Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crashing so fast I can't even run DDS from Safemode


  • This topic is locked This topic is locked
21 replies to this topic

#1 blur144

blur144

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 August 2012 - 12:11 AM

Fortunately I have a FRST log from another site which shows my problem...

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 09-08-2012 23:03:01
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1246544 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Jacob\...\Run: [Steam] "c:\program files\steam\steam.exe" -silent [1353080 2012-08-05] (Valve Corporation)
HKU\Jacob\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Jacob\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-01] (Mozilla Foundation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()
3 DAUpdaterSvc; c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [12672 2010-02-04] (Windows ® Win 7 DDK provider)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [750592 2009-08-05] (Ralink Technology Corp.)
3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [73696 2005-08-17] (MCCI)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\Users\Jacob\AppData\Local\Temp\catchme.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-09 19:05 - 2012-08-09 19:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-09 19:03 - 2012-08-09 19:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Jacob\Desktop\mseinstall.exe
2012-08-09 19:02 - 2012-08-09 19:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Jacob\Downloads\mseinstall.exe
2012-08-09 18:04 - 2012-08-09 18:04 - 00157048 ____A C:\Windows\Minidump\080912-35739-01.dmp
2012-08-09 18:03 - 2012-08-09 18:03 - 00000000 ____A C:\Users\Jacob\Downloads\89AE.tmp
2012-08-09 17:51 - 2012-08-09 17:51 - 00152528 ____A C:\Windows\Minidump\080912-22713-01.dmp
2012-08-09 16:48 - 2012-08-09 16:48 - 00152528 ____A C:\Windows\Minidump\080912-29296-01.dmp
2012-08-09 16:21 - 2012-08-09 16:21 - 00152984 ____A C:\Windows\Minidump\080912-24133-01.dmp
2012-08-09 14:59 - 2012-08-09 14:59 - 00151496 ____A C:\Windows\Minidump\080912-27970-01.dmp
2012-08-09 03:32 - 2012-08-09 03:32 - 00151672 ____A C:\Windows\Minidump\080912-23868-01.dmp
2012-08-08 18:56 - 2012-08-08 18:56 - 00152224 ____A C:\Windows\Minidump\080812-27331-01.dmp
2012-08-08 18:17 - 2012-08-08 18:17 - 00151576 ____A C:\Windows\Minidump\080812-24523-01.dmp
2012-08-08 17:17 - 2012-08-08 17:17 - 00152224 ____A C:\Windows\Minidump\080812-30186-01.dmp
2012-08-08 16:26 - 2012-08-08 16:26 - 00152280 ____A C:\Windows\Minidump\080812-22448-01.dmp
2012-08-07 20:50 - 2012-08-07 20:50 - 00152144 ____A C:\Windows\Minidump\080712-20342-01.dmp
2012-08-06 19:34 - 2012-08-06 19:34 - 00151800 ____A C:\Windows\Minidump\080612-22510-01.dmp
2012-08-06 19:25 - 2012-08-06 19:25 - 00138928 ____A C:\Windows\Minidump\080612-25833-01.dmp
2012-08-06 19:24 - 2012-08-06 19:24 - 00138928 ____A C:\Windows\Minidump\080612-33025-01.dmp
2012-08-06 19:23 - 2012-08-06 19:25 - 00000000 ___SD C:\32788R22FWJFW
2012-08-06 19:21 - 2012-08-05 11:51 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120806-222136.backup
2012-08-06 18:59 - 2012-08-06 18:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jacob\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-06 18:59 - 2012-08-06 18:59 - 00001060 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-06 18:59 - 2012-08-06 18:59 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Malwarebytes
2012-08-06 18:59 - 2012-08-06 18:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-06 18:59 - 2012-08-06 18:59 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2012-08-06 18:59 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-06 18:57 - 2012-08-06 19:18 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-08-06 18:57 - 2012-08-06 18:57 - 00001216 ____A C:\Users\Jacob\Desktop\Spybot - Search & Destroy.lnk
2012-08-06 18:57 - 2012-08-06 18:57 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-08-06 18:56 - 2012-08-06 18:56 - 16409960 ____A (Safer Networking Limited ) C:\Users\Jacob\Downloads\spybotsd162.exe
2012-08-06 18:49 - 2012-08-06 18:48 - 03897504 ____A (AVG Technologies) C:\Users\Jacob\Desktop\avg_avct_stb_all_2012_1796_cm10.exe
2012-08-06 18:48 - 2012-08-09 19:03 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-06 18:48 - 2012-08-06 18:48 - 03897504 ____A (AVG Technologies) C:\Users\Jacob\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-08-06 17:50 - 2012-08-06 17:50 - 00151560 ____A C:\Windows\Minidump\080612-31668-01.dmp
2012-08-06 17:45 - 2012-08-06 17:45 - 00151560 ____A C:\Windows\Minidump\080612-24351-02.dmp
2012-08-06 17:40 - 2012-08-06 17:40 - 00151560 ____A C:\Windows\Minidump\080612-24616-01.dmp
2012-08-06 17:35 - 2012-08-06 17:35 - 00151560 ____A C:\Windows\Minidump\080612-23727-01.dmp
2012-08-06 17:30 - 2012-08-06 17:30 - 00151560 ____A C:\Windows\Minidump\080612-24258-01.dmp
2012-08-06 17:24 - 2012-08-06 17:24 - 00151560 ____A C:\Windows\Minidump\080612-25646-01.dmp
2012-08-06 17:19 - 2012-08-06 17:19 - 00151560 ____A C:\Windows\Minidump\080612-24398-01.dmp
2012-08-06 17:14 - 2012-08-06 17:14 - 00151560 ____A C:\Windows\Minidump\080612-25786-01.dmp
2012-08-06 17:09 - 2012-08-06 17:09 - 00151560 ____A C:\Windows\Minidump\080612-26426-01.dmp
2012-08-06 17:03 - 2012-08-06 17:03 - 00151560 ____A C:\Windows\Minidump\080612-26832-01.dmp
2012-08-06 16:58 - 2012-08-06 16:58 - 00151560 ____A C:\Windows\Minidump\080612-23587-01.dmp
2012-08-06 16:53 - 2012-08-06 16:53 - 00151560 ____A C:\Windows\Minidump\080612-23540-01.dmp
2012-08-06 16:48 - 2012-08-06 16:48 - 00151560 ____A C:\Windows\Minidump\080612-23743-01.dmp
2012-08-06 16:42 - 2012-08-06 16:42 - 00151560 ____A C:\Windows\Minidump\080612-26863-01.dmp
2012-08-06 16:37 - 2012-08-06 16:37 - 00151640 ____A C:\Windows\Minidump\080612-25287-01.dmp
2012-08-06 16:32 - 2012-08-06 16:32 - 00150464 ____A C:\Windows\Minidump\080612-24008-01.dmp
2012-08-06 16:24 - 2012-08-06 16:24 - 00151480 ____A C:\Windows\Minidump\080612-24336-01.dmp
2012-08-05 17:31 - 2012-08-05 17:31 - 00151480 ____A C:\Windows\Minidump\080512-33384-01.dmp
2012-08-05 17:23 - 2012-08-05 17:23 - 00019402 ____A C:\ComboFix.txt
2012-08-05 17:07 - 2012-08-05 17:07 - 00006202 ____A C:\Users\Jacob\Downloads\hijackthis.log
2012-08-05 17:06 - 2012-08-05 17:06 - 00388608 ____A (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
2012-08-05 17:06 - 2012-08-05 17:06 - 00388608 ____A (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis(1).exe
2012-08-05 17:02 - 2012-08-05 17:02 - 00138928 ____A C:\Windows\Minidump\080512-36270-01.dmp
2012-08-05 16:35 - 2012-08-05 16:35 - 00151560 ____A C:\Windows\Minidump\080512-31668-01.dmp
2012-08-05 16:30 - 2012-08-05 16:31 - 00151480 ____A C:\Windows\Minidump\080512-22557-01.dmp
2012-08-05 15:32 - 2012-08-05 15:32 - 00002117 ____A C:\Users\Jacob\Desktop\aswMBR.txt
2012-08-05 15:32 - 2012-08-05 15:32 - 00000512 ____A C:\Users\Jacob\Desktop\MBR.dat
2012-08-05 13:35 - 2012-08-05 13:36 - 04731392 ____A (AVAST Software) C:\Users\Jacob\Desktop\aswMBR.exe
2012-08-05 13:34 - 2012-08-05 13:34 - 00151480 ____A C:\Windows\Minidump\080512-41979-01.dmp
2012-08-05 13:31 - 2012-08-05 13:32 - 00150464 ____A C:\Windows\Minidump\080512-24289-01.dmp
2012-08-05 12:35 - 2012-08-05 12:35 - 00151800 ____A C:\Windows\Minidump\080512-39359-01.dmp
2012-08-05 12:30 - 2012-08-05 12:30 - 00151720 ____A C:\Windows\Minidump\080512-23712-01.dmp
2012-08-05 12:24 - 2012-08-05 12:24 - 00151480 ____A C:\Windows\Minidump\080512-26629-01.dmp
2012-08-05 12:19 - 2012-08-05 12:19 - 00158424 ____A C:\Windows\Minidump\080512-21684-01.dmp
2012-08-05 12:15 - 2012-08-05 12:15 - 20275048 ____A (Microsoft Corporation) C:\Users\Jacob\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE
2012-08-05 12:12 - 2012-08-05 12:12 - 00138928 ____A C:\Windows\Minidump\080512-23618-01.dmp
2012-08-05 12:09 - 2012-08-05 12:09 - 00151800 ____A C:\Windows\Minidump\080512-36410-01.dmp
2012-08-05 12:05 - 2012-08-05 12:05 - 00152808 ____A C:\Windows\Minidump\080512-27705-01.dmp
2012-08-05 12:00 - 2012-08-05 12:00 - 00151640 ____A C:\Windows\Minidump\080512-28345-01.dmp
2012-08-05 11:40 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-05 11:40 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-05 11:40 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-05 11:40 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-05 11:40 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-05 11:40 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-05 11:40 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-05 11:40 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-05 11:39 - 2012-08-05 17:23 - 00000000 ___AD C:\Qoobox
2012-08-05 11:39 - 2012-08-05 11:51 - 00000000 ____D C:\Windows\erdnt
2012-08-05 11:38 - 2012-08-05 11:38 - 04725168 ____R (Swearware) C:\Users\Jacob\Desktop\ComboFix.exe
2012-08-05 11:31 - 2012-08-05 11:31 - 00151480 ____A C:\Windows\Minidump\080512-37549-01.dmp
2012-08-05 11:28 - 2012-08-09 18:04 - 295029722 ____A C:\Windows\MEMORY.DMP
2012-08-05 11:28 - 2012-08-05 11:28 - 00151480 ____A C:\Windows\Minidump\080512-30279-01.dmp
2012-08-05 11:18 - 2012-08-09 18:04 - 00000000 ____D C:\Windows\Minidump
2012-08-05 11:09 - 2012-08-05 11:09 - 00000000 ____A C:\Users\Jacob\Downloads\7C62.tmp
2012-08-04 06:10 - 2012-08-04 06:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-04 06:04 - 2012-08-04 06:04 - 00000000 ____D C:\Windows\Sun
2012-08-02 16:22 - 2012-08-02 16:22 - 00000000 ____D C:\Users\Jacob\AppData\Local\Macromedia
2012-08-01 08:55 - 2012-08-05 14:14 - 00000000 ____D C:\Program Files\DROD
2012-08-01 07:29 - 2012-08-05 14:14 - 00000000 ____D C:\Users\Jacob\Downloads\LazyNewbPack [0.34.11] [V13]
2012-08-01 07:12 - 2012-08-01 07:20 - 31516074 ____A C:\Users\Jacob\Downloads\LazyNewbPack [0.34.11] [V13].zip
2012-07-28 10:24 - 2012-07-28 10:24 - 00062352 ____A C:\Users\Jacob\Downloads\Chelsea_FC.svg
2012-07-27 09:12 - 2012-07-27 09:12 - 00021685 ____A C:\Users\Jacob\Downloads\The.Newsroom.2012.S01E01.720p.HDTV.x264-IMMERSE.mkv.torrent
2012-07-26 12:58 - 2012-07-26 12:58 - 00046814 ____A C:\Users\Jacob\Downloads\Frank Ocean - channel ORANGE - 2012 (CD - MP3 - 320).torrent
2012-07-26 12:57 - 2012-07-26 12:57 - 00031817 ____A C:\Users\Jacob\Downloads\Dirty Projectors - Swing Lo Magellan - 2012 (CD - MP3 - 320).torrent
2012-07-26 12:56 - 2012-07-26 12:56 - 00035756 ____A C:\Users\Jacob\Downloads\Passion Pit - Gossamer - 2012 (CD - MP3 - 320).torrent
2012-07-25 08:52 - 2012-07-25 08:52 - 00138768 ____A C:\Users\Jacob\Downloads\Game_of_Thrones_Season_2.torrent
2012-07-21 03:58 - 2012-07-27 09:12 - 00000000 ____D C:\Users\Jacob\Downloads\Game of Thrones Season 1
2012-07-21 03:57 - 2012-07-21 03:57 - 00029068 ____A C:\Users\Jacob\Downloads\Game_of_Thrones_Season_1.torrent
2012-07-21 03:57 - 2012-07-21 03:57 - 00029068 ____A C:\Users\Jacob\Downloads\Game_of_Thrones_Season_1 (1).torrent
2012-07-11 00:01 - 2012-06-11 18:44 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:00 - 2012-07-11 00:01 - 00263330 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-10 23:02 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 23:02 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 23:02 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 23:02 - 2012-06-01 20:51 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 23:02 - 2012-06-01 20:51 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 23:02 - 2012-06-01 20:50 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 23:02 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 23:02 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


============ 3 Months Modified Files ========================

2012-08-09 19:58 - 2009-07-13 20:39 - 00066156 ____A C:\Windows\setupact.log
2012-08-09 19:57 - 2010-04-25 21:33 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-09 19:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 19:54 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-09 19:24 - 2010-04-25 21:32 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000UA.job
2012-08-09 19:16 - 2010-04-25 20:26 - 01412196 ____A C:\Windows\WindowsUpdate.log
2012-08-09 19:12 - 2009-07-13 20:34 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 19:12 - 2009-07-13 20:34 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 19:09 - 2012-06-11 20:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-09 19:07 - 2011-02-03 07:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-09 19:06 - 2010-04-25 21:01 - 00743072 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 19:02 - 2012-08-09 19:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Jacob\Desktop\mseinstall.exe
2012-08-09 19:02 - 2012-08-09 19:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Jacob\Downloads\mseinstall.exe
2012-08-09 18:04 - 2012-08-09 18:04 - 00157048 ____A C:\Windows\Minidump\080912-35739-01.dmp
2012-08-09 18:04 - 2012-08-05 11:28 - 295029722 ____A C:\Windows\MEMORY.DMP
2012-08-09 18:03 - 2012-08-09 18:03 - 00000000 ____A C:\Users\Jacob\Downloads\89AE.tmp
2012-08-09 17:51 - 2012-08-09 17:51 - 00152528 ____A C:\Windows\Minidump\080912-22713-01.dmp
2012-08-09 17:49 - 2010-04-25 21:33 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-09 16:48 - 2012-08-09 16:48 - 00152528 ____A C:\Windows\Minidump\080912-29296-01.dmp
2012-08-09 16:21 - 2012-08-09 16:21 - 00152984 ____A C:\Windows\Minidump\080912-24133-01.dmp
2012-08-09 14:59 - 2012-08-09 14:59 - 00151496 ____A C:\Windows\Minidump\080912-27970-01.dmp
2012-08-09 03:32 - 2012-08-09 03:32 - 00151672 ____A C:\Windows\Minidump\080912-23868-01.dmp
2012-08-09 03:30 - 2010-04-25 21:32 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000Core.job
2012-08-08 18:56 - 2012-08-08 18:56 - 00152224 ____A C:\Windows\Minidump\080812-27331-01.dmp
2012-08-08 18:17 - 2012-08-08 18:17 - 00151576 ____A C:\Windows\Minidump\080812-24523-01.dmp
2012-08-08 17:17 - 2012-08-08 17:17 - 00152224 ____A C:\Windows\Minidump\080812-30186-01.dmp
2012-08-08 16:26 - 2012-08-08 16:26 - 00152280 ____A C:\Windows\Minidump\080812-22448-01.dmp
2012-08-08 15:47 - 2010-04-27 15:39 - 00048044 ____A C:\Windows\PFRO.log
2012-08-08 14:25 - 2010-04-25 21:32 - 00002411 ____A C:\Users\Jacob\Desktop\Google Chrome.lnk
2012-08-08 09:19 - 2009-07-13 20:53 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-07 20:50 - 2012-08-07 20:50 - 00152144 ____A C:\Windows\Minidump\080712-20342-01.dmp
2012-08-06 21:09 - 2012-06-11 20:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-06 21:09 - 2012-06-11 20:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-06 19:34 - 2012-08-06 19:34 - 00151800 ____A C:\Windows\Minidump\080612-22510-01.dmp
2012-08-06 19:25 - 2012-08-06 19:25 - 00138928 ____A C:\Windows\Minidump\080612-25833-01.dmp
2012-08-06 19:24 - 2012-08-06 19:24 - 00138928 ____A C:\Windows\Minidump\080612-33025-01.dmp
2012-08-06 18:59 - 2012-08-06 18:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jacob\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-06 18:59 - 2012-08-06 18:59 - 00001060 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-06 18:57 - 2012-08-06 18:57 - 00001216 ____A C:\Users\Jacob\Desktop\Spybot - Search & Destroy.lnk
2012-08-06 18:56 - 2012-08-06 18:56 - 16409960 ____A (Safer Networking Limited ) C:\Users\Jacob\Downloads\spybotsd162.exe
2012-08-06 18:48 - 2012-08-06 18:49 - 03897504 ____A (AVG Technologies) C:\Users\Jacob\Desktop\avg_avct_stb_all_2012_1796_cm10.exe
2012-08-06 18:48 - 2012-08-06 18:48 - 03897504 ____A (AVG Technologies) C:\Users\Jacob\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-08-06 17:50 - 2012-08-06 17:50 - 00151560 ____A C:\Windows\Minidump\080612-31668-01.dmp
2012-08-06 17:45 - 2012-08-06 17:45 - 00151560 ____A C:\Windows\Minidump\080612-24351-02.dmp
2012-08-06 17:40 - 2012-08-06 17:40 - 00151560 ____A C:\Windows\Minidump\080612-24616-01.dmp
2012-08-06 17:35 - 2012-08-06 17:35 - 00151560 ____A C:\Windows\Minidump\080612-23727-01.dmp
2012-08-06 17:30 - 2012-08-06 17:30 - 00151560 ____A C:\Windows\Minidump\080612-24258-01.dmp
2012-08-06 17:24 - 2012-08-06 17:24 - 00151560 ____A C:\Windows\Minidump\080612-25646-01.dmp
2012-08-06 17:19 - 2012-08-06 17:19 - 00151560 ____A C:\Windows\Minidump\080612-24398-01.dmp
2012-08-06 17:14 - 2012-08-06 17:14 - 00151560 ____A C:\Windows\Minidump\080612-25786-01.dmp
2012-08-06 17:09 - 2012-08-06 17:09 - 00151560 ____A C:\Windows\Minidump\080612-26426-01.dmp
2012-08-06 17:03 - 2012-08-06 17:03 - 00151560 ____A C:\Windows\Minidump\080612-26832-01.dmp
2012-08-06 16:58 - 2012-08-06 16:58 - 00151560 ____A C:\Windows\Minidump\080612-23587-01.dmp
2012-08-06 16:53 - 2012-08-06 16:53 - 00151560 ____A C:\Windows\Minidump\080612-23540-01.dmp
2012-08-06 16:48 - 2012-08-06 16:48 - 00151560 ____A C:\Windows\Minidump\080612-23743-01.dmp
2012-08-06 16:42 - 2012-08-06 16:42 - 00151560 ____A C:\Windows\Minidump\080612-26863-01.dmp
2012-08-06 16:37 - 2012-08-06 16:37 - 00151640 ____A C:\Windows\Minidump\080612-25287-01.dmp
2012-08-06 16:32 - 2012-08-06 16:32 - 00150464 ____A C:\Windows\Minidump\080612-24008-01.dmp
2012-08-06 16:24 - 2012-08-06 16:24 - 00151480 ____A C:\Windows\Minidump\080612-24336-01.dmp
2012-08-05 17:31 - 2012-08-05 17:31 - 00151480 ____A C:\Windows\Minidump\080512-33384-01.dmp
2012-08-05 17:23 - 2012-08-05 17:23 - 00019402 ____A C:\ComboFix.txt
2012-08-05 17:22 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-05 17:07 - 2012-08-05 17:07 - 00006202 ____A C:\Users\Jacob\Downloads\hijackthis.log
2012-08-05 17:06 - 2012-08-05 17:06 - 00388608 ____A (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
2012-08-05 17:06 - 2012-08-05 17:06 - 00388608 ____A (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis(1).exe
2012-08-05 17:02 - 2012-08-05 17:02 - 00138928 ____A C:\Windows\Minidump\080512-36270-01.dmp
2012-08-05 16:35 - 2012-08-05 16:35 - 00151560 ____A C:\Windows\Minidump\080512-31668-01.dmp
2012-08-05 16:31 - 2012-08-05 16:30 - 00151480 ____A C:\Windows\Minidump\080512-22557-01.dmp
2012-08-05 15:32 - 2012-08-05 15:32 - 00002117 ____A C:\Users\Jacob\Desktop\aswMBR.txt
2012-08-05 15:32 - 2012-08-05 15:32 - 00000512 ____A C:\Users\Jacob\Desktop\MBR.dat
2012-08-05 13:36 - 2012-08-05 13:35 - 04731392 ____A (AVAST Software) C:\Users\Jacob\Desktop\aswMBR.exe
2012-08-05 13:34 - 2012-08-05 13:34 - 00151480 ____A C:\Windows\Minidump\080512-41979-01.dmp
2012-08-05 13:32 - 2012-08-05 13:31 - 00150464 ____A C:\Windows\Minidump\080512-24289-01.dmp
2012-08-05 12:35 - 2012-08-05 12:35 - 00151800 ____A C:\Windows\Minidump\080512-39359-01.dmp
2012-08-05 12:30 - 2012-08-05 12:30 - 00151720 ____A C:\Windows\Minidump\080512-23712-01.dmp
2012-08-05 12:24 - 2012-08-05 12:24 - 00151480 ____A C:\Windows\Minidump\080512-26629-01.dmp
2012-08-05 12:19 - 2012-08-05 12:19 - 00158424 ____A C:\Windows\Minidump\080512-21684-01.dmp
2012-08-05 12:15 - 2012-08-05 12:15 - 20275048 ____A (Microsoft Corporation) C:\Users\Jacob\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE
2012-08-05 12:15 - 2011-06-20 05:37 - 00005102 ____A C:\Windows\IE9_main.log
2012-08-05 12:12 - 2012-08-05 12:12 - 00138928 ____A C:\Windows\Minidump\080512-23618-01.dmp
2012-08-05 12:09 - 2012-08-05 12:09 - 00151800 ____A C:\Windows\Minidump\080512-36410-01.dmp
2012-08-05 12:05 - 2012-08-05 12:05 - 00152808 ____A C:\Windows\Minidump\080512-27705-01.dmp
2012-08-05 12:00 - 2012-08-05 12:00 - 00151640 ____A C:\Windows\Minidump\080512-28345-01.dmp
2012-08-05 11:51 - 2012-08-06 19:21 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120806-222136.backup
2012-08-05 11:38 - 2012-08-05 11:38 - 04725168 ____R (Swearware) C:\Users\Jacob\Desktop\ComboFix.exe
2012-08-05 11:31 - 2012-08-05 11:31 - 00151480 ____A C:\Windows\Minidump\080512-37549-01.dmp
2012-08-05 11:28 - 2012-08-05 11:28 - 00151480 ____A C:\Windows\Minidump\080512-30279-01.dmp
2012-08-05 11:09 - 2012-08-05 11:09 - 00000000 ____A C:\Users\Jacob\Downloads\7C62.tmp
2012-08-05 11:05 - 2011-06-13 21:32 - 00592896 __ASH C:\Users\Jacob\Desktop\Thumbs.db
2012-08-01 07:20 - 2012-08-01 07:12 - 31516074 ____A C:\Users\Jacob\Downloads\LazyNewbPack [0.34.11] [V13].zip
2012-07-28 10:24 - 2012-07-28 10:24 - 00062352 ____A C:\Users\Jacob\Downloads\Chelsea_FC.svg
2012-07-27 09:12 - 2012-07-27 09:12 - 00021685 ____A C:\Users\Jacob\Downloads\The.Newsroom.2012.S01E01.720p.HDTV.x264-IMMERSE.mkv.torrent
2012-07-26 12:58 - 2012-07-26 12:58 - 00046814 ____A C:\Users\Jacob\Downloads\Frank Ocean - channel ORANGE - 2012 (CD - MP3 - 320).torrent
2012-07-26 12:57 - 2012-07-26 12:57 - 00031817 ____A C:\Users\Jacob\Downloads\Dirty Projectors - Swing Lo Magellan - 2012 (CD - MP3 - 320).torrent
2012-07-26 12:56 - 2012-07-26 12:56 - 00035756 ____A C:\Users\Jacob\Downloads\Passion Pit - Gossamer - 2012 (CD - MP3 - 320).torrent
2012-07-25 08:52 - 2012-07-25 08:52 - 00138768 ____A C:\Users\Jacob\Downloads\Game_of_Thrones_Season_2.torrent
2012-07-21 03:57 - 2012-07-21 03:57 - 00029068 ____A C:\Users\Jacob\Downloads\Game_of_Thrones_Season_1.torrent
2012-07-21 03:57 - 2012-07-21 03:57 - 00029068 ____A C:\Users\Jacob\Downloads\Game_of_Thrones_Season_1 (1).torrent
2012-07-11 00:19 - 2009-07-13 20:33 - 00290304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:01 - 2012-07-11 00:00 - 00263330 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:01 - 2010-04-29 13:08 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 09:47 - 2012-07-08 09:47 - 10012564 ____A C:\Users\Jacob\Downloads\spelunky_1_1.zip
2012-07-06 11:20 - 2012-07-06 11:20 - 00018348 ____A C:\Users\Jacob\Downloads\Dinosaur Jr. - Where You Been - 1993 (CD - MP3 - 320).torrent
2012-07-06 11:20 - 2012-07-06 11:20 - 00012066 ____A C:\Users\Jacob\Downloads\Dinosaur Jr. - Farm - 2009 (CD - MP3 - 320).torrent
2012-07-03 10:46 - 2012-08-06 18:59 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 12:43 - 2012-07-02 12:43 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 08:21 - 2012-07-01 08:21 - 00016521 ____A C:\Users\Jacob\Downloads\Dirty Projectors - Swing Lo Magellan - 2012 (WEB - MP3 - 320).torrent
2012-07-01 08:21 - 2012-07-01 08:21 - 00016521 ____A C:\Users\Jacob\Downloads\Dirty Projectors - Swing Lo Magellan - 2012 (WEB - MP3 - 320) (1).torrent
2012-06-30 19:28 - 2012-06-30 19:28 - 00014214 ____A C:\Users\Jacob\Downloads\The Hood Internet - The Mixtape Volume Five - 2011 (WEB - MP3 - 320).torrent
2012-06-30 19:27 - 2012-06-30 19:27 - 00016805 ____A C:\Users\Jacob\Downloads\The Hood Internet - The Mixtape Volume Six - 2012 (WEB - MP3 - 320).torrent
2012-06-30 19:26 - 2012-06-30 19:26 - 00029183 ____A C:\Users\Jacob\Downloads\Girl Talk - All Day - 2010 (CD - MP3 - 320) (1).torrent
2012-06-30 16:26 - 2012-06-30 16:26 - 00029183 ____A C:\Users\Jacob\Downloads\Girl Talk - All Day - 2010 (CD - MP3 - 320).torrent
2012-06-30 16:16 - 2012-06-30 16:14 - 77251480 ____A (Apple Inc.) C:\Users\Jacob\Downloads\iTunesSetup.exe
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-21 21:35 - 2012-06-21 20:59 - 2199061059 ____A C:\Users\Jacob\Downloads\True.Blood.S05E02.720p.HDTV.x264-IMMERSE.mkv
2012-06-21 20:59 - 2012-06-21 20:59 - 00011288 ____A C:\Users\Jacob\Downloads\True.Blood.S05E02.720p.HDTV.x264-IMMERSE.mkv.torrent
2012-06-21 15:41 - 2012-06-21 15:41 - 00002367 ____A C:\Users\Jacob\Downloads\uh.p12
2012-06-21 15:32 - 2012-06-21 15:32 - 00000972 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-06-21 15:25 - 2012-06-21 15:25 - 17904640 ____A C:\Users\Jacob\Downloads\mumble-1.2.3a.msi
2012-06-21 06:51 - 2012-06-21 06:51 - 00044605 ____A C:\Users\Jacob\Downloads\Spiritualized - Sweet Heart Sweet Light - 2012 (CD - MP3 - 320).torrent
2012-06-21 06:50 - 2012-06-21 06:50 - 00019173 ____A C:\Users\Jacob\Downloads\El-P - Cancer 4 Cure - 2012 (CD - MP3 - 320).torrent
2012-06-21 06:48 - 2012-06-21 06:48 - 00016330 ____A C:\Users\Jacob\Downloads\Mount Eerie - Clear Moon - 2012 (WEB - MP3 - 320).torrent
2012-06-21 06:46 - 2012-06-21 06:46 - 00016416 ____A C:\Users\Jacob\Downloads\Fiona Apple - The Idler Wheel Is Wiser Than the Driver of the Screw and Whipping Cords Will Serve You More Than Ropes Will Ever Do - 2012 (CD - MP3 - 320).torrent
2012-06-18 19:09 - 2012-06-18 19:09 - 00015621 ____A C:\Users\Jacob\Downloads\The Shins - Port of Morrow - 2012 (CD - MP3 - 320).torrent
2012-06-18 18:55 - 2012-06-18 18:55 - 00012745 ____A C:\Users\Jacob\Downloads\LCD Soundsystem - This Is Happening - 2010 (CD - MP3 - 320).torrent
2012-06-18 18:47 - 2012-06-18 18:47 - 00007978 ____A C:\Users\Jacob\Downloads\Real Estate - Real Estate - 2009 (CD - MP3 - 320).torrent
2012-06-18 18:21 - 2012-06-18 18:21 - 00018647 ____A C:\Users\Jacob\Downloads\Beach House - Teen Dream - 2010 (CD - MP3 - 320).torrent
2012-06-18 18:08 - 2012-06-18 18:08 - 00000989 ____A C:\Users\Public\Desktop\foobar2000.lnk
2012-06-18 18:07 - 2012-06-18 18:07 - 03243406 ____A (foobar2000.org) C:\Users\Jacob\Downloads\foobar2000_v1.1.13.exe
2012-06-18 17:53 - 2012-06-18 17:53 - 00034467 ____A C:\Users\Jacob\Downloads\Passion Pit - Manners - 2009 (CD - MP3 - 320).torrent
2012-06-12 08:19 - 2012-06-12 08:19 - 00016768 ____A C:\Users\Jacob\Downloads\TV on the Radio - Nine Types of Light - 2011 (CD - MP3 - 320).torrent
2012-06-12 08:17 - 2012-06-12 08:17 - 00013019 ____A C:\Users\Jacob\Downloads\Liturgy - Aesthethica - 2011 (CD - MP3 - 320).torrent
2012-06-12 08:10 - 2012-06-12 08:09 - 00011613 ____A C:\Users\Jacob\Downloads\Tombs - Path of Totality - 2011 (CD - MP3 - 320).torrent
2012-06-12 08:04 - 2012-06-12 08:04 - 00019037 ____A C:\Users\Jacob\Downloads\The Weeknd - House of Balloons - 2011 (WEB - MP3 - 320).torrent
2012-06-12 08:02 - 2012-06-12 08:02 - 00008567 ____A C:\Users\Jacob\Downloads\Real Estate - Days - 2011 (CD - MP3 - 320) (1).torrent
2012-06-12 08:02 - 2012-06-12 08:02 - 00003765 ____A C:\Users\Jacob\Downloads\Drake - Take Care - 2011 (CD - MP3 - 320) (1).torrent
2012-06-12 08:01 - 2012-06-12 08:01 - 00031694 ____A C:\Users\Jacob\Downloads\tUnE-yArDs - W H O K I L L - 2011 (CD - MP3 - 320).torrent
2012-06-12 07:53 - 2012-06-12 07:53 - 00015781 ____A C:\Users\Jacob\Downloads\Oneohtrix Point Never - Replica - 2011 (CD - MP3 - 320).torrent
2012-06-12 07:52 - 2012-06-12 07:52 - 00039512 ____A C:\Users\Jacob\Downloads\Girls - Father, Son, Holy Ghost - 2011 (CD - MP3 - 320) (1).torrent
2012-06-12 07:52 - 2012-06-12 07:52 - 00030465 ____A C:\Users\Jacob\Downloads\PJ Harvey - Let England Shake - 2011 (CD - MP3 - 320).torrent
2012-06-12 07:51 - 2012-06-12 07:51 - 00019125 ____A C:\Users\Jacob\Downloads\Destroyer - Kaputt - 2011 (CD - MP3 - 320).torrent
2012-06-12 07:51 - 2012-06-12 07:51 - 00002996 ____A C:\Users\Jacob\Downloads\M83 - Hurry Up, We're Dreaming. - 2011 (CD - MP3 - 320) (1).torrent
2012-06-12 07:50 - 2012-06-12 07:50 - 00015723 ____A C:\Users\Jacob\Downloads\Bon Iver - Bon Iver, Bon Iver - 2011 (CD - MP3 - 320).torrent
2012-06-12 07:49 - 2012-06-12 07:49 - 00021307 ____A C:\Users\Jacob\Downloads\Various Artists - Remixes Compiled - 2007 (CD - MP3 - 320).torrent
2012-06-12 07:48 - 2012-06-12 07:48 - 00016008 ____A C:\Users\Jacob\Downloads\Telefon Tel Aviv - Fahrenheit Fair Enough - 2001 (CD - MP3 - 320).torrent
2012-06-12 07:47 - 2012-06-12 07:47 - 00017998 ____A C:\Users\Jacob\Downloads\Telefon Tel Aviv - Immolate Yourself - 2009 (CD - MP3 - 320).torrent
2012-06-12 07:47 - 2012-06-12 07:47 - 00017460 ____A C:\Users\Jacob\Downloads\Telefon Tel Aviv - Map of What Is Effortless - 2004 (CD - MP3 - 320).torrent
2012-06-12 07:42 - 2012-06-12 07:42 - 00014041 ____A C:\Users\Jacob\Downloads\The Poison Control Center - Stranger Ballet - 2011 (WEB - MP3 - 320).torrent
2012-06-12 07:41 - 2012-06-12 07:41 - 00018219 ____A C:\Users\Jacob\Downloads\The Walkmen - Heaven - 2012 (CD - MP3 - 320).torrent
2012-06-12 07:39 - 2012-06-12 07:39 - 00011832 ____A C:\Users\Jacob\Downloads\Beach House - Bloom - 2012 (CD - MP3 - 320).torrent
2012-06-12 07:37 - 2012-06-12 07:37 - 00013620 ____A C:\Users\Jacob\Downloads\Liars - WIXIW - 2012 (CD - MP3 - V0 (VBR)).torrent
2012-06-12 07:36 - 2012-06-12 07:36 - 00020923 ____A C:\Users\Jacob\Downloads\Edward Sharpe & The Magnetic Zeros - Here - 2012 (CD - MP3 - V0 (VBR)).torrent
2012-06-12 07:36 - 2012-06-12 07:36 - 00019263 ____A C:\Users\Jacob\Downloads\Regina Spektor - What We Saw from the Cheap Seats - 2012 (CD - MP3 - V0 (VBR)).torrent
2012-06-12 07:36 - 2012-06-12 07:36 - 00019039 ____A C:\Users\Jacob\Downloads\Hot Chip - In Our Heads - 2012 (CD - MP3 - V0 (VBR)).torrent
2012-06-12 07:35 - 2012-06-12 07:35 - 00015617 ____A C:\Users\Jacob\Downloads\Sigur Rós - Valtari - 2012 (CD - MP3 - V0 (VBR)).torrent
2012-06-12 07:35 - 2012-06-12 07:35 - 00007371 ____A C:\Users\Jacob\Downloads\The Black Keys - El Camino - 2011 (CD - MP3 - V0 (VBR)).torrent
2012-06-12 07:19 - 2012-06-12 07:18 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-06-11 18:44 - 2012-07-11 00:01 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 15:35 - 2012-06-11 15:34 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-11 15:31 - 2012-06-11 15:30 - 40048208 ____A (Blizzard Entertainment) C:\Users\Jacob\Downloads\Diablo-III-Setup-enUS.exe
2012-06-08 20:46 - 2012-07-10 23:02 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00001195 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-08 11:34 - 2012-06-08 11:32 - 16574016 ____A (Mozilla) C:\Users\Jacob\Downloads\Firefox Setup 13.0.exe
2012-06-08 10:51 - 2011-07-11 21:32 - 00017922 ____A C:\Windows\DPINST.LOG
2012-06-08 10:46 - 2012-05-04 11:44 - 00002001 ____A C:\Users\Jacob\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-06-06 10:13 - 2012-06-06 10:13 - 00014653 ____A C:\Users\Jacob\Downloads\Wanderlust 2012 DVDRIP XVID AbSurdiTy.torrent
2012-06-06 10:11 - 2012-06-06 10:11 - 00018459 ____A C:\Users\Jacob\Downloads\Project.X.2012.DVDRip.XviD-AMIABLE.torrent
2012-06-05 21:09 - 2012-07-10 23:02 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-10 23:02 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-02 14:19 - 2012-06-19 08:07 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 08:07 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 08:07 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 08:06 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 08:06 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 08:07 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 08:06 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-19 08:06 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-19 08:06 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-10 23:02 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-10 23:02 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-10 23:02 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-10 23:02 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-10 23:02 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-27 10:45 - 2012-05-27 10:44 - 00012185 ____A C:\Users\Jacob\Downloads\UFC.146.Dos.Santos.vs.Mir.HDTV.XviD-MGD.avi.torrent
2012-05-27 10:44 - 2012-05-27 10:44 - 00036784 ____A C:\Users\Jacob\Downloads\UFC.146.Preliminary.Fights.HDTV.XviD-AFG.torrent
2012-05-27 10:44 - 2012-05-27 10:44 - 00014524 ____A C:\Users\Jacob\Downloads\Iron.Sky.2012.DVDRip.XviD-PSiG.torrent
2012-05-27 10:44 - 2012-05-27 10:44 - 00004017 ____A C:\Users\Jacob\Downloads\Safe.2012.R5.LiNE.XviD-YanKeeS.avi.torrent
2012-05-24 12:40 - 2012-05-09 11:15 - 00399476 ____A C:\Users\Jacob\Downloads\bbbe-latest.zip
2012-05-24 09:51 - 2012-05-24 09:51 - 00022436 ____A C:\Users\Jacob\Downloads\Safe.House.2012.DVDRiP.XviD.AC3-REFiLL.torrent
2012-05-22 15:18 - 2012-05-22 15:18 - 00042557 ____A C:\Users\Jacob\Downloads\Billboard Hot 100 20120211.torrent
2012-05-15 02:26 - 2012-06-11 19:07 - 19607872 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-05-15 02:26 - 2012-06-11 19:07 - 17551680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:26 - 2012-06-11 19:07 - 11354944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:26 - 2012-06-11 19:07 - 05982528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:26 - 2012-06-11 19:07 - 02524992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:26 - 2012-06-11 19:07 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:26 - 2012-06-11 19:07 - 01000768 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-05-15 02:26 - 2012-06-11 19:07 - 00883008 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-05-15 02:26 - 2011-07-30 20:11 - 15322432 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-05-15 02:26 - 2011-07-30 20:11 - 00061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:26 - 2010-07-10 03:37 - 08105280 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-05-15 02:26 - 2010-07-10 03:37 - 02368832 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-05-15 02:26 - 2010-07-10 03:37 - 00011190 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:28 - 2010-07-09 14:37 - 03931456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:28 - 2010-07-09 14:37 - 00645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:28 - 2010-07-09 14:37 - 00108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:28 - 2010-07-09 14:37 - 00062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:27 - 2010-07-09 14:37 - 02759488 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\System32\nvStreaming.exe
2012-05-14 19:08 - 2012-06-12 23:49 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:06 - 2012-06-12 23:49 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-12 22:04 - 2012-05-12 22:04 - 00114799 ____A C:\Users\Jacob\Downloads\Fightville.2011.VODRip.XviD.AC3-JohnnyQu1d (2).torrent

ZeroAccess:
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\@
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\L
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\U
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\L\00000004.@
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\L\201d3dde
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\U\00000004.@
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\U\00000008.@
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\U\000000cb.@
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\U\80000000.@
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}\U\80000032.@

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4094.18 MB
Available physical RAM: 3621.42 MB
Total Pagefile: 4092.46 MB
Available Pagefile: 3624.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.48 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:106.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (HP v100w) (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 1132 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E HP v100w FAT32 Removable 7646 MB Healthy

==================================================================================

Last Boot: 2012-08-07 19:41

======================= End Of Log ==========================

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:49 PM

Posted 10 August 2012 - 09:05 AM

services.exe is infected and your computer will not stop crashing unless we can replace that, so we need to search for a replacement:

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709}
C:\Windows\assembly\GAC\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 August 2012 - 06:11 PM

thanks so much. i'm so happy a place like this exists. what a horrible virus.

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 18:00:43
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-09 20:45] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

C:\Windows\erdnt\cache\services.exe
[2012-08-05 11:52] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

#4 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 August 2012 - 06:12 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 17:59:34 Run:1
Running from E:\

==============================================

C:\Windows\Installer\{b05e0e68-c7bf-15e4-5b8a-ef8793fb6709} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====

Sorry I forgot this one first. I did them in the right order I promise.

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:49 PM

Posted 10 August 2012 - 07:44 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.



NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 August 2012 - 08:58 PM

FRST ran okay, and then I rebooted, but I've blue screened twice...

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 20:50:31 Run:3
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:49 PM

Posted 10 August 2012 - 09:12 PM

please try booting into safe mode and run ComboFix from safe mode:


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 August 2012 - 09:36 PM

I wasn't able to get WD or MSE to fully quit, and I can't uninstall them because my computer keeps blue screening in normal mode - and it won't let me uninstall them in safe mode.


ComboFix 12-08-05.02 - Jacob 08/10/2012 21:10:38.4.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2433 [GMT -5:00]
Running from: c:\users\Jacob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 02:13 . 2012-08-11 02:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 02:13 . 2012-08-11 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 01:40 . 2012-08-11 01:40 168448 ----a-w- c:\windows\system32\config\systemprofile\0.22428566284496998.exe
2012-08-10 07:02 . 2012-08-10 07:03 -------- d-----w- C:\FRST
2012-08-10 03:57 . 2012-08-11 01:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C896062-E03B-47C1-B99A-17D901C18DEC}\offreg.dll
2012-08-10 03:09 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-10 03:09 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4707266-591A-4741-B244-75A520FFE9A6}\gapaengine.dll
2012-08-10 03:09 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C896062-E03B-47C1-B99A-17D901C18DEC}\mpengine.dll
2012-08-10 03:05 . 2012-08-10 03:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\users\Jacob\AppData\Roaming\Malwarebytes
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 02:59 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 02:57 . 2012-08-07 03:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-07 02:57 . 2012-08-07 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-07 02:48 . 2012-08-10 03:03 -------- d-----w- c:\programdata\MFAData
2012-08-05 20:52 . 2012-08-11 02:13 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2012-08-04 14:10 . 2012-08-04 14:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 14:04 . 2012-08-04 14:04 -------- d-----w- c:\windows\Sun
2012-08-03 00:22 . 2012-08-03 00:22 -------- d-----w- c:\users\Jacob\AppData\Local\Macromedia
2012-08-01 16:55 . 2012-08-05 22:14 -------- d-----w- c:\program files\DROD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 05:09 . 2012-06-12 04:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 05:09 . 2012-06-12 04:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:44 . 2012-07-11 08:01 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:09 . 2012-07-11 07:02 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 07:02 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-19 16:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:07 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 16:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 16:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 16:06 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 16:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 16:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 07:02 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 07:02 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 07:02 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 07:02 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 07:02 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-24 14:46 . 2012-05-24 14:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:26 . 2012-06-12 03:07 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-06-12 03:07 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-06-12 03:07 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-06-12 03:07 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-06-12 03:07 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-06-12 03:07 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2011-07-31 04:11 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2011-07-31 04:11 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2010-07-10 11:37 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2010-07-10 11:37 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 09:28 . 2010-07-09 22:37 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2010-07-09 22:37 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2010-07-09 22:37 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2010-07-09 22:37 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2010-07-09 22:37 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-15 03:08 . 2012-06-13 07:49 981504 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 21:46 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2012-08-05 1353080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 netr73;Conceptronic RT73 Wireles Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 05:09]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000Core.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000UA.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={7F9D083A-D192-4473-B7AF-0C2FC01FDAC6}&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&lang=en&ds=od011&pr=sa&d=2012-05-12 03:30&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\kwx3mik4.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 21:15:35
ComboFix-quarantined-files.txt 2012-08-11 02:15
ComboFix2.txt 2012-08-06 01:23
ComboFix3.txt 2012-08-05 20:52
ComboFix4.txt 2012-08-05 19:52
.
Pre-Run: 114,832,736,256 bytes free
Post-Run: 115,030,499,328 bytes free
.
- - End Of File - - 8D456FFE64EAF4534DA502AD966C5B5E

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:49 PM

Posted 10 August 2012 - 09:52 PM

ComboFix2.txt 2012-08-06 01:23
ComboFix3.txt 2012-08-05 20:52
ComboFix4.txt 2012-08-05 19:52

can you please find those older runs in C:\qoobox and attach them, I'd like to see the previous logs as there is no indication in the recent log as to what could still be causing the BSOD's in normal mode

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:49 PM

Posted 10 August 2012 - 09:56 PM

as well, please check this file out

c:\windows\system32\config\systemprofile\0.22428566284496998.exe


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\windows\system32\config\systemprofile\0.22428566284496998.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Edited by CatByte, 10 August 2012 - 09:56 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 11 August 2012 - 06:15 PM

First, your logs. Combofix 2:


ComboFix 12-08-05.02 - Jacob 08/10/2012 21:10:38.4.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2433 [GMT -5:00]
Running from: c:\users\Jacob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 02:13 . 2012-08-11 02:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 02:13 . 2012-08-11 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 01:40 . 2012-08-11 01:40 168448 ----a-w- c:\windows\system32\config\systemprofile\0.22428566284496998.exe
2012-08-10 07:02 . 2012-08-10 07:03 -------- d-----w- C:\FRST
2012-08-10 03:57 . 2012-08-11 01:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C896062-E03B-47C1-B99A-17D901C18DEC}\offreg.dll
2012-08-10 03:09 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-10 03:09 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4707266-591A-4741-B244-75A520FFE9A6}\gapaengine.dll
2012-08-10 03:09 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C896062-E03B-47C1-B99A-17D901C18DEC}\mpengine.dll
2012-08-10 03:05 . 2012-08-10 03:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\users\Jacob\AppData\Roaming\Malwarebytes
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 02:59 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 02:57 . 2012-08-07 03:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-07 02:57 . 2012-08-07 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-07 02:48 . 2012-08-10 03:03 -------- d-----w- c:\programdata\MFAData
2012-08-05 20:52 . 2012-08-11 02:13 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2012-08-04 14:10 . 2012-08-04 14:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 14:04 . 2012-08-04 14:04 -------- d-----w- c:\windows\Sun
2012-08-03 00:22 . 2012-08-03 00:22 -------- d-----w- c:\users\Jacob\AppData\Local\Macromedia
2012-08-01 16:55 . 2012-08-05 22:14 -------- d-----w- c:\program files\DROD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 05:09 . 2012-06-12 04:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 05:09 . 2012-06-12 04:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:44 . 2012-07-11 08:01 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:09 . 2012-07-11 07:02 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 07:02 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-19 16:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:07 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 16:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 16:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 16:06 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 16:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 16:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 07:02 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 07:02 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 07:02 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 07:02 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 07:02 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-24 14:46 . 2012-05-24 14:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:26 . 2012-06-12 03:07 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-06-12 03:07 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-06-12 03:07 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-06-12 03:07 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-06-12 03:07 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-06-12 03:07 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2011-07-31 04:11 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2011-07-31 04:11 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2010-07-10 11:37 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2010-07-10 11:37 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 09:28 . 2010-07-09 22:37 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2010-07-09 22:37 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2010-07-09 22:37 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2010-07-09 22:37 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2010-07-09 22:37 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-15 03:08 . 2012-06-13 07:49 981504 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 21:46 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2012-08-05 1353080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 netr73;Conceptronic RT73 Wireles Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 05:09]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000Core.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000UA.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={7F9D083A-D192-4473-B7AF-0C2FC01FDAC6}&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&lang=en&ds=od011&pr=sa&d=2012-05-12 03:30&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\kwx3mik4.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 21:15:35
ComboFix-quarantined-files.txt 2012-08-11 02:15
ComboFix2.txt 2012-08-06 01:23
ComboFix3.txt 2012-08-05 20:52
ComboFix4.txt 2012-08-05 19:52
.
Pre-Run: 114,832,736,256 bytes free
Post-Run: 115,030,499,328 bytes free
.
- - End Of File - - 8D456FFE64EAF4534DA502AD966C5B5E

Combofix 3: ComboFix 12-08-05.02 - Jacob 08/05/2012 20:14:23.3.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2634 [GMT -5:00]
Running from: c:\users\Jacob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 01:22 . 2012-08-06 01:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 01:22 . 2012-08-06 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 21:29 . 2012-08-05 21:29 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A31C4B-F485-4A0B-9274-6604D83F3158}\MpKsl547ed002.sys
2012-08-05 21:29 . 2012-08-05 21:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A31C4B-F485-4A0B-9274-6604D83F3158}\offreg.dll
2012-08-05 20:52 . 2012-08-06 01:22 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2012-08-05 19:33 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A31C4B-F485-4A0B-9274-6604D83F3158}\mpengine.dll
2012-08-04 14:10 . 2012-08-04 14:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 14:04 . 2012-08-04 14:04 -------- d-----w- c:\windows\Sun
2012-08-04 14:01 . 2012-08-04 14:01 110080 ----a-w- c:\programdata\Microsoft\Windows\DRM\9D17.tmp
2012-08-03 00:22 . 2012-08-03 00:22 -------- d-----w- c:\users\Jacob\AppData\Local\Macromedia
2012-08-01 16:55 . 2012-08-05 22:14 -------- d-----w- c:\program files\DROD
2012-07-28 08:35 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 08:01 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:02 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:02 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:02 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:02 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:02 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:02 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:02 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:02 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 04:09 . 2012-06-12 04:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 04:09 . 2012-06-12 04:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-19 16:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:07 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 16:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 16:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 16:06 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 16:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 16:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 14:46 . 2012-05-24 14:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:26 . 2012-06-12 03:07 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-06-12 03:07 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-06-12 03:07 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-06-12 03:07 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-06-12 03:07 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-06-12 03:07 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2011-07-31 04:11 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2011-07-31 04:11 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2010-07-10 11:37 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2010-07-10 11:37 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 09:28 . 2010-07-09 22:37 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2010-07-09 22:37 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2010-07-09 22:37 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2010-07-09 22:37 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2010-07-09 22:37 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-15 03:08 . 2012-06-13 07:49 981504 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_19.51.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2012-08-06 00:33 49574 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-26 05:31 . 2012-08-06 00:33 12122 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-832405256-2446568513-170178880-1000_UserData.bin
+ 2012-08-05 23:17 . 2012-08-05 20:12 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2012-08-04 14:05 . 2012-08-04 22:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-04 14:05 . 2012-08-05 21:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-08-05 06:15 . 2012-08-05 16:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012080520120806\index.dat
+ 2012-08-05 06:15 . 2012-08-05 21:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012080520120806\index.dat
- 2012-08-04 14:02 . 2012-08-05 18:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-04 14:02 . 2012-08-06 01:04 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-05-28 17:08 . 2012-08-05 19:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-28 17:08 . 2012-08-06 01:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-04 14:01 . 2012-08-06 00:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-04 14:01 . 2012-08-04 23:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-04 14:01 . 2012-08-06 00:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-08-04 14:01 . 2012-08-04 23:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-08-04 14:01 . 2012-08-06 00:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-08-04 14:01 . 2012-08-04 23:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-05-28 17:08 . 2012-08-06 01:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-28 17:08 . 2012-08-05 19:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-28 17:08 . 2012-08-05 19:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-28 17:08 . 2012-08-06 01:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-26 05:12 . 2012-08-04 22:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-26 05:12 . 2012-08-06 00:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 05:12 . 2012-08-04 22:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 05:12 . 2012-08-06 00:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-04 22:58 . 2012-08-05 19:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 00:26 . 2012-08-06 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 00:26 . 2012-08-06 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 22:58 . 2012-08-05 19:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-26 05:00 . 2012-08-05 18:39 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-26 05:00 . 2012-08-06 01:04 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-04-26 04:45 . 2012-08-05 19:31 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-26 04:45 . 2012-08-06 01:02 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2012-08-06 01:02 966656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 04:45 . 2012-08-06 01:02 5554176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-26 04:45 . 2012-08-05 19:31 5554176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 21:46 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-11 395640]
"Steam"="c:\program files\steam\steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
c:\users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl547ed002;MpKsl547ed002;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A31C4B-F485-4A0B-9274-6604D83F3158}\MpKsl547ed002.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 netr73;Conceptronic RT73 Wireles Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 04:09]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000Core.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000UA.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={7F9D083A-D192-4473-B7AF-0C2FC01FDAC6}&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&lang=en&ds=od011&pr=sa&d=2012-05-12 03:30&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\kwx3mik4.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=ku&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 20:23:49
ComboFix-quarantined-files.txt 2012-08-06 01:23
ComboFix2.txt 2012-08-05 20:52
ComboFix3.txt 2012-08-05 19:52
.
Pre-Run: 115,888,381,952 bytes free
Post-Run: 115,974,463,488 bytes free
.
- - End Of File - - 9BD6FD8DF08C8227F65C6A0E60D397BD

Combofix 4:


ComboFix 12-08-05.02 - Jacob 08/05/2012 15:43:08.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2487 [GMT -5:00]
Running from: c:\users\Jacob\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 20:51 . 2012-08-05 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-05 20:51 . 2012-08-05 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 19:53 . 2012-08-05 20:51 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2012-08-05 19:33 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A31C4B-F485-4A0B-9274-6604D83F3158}\mpengine.dll
2012-08-04 14:10 . 2012-08-04 14:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 14:04 . 2012-08-04 14:04 -------- d-----w- c:\windows\Sun
2012-08-04 14:01 . 2012-08-04 14:01 110080 ----a-w- c:\programdata\Microsoft\Windows\DRM\9D17.tmp
2012-08-03 00:22 . 2012-08-03 00:22 -------- d-----w- c:\users\Jacob\AppData\Local\Macromedia
2012-08-01 16:55 . 2012-08-05 22:14 -------- d-----w- c:\program files\DROD
2012-07-28 08:35 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 08:01 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:02 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:02 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:02 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:02 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:02 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:02 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:02 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:02 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 04:09 . 2012-06-12 04:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 04:09 . 2012-06-12 04:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-19 16:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:07 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 16:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 16:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 16:06 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 16:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 16:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 14:46 . 2012-05-24 14:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:26 . 2012-06-12 03:07 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-06-12 03:07 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-06-12 03:07 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-06-12 03:07 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-06-12 03:07 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-06-12 03:07 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-06-12 03:07 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2011-07-31 04:11 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2011-07-31 04:11 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2010-07-10 11:37 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2010-07-10 11:37 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 09:28 . 2010-07-09 22:37 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2010-07-09 22:37 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2010-07-09 22:37 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2010-07-09 22:37 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2010-07-09 22:37 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-15 03:08 . 2012-06-13 07:49 981504 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_19.51.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2012-08-05 20:33 49092 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-26 05:31 . 2012-08-05 20:33 12074 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-832405256-2446568513-170178880-1000_UserData.bin
+ 2012-08-05 23:17 . 2012-08-05 20:12 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2012-08-04 14:02 . 2012-08-05 20:20 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-08-04 14:02 . 2012-08-05 18:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-05-28 17:08 . 2012-08-05 19:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-28 17:08 . 2012-08-05 20:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-04 14:01 . 2012-08-04 23:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-04 14:01 . 2012-08-05 20:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-04 14:01 . 2012-08-05 20:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-08-04 14:01 . 2012-08-04 23:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-08-04 14:01 . 2012-08-04 23:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-08-04 14:01 . 2012-08-05 20:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-05-28 17:08 . 2012-08-05 20:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-28 17:08 . 2012-08-05 19:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-28 17:08 . 2012-08-05 20:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-28 17:08 . 2012-08-05 19:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 05:12 . 2012-08-05 20:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 05:12 . 2012-08-04 22:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-26 05:12 . 2012-08-05 20:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-26 05:12 . 2012-08-04 22:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-05 20:27 . 2012-08-05 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-04 22:58 . 2012-08-05 19:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 20:27 . 2012-08-05 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 22:58 . 2012-08-05 19:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-26 05:00 . 2012-08-05 20:35 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-04-26 05:00 . 2012-08-05 18:39 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-04-26 04:45 . 2012-08-05 19:31 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-26 04:45 . 2012-08-05 20:35 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2012-08-05 20:35 802816 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-08-05 19:31 802816 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 04:45 . 2012-08-05 20:35 5554176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-26 04:45 . 2012-08-05 19:31 5554176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 21:46 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-11 395640]
"Steam"="c:\program files\steam\steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
c:\users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 netr73;Conceptronic RT73 Wireles Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 04:09]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 05:33]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000Core.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832405256-2446568513-170178880-1000UA.job
- c:\users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 05:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={7F9D083A-D192-4473-B7AF-0C2FC01FDAC6}&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&lang=en&ds=od011&pr=sa&d=2012-05-12 03:30&v=11.0.0.9&sap=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\kwx3mik4.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B142f2bb7-fc72-4122-af68-8153d0db3167%7D&mid=63fa92d5921647d0a6f8d1795d59f547-4aef96b188630d28fe0b3460d9aa132c1a3075c6&ds=od011&v=11.1.0.12&lang=en&pr=sa&d=2012-05-12%2003%3A30%3A46&sap=ku&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 15:52:43
ComboFix-quarantined-files.txt 2012-08-05 20:52
ComboFix2.txt 2012-08-05 19:52
.
Pre-Run: 116,206,260,224 bytes free
Post-Run: 114,074,300,416 bytes free
.
- - End Of File - - 844AD32EC4EE3A78BE1E8473593B3951

#12 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 11 August 2012 - 06:20 PM

VIRUS TOTAL LINK:

http://tinyurl.com/9355fgk

Edited by blur144, 11 August 2012 - 06:21 PM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:49 PM

Posted 12 August 2012 - 08:16 AM

That file is suspicious enough that we should collect it.

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic464598.html/page__pid__2801598#entry2801598

Collect::
c:\windows\system32\config\systemprofile\0.22428566284496998.exe

File::
a-w- c:\programdata\Microsoft\Windows\DRM\9D17.tmp

RegLock::
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-832405256-2446568513-170178880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]


ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Please try running the dcripts in normal mode, if it still wont run in normal mode, first try ininstalling Microsoft Security Essentials, then run the scripts, then reinstall Microsoft Security Essentials.

This infection is known to attack AV's , especially MSE as it's so good!

post the fresh log.


NEXT


If you can, update and give Malwarebytes a run as well (in normal mode)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 August 2012 - 07:13 PM

I can get the script to run, BUT when it reboots to normal mode, Malware Bytes lets me know that my svchost.exe is trying to contact a malicious website. I'll post my log here in a second.

#15 blur144

blur144
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 August 2012 - 08:35 PM

Actually I don't think it IS running - it is blue screening and Malware causes it to bluescreen also. Ataport.sys or something along those lines is the culprit according to the blue screen.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users