998 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-03 02:11 671998 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-08-04 02:03 126606 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-08-03 02:11 126606 c:\windows\System32\perfc009.dat
+ 2010-04-10 20:14 . 2012-08-03 03:38 966656 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-10 20:14 . 2012-07-30 00:45 966656 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:47 . 2012-08-03 02:06 524112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-08-03 05:00 524112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2012-08-03 21:36 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2012-08-01 04:58 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2010-04-10 20:14 . 2012-07-30 00:45 8781824 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-10 20:14 . 2012-08-03 03:38 8781824 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-29 21:16 . 2012-08-03 05:00 6256688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:41 . 2012-08-03 03:38 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-07-30 00:45 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Daw\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Daw\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Daw\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-15 39408]
"Kuvva"="c:\program files\Kuvva\Kuvva.exe" [2012-02-13 666112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AoboBlocker"="c:\program files\AoboBlocker\AoboBlocker.exe" [2010-01-31 907264]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-09-25 643592]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 227840]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 123392]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SBRegRebootCleaner"="c:\program files\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\users\Daw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daw\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-4-12 973824]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-4-11 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-4-19 999424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]
R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast Track Ultra;c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys [x]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SynasUSB;eLicenser;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 23:32]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 23:32]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383369860-1886445874-581753611-1000Core.job
- c:\users\Daw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-16 17:39]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383369860-1886445874-581753611-1000UA.job
- c:\users\Daw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-16 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: identitysystemsinc.com\mail2
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - hxxp://www.absoluterealtime.com/xplug.ocx
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{6C97A91E-4524-4019-86AF-2AA2D567BF5C}"=hex:51,66,7a,6c,4c,1d,38,12,70,aa,84,
68,16,0b,77,05,f9,b9,69,e2,d0,39,fb,48
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:35,e7,6a,8d,67,4f,cd,01
.
[HKEY_USERS\S-1-5-21-3383369860-1886445874-581753611-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:11,e1,56,88,aa,d7,ca,5f,b2,99,3f,e0,3e,bf,5d,8b,c2,5e,c1,b3,c2,92,a1,
bd,e6,de,41,6c,2e,c5,ca,0e,9a,48,26,99,91,c3,19,50,d1,a5,4a,c6,a1,e3,dd,f3,\
"??"=hex:af,69,55,b3,e2,6b,c0,65,38,65,1e,a4,ac,b5,67,5e
.
[HKEY_USERS\S-1-5-21-3383369860-1886445874-581753611-1000\Software\SecuROM\License information*]
"datasecu"=hex:91,9b,ff,e7,2a,4a,aa,57,29,59,17,c7,1c,00,85,9b,bb,af,31,76,24,
42,35,04,f4,2a,96,49,45,95,4d,cb,99,72,f9,08,82,25,f7,b7,0f,1c,88,e8,54,7b,\
"rkeysecu"=hex:1b,54,09,3e,54,e0,01,c3,bd,fc,e4,b1,71,ab,be,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2208)
c:\users\Daw\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-08-03 19:11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 02:11
ComboFix2.txt 2012-08-03 02:34
.
Pre-Run: 155,441,283,072 bytes free
Post-Run: 156,206,104,576 bytes free
.
- - End Of File - - 76573A99975181E44C3BE035C15E5B34

################################### MiniToolbox Log ##########################################

MiniToolBox by Farbar Version: 23-07-2012
Ran by Daw (administrator) on 03-08-2012 at 19:26:05
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
"Wings of Prey" (Unistall) (Version: 1.0.3.2)
µTorrent (Version: 2.2.0)
32 Bit HP CIO Components Installer (Version: 6.1.1)
4500_G510nz_Help_Web (Version: 000.0.440.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
4500G510nz_web (Version: 000.0.439.000)
7-Zip 4.65
A Virus Named TOM (Version: 1.0.0.30)
Ad-Aware Antivirus (Version: 10.2.21.3698)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Ad-Aware Security Toolbar (Version: 0.9.1.20)
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Addictive Drums 1.5.2
Adobe Acrobat 8 Professional (Version: 8.1.0)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Contribute CS3 (Version: 4.1)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Encore CS3 (Version: 3)
Adobe Encore CS3 Codecs (Version: 3)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Premiere Pro CS3 Third Party Content (Version: 3)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Amazon MP3 Downloader 1.0.10
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70611.1329)
Aneesoft Free PS3 Video Converter 3.1.0.0
Antares Autotune VST RTAS TDM v5.08
AppInventor Extras (Version: 0.6)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Applied Acoustics Lounge Lizard EP VSTi DXi v3.0
Ask Toolbar (Version: 1.6.6.0)
Audiograbber 1.83 SE (Version: 1.83 SE )
Audiograbber MP3 Plugin (Version: 1.0)
Avid Studio (Version: 1.0.0.2804)
AviSynth 2.5
Battle of Britain II
BeatKangz Virtual Beat Thang Pro VSTi v2.0.1
BlueBox (Version: 1.5.4.0)
BookSmart® 3.2.2 3.2.2
BufferChm (Version: 130.0.331.000)
Camel Audio Alchemy (Version: 1.25.0)
CameraHelperMsi (Version: 13.00.1774.0)
Canon Utilities Digital Photo Professional 1.0 (Version: 1.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0611.1251.21046)
Catalyst Control Center Graphics Previews Common (Version: 2012.0611.1251.21046)
Catalyst Control Center InstallProxy (Version: 2012.0611.1251.21046)
Catalyst Control Center Localization All (Version: 2012.0611.1251.21046)
ccc-utility (Version: 2012.0611.1251.21046)
CCC Help Chinese Standard (Version: 2012.0611.1250.21046)
CCC Help Chinese Traditional (Version: 2012.0611.1250.21046)
CCC Help Czech (Version: 2012.0611.1250.21046)
CCC Help Danish (Version: 2012.0611.1250.21046)
CCC Help Dutch (Version: 2012.0611.1250.21046)
CCC Help English (Version: 2012.0611.1250.21046)
CCC Help Finnish (Version: 2012.0611.1250.21046)
CCC Help French (Version: 2012.0611.1250.21046)
CCC Help German (Version: 2012.0611.1250.21046)
CCC Help Greek (Version: 2012.0611.1250.21046)
CCC Help Hungarian (Version: 2012.0611.1250.21046)
CCC Help Italian (Version: 2012.0611.1250.21046)
CCC Help Japanese (Version: 2012.0611.1250.21046)
CCC Help Korean (Version: 2012.0611.1250.21046)
CCC Help Norwegian (Version: 2012.0611.1250.21046)
CCC Help Polish (Version: 2012.0611.1250.21046)
CCC Help Portuguese (Version: 2012.0611.1250.21046)
CCC Help Russian (Version: 2012.0611.1250.21046)
CCC Help Spanish (Version: 2012.0611.1250.21046)
CCC Help Swedish (Version: 2012.0611.1250.21046)
CCC Help Thai (Version: 2012.0611.1250.21046)
CCC Help Turkish (Version: 2012.0611.1250.21046)
CCleaner (Version: 3.20)
City Life 2008
Color Efex Pro 3.0 Complete (Version: 3.0)
Common (Version: 14.0.0.342)
Conduit Engine (Version: )
Contents (Version: 14.0.0.342)
Corel VideoStudio Pro X4 (Version: 14.0.0.342)
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink PowerProducer (Version: 5.0.1.1520)
D3DX10 (Version: 15.4.2368.0902)
daHornet Version 1.34
DeviceIO (Version: 14.0.0.342)
Dive to the Titanic (Version: 1.0)
DivX Setup (Version: 2.6.1.9)
Download Manager 2.3.10 (Version: 2.3.10)
Draw 4 App
Dropbox (Version: 1.4.7)
Dynex Wireless G USB Network Adapter Setup (Version: 2.20)
East West EWQLSO Silver Edition
EasyBCD 1.7.2 (Version: 1.7.2)
eDiving
Elevayta Extra Boy Pro V5.02
Elevayta FreqEq Boy v4.90d VST
eLicenser Control
EMS Synthi A-vs DEMO 1.0 (Version: 1.0)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Evernote v. 4.3 (Version: 4.3.0.4368)
EVGA Precision 1.9.1 (Version: 1.9.1)
ExtractNow
Extreme Sample Converter v3.5.3
Fast CD Ripper version 2.0 (Version: 2.0)
Feedback Tool (Version: 1.1.0)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
FileZilla Client 3.4.0 (Version: 3.4.0)
FreeKapture 2.00 - Freeware
FSChatter Live X-Plane
GetRight
Google Chrome (Version: 20.0.1132.57)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 3.3.3.8675)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Handbrake 0.9.4 (Version: 0.9.4)
High-Definition Video Playback (Version: 11.1.10400.2.65)
HiJackThis (Version: 1.0.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HTC Driver Installer (Version: 3.0.0.007)
HyperLobby client (Version: 4.0.10)
ICA (Version: 14.0.0.342)
iLok Client Helper (Version: 5.9.1)
Intel® Processor ID Utility (Version: 4.41.0000)
Interlok driver setup x32 (Version: 5.9.1)
Internet Explorer (Enable DEP)
IPM_VS_Pro (Version: 13.0)
ISCOM (Version: 14.0.0.342)
iZotope Nectar (Version: 1.11)
iZotope Ozone 3 (Version: 3.05)
iZotope Spectron (Version: 1.05)
iZotope Trash (Version: 1.05)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
K-Lite Codec Pack 6.3.0 (Full) (Version: 6.3.0)
Kies Air Discovery Service
Korg Kontrol Editor (Version: 1.00.0018)
Kuvva (Version: 1.1.2)
LameACM
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog LeapPad Explorer Plugin (Version: 3.2.22.13714)
LeapFrog MyOwnLeaptop Plugin (Version: 3.2.24.13754)
Lexicon PSP 42 1.5.3 32bit (Version: 1.5.3 32bit)
LG Tool Kit (Version: 9.01.1124.01)
License Support (Version: 1.2.0.5555)
Lock On: Modern Air Combat (Version: 1.00.000)
LockOn Flaming Cliffs 2
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.00.1777.0)
LWS Gallery (Version: 13.00.1778.0)
LWS Help_main (Version: 13.00.1781.0)
LWS Launcher (Version: 13.00.1776.0)
LWS Motion Detection (Version: 13.00.1778.0)
LWS Pictures And Video (Version: 13.00.1778.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.00.1777.0)
M-Audio FastTrackUltra Driver 6.0.2 (x86) (Version: 6.0.2)
Magic Bullet Looks
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MediaCoder 2011 (Version: 2011)
Medieval II Total War (Version: 1.02.001)
microKORG SoundEditor (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Web Access S/MIME (Version: 6.5.7651.60)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mount&Blade Warband
Mp3tag v2.46a (Version: v2.46a)
MSI Afterburner 2.1.0 (Version: 2.1.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Native Instruments Absynth 5
Native Instruments Absynth 5 (Version: 5.0.3.950)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.4.1.822)
Native Instruments Kontakt 5
Native Instruments Kontakt 5 (Version: 5.0.0.5133)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.3.0.853)
Native Instruments Traktor 2
Native Instruments Traktor 2 (Version: 2.1.1.11533)
Nero 10 ClipartPack (Version: 10.2.10000.11.0)
Nero 10 Menu TemplatePack 1 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 2 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 3 (Version: 10.2.10100.1.0)
Nero 10 Menu TemplatePack Basic (Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack 1 (Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack 2 (Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack 3 (Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack 4 (Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0)
Nero 10 PiP EffectPack 1 (Version: 10.2.10000.0.0)
Nero 10 Sample ImagePack (Version: 10.2.10000.11.0)
Nero 10 Sample Videos (Version: 10.2.10000.11.0)
Nero 10 Video TransitionPack 1 (Version: 10.2.10000.0.0)
Nero 11 (Version: 11.0.15500)
Nero 11 Cliparts (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 1 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 2 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 3 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 1 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 2 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 3 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 4 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects 1 (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero 11 Video Samples (Version: 11.0.11200.12.0)
Nero 11 Video Transitions 1 (Version: 11.0.11200.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 10 (Version: 5.6.11000.11.100)
Nero BackItUp 10 Help (CHM) (Version: 10.5.10000)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.6.12600.0.5)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 10 (Version: 2.0.19800.9.10)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 10 (Version: 5.2.10700.7.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10000)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero DiscCopy Gadget 10 (Version: 3.2.10500.7.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 10.5.10000)
Nero DiscSpeed 10 (Version: 6.4.10400.0.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Express 10 (Version: 10.2.11500.17.100)
Nero Express 10 Help (CHM) (Version: 10.5.10100)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero InfoTool 10 (Version: 7.2.10300.5.100)
Nero InfoTool 10 Help (CHM) (Version: 10.5.10000)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Multimedia Suite 10 Platinum HD (Version: 10.5.10900)
Nero Recode 10 (Version: 4.8.10400.3.100)
Nero Recode 10 Help (CHM) (Version: 10.5.10000)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 10 (Version: 3.2.10600.7.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 10 (Version: 4.8.10200.1.100)
Nero SoundTrax 10 Help (CHM) (Version: 10.5.10000)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero StartSmart 10 (Version: 10.2.11100.10.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero Vision 10 (Version: 7.4.10800.7.100)
Nero Vision 10 Help (CHM) (Version: 10.5.10000)
Nero WaveEditor 10 (Version: 5.8.10400.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 10.5.10000)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20007)
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111 (Version: 1.0.0)
Network (Version: 130.0.550.000)
Noisebud CatchDad (Version: 2.0)
NoLimits Coasters Demo 1.8 (remove only)
Novation V-Station for Cubase SX3 VSTi v1.41
NVIDIA 3D Vision Driver 267.42 (Version: 267.42)
NVIDIA Control Panel 267.42 (Version: 267.42)
NVIDIA Graphics Driver 267.42 (Version: 267.42)
NVIDIA HD Audio Driver 1.2.18.0 (Version: 1.2.18.0)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6742)
OpenAL
Palm Desktop by ACCESS (Version: 6.4.0.0)
Pando Media Booster (Version: 2.3.6.0)
Pavtube HD Converter version 3.5.2.2185
PDF Settings (Version: 1.0)
Picasa 3 (Version: 3.8)
Pinnacle Video Driver (Version: 12.1.0.030)
Process Hacker 2.20 (Version: 2.20)
PS3 Media Server (Version: 1.54.0)
PSP 608 MultiDelay 1.1.2 (Version: 1.1.2)
PSP 84 1.5.3 32bit (Version: 1.5.3 32bit)
PSP Audioware Xenon v1.0
PSP EasyVerb 1.6.0 32bit (Version: 1.6.0 32bit)
PSP MasterComp 1.5.4 (Version: 1.5.4)
PSP MasterQ 1.5.2 (Version: 1.5.2)
PSP MixPack2 2.0.3 (Version: 2.0.3)
PSP Neon 1.5.1 32bit (Version: 1.5.1 32bit)
PSP Nitro 1.1.2 (Version: 1.1.2)
PSP oldTimer 32bit (Version: 2.0.0 32bit)
PSP sQuad 1.5.2 32bit (Version: 1.5.2 32bit)
PSP StereoPack 1.9.0 (Version: 1.9.0)
PSP VintageWarmer2 2.3.1 32bit (Version: 2.3.1 32bit)
PSP Xenon 1.1.9 32bit (Version: 1.1.9 32bit)
PureHD (Version: 14.0.0.342)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.71.80.42)
Reason 3.0 (Version: 3.0)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Roblox for Daw
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
SAMSUNG Android USB Modem Software (Version: 4.50.7)
SAMSUNG USB Driver for Mobile Phones V5.2.0.0 (Version: 1.2.1060.0)
SamsungSimpleDL (Version: 1.0.008)
Scan (Version: 13.0.0.0)
Setup (Version: 14.0.0.342)
Share (Version: 14.0.0.342)
Sierra Utilities
Skype Toolbars (Version: 5.0.4137)
Smart Technology Programming Software 7.0.2.7 (Version: 7.0.2.7)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
Sony CD Architect 5.2 (Version: 5.2.153)
Sothink HD Movie Maker
Sound Bridge
Spybot - Search & Destroy (Version: 1.6.2)
Steinberg Cubase 6 (Version: 6.0.5)
Steinberg Drum Loop Expansion 01 (Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (Version: 1.0.0.000)
Steinberg HALion Sonic SE (Version: 1.5.2)
Steinberg HALion Sonic SE Content (Version: 1.5.2.000)
Steinberg LoopMash Content (Version: 2.0.0.000)
Steinberg LoopMash Content 2 (Version: 1.0.0.000)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
Steinberg VST Amp Rack Content 01 (Version: 1.0.0.000)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
SWiSH Max4 (Version: 10.10.29.100)
TeamViewer 5 (Version: 5.1.13999 )
TeamViewer 7 (Version: 7.0.12979)
Toolbox (Version: 130.0.648.000)
TubeOhm ANTI-TRANSPIRANT/Stepper4free
twhirl (Version: 0.9.7)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (Version: )
UVI Workstation 2.0.6 (Version: 2.0.6)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vegas Movie Studio HD Platinum 11.0 (Version: 11.0.322)
VIO (Version: 14.0.0.342)
Virtuadrum (Version: 1.1)
Visual C++ Redistributables (Version: 1.2.0.5555)
VmciSockets (Version: 9.1.54.1)
VMware Player (Version: 4.0.2.28060)
VSClassic (Version: 14.0.0.342)
VSPro (Version: 14.0.0.342)
Waves Diamond Bundle v5.2
Waves L3 v5.2
WebEx
WebReg (Version: 130.0.132.017)
welcome (Version: 11.0.21500.0.4)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
X3 Terran Conflict v3.0
XviD4PSP 5.10.276.1
yuPlay client 0.7.24

**** End of log ****


Farbar Service Scanner Version: 04-08-2012 01
Ran by Daw (administrator) on 03-08-2012 at 19:27:18
Running from "I:\"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 19:40] - [2012-03-30 03:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 18:42] - [2011-03-02 22:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 16:53] - [2009-07-13 18:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 16:54] - [2009-07-13 18:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 16:23] - [2009-07-13 18:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 16:24] - [2009-07-13 18:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-09 20:24] - [2010-12-20 22:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 16:30] - [2009-07-13 18:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-12 22:01] - [2012-04-23 21:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 tcsllc

tcsllc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 03 August 2012 - 09:44 PM

As far as how it's working, it seems to be running smooth but I tried to run windows updates and that didn't work. That's the only thing I've really done so far.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 03 August 2012 - 09:53 PM

tried to run windows updates and that didn't work

The BITS registry key is missing so we need to replace it

Please download the attached registry fix, double click it to run it and allow it to merge into the registry (then delete the file as you wont need it again)





NEXT

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 06 August 2012 - 03:22 PM

do you still need help with your machine?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 tcsllc

tcsllc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 06 August 2012 - 03:35 PM

Everything looks fine. Thanks for all your help!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 06 August 2012 - 04:05 PM

did you run the reg fix? Is the windows update working now

if all is ok, then we need to clean up our tools


You can delete all the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:56 AM

Posted 10 August 2012 - 03:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users