Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected windows/system32/services.exe


  • This topic is locked This topic is locked
36 replies to this topic

#1 zero06

zero06

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 02 August 2012 - 01:11 AM

I noticed that Windows Security Essential stopped working. I tried to reinstall and scan the computer but a message popped up telling me that Windows had encountered a problem and had to restart in 1 minute. I restarted the computer but the same message would pop up.
I tried to scan the computer in safe mode and I found out that Windows/System32/services.exe was infected. Windows Security Essential would try to clean it, but then the same message as before would pop up telling me that Windows had to restart.

I have come here hoping to get some help. I have a Windows 7 64 bit computer.
I have also copied the DDS log below. Any help is appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Julian at 1:03:26 on 2002-01-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3346 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_0&u=___userid___
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [RRT-Auto] C:\Users\Julian\Documents\RRT.exe auto
StartupFolder: C:\Users\Julian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{421E30C3-DFE9-4A4F-B29B-CE0C18433E42} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [RRT-Auto] C:\Users\Julian\Documents\RRT.exe auto
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\ecs0mk62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_0&u=___userid___
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-4 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-20 2214504]
S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-4 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2010-6-24 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2w7x.sys --> C:\Windows\system32\DRIVERS\WN111v2w7x.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-08-02 01:54:35 50392 ----a-w- C:\Windows\System32\drivers\ugcwoxdt.sys
2012-08-02 01:54:35 328704 ----a-w- C:\Windows\System32\services.exe.C452E7A912FA2548
2012-08-02 01:51:35 328704 ----a-w- C:\Windows\System32\services.exe.D5198EB415DAFDDF
2012-08-02 01:48:36 328704 ----a-w- C:\Windows\System32\services.exe.2CE7147046FBCD2D
2012-08-02 01:45:40 328704 ----a-w- C:\Windows\System32\services.exe.6C7B72A0797CD7FD
2012-08-02 01:41:57 328704 ----a-w- C:\Windows\System32\services.exe.374C06D742282D71
2012-08-02 01:38:18 328704 ----a-w- C:\Windows\System32\services.exe.E157843DD6BE80BB
2012-08-02 01:35:00 328704 ----a-w- C:\Windows\System32\services.exe.38EC04037388F5AB
2012-08-02 01:33:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3D7509C-CB50-449C-A7A7-4A9BF8D02006}\offreg.dll
2012-08-02 01:31:18 328704 ----a-w- C:\Windows\System32\services.exe.3D235B2B1069CBF7
2012-08-02 01:28:12 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD45A1CE-B26C-4B6C-8203-5A40968CC2A9}\gapaengine.dll
2012-08-02 01:27:57 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3D7509C-CB50-449C-A7A7-4A9BF8D02006}\mpengine.dll
2012-08-02 01:24:59 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-02 01:24:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-30 23:31:07 -------- d-----w- C:\Users\Julian\AppData\Local\Overwolf
2012-07-30 23:18:56 -------- d-----w- C:\Program Files (x86)\WEBZEN
2012-07-30 19:24:37 -------- d-----w- C:\Users\Julian\AppData\Local\DDMSettings
2012-07-30 06:54:27 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-30 06:30:54 20480 ----a-w- C:\Windows\svchost.exe
2012-07-18 19:17:10 -------- d-----w- C:\Users\Julian\AppData\Roaming\Trine2
2012-07-18 19:14:34 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2012-07-18 19:14:34 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2012-07-18 19:14:33 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-07-18 19:14:33 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
2012-07-13 04:06:57 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-07-13 04:06:55 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-11 20:56:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:39:12 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 19:39:11 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 19:39:11 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 19:39:09 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 19:39:09 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 19:39:09 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-08 21:20:30 -------- d-----w- C:\Program Files (x86)\Conduit
2012-06-21 17:18:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 17:17:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 17:17:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 17:17:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-12 22:05:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:05:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 22:05:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-07 04:49:26 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 04:49:26 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-12 05:33:10 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 05:33:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 05:32:01 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 05:31:30 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 05:29:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 05:29:45 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 05:29:44 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 05:29:43 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 05:29:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-02 21:09:06 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 21:09:02 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 21:09:02 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 20:33:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-11 20:10:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 20:10:31 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 20:10:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 20:08:14 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 20:07:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 20:07:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 20:07:25 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 20:38:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-05 06:08:33 -------- d-----w- C:\Users\Julian\AppData\Roaming\mIRC
2012-04-05 06:08:32 -------- d-----w- C:\Program Files (x86)\mIRC
2012-04-05 06:01:15 -------- d-----w- C:\Users\Julian\AppData\Roaming\shinDownloads
2012-04-01 22:02:17 388096 ----a-r- C:\Users\Julian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-01 22:02:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-01 21:56:18 -------- d-----w- C:\RRTVAULT
2012-04-01 20:24:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 20:19:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-01 02:10:50 -------- d-----w- C:\Users\Julian\AppData\Local\adaware
2012-04-01 02:10:42 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-01 02:10:42 45904 ----a-w- C:\Windows\System32\sbbd.exe
2012-04-01 02:10:39 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-01 02:10:38 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-01 02:10:31 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-01 02:10:31 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-01 02:10:27 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-01 02:10:02 -------- d-----w- C:\Users\Julian\AppData\Local\adawarebp
2012-04-01 02:09:58 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-04-01 01:45:20 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-01 01:45:19 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-04-01 01:31:04 -------- d-----w- C:\Users\Julian\AppData\Roaming\Ad-Aware Antivirus
2012-04-01 00:21:14 -------- d-----w- C:\Users\Julian\AppData\Local\ElevatedDiagnostics
2012-03-30 02:57:26 -------- d-----w- C:\Windows\pss
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-19 23:46:22 -------- d--h--w- C:\ProgramData\Symantec
2012-03-19 23:46:19 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0306010.00B
2012-03-19 23:46:19 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2012-03-19 23:46:19 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2012-03-19 23:46:18 -------- d-----w- C:\ProgramData\Norton
2012-03-19 23:46:16 -------- d-----w- C:\ProgramData\NortonInstaller
2012-03-19 23:46:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-03-19 01:44:35 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 01:44:35 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 15:10:51 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 15:10:50 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:10:50 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-06 03:43:46 -------- d-----w- C:\Program Files\Waterfox
2012-02-26 21:13:43 -------- d-----w- C:\Users\Julian\AppData\Roaming\xWeasel
2012-02-24 09:30:48 1618216 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
2012-02-23 07:20:46 327432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
2012-02-15 17:14:19 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 17:14:19 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:13:26 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 17:13:25 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:13:15 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 17:12:59 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 17:12:59 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-05 16:11:16 -------- d-----w- C:\Python31
2012-01-27 19:36:30 -------- d--h--w- C:\Users\Julian\AppData\Local\Locktime
2012-01-27 19:34:31 -------- d-----w- C:\ProgramData\Locktime
2012-01-27 19:34:31 -------- d-----w- C:\Program Files\NetLimiter 3
2012-01-27 08:47:14 -------- d-----w- C:\Program Files\iTunes
2012-01-27 08:47:14 -------- d-----w- C:\Program Files\iPod
2012-01-27 08:47:14 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-27 08:45:27 -------- d-----w- C:\Program Files\Bonjour
2012-01-27 08:45:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-26 05:26:09 395776 ----a-w- C:\Windows\System32\webio.dll
2012-01-26 05:26:09 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-01-26 05:26:09 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-01-26 05:26:09 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2012-01-26 05:26:09 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-01-26 05:26:09 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-26 05:26:09 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-01-12 06:34:00 -------- d--h--w- C:\Users\Julian\AppData\Roaming\tools
2012-01-11 04:34:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 04:34:44 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 04:34:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 04:34:44 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 04:34:43 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 04:34:43 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 04:34:42 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 04:34:42 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-20 02:46:50 43520 ----a-w- C:\Windows\System32\libusb0.dll
2011-12-20 02:46:50 29184 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2011-12-09 16:55:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-09 16:55:17 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-09 16:55:16 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-09 16:55:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-09 16:55:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-28 17:24:32 8570192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2FF71925-F77F-4DDF-AA05-22B4ADF36188}\mpengine.dll
2011-11-27 12:49:20 -------- d-----we C:\Windows\system64
2011-11-22 13:12:37 -------- d-----w- C:\Program Files\LoopArray
2011-11-20 14:53:26 -------- d--h--w- C:\Users\Julian\AppData\Roaming\NVIDIA
2011-11-20 14:50:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-11-20 14:50:31 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-11-20 14:50:31 6300776 ----a-w- C:\Windows\System32\nvcpl.dll
2011-11-20 14:50:31 61544 ----a-w- C:\Windows\System32\nvshext.dll
2011-11-20 14:50:31 3040872 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-11-20 14:50:31 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-11-20 14:50:31 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-11-20 14:50:31 1016936 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-11-20 14:49:58 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-11-20 14:49:53 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-11-17 17:22:39 -------- d-----w- C:\Users\Julian\AppData\Roaming\Xilisoft
2011-11-17 17:20:32 -------- d-----w- C:\ProgramData\Xilisoft
2011-11-17 17:20:32 -------- d-----w- C:\Program Files (x86)\Xilisoft
2011-11-09 07:36:13 -------- d-----w- C:\Users\Julian\AppData\Roaming\General Downloader
2011-11-05 17:12:10 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2011-11-05 17:12:10 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-11-05 07:44:49 -------- d--h--w- C:\Users\Julian\AppData\Local\Real
2011-11-05 07:44:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-11-05 07:43:46 -------- d-----w- C:\Users\Julian\AppData\Local\Google
2011-11-05 07:38:53 -------- d-----w- C:\Program Files (x86)\DealScout
2011-10-31 12:27:44 421888 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-10-14 17:13:50 -------- d-sh--w- C:\found.000
2011-10-12 09:37:05 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 09:37:05 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 09:37:05 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 09:37:05 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 09:36:50 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 09:36:50 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 09:36:50 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 09:36:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-11 15:06:40 -------- d-----w- C:\Program Files\CCleaner
2011-10-11 12:50:12 -------- d-----w- C:\Windows\System32\SPReview
2011-10-11 12:48:12 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-05 11:52:30 756048 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2011-10-04 05:40:03 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-10-04 05:40:03 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-09-23 11:53:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-07 23:18:26 -------- d--h--w- C:\ProgramData\Texas Instruments
2011-09-07 23:18:24 -------- d-----w- C:\Users\Julian\AppData\Roaming\Texas Instruments
2011-09-07 23:15:29 -------- d-----w- C:\Program Files (x86)\TI Education
2011-09-07 23:13:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-09-06 00:30:53 -------- d-----w- C:\Windows\System32\appmgmt
2011-09-02 11:02:23 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-09-02 11:02:23 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-09-02 11:02:23 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-09-02 11:02:23 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-09-02 11:02:23 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-09-02 10:58:12 -------- d-----w- C:\Users\Julian\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142110}
2011-09-02 10:14:21 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2011-09-02 10:14:21 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-02 10:13:36 -------- d-----w- C:\Program Files\Microsoft Mathematics
2011-08-31 07:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 07:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 07:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 07:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 07:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 07:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 07:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 07:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-29 21:00:31 -------- d-----w- C:\CS173
2011-08-20 21:45:09 -------- d--h--w- C:\Users\Julian\AppData\Roaming\DVDVideoSoft
2011-08-04 03:53:14 17324928 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2011-08-03 01:38:56 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-08-03 01:38:56 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-07-27 13:33:08 1064296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\RICHED20.DLL
2011-07-22 22:18:48 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-22 22:18:37 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-22 22:18:35 107008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-22 22:18:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-07-22 22:18:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-07-22 19:32:36 11693904 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
2011-07-20 12:15:44 1365832 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2011-06-26 03:02:08 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-26 03:02:08 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-25 17:57:01 3966808 ----a-w- C:\Windows\SysWow64\GameMon.des
2011-06-25 17:56:55 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2011-06-25 17:56:55 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2011-06-25 17:56:54 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2011-06-20 23:07:58 629760 ----a-w- C:\Windows\SysWow64\pmcsnap.dll
2011-06-20 23:06:59 89600 ----a-w- C:\Windows\SysWow64\wbem\WmiApRpl.dll
2011-06-20 23:05:12 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-20 23:05:12 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-20 23:05:12 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-20 23:05:06 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-20 23:05:04 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-20 23:04:47 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-20 23:04:47 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-18 22:08:57 -------- d-----w- C:\Users\Julian\AppData\Local\Kobo
2011-06-18 22:07:51 -------- d-----w- C:\Program Files (x86)\Kobo
2011-06-15 18:55:29 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-06-15 18:55:21 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 18:55:21 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 18:53:46 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-15 18:53:46 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-15 18:53:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-15 18:53:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-15 18:53:44 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-15 18:53:44 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 18:53:44 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-15 18:53:27 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 18:53:27 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-09 19:42:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-01 00:26:54 986000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\msoshext.dll
2011-05-24 23:04:46 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-19 01:22:19 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-19 01:22:19 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-18 01:36:56 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe
2011-05-17 18:30:52 1103784 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\RICHED20.DLL
2011-05-14 04:11:54 641536 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-11 23:26:04 72280 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2011-05-11 15:23:43 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 15:23:43 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 15:23:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 15:23:43 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 15:23:43 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 15:23:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 15:23:43 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-06 21:50:59 829920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-06 21:50:59 2003424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-06 21:50:59 15840 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-06 21:50:59 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-06 21:50:58 82400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-05-06 21:50:58 425952 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-05 01:34:39 -------- d-----w- C:\Users\Julian\AppData\Local\assembly
2011-05-05 01:08:27 -------- d--h--w- C:\Users\Julian\AppData\Roaming\Microsoft Corporation
2011-04-29 21:15:42 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys
2011-04-22 23:45:33 -------- d--h--w- C:\Users\Julian\AppData\Local\Conduit
2011-04-19 11:47:04 670032 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-19 11:09:28 855376 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-15 00:39:43 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-04-15 00:39:43 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-15 00:39:43 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-04-03 04:09:35 -------- d-----w- C:\Users\Julian\AppData\Roaming\Azureus
2011-04-03 04:08:56 -------- d-----w- C:\Program Files (x86)\Vuze
2011-04-03 04:08:42 -------- d-----w- C:\Program Files (x86)\Vuze_Remote
2011-03-26 19:18:38 -------- d-----w- C:\Windows\Roaming
2011-03-26 19:18:33 -------- d-----w- C:\Program Files (x86)\BellSouthWCC
2011-03-26 19:18:31 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
2011-03-22 00:44:30 33416 ----a-w- C:\Windows\System32\drivers\nlndis.sys
2011-03-09 16:32:24 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-09 16:32:24 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-09 16:32:24 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-09 16:32:23 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 16:32:23 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 16:32:22 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 16:32:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 16:32:22 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 16:32:22 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-02-19 23:51:30 -------- d-----w- C:\CS
2011-02-10 23:45:50 537088 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2011-02-10 23:42:00 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2011-02-10 05:24:13 -------- d--h--w- C:\Users\Julian\AppData\Roaming\Microsoft FxCop
2011-02-09 21:02:23 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-09 21:02:23 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-09 21:02:10 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-09 21:02:10 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-09 16:54:56 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
2011-02-09 16:54:56 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
2011-02-09 16:54:56 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
2011-02-09 16:54:56 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
2011-02-09 16:54:56 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
2011-02-09 16:43:02 -------- d-----w- C:\Program Files (x86)\EpsonNet
2011-02-09 16:42:34 558080 ----a-w- C:\Windows\System32\ensppmon.dll
2011-02-09 16:42:34 558080 ----a-w- C:\Windows\System32\enppmon.dll
2011-02-09 16:42:34 537600 ----a-w- C:\Windows\System32\ensppui.dll
2011-02-09 16:42:34 537600 ----a-w- C:\Windows\System32\enppui.dll
2011-02-09 16:42:34 250880 ----a-w- C:\Windows\System32\enspres.dll
2011-02-09 16:42:34 250880 ----a-w- C:\Windows\System32\enpres.dll
2011-02-09 16:42:34 -------- d-----w- C:\Program Files\EpsonNet
2011-02-09 16:42:24 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2011-02-09 16:41:47 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-02-02 02:25:29 -------- d-----w- C:\ProgramData\Microsoft Visual Studio
2011-01-31 17:30:38 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-01-31 17:30:38 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-01-31 17:30:32 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-01-31 17:30:32 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-01-31 17:29:48 -------- d-----w- C:\Windows\System32\RsFx
2011-01-31 17:25:21 -------- d-----w- C:\Program Files\Microsoft SQL Server
2011-01-31 17:25:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2011-01-31 17:24:29 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-01-31 17:24:29 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-01-31 17:24:24 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-01-31 17:24:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-01-31 17:23:54 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2011-01-31 17:21:40 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2011-01-31 17:21:36 -------- d-----w- C:\Program Files\IIS
2011-01-31 17:21:36 -------- d-----w- C:\Program Files (x86)\IIS
2011-01-31 17:20:56 2478272 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-01-31 17:14:40 -------- d-----w- C:\Windows\SysWow64\1033
2011-01-31 17:14:27 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-01-31 17:14:27 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2011-01-31 17:14:27 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2011-01-31 17:14:27 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2011-01-31 17:08:19 -------- d-----w- C:\Windows\System32\1033
2011-01-31 17:08:17 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2011-01-31 17:08:17 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2011-01-31 16:52:39 -------- d-----w- C:\Windows\PCHEALTH
2011-01-31 16:37:08 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-01-31 16:37:08 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-01-31 16:37:08 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-01-30 00:00:32 -------- d--h--w- C:\Users\Julian\AppData\Roaming\DAEMON Tools Pro
2011-01-30 00:00:32 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2011-01-08 01:43:50 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2011-01-08 01:43:50 1497936 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2011-01-08 01:38:26 6994256 ----a-w- C:\Windows\SysWow64\mfc100ud.dll
2011-01-08 01:38:26 6926672 ----a-w- C:\Windows\SysWow64\mfc100d.dll
2011-01-08 01:38:26 104784 ----a-w- C:\Windows\SysWow64\mfcm100ud.dll
2011-01-08 01:38:26 103248 ----a-w- C:\Windows\SysWow64\mfcm100d.dll
2011-01-08 01:32:36 87888 ----a-w- C:\Windows\SysWow64\vcomp100d.dll
2011-01-08 01:14:42 1858384 ----a-w- C:\Windows\System32\msvcr100d.dll
2011-01-08 01:14:42 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2011-01-08 01:09:10 9032016 ----a-w- C:\Windows\System32\mfc100ud.dll
2011-01-08 01:09:10 8955728 ----a-w- C:\Windows\System32\mfc100d.dll
2011-01-08 01:09:10 120144 ----a-w- C:\Windows\System32\mfcm100ud.dll
2011-01-08 01:09:10 118608 ----a-w- C:\Windows\System32\mfcm100d.dll
2011-01-08 01:03:12 106832 ----a-w- C:\Windows\System32\vcomp100d.dll
2011-01-07 22:02:48 91472 ----a-w- C:\Windows\System32\mfcm100u.dll
2011-01-04 02:29:30 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-01-04 02:29:28 -------- d-----w- C:\Program Files\DivX
2011-01-04 02:29:21 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-01-04 02:27:20 -------- d-----w- C:\Program Files (x86)\DivX
2011-01-04 02:26:39 -------- d-----w- C:\ProgramData\DivX
2010-11-30 10:15:20 -------- d--h--w- C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers
2010-11-30 10:15:13 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2010-11-30 10:15:13 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-11-30 07:24:01 -------- d--h--w- C:\Users\Julian\AppData\Local\Apple Computer
2010-11-30 07:23:56 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-11-30 07:23:56 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-11-30 07:23:56 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-11-30 07:23:49 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-11-30 07:22:11 -------- d--h--w- C:\Users\Julian\AppData\Local\Apple
2010-11-28 01:31:20 2146304 ----a-w- C:\Windows\SysWow64\python31.dll
2010-11-21 19:00:16 -------- d--h--w- C:\Users\Julian\AppData\Roaming\NPLUTO Corporation
2010-11-21 18:38:02 -------- d-----w- C:\GamesCampus
2010-11-21 17:52:58 -------- d--h--w- C:\Users\Julian\AppData\Local\PMB Files
2010-11-21 17:52:57 -------- d-----w- C:\ProgramData\PMB Files
2010-11-21 17:52:42 -------- d-----w- C:\Program Files (x86)\Pando Networks
2010-11-19 13:56:06 -------- d--h--w- C:\Users\Julian\AppData\Local\Diagnostics
2010-11-12 21:54:35 -------- d-----w- C:\ProgramData\McAfee Security Scan
2010-11-12 21:54:35 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2010-11-12 21:54:33 -------- d-----w- C:\Users\Julian\AppData\Local\Adobe
2010-09-30 14:45:59 -------- d-----w- C:\Users\Julian\AppData\Roaming\downloads1
2010-09-24 19:03:11 -------- d--h--w- C:\Users\Julian\.idlerc
2010-09-24 18:58:04 -------- d-----w- C:\Python27
2010-09-23 20:52:04 -------- d-----w- C:\Users\Julian\AppData\Roaming\FFSJ
2010-09-23 20:51:51 794906 ----a-w- C:\Windows\unins000.exe
2010-09-23 20:51:51 -------- d-----w- C:\Windows\SysWow64\FFSJ
2010-09-17 20:17:28 -------- d-----w- C:\Program Files (x86)\MSECache
2010-09-15 15:17:12 8570192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-14 14:11:14 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2010-09-14 14:11:12 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-09-13 20:48:04 -------- d-----w- C:\anime
2010-09-13 20:47:15 -------- d-----w- C:\Users\Julian\AppData\Roaming\.BitTornado
2010-09-13 20:46:56 -------- d-----w- C:\Program Files (x86)\BitTornado
2010-09-13 20:07:49 -------- d-----w- C:\Windows\SysWow64\Wat
2010-09-13 20:07:49 -------- d-----w- C:\Windows\System32\Wat
2010-09-13 09:38:55 -------- d-----w- C:\Windows\Panther
2010-09-13 09:32:48 -------- d--h--w- C:\Windows.old
2010-09-13 09:04:39 279656 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-13 08:52:20 43328 ----a-w- C:\Windows\System32\drivers\PCAMp50a64.sys
2010-09-13 08:52:20 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2010-09-13 08:51:52 -------- d-----w- C:\Program Files (x86)\NETGEAR
2010-09-13 08:51:36 -------- d-----w- C:\ProgramData\NETGEAR
2010-09-13 08:51:25 -------- d-sh--w- C:\Windows\Installer
2010-09-13 08:51:24 -------- d-----w- C:\Windows\Downloaded Installations
2010-06-24 22:53:04 37376 ----a-w- C:\Windows\SysWow64\libusb0.dll
2010-06-24 22:53:04 21504 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
2010-04-27 20:40:58 388448 ----a-w- C:\Windows\System32\drivers\netr7064.sys
2010-04-16 17:49:08 503296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\USP10.DLL
2010-03-19 17:55:26 154496 ----a-w- C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.Build.CPPTasks.Common.dll
2010-03-19 17:55:26 142712 ----a-w- C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Platforms\x64\Microsoft.Build.CPPTasks.x64.dll
2010-03-19 16:34:58 12616 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Team Foundation Server\10.0\TfsNop.exe
2010-03-19 14:53:42 82768 ----a-w- C:\Windows\System32\VSCover100.dll
2010-03-19 14:53:42 145232 ----a-w- C:\Windows\System32\VSPerf100.dll
2010-03-19 13:17:12 666464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTS 10.0\Trace Debugger\TraceLogProfiler.dll
2010-03-19 13:17:12 65872 ----a-w- C:\Windows\SysWow64\VSCover100.dll
2010-03-19 13:17:12 12128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTS 10.0\Trace Debugger\1033\TraceLogProfilerUI.dll
2010-03-19 13:17:12 111440 ----a-w- C:\Windows\SysWow64\VSPerf100.dll
2010-03-19 12:30:16 96144 ----a-w- C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\SharePointTools\Microsoft.VisualStudio.SharePoint.Tasks.dll
2010-03-19 07:48:32 167760 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSI Tools\mergemod.dll
2010-03-19 06:48:58 90968 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\dbgautoattach.dll
2010-03-19 06:48:58 42328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\pdmproxy100.dll
2010-03-19 06:48:58 361800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\pdm.dll
2010-03-19 06:48:58 126280 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\csm.dll
2010-03-19 06:01:30 8520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\1033\pdmui.dll
2010-03-19 06:01:30 747848 ----a-w- C:\Program Files\Common Files\Microsoft Shared\WF\amd64\WDE.dll
2010-03-19 06:01:30 54112 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vsjitdebuggerps.dll
2010-03-19 06:01:30 492872 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll
2010-03-19 06:01:30 48984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdmproxy100.dll
2010-03-19 06:01:30 463176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\WF\WDE.dll
2010-03-19 06:01:30 463176 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\WF\WDE.dll
2010-03-19 06:01:30 316760 ----a-w- C:\Windows\System32\vsjitdebugger.exe
2010-03-19 06:01:30 1900384 ----a-w- C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler_64.dll
2010-03-19 06:01:30 167264 ----a-w- C:\Program Files\Common Files\Microsoft Shared\WF\amd64\WorkflowDebugHost.exe
2010-03-19 06:01:30 158024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll
2010-03-19 06:01:30 106840 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\dbgautoattach.dll
2010-03-19 04:47:18 8520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\1033\pdmui.dll
2010-03-19 03:51:28 8024 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\1033\VSLauncherUI.dll
2010-03-19 03:51:28 419680 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSContentInstaller.exe
2010-03-19 03:51:28 419680 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\en\VSContentInstaller.exe
2010-03-19 03:51:28 19792 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSDesigners8\Resources\1033\msddsui.dll
2010-03-19 01:23:04 20832 ----a-w- C:\Windows\System32\aspnet_counters.dll
2010-03-19 00:47:22 17760 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2010-03-18 21:27:14 827744 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2010-03-18 20:16:28 771424 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2010-03-18 07:24:38 358904 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2010-02-19 19:27:36 720384 ----a-w- C:\Windows\SysWow64\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- C:\Windows\SysWow64\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- C:\Windows\SysWow64\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- C:\Windows\SysWow64\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- C:\Windows\SysWow64\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- C:\Windows\SysWow64\divx_xx11.dll
2010-02-14 22:05:46 234336 ----a-w- C:\Windows\SysWow64\SqlServerSpatial.dll
2010-02-14 21:16:14 459104 ----a-w- C:\Windows\System32\SqlServerSpatial.dll
2010-01-07 10:20:22 448512 ----a-w- C:\Windows\System32\drivers\RTL8187.sys
2009-11-21 02:22:18 118784 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTT\10.0\Microsoft.VisualStudio.OLE.Interop.dll
2009-10-23 03:51:18 8704 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\Microsoft.VisualStudio.VSHelp80.dll
2009-10-23 03:51:18 73728 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\VSLangProj80.dll
2009-10-23 03:51:18 245760 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\envdte.dll
2009-10-23 03:51:18 135168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\envdte80.dll
2009-10-21 19:01:34 767488 ----a-w- C:\Windows\System32\drivers\WN111v2w7x.sys
2009-08-31 12:02:50 12800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\envdte90a.dll
2009-08-31 12:02:50 12288 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\VsWebSite.Interop90.dll
2009-08-31 10:43:10 5120 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\VSLangProj90.dll
2009-08-31 10:43:10 49152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\VsWebSite.Interop.dll
2009-08-31 10:43:10 18944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\envdte90.dll
2009-08-31 10:07:46 16384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\Microsoft.VisualStudio.VSContentInstaller.dll
2009-08-31 10:06:14 57048 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\SQL Debugging\ssdebugps.dll
2009-08-31 09:34:02 265720 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2009-08-18 06:42:00 33600 ----a-w- C:\Program Files (x86)\MSBuild\Microsoft\Silverlight\v3.0\zlib114.dll
2009-08-18 06:42:00 259912 ----a-w- C:\Program Files (x86)\MSBuild\Microsoft\Silverlight\v3.0\XamlServices.dll
2009-08-18 06:42:00 157568 ----a-w- C:\Program Files (x86)\MSBuild\Microsoft\Silverlight\v3.0\Microsoft.Silverlight.Build.Tasks.dll
2009-07-22 08:17:50 64536 ----a-w- C:\Program Files\Common Files\Microsoft Shared\SQL Debugging\ssdebugps.dll
2009-07-22 08:17:36 43544 ----a-w- C:\Windows\System32\DTSPipelinePerf100.dll
2009-07-21 07:05:40 1348432 ----a-w- C:\Windows\SysWow64\msxml4.dll
2009-07-14 07:47:16 -------- d-----w- C:\Program Files\Windows Journal
2009-07-14 07:46:36 -------- d-----w- C:\Windows\ShellNew
2009-07-14 07:46:36 -------- d-----w- C:\Windows\ehome
2009-07-14 05:35:51 6144 ----a-w- C:\Windows\System32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2009-07-14 05:32:38 -------- d-----w- C:\Windows\twain_32
2009-07-14 05:12:52 -------- d-----w- C:\Windows\System32\wbem\Performance
2009-07-14 05:08:56 -------- d-sh--we C:\Documents and Settings
2009-07-14 05:08:52 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2009-07-14 05:08:52 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2009-07-14 04:53:24 -------- d-----w- C:\Windows\System32\wbem\MOF
2009-07-14 04:45:50 -------- d-----w- C:\Windows\Setup
2009-07-14 04:45:47 -------- d-----w- C:\Windows\ServiceProfiles
2009-07-14 04:45:42 -------- d-s---w- C:\Windows\System32\Microsoft
.
==================== Find3M ====================
.
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2011-10-11 12:59:48 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-11 12:59:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
.
============= FINISH: 1:07:18.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 02 August 2012 - 05:28 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 02 August 2012 - 07:08 PM

Thanks for the help. It looks like I can't paste the FRST log. I get a message saying that the log is too long to post.

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2002-01-01 19:05:49
Running from F:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ___AH (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows.old\Windows\System32\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ___AH (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\system64\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 02 August 2012 - 07:38 PM

please zip it up and attach it

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 02 August 2012 - 08:22 PM

ok. Here's the frst log file

Attached Files

  • Attached File  FRST.zip   186.63KB   5 downloads


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 02 August 2012 - 08:53 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
1 alsuuuhj; \??\C:\Windows\system32\drivers\alsuuuhj.sys [x]
1 anzgmhre; \??\C:\Windows\system32\drivers\anzgmhre.sys [x]
1 appfmrky; \??\C:\Windows\system32\drivers\appfmrky.sys [x]
1 ayntfblv; \??\C:\Windows\system32\drivers\ayntfblv.sys [x]
1 bnjijfsl; \??\C:\Windows\system32\drivers\bnjijfsl.sys [x]
1 czjpdrxs; \??\C:\Windows\system32\drivers\czjpdrxs.sys [x]
1 dggekrsr; \??\C:\Windows\system32\drivers\dggekrsr.sys [x]
1 eepxbbfz; \??\C:\Windows\system32\drivers\eepxbbfz.sys [x]
1 ejqiramh; \??\C:\Windows\system32\drivers\ejqiramh.sys [x]
1 fczqfvup; \??\C:\Windows\system32\drivers\fczqfvup.sys [x]
1 fpqpssfo; \??\C:\Windows\system32\drivers\fpqpssfo.sys [x]
1 ikzkrucs; \??\C:\Windows\system32\drivers\ikzkrucs.sys [x]
1 khocmelp; \??\C:\Windows\system32\drivers\khocmelp.sys [x]
1 ldnlaqrr; \??\C:\Windows\system32\drivers\ldnlaqrr.sys [x]
1 lyxlyrxk; \??\C:\Windows\system32\drivers\lyxlyrxk.sys [x]
1 nnylaocg; \??\C:\Windows\system32\drivers\nnylaocg.sys [x]
1 qugzcapn; \??\C:\Windows\system32\drivers\qugzcapn.sys [x]
1 qwnvufns; \??\C:\Windows\system32\drivers\qwnvufns.sys [x]
1 sovndcab; \??\C:\Windows\system32\drivers\sovndcab.sys [x]
1 tnahxmsj; \??\C:\Windows\system32\drivers\tnahxmsj.sys [x]
1 unfavggc; \??\C:\Windows\system32\drivers\unfavggc.sys [x]
1 urmaltdz; \??\C:\Windows\system32\drivers\urmaltdz.sys [x]
1 vacztnsy; \??\C:\Windows\system32\drivers\vacztnsy.sys [x]
1 vferggzi; \??\C:\Windows\system32\drivers\vferggzi.sys [x]
1 vhpxdbnm; \??\C:\Windows\system32\drivers\vhpxdbnm.sys [x]
1 vnmpvfyz; \??\C:\Windows\system32\drivers\vnmpvfyz.sys [x]
1 vspmhqel; \??\C:\Windows\system32\drivers\vspmhqel.sys [x]
1 wmcdkdzp; \??\C:\Windows\system32\drivers\wmcdkdzp.sys [x]
1 xvzwlavh; \??\C:\Windows\system32\drivers\xvzwlavh.sys [x]
1 xwugnkvk; \??\C:\Windows\system32\drivers\xwugnkvk.sys [x]
1 yqtdiacy; \??\C:\Windows\system32\drivers\yqtdiacy.sys [x]
2012-08-01 17:54 - 2012-08-01 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C452E7A912FA2548
2012-08-01 17:54 - 2012-08-01 17:54 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ugcwoxdt.sys
2012-08-01 17:51 - 2012-08-01 17:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5198EB415DAFDDF
2012-08-01 17:48 - 2012-08-01 17:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CE7147046FBCD2D
2012-08-01 17:45 - 2012-08-01 17:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C7B72A0797CD7FD
2012-08-01 17:41 - 2012-08-01 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.374C06D742282D71
2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E157843DD6BE80BB
2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38EC04037388F5AB
2012-08-01 17:31 - 2012-08-01 17:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D235B2B1069CBF7
2012-07-29 22:30 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2011-11-27 04:48 - 2011-11-27 06:45 - 00013350 __ASH C:\Users\Julian\AppData\Local\svwvag1v2wvv7say7kbm3m836c7n
2011-11-27 04:48 - 2011-11-27 06:45 - 00013350 __ASH C:\Users\All Users\svwvag1v2wvv7say7kbm3m836c7n
2002-01-01 00:29 - 2002-01-01 00:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2446E5F65EDF70C1
2002-01-01 00:28 - 2002-01-01 00:28 - 00000000 ____A C:\Users\Julian\AppData\Local\{58F3812D-30B0-4256-919E-14319A889ADC}
2001-12-31 23:44 - 2001-12-31 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A08DC3CF7CB2EA0
2001-12-31 23:39 - 2001-12-31 23:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CA29D09F41F69AF
2001-12-31 23:32 - 2001-12-31 23:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9EB03776AC41B88
2001-12-31 23:20 - 2001-12-31 23:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20A4D88D75F53E1D
2001-12-31 23:08 - 2001-12-31 23:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C028159E329A818
C:\Windows\Installer\{786e80d7-4224-9112-0c47-d597aaf7ceb3}
C:\Windows\svchost.exe
TDL4: custom:26000022 <===== ATTENTION!
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
cmd: rmdir C:\Windows\system64
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 02 August 2012 - 11:57 PM

I ran FRST64 and got the log, but I wasn't able to run combofix.exe successfully. It was running but stopped on stage 32. I left the program running for an hour but nothing else would happen.
I was able to reboot the computer afterwards. I tried to run combofix again, but a message would pop up saying that I need to check my settings. A set of numbers that looks like a date would also pop up under the message.
I also scanned the service.exe file again and I saw that the virus was gone.

Here is the fixlog and thanks for the all the help so far.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2002-01-01 21:41:10 Run:1
Running from F:\

==============================================

alsuuuhj service deleted successfully.
anzgmhre service deleted successfully.
appfmrky service deleted successfully.
ayntfblv service deleted successfully.
bnjijfsl service deleted successfully.
czjpdrxs service deleted successfully.
dggekrsr service deleted successfully.
eepxbbfz service deleted successfully.
ejqiramh service deleted successfully.
fczqfvup service deleted successfully.
fpqpssfo service deleted successfully.
ikzkrucs service deleted successfully.
khocmelp service deleted successfully.
ldnlaqrr service deleted successfully.
lyxlyrxk service deleted successfully.
nnylaocg service deleted successfully.
qugzcapn service deleted successfully.
qwnvufns service deleted successfully.
sovndcab service deleted successfully.
tnahxmsj service deleted successfully.
unfavggc service deleted successfully.
urmaltdz service deleted successfully.
vacztnsy service deleted successfully.
vferggzi service deleted successfully.
vhpxdbnm service deleted successfully.
vnmpvfyz service deleted successfully.
vspmhqel service deleted successfully.
wmcdkdzp service deleted successfully.
xvzwlavh service deleted successfully.
xwugnkvk service deleted successfully.
yqtdiacy service deleted successfully.
C:\Windows\System32\services.exe.C452E7A912FA2548 moved successfully.
C:\Windows\System32\Drivers\ugcwoxdt.sys moved successfully.
C:\Windows\System32\services.exe.D5198EB415DAFDDF moved successfully.
C:\Windows\System32\services.exe.2CE7147046FBCD2D moved successfully.
C:\Windows\System32\services.exe.6C7B72A0797CD7FD moved successfully.
C:\Windows\System32\services.exe.374C06D742282D71 moved successfully.
C:\Windows\System32\services.exe.E157843DD6BE80BB moved successfully.
C:\Windows\System32\services.exe.38EC04037388F5AB moved successfully.
C:\Windows\System32\services.exe.3D235B2B1069CBF7 moved successfully.
C:\Windows\svchost.exe moved successfully.
C:\Users\Julian\AppData\Local\svwvag1v2wvv7say7kbm3m836c7n moved successfully.
C:\Users\All Users\svwvag1v2wvv7say7kbm3m836c7n moved successfully.
C:\Windows\System32\services.exe.2446E5F65EDF70C1 moved successfully.
C:\Users\Julian\AppData\Local\{58F3812D-30B0-4256-919E-14319A889ADC} moved successfully.
C:\Windows\System32\services.exe.6A08DC3CF7CB2EA0 moved successfully.
C:\Windows\System32\services.exe.1CA29D09F41F69AF moved successfully.
C:\Windows\System32\services.exe.B9EB03776AC41B88 moved successfully.
C:\Windows\System32\services.exe.20A4D88D75F53E1D moved successfully.
C:\Windows\System32\services.exe.6C028159E329A818 moved successfully.
C:\Windows\Installer\{786e80d7-4224-9112-0c47-d597aaf7ceb3} moved successfully.
C:\Windows\svchost.exe not found.

The operation completed successfully.
The operation completed successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

========= rmdir C:\Windows\system64 =========


========= End of CMD: =========


==== End of Fixlog ====

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 03 August 2012 - 02:39 AM

please run the following:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 03 August 2012 - 01:48 PM

The logs are too long to post so I zipped them and attached them to post

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 03 August 2012 - 04:28 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    IE - HKU\S-1-5-21-197936645-2307091325-223123944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 F2 BA EC 50 5D CC 01  [binary data]
    IE - HKU\S-1-5-21-197936645-2307091325-223123944-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    [2012/01/10 20:34:43 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{786e80d7-4224-9112-0c47-d597aaf7ceb3}\@
    [2012/01/10 20:34:43 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{786e80d7-4224-9112-0c47-d597aaf7ceb3}\@
    [2009/07/13 17:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
    
    :Files
    rmdir C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{786e80d7-4224-9112-0c47-d597aaf7ceb3} /c
    del C:\Windows\svchost.exe /c
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Please delete the copy of ComboFix that you have on your desktop and download a fresh copy, disable your security programs and run it, allow it to complete, post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 03 August 2012 - 05:37 PM

Um...No log came out of OTL Run Fix scan. I think it might be because I didn't delete the first OTL log on the desktop. Should I continue and run TDSSKiller

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 03 August 2012 - 05:47 PM

yes please, the new OTL fix log should have been saved on your C:\ drive in the OTL folder with the date and time the fix was run as the title

Edited by CatByte, 03 August 2012 - 05:48 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 03 August 2012 - 05:55 PM

Oh Yea I found it. Here is the OTL log.

I also attached the zipped TDSSKiller log.
And here is the ComboFix log.

PS It looks like I still can't turn on Microsoft Security Essentials

All processes killed
========== OTL ==========
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
No active process named svchost.exe was found!
No active process named svchost.exe was found!
No active process named svchost.exe was found!
HKU\S-1-5-21-197936645-2307091325-223123944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-197936645-2307091325-223123944-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Prefs.js: "Blekko" removed from browser.search.selectedEngine
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{786e80d7-4224-9112-0c47-d597aaf7ceb3}\@ moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\{786e80d7-4224-9112-0c47-d597aaf7ceb3}\@ not found.
C:\Windows\svchost.exe moved successfully.
========== FILES ==========
< rmdir C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{786e80d7-4224-9112-0c47-d597aaf7ceb3} /c >
C:\Users\Julian\Desktop\cmd.bat deleted successfully.
C:\Users\Julian\Desktop\cmd.txt deleted successfully.
< del C:\Windows\svchost.exe /c >
C:\Users\Julian\Desktop\cmd.bat deleted successfully.
C:\Users\Julian\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Julian\Desktop\cmd.bat deleted successfully.
C:\Users\Julian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Julian
->Temp folder emptied: 1381342294 bytes
->Temporary Internet Files folder emptied: 38514057 bytes
->Java cache emptied: 902341 bytes
->FireFox cache emptied: 62469954 bytes
->Google Chrome cache emptied: 21718945 bytes
->Flash cache emptied: 1496 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 207613139 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 80077166 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,710.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 01022002_175011

Attached Files


Edited by zero06, 03 August 2012 - 07:17 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:23 PM

Posted 03 August 2012 - 10:23 PM

ComboFix is showing that services.exe is still infected

when did you run it, the date and time of you clock is way off

Please run the following:

open an elevated command prompt

Click Start and type cmd in Start Search.
When cmd.exe populates in the window above, right click it and select Run as Administrator to open an elevated command prompt.


copy/paste the following command at the command prompt:


ren C:\WINDOWS\system32\drivers\services.exe services.vir
copy /y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\SYSTEM32
dir C:\WINDOWS\SYSTEM32\services*>log.txt
start notepad log.txt
exit
cls



please post the content of log.txt in your next reply

then please re-run ComboFix

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 03 August 2012 - 10:35 PM

I think the clock was resseted when the Combofix froze and I forced the computer to shut down. Is it possible that the virus could have re-downloaded itself when I turned on the computer in normal mode(not safe mode) and connected it to the internet?

Here is the log
And here is the zipped combofix log


Volume in drive C has no label.
Volume Serial Number is DE28-5D70

Directory of C:\WINDOWS\SYSTEM32

07/13/2009 05:39 PM 328,704 services.exe
06/10/2009 12:38 PM 92,745 services.msc
2 File(s) 421,449 bytes
0 Dir(s) 173,424,402,432 bytes free

Attached Files


Edited by zero06, 03 August 2012 - 11:08 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users