Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/patched.ub ZeroAccess Rootkit


  • This topic is locked This topic is locked
17 replies to this topic

#1 mikehealey

mikehealey

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 16 August 2012 - 03:25 PM

I posted in the am I infected forum with regards to a W32/patched.ub trojan which continually shows up on my antivir virus.
Broni responded and explained it was likely a ZeroAccess rootkit.
I followed the required steps and now have the DDS.txt, attach.txt and ark.log files.

Please help me guys!

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Alice at 19:08:53 on 2012-08-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.134 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\vVX1000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uRun: [Google Update] "c:\users\alice\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\users\alice\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ocetc] "c:\windows\system32\rundll32.exe" "c:\users\alice\appdata\roaming\ocetc.dll",CallMethod
uRun: [hesvs] rundll32.exe "c:\users\alice\appdata\roaming\hesvs.dll",BindContext
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hesvs] rundll32.exe "c:\users\alice\appdata\roaming\hesvs.dll",BindContext
mRun: [ocetc] "c:\windows\system32\rundll32.exe" "c:\users\alice\appdata\roaming\ocetc.dll",CallMethod
StartupFolder: c:\users\alice\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{71870552-C3F5-4FB8-8627-6798E0D88AEB} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{7AB2EA13-834D-41C9-879B-5BC131F09FC0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7AB2EA13-834D-41C9-879B-5BC131F09FC0}\35B4955363939353 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B4551AB0-38B6-4754-9BD4-98E42FF9FC56} : NameServer = 217.171.132.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-23 36000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-23 83392]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-3-26 11136]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-3-26 353280]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-3-26 73216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-8-9 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-8-9 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-3-26 102784]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
.
=============== Created Last 30 ================
.
2012-08-15 17:24:05 -------- d-----w- c:\users\alice\appdata\roaming\SUPERAntiSpyware.com
2012-08-15 17:23:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-15 17:23:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-15 16:54:47 -------- d-----w- c:\users\alice\appdata\roaming\Malwarebytes
2012-08-15 16:54:16 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 16:54:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 16:54:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 21:19:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-10 21:17:16 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-08-10 18:50:15 -------- d-----w- c:\windows\scoped_dir_6064_708
2012-08-10 18:50:00 -------- d-----w- c:\users\alice\appdata\local\{2EAAFD4C-E31C-11E1-8270-B8AC6F996F26}
2012-08-10 18:49:58 -------- d-----w- c:\programdata\6F638BC80046AEB615397666F875EF7E
2012-08-10 18:49:57 476160 ----a-w- c:\users\alice\appdata\roaming\ocetc.dll
2012-08-10 18:48:47 162816 --sha-w- c:\users\alice\appdata\roaming\hesvs.dll
2012-08-10 18:48:40 -------- d-----w- c:\users\alice\appdata\roaming\Avbyvi
2012-08-10 15:29:20 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a99ebf85-4137-473a-b88e-6147db833ea0}\mpengine.dll
2012-08-09 22:42:32 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-08-09 22:42:32 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-08-09 22:42:31 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-08-09 22:42:31 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-08-09 22:42:31 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2012-08-09 22:42:11 -------- d-----w- c:\program files\EaseUS
2012-08-07 12:27:59 -------- d-sh--w- C:\found.000
2012-07-29 19:52:38 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-08-15 15:35:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 15:35:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 15:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:10:57.62 ===============




I hope I have correctly attached the other documents and look forward to hearing from a member of your team.

Thank you,
Mike

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 16 August 2012 - 05:51 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mikehealey

mikehealey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 16 August 2012 - 06:34 PM

This might seem stupid, but I don't believe I have the recovery option in the advanced boot options, also I do not have the boot disc. I have farbar on a flash drive ready to go though.

CatByte, thank you for your help.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 16 August 2012 - 07:01 PM

if you don't have the recovery environment pre-installed, you can make a recovery disk following the tutorial here

http://www.howtogeek.com/howto/5409/create-a-system-repair-disc-in-windows-7/

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 25 August 2012 - 05:03 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 25 August 2012 - 06:48 PM

This topic has been re-opened at the request of the person who originally posted.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mikehealey

mikehealey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 25 August 2012 - 06:58 PM

I have run farbar in the recovery environment, and now have the required logs:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 26-08-2012 00:31:19
Running from H:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM\...\Run: [hesvs] rundll32.exe "C:\Users\Alice\AppData\Roaming\hesvs.dll",BindContext [162816 2012-08-10] (Crytek)
HKLM\...\Run: [ocetc] "C:\Windows\System32\rundll32.exe" "C:\Users\Alice\AppData\Roaming\ocetc.dll",CallMethod [476160 2012-08-10] (Andrew Zhezherun)
HKU\Alice\...\Run: [Google Update] "C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-26] (Google Inc.)
HKU\Alice\...\Run: [Facebook Update] "C:\Users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
HKU\Alice\...\Run: [ocetc] "C:\Windows\System32\rundll32.exe" "C:\Users\Alice\AppData\Roaming\ocetc.dll",CallMethod [476160 2012-08-10] (Andrew Zhezherun)
HKU\Alice\...\Run: [hesvs] rundll32.exe "C:\Users\Alice\AppData\Roaming\hesvs.dll",BindContext [162816 2012-08-10] (Crytek)
HKU\Alice\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-09] (SUPERAntiSpyware.com)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\..\Interfaces\{B4551AB0-38B6-4754-9BD4-98E42FF9FC56}: [NameServer]217.171.132.1
Startup: C:\Users\Alice\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-10] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-10] (Avira Operations GmbH & Co. KG)
2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-10] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-10] (Avira GmbH)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [353280 2011-03-23] (Huawei Technologies Co., Ltd.)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [73216 2011-03-23] (Huawei Technologies Co., Ltd.)
2 mdvrmng; \??\C:\Windows\system32\drivers\mdvrmng.sys [10240 2011-03-23] ()
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-09] ()
1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-07-29] (Trusteer Ltd.)
3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [65848 2012-07-29] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-07-29] (Trusteer Ltd.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2012-01-04] (Windows ® Win 7 DDK provider)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-24 08:17 - 2012-08-24 08:23 - 00000000 ____D C:\Users\Alice\Downloads\The Help 2011 DVDRiP XviD AC3- MiSTERE
2012-08-24 08:15 - 2012-08-24 08:15 - 00012447 ____A C:\Users\Alice\Downloads\[isoHunt] The Help 2011 DVDRiP XviD AC3- MiSTERE.torrent
2012-08-22 13:52 - 2012-08-22 13:52 - 00145824 ____A C:\Windows\Minidump\082212-38485-01.dmp
2012-08-21 11:21 - 2012-08-21 15:29 - 00000000 ____D C:\Users\Alice\Downloads\An Idiot Abroad Season 1, 2 + Extras HDTV DVDRip TSV
2012-08-21 10:35 - 2012-08-21 10:35 - 00021529 ____A C:\Users\Alice\Downloads\[isoHunt] An Idiot Abroad Season 1, 2 Extras HDTV DVDRip TSV.torrent
2012-08-21 10:34 - 2012-08-21 10:34 - 00000000 ____D C:\Users\Alice\Downloads\SJBE52 James Bond 007 - Goldeneye
2012-08-21 10:33 - 2012-08-21 10:33 - 00019109 ____A C:\Users\Alice\Downloads\[isoHunt] James_Bond_007_-_Goldeneye_[WBFS]_(SJBE52)__NTSC__[wiiGM].6156211.TPB.torrent
2012-08-21 08:49 - 2012-08-21 08:49 - 00012694 ____A C:\Users\Alice\Downloads\[isoHunt] Wipeout The GameWiiNTSCScr edTLS Reidy.torrent
2012-08-21 08:38 - 2012-08-21 11:19 - 405012480 ____A C:\Users\Alice\Downloads\FIFA_12_Wii_PAL_MULTi3.iso
2012-08-21 08:38 - 2012-08-21 08:38 - 00045277 ____A C:\Users\Alice\Downloads\[isoHunt] FIFA_12_Wii_PAL_MULTi3.iso.7212661.TPB.torrent
2012-08-21 06:53 - 2012-08-21 08:20 - 3909091328 ____A C:\Users\Alice\Downloads\RSVP8P.wbfs
2012-08-21 06:52 - 2012-08-21 06:52 - 00018944 ____A C:\Users\Alice\Downloads\[isoHunt] Sonic.Unleashed.WBFS.PAL.Wii.6917051.TPB.torrent
2012-08-21 06:33 - 2012-08-21 15:17 - 00000000 ____D C:\Users\Alice\Downloads\[Wii]Ju-On_The_Grudge_Haunted_House[NTSC][WiiSOS.com]
2012-08-21 06:02 - 2012-08-21 07:16 - 00000000 ____D C:\Users\Alice\Downloads\Tim Vine - The Jokeamotive
2012-08-21 05:59 - 2012-08-21 05:59 - 00014602 ____A C:\Users\Alice\Downloads\[isoHunt] Tim_Vine_-_The_Jokeamotive.6838468.TPB.torrent
2012-08-20 12:16 - 2012-08-20 12:16 - 00013428 ____A C:\Users\Alice\Downloads\[isoHunt] FB591F6310A0074CF85A1EAF1A2526AE83FCDE7B.torrent
2012-08-20 10:45 - 2012-08-20 10:45 - 00018890 ____A C:\Users\Alice\Downloads\[isoHunt] 1295476.torrent
2012-08-20 09:59 - 2012-08-20 09:59 - 00006023 ____A C:\Users\Alice\Downloads\[isoHunt] The_Legend_of_Zelda_Twilight_Princess_(2006)_[Wii][PAL][MULTi5].6083950.TPB.torrent
2012-08-20 09:15 - 2012-08-20 09:15 - 00000000 ____D C:\Users\Alice\Downloads\SEME4Q Disney Epic Mickey
2012-08-20 07:57 - 2012-08-20 07:57 - 00023417 ____A C:\Users\Alice\Downloads\[isoHunt] Modern_Family_-_The_Complete_Season_2_[HDTV].6423558.TPB (1).torrent
2012-08-20 06:49 - 2012-08-20 06:49 - 00019635 ____A C:\Users\Alice\Downloads\[isoHunt] Disney_Epic_Mickey_[WBFS]_(SEME4Q)__NTSC__[wiiGM].6558926.TPB.torrent
2012-08-20 06:46 - 2012-08-20 06:46 - 00121503 ____A C:\Users\Alice\Downloads\[isoHunt] RNSP69.wbfs.torrent
2012-08-20 06:44 - 2012-08-20 06:44 - 00018971 ____A C:\Users\Alice\Downloads\[isoHunt] Hamster Heroes [RH4XUG] wbfs Wii Game.torrent
2012-08-20 06:41 - 2012-08-20 06:41 - 00010602 ____A C:\Users\Alice\Downloads\[isoHunt] RGWE41.wbfs.torrent
2012-08-20 05:24 - 2012-08-20 05:50 - 734011392 ____A C:\Users\Alice\Downloads\Bruce Almighty[2003]DvDrip[Eng]-Stealthmaster.avi
2012-08-18 01:58 - 2012-08-18 02:05 - 00000000 ____D C:\Users\Alice\Documents\VirtualDJ
2012-08-18 01:58 - 2012-08-18 02:05 - 00000000 ____D C:\Program Files\VirtualDJ
2012-08-18 01:58 - 2012-08-18 01:58 - 00001001 ____A C:\Users\Alice\Desktop\Virtual DJ Pro.lnk
2012-08-18 01:52 - 2012-08-18 02:05 - 00000000 ____D C:\Users\Alice\Downloads\Virtual DJ v7.0 PRO + Crack [ChattChitto RG]
2012-08-18 01:50 - 2012-08-18 01:50 - 00012593 ____A C:\Users\Alice\Downloads\[isoHunt] Virtual_DJ_v7.0_PRO___Crack_[ChattChitto_RG].5888476.TPB.torrent
2012-08-18 01:50 - 2012-08-18 01:50 - 00012593 ____A C:\Users\Alice\Downloads\[isoHunt] Virtual_DJ_v7.0_PRO___Crack_[ChattChitto_RG].5888476.TPB (1).torrent
2012-08-17 11:18 - 2012-08-17 11:18 - 00017262 ____A C:\Users\Alice\Downloads\[isoHunt] WWE MONDAY NIGHT RAW 13 08 2012 Bzingaz.mp4.torrent
2012-08-17 11:03 - 2012-08-17 11:03 - 00011515 ____A C:\Users\Alice\Downloads\[isoHunt] WWE.Raw.08.13.12.DSR.XviD-XWT (1).torrent
2012-08-17 10:52 - 2012-08-17 10:52 - 00021951 ____A C:\Users\Alice\Downloads\[isoHunt] WWE.Raw.08.13.12.DSR.XviD-XWT.torrent
2012-08-17 07:48 - 2012-08-17 08:02 - 00000000 ____D C:\Users\Alice\Downloads\The Raid Redemption 2011 BRRiP XViD AC3 - Ryan
2012-08-17 07:47 - 2012-08-17 07:47 - 00015752 ____A C:\Users\Alice\Downloads\[isoHunt] The Raid Redemption 2011 BRRiP XViD AC3 - Ryan.torrent
2012-08-17 04:47 - 2012-08-17 04:47 - 00015316 ____A C:\Users\Alice\Downloads\[isoHunt] Fortune_Street_[WBFS]_(ST7E01)__NTSC__[wiiGM].6895587.TPB.torrent
2012-08-17 04:46 - 2012-08-17 04:46 - 00014717 ____A C:\Users\Alice\Downloads\[isoHunt] Harvest_Moon_-_Tree_of_Tranquility_[WBFS]_(R84EE9)__NTSC__[wiiGM.6156204.TPB.torrent
2012-08-17 04:45 - 2012-08-17 04:45 - 00017307 ____A C:\Users\Alice\Downloads\[isoHunt] RMGE01 Super Mario Galaxy.torrent
2012-08-17 04:45 - 2012-08-17 04:45 - 00010851 ____A C:\Users\Alice\Downloads\[isoHunt] S3ZE52 Men in Black - Alien Crisis.torrent
2012-08-17 04:44 - 2012-08-17 04:44 - 00014755 ____A C:\Users\Alice\Downloads\[isoHunt] The_Sims_3_[WBFS]_(S3ME69)__NTSC__[wiiGM].6641535.TPB.torrent
2012-08-17 04:35 - 2012-08-17 04:35 - 00019943 ____A C:\Users\Alice\Downloads\[isoHunt] R92E01 Pikmin 2.torrent
2012-08-17 03:39 - 2012-08-17 03:39 - 00014487 ____A C:\Users\Alice\Downloads\[isoHunt] New.SUPER.MARIO.BROS.wii.ntsc.wbfs.5907327.TPB.torrent
2012-08-17 03:37 - 2012-08-17 03:38 - 00012247 ____A C:\Users\Alice\Downloads\[isoHunt] LoZ Skyward Sword(SUKE01).wbfs.torrent
2012-08-17 03:36 - 2012-08-17 03:36 - 00016479 ____A C:\Users\Alice\Downloads\[isoHunt] Brave [S6BP4Q].torrent
2012-08-17 03:35 - 2012-08-17 03:35 - 00016168 ____A C:\Users\Alice\Downloads\[isoHunt] SJHE41 Just Dance - Greatest Hits.torrent
2012-08-17 02:57 - 2012-08-17 02:57 - 00018110 ____A C:\Users\Alice\Downloads\[isoHunt] SAZE52 The Amazing Spider-Man.torrent
2012-08-17 02:55 - 2012-08-17 02:55 - 00011955 ____A C:\Users\Alice\Downloads\[isoHunt] 1B62793F4C42824D140FACAD12A85D20CE90A503.torrent
2012-08-17 02:33 - 2012-08-17 02:33 - 00019783 ____A C:\Users\Alice\Downloads\[isoHunt] SV3EG9 Madagascar 3.torrent
2012-08-17 02:32 - 2012-08-17 02:32 - 00017999 ____A C:\Users\Alice\Downloads\[isoHunt] Rhythm_Heaven_Fever_[WBFS]_(SOME01)__NTSC__[wiiGM].7021328.TPB.torrent
2012-08-17 02:29 - 2012-08-17 02:29 - 00012291 ____A C:\Users\Alice\Downloads\[isoHunt] Kirby__s__Dream_Land_[WBFS]_(SUKE01)__NTSC__[wiiGM].6769502.TPB.torrent
2012-08-17 02:28 - 2012-08-17 02:28 - 00014600 ____A C:\Users\Alice\Downloads\[isoHunt] PPNE01 New Super Mario Bros. Wii 2 - The Next Levels.torrent
2012-08-16 15:20 - 2012-08-16 15:20 - 00000000 ____D C:\FRST
2012-08-16 12:13 - 2012-08-16 12:14 - 00092709 ____A C:\Users\Alice\Desktop\ark.log
2012-08-16 10:16 - 2011-07-16 13:21 - 00302592 ____A C:\Users\Alice\Desktop\gmer.exe
2012-08-16 10:15 - 2012-08-16 10:15 - 00294216 ____A C:\Users\Alice\Downloads\gmer.zip
2012-08-16 10:12 - 2012-08-16 10:12 - 00012850 ____A C:\Users\Alice\Desktop\DDS.txt
2012-08-16 10:12 - 2012-08-16 10:12 - 00009147 ____A C:\Users\Alice\Desktop\Attach.txt
2012-08-16 10:04 - 2012-08-16 10:04 - 00607260 ____R (Swearware) C:\Users\Alice\Desktop\dds.com
2012-08-16 10:04 - 2012-08-16 10:04 - 00607260 ____A (Swearware) C:\Users\Alice\Downloads\dds.com
2012-08-16 10:02 - 2012-08-16 10:02 - 00000446 ____A C:\Users\Alice\Downloads\defogger_disable.log
2012-08-16 10:02 - 2012-08-16 10:02 - 00000000 ____A C:\Users\Alice\defogger_reenable
2012-08-16 10:01 - 2012-08-16 10:01 - 00050477 ____A C:\Users\Alice\Downloads\Defogger.exe
2012-08-16 10:01 - 2012-08-16 10:01 - 00050477 ____A C:\Users\Alice\Downloads\Defogger (1).exe
2012-08-16 08:35 - 2012-08-16 08:36 - 00001918 ____A C:\Users\Alice\Desktop\Rkill.txt
2012-08-16 08:34 - 2012-08-16 08:34 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Alice\Desktop\rkill.exe
2012-08-15 12:14 - 2012-08-15 12:14 - 00017336 ____A C:\Users\Alice\Downloads\[isoHunt] edbcd689df6a3d35f24e11928df045ad8bd2bdda.torrent
2012-08-15 12:12 - 2012-08-15 12:12 - 00042862 ____A C:\Users\Alice\Downloads\[isoHunt] Mr.Bean_Complete_DVDrip_Collection.4999692.TPB.torrent
2012-08-15 11:31 - 2012-08-15 11:31 - 00056439 ____A C:\Users\Alice\Downloads\[isoHunt] The.Business[2005]DvDrip.AC3[Eng]-aXXo.torrent
2012-08-15 11:20 - 2012-08-15 11:20 - 00014423 ____A C:\Users\Alice\Downloads\[isoHunt] Flubber.(1997).XviD-LintF.torrent
2012-08-15 11:18 - 2012-08-15 11:18 - 00014303 ____A C:\Users\Alice\Downloads\[isoHunt] Matilda.1996.elytista.5926725.TPB.torrent
2012-08-15 09:24 - 2012-08-15 09:24 - 00000000 ____D C:\Users\Alice\AppData\Roaming\SUPERAntiSpyware.com
2012-08-15 09:23 - 2012-08-15 09:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-15 09:23 - 2012-08-15 09:23 - 00001965 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-15 09:23 - 2012-08-15 09:23 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-08-15 09:22 - 2012-08-15 09:23 - 19171856 ____A (SUPERAntiSpyware.com) C:\Users\Alice\Downloads\SUPERAntiSpyware (1).exe
2012-08-15 09:22 - 2012-08-15 09:22 - 19171856 ____A (SUPERAntiSpyware.com) C:\Users\Alice\Downloads\SUPERAntiSpyware.exe
2012-08-15 08:54 - 2012-08-15 08:54 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 08:54 - 2012-08-15 08:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-15 08:54 - 2012-08-15 08:54 - 00000000 ____D C:\Users\Alice\AppData\Roaming\Malwarebytes
2012-08-15 08:54 - 2012-08-15 08:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-15 08:54 - 2012-07-03 04:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-15 08:52 - 2012-08-15 08:53 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Alice\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-15 08:03 - 2012-08-15 08:03 - 00023352 ____A C:\Users\Alice\Downloads\[isoHunt] Modern_Family_-_The_Complete_Season_2_[HDTV].6423558.TPB.torrent
2012-08-15 07:49 - 2012-08-15 07:49 - 00033846 ____A C:\Users\Alice\Downloads\[isoHunt] Stuart Little Trilogy.torrent
2012-08-15 07:47 - 2012-08-15 07:47 - 00013883 ____A C:\Users\Alice\Downloads\[isoHunt] Walt_Disney____s_Oliver_and_Company.4898496.TPB.torrent
2012-08-13 10:10 - 2012-08-13 10:10 - 00013297 ____A C:\Users\Alice\Downloads\Stuart.Little.(1999).torrent
2012-08-13 10:07 - 2012-08-13 10:07 - 00027507 ____A C:\Users\Alice\Downloads\Police.Academy.FULL.PACK.(1984-1994).torrent
2012-08-13 10:04 - 2012-08-13 10:04 - 00012293 ____A C:\Users\Alice\Downloads\Police.Squad!.-.1982.TV.Comedy.(Basis.for.Naked.Gun.Movies).torrent
2012-08-13 10:00 - 2012-08-13 10:00 - 00014429 ____A C:\Users\Alice\Downloads\Inglourious.Basterds.2009.DVDRip.XviD-MegaPlay.torrent
2012-08-13 09:54 - 2012-08-13 09:55 - 00020715 ____A C:\Users\Alice\Downloads\[isoHunt] The Simpsons - Season 20.torrent
2012-08-13 08:48 - 2012-08-13 08:48 - 00027770 ____A C:\Users\Alice\Downloads\Modern.Family.Season.1.torrent
2012-08-13 08:37 - 2012-08-13 08:37 - 00127642 ____A C:\Users\Alice\Downloads\Ted.2012.TS.V2.Xvid.Ac3.ADTRG.torrent
2012-08-13 08:27 - 2012-08-13 08:27 - 00014795 ____A C:\Users\Alice\Downloads\The.Five-Year.Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy.torrent
2012-08-12 10:54 - 2012-08-12 10:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-11 03:05 - 2012-08-11 03:05 - 00015982 ____A C:\Users\Alice\Downloads\LEGO.Batman.2.DC.Super.Heroes.torrent
2012-08-11 03:04 - 2012-08-11 03:04 - 00023149 ____A C:\Users\Alice\Downloads\WWE.12.(2011).torrent
2012-08-11 03:02 - 2012-08-11 03:02 - 00022763 ____A C:\Users\Alice\Downloads\Super.Mario.Galaxy.2.torrent
2012-08-11 02:55 - 2012-08-24 12:51 - 2930632196 ____A C:\Users\Alice\Downloads\[WII]Kung Fu Panda Legendary Warriors [PAL][ESPALWII.com].rar
2012-08-11 02:51 - 2012-08-11 02:51 - 00018917 ____A C:\Users\Alice\Downloads\Wii-Soul.Calibur.Legends.PAL.torrent
2012-08-11 02:49 - 2012-08-11 02:49 - 00014414 ____A C:\Users\Alice\Downloads\Wii-Kung.Fu.Panda.Legendary.Warriors.PAL.torrent
2012-08-11 02:44 - 2012-08-11 02:44 - 00019327 ____A C:\Users\Alice\Downloads\Wii-Ice.Age.3.PAL.torrent
2012-08-10 17:47 - 2012-08-15 09:18 - 00000000 ____D C:\Users\Alice\Downloads\Wii Wads
2012-08-10 17:45 - 2012-08-10 17:45 - 00029511 ____A C:\Users\Alice\Downloads\[isoHunt] Wii Wads.torrent
2012-08-10 16:10 - 2012-08-10 16:11 - 06959040 ____A C:\Users\Alice\Downloads\USBLoaderGX_v3.0_IOS249.wad
2012-08-10 13:19 - 2012-08-10 13:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-10 13:17 - 2012-08-10 14:19 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2012-08-10 13:15 - 2012-08-10 13:16 - 28710760 ____A (GridinSoft LLC) C:\Users\Alice\Downloads\gtk2126-setup.exe
2012-08-10 13:12 - 2012-08-10 13:13 - 00407872 ____A C:\Users\Alice\Downloads\iexplore.exe
2012-08-10 13:05 - 2012-08-10 13:05 - 00006544 ____N C:\bootsqm.dat
2012-08-10 10:50 - 2012-08-10 10:50 - 00000000 ____D C:\Windows\scoped_dir_6064_708
2012-08-10 10:50 - 2012-08-10 10:50 - 00000000 ____D C:\Users\Alice\Desktop\store
2012-08-10 10:50 - 2012-08-10 10:50 - 00000000 ____D C:\Users\Alice\AppData\Local\{2EAAFD4C-E31C-11E1-8270-B8AC6F996F26}
2012-08-10 10:49 - 2012-08-11 02:46 - 00000000 ____D C:\Users\All Users\6F638BC80046AEB615397666F875EF7E
2012-08-10 10:49 - 2012-08-10 10:49 - 00476160 ____A (Andrew Zhezherun) C:\Users\Alice\AppData\Roaming\ocetc.dll
2012-08-10 10:48 - 2012-08-10 10:48 - 00162816 __ASH (Crytek) C:\Users\Alice\AppData\Roaming\hesvs.dll
2012-08-10 10:48 - 2012-08-10 10:48 - 00000000 ____D C:\Windows\Sun
2012-08-10 10:48 - 2012-08-10 10:48 - 00000000 ____D C:\Users\Alice\AppData\Roaming\Avbyvi
2012-08-10 06:26 - 2012-08-10 10:12 - 00000000 ____D C:\Users\Alice\Downloads\Quiz Party PAL Wii-SUSHi [ Wii ][ MULTi ][ Www.EliteDescargas.Com ]
2012-08-10 04:54 - 2012-08-10 04:54 - 00096269 ____A C:\Users\Alice\Downloads\[isoHunt] Quiz Party PAL Wii-SUSHi [ Wii ][ MULTi ][ Www.EliteDescargas.Com ].torrent
2012-08-10 04:49 - 2012-08-10 04:49 - 00019721 ____A C:\Users\Alice\Downloads\[isoHunt] Zumba Fitness 2 [Wii][NTSC][Scrubbed]-TLS.torrent
2012-08-10 04:45 - 2012-08-10 04:45 - 00022740 ____A C:\Users\Alice\Downloads\[isoHunt] WWE_12_(2011)_[Wii][MULTi5][PAL].6833690.TPB.torrent
2012-08-10 04:43 - 2012-08-10 04:43 - 00023214 ____A C:\Users\Alice\Downloads\[isoHunt] Mario.And.Sonic.At.The.London.2012.Olympic.Games._-_Wii_(ISO)_[P.6926795.TPB.torrent
2012-08-10 01:03 - 2012-08-10 01:03 - 00145824 ____A C:\Windows\Minidump\081012-36535-01.dmp
2012-08-09 15:58 - 2012-08-09 15:59 - 01895685 ____A C:\Users\Alice\Downloads\4-X_Evil_Dead.mym
2012-08-09 14:54 - 2012-08-23 13:46 - 00000000 ____D C:\Users\Alice\Downloads\WGames
2012-08-09 14:49 - 2012-08-09 14:50 - 00893324 ____A C:\Users\Alice\Downloads\Wii Game Manager 1.5.0.2.rar
2012-08-09 14:42 - 2012-08-09 14:42 - 00000000 ____D C:\Program Files\EaseUS
2012-08-09 14:42 - 2012-05-17 08:36 - 02468520 ____A C:\Windows\System32\BootMan.exe
2012-08-09 14:42 - 2011-07-29 04:54 - 00086408 ____A C:\Windows\System32\setupempdrv03.exe
2012-08-09 14:42 - 2011-07-29 04:54 - 00019840 ____A C:\Windows\System32\EuEpmGdi.dll
2012-08-09 14:42 - 2011-07-29 04:54 - 00014216 ____A C:\Windows\System32\epmntdrv.sys
2012-08-09 14:42 - 2011-07-29 04:54 - 00008456 ____A C:\Windows\System32\EuGdiDrv.sys
2012-08-09 14:40 - 2012-08-09 14:41 - 12086624 ____A (EaseUS ) C:\Users\Alice\Downloads\epm (1).exe
2012-08-09 14:39 - 2012-08-09 14:40 - 12086624 ____A (EaseUS ) C:\Users\Alice\Downloads\epm.exe
2012-08-09 02:28 - 2012-08-09 02:28 - 00001059 ____A C:\Users\Alice\Desktop\FAT32 GUI Formatter.lnk
2012-08-08 13:39 - 2012-08-08 13:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2012-08-07 05:20 - 2012-08-07 06:19 - 00000000 ____D C:\Users\Alice\Downloads\Richard Gere Collection Hachiko A Dog's Story (2009)(NLsubs) TBS
2012-08-07 05:19 - 2012-08-07 05:19 - 00021534 ____A C:\Users\Alice\Downloads\[isoHunt] Richard_Gere_Collection__Hachiko_A_Dog_s_Story_(2009)(NLsubs)_TB.6855710.TPB.torrent
2012-08-07 04:27 - 2012-08-07 04:27 - 00000000 __SHD C:\found.000
2012-08-06 12:28 - 2012-08-06 12:28 - 00014799 ____A C:\Users\Alice\Downloads\[isoHunt] V-H-S 2012 VODRip XViD-sC0rp (1).torrent
2012-08-06 12:27 - 2012-08-06 12:27 - 00014799 ____A C:\Users\Alice\Downloads\[isoHunt] V-H-S 2012 VODRip XViD-sC0rp.torrent
2012-08-06 12:02 - 2012-08-06 12:02 - 00138676 ____A C:\Users\Alice\Downloads\[isoHunt] V_H_S.2012.VODRip.XVID.HS.torrent
2012-08-06 11:54 - 2012-08-06 11:54 - 00000000 ____D C:\Users\Alice\Downloads\Wrath of the Titans 2012 BDRip XviD-INSPiRAL
2012-08-06 11:53 - 2012-08-06 11:53 - 00014546 ____A C:\Users\Alice\Downloads\[isoHunt] Wrath of the Titans 2012 BDRip XviD-INSPiRAL.torrent
2012-08-04 05:09 - 2012-08-04 05:09 - 00057279 ____A C:\Users\Alice\Downloads\[isoHunt] Stomp.The.Yard[2007]DvDrip[Eng]-aXXo.torrent
2012-08-04 04:54 - 2012-08-04 05:09 - 00000000 ____D C:\Users\Alice\Downloads\War.Horse.2011.PAL.Retail.DVDR.DD5.1.MultiSubs
2012-08-04 04:48 - 2012-08-04 04:48 - 00028933 ____A C:\Users\Alice\Downloads\[isoHunt] The Notebook (2004) [ENG] [DVDrip].avi.torrent
2012-08-01 03:03 - 2012-08-01 03:03 - 00015341 ____A C:\Users\Alice\Downloads\Mystikal_-_Ghetto_Fabulous_(No_Limit).torrent
2012-08-01 03:02 - 2012-08-01 03:02 - 00021912 ____A C:\Users\Alice\Downloads\Mystikal_-_Unpredictable_-_Dailynova.torrent
2012-08-01 02:59 - 2012-08-01 02:59 - 00015934 ____A C:\Users\Alice\Downloads\Mystikal_-_Mind_Of_Mystikal.torrent
2012-08-01 02:19 - 2012-08-01 02:19 - 00035822 ____A C:\Users\Alice\Downloads\Onyx-Full_Discography.torrent
2012-08-01 02:16 - 2012-08-01 02:54 - 68011587 ____A C:\Users\Alice\Downloads\Onyx-Bacdafucup1993.rar
2012-07-31 04:26 - 2012-07-31 04:26 - 00145816 ____A C:\Windows\Minidump\073112-39187-01.dmp
2012-07-29 11:52 - 2012-07-29 11:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys


============ 3 Months Modified Files ========================

2012-08-25 15:21 - 2012-06-21 16:03 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-25 15:18 - 2012-03-26 14:08 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000UA.job
2012-08-25 14:53 - 2012-04-02 10:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-25 14:48 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-25 14:48 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-25 14:47 - 2010-11-20 13:01 - 00791944 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-25 14:46 - 2012-08-25 14:46 - 00509440 ____A (iS3, Inc.) C:\Users\Alice\Downloads\SZSetupAV.exe
2012-08-25 14:37 - 2012-06-21 16:03 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-25 14:36 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-25 14:36 - 2009-07-13 20:39 - 00057554 ____A C:\Windows\setupact.log
2012-08-24 12:51 - 2012-08-11 02:55 - 2930632196 ____A C:\Users\Alice\Downloads\[WII]Kung Fu Panda Legendary Warriors [PAL][ESPALWII.com].rar
2012-08-24 11:27 - 2012-04-06 06:43 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000UA.job
2012-08-24 08:15 - 2012-08-24 08:15 - 00012447 ____A C:\Users\Alice\Downloads\[isoHunt] The Help 2011 DVDRiP XviD AC3- MiSTERE.torrent
2012-08-24 05:18 - 2012-03-26 14:08 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000Core.job
2012-08-24 03:09 - 2012-04-06 06:43 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000Core.job
2012-08-24 02:57 - 2012-03-26 14:12 - 00002415 ____A C:\Users\Alice\Desktop\Google Chrome.lnk
2012-08-22 13:52 - 2012-08-22 13:52 - 00145824 ____A C:\Windows\Minidump\082212-38485-01.dmp
2012-08-21 11:19 - 2012-08-21 08:38 - 405012480 ____A C:\Users\Alice\Downloads\FIFA_12_Wii_PAL_MULTi3.iso
2012-08-21 10:35 - 2012-08-21 10:35 - 00021529 ____A C:\Users\Alice\Downloads\[isoHunt] An Idiot Abroad Season 1, 2 Extras HDTV DVDRip TSV.torrent
2012-08-21 10:33 - 2012-08-21 10:33 - 00019109 ____A C:\Users\Alice\Downloads\[isoHunt] James_Bond_007_-_Goldeneye_[WBFS]_(SJBE52)__NTSC__[wiiGM].6156211.TPB.torrent
2012-08-21 08:49 - 2012-08-21 08:49 - 00012694 ____A C:\Users\Alice\Downloads\[isoHunt] Wipeout The GameWiiNTSCScr edTLS Reidy.torrent
2012-08-21 08:38 - 2012-08-21 08:38 - 00045277 ____A C:\Users\Alice\Downloads\[isoHunt] FIFA_12_Wii_PAL_MULTi3.iso.7212661.TPB.torrent
2012-08-21 08:20 - 2012-08-21 06:53 - 3909091328 ____A C:\Users\Alice\Downloads\RSVP8P.wbfs
2012-08-21 06:52 - 2012-08-21 06:52 - 00018944 ____A C:\Users\Alice\Downloads\[isoHunt] Sonic.Unleashed.WBFS.PAL.Wii.6917051.TPB.torrent
2012-08-21 05:59 - 2012-08-21 05:59 - 00014602 ____A C:\Users\Alice\Downloads\[isoHunt] Tim_Vine_-_The_Jokeamotive.6838468.TPB.torrent
2012-08-20 12:16 - 2012-08-20 12:16 - 00013428 ____A C:\Users\Alice\Downloads\[isoHunt] FB591F6310A0074CF85A1EAF1A2526AE83FCDE7B.torrent
2012-08-20 10:45 - 2012-08-20 10:45 - 00018890 ____A C:\Users\Alice\Downloads\[isoHunt] 1295476.torrent
2012-08-20 09:59 - 2012-08-20 09:59 - 00006023 ____A C:\Users\Alice\Downloads\[isoHunt] The_Legend_of_Zelda_Twilight_Princess_(2006)_[Wii][PAL][MULTi5].6083950.TPB.torrent
2012-08-20 07:57 - 2012-08-20 07:57 - 00023417 ____A C:\Users\Alice\Downloads\[isoHunt] Modern_Family_-_The_Complete_Season_2_[HDTV].6423558.TPB (1).torrent
2012-08-20 06:49 - 2012-08-20 06:49 - 00019635 ____A C:\Users\Alice\Downloads\[isoHunt] Disney_Epic_Mickey_[WBFS]_(SEME4Q)__NTSC__[wiiGM].6558926.TPB.torrent
2012-08-20 06:46 - 2012-08-20 06:46 - 00121503 ____A C:\Users\Alice\Downloads\[isoHunt] RNSP69.wbfs.torrent
2012-08-20 06:44 - 2012-08-20 06:44 - 00018971 ____A C:\Users\Alice\Downloads\[isoHunt] Hamster Heroes [RH4XUG] wbfs Wii Game.torrent
2012-08-20 06:41 - 2012-08-20 06:41 - 00010602 ____A C:\Users\Alice\Downloads\[isoHunt] RGWE41.wbfs.torrent
2012-08-20 05:50 - 2012-08-20 05:24 - 734011392 ____A C:\Users\Alice\Downloads\Bruce Almighty[2003]DvDrip[Eng]-Stealthmaster.avi
2012-08-18 07:53 - 2009-07-13 20:33 - 00408496 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 02:22 - 2012-03-26 14:06 - 00109200 ____A C:\Users\Alice\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-18 01:58 - 2012-08-18 01:58 - 00001001 ____A C:\Users\Alice\Desktop\Virtual DJ Pro.lnk
2012-08-18 01:50 - 2012-08-18 01:50 - 00012593 ____A C:\Users\Alice\Downloads\[isoHunt] Virtual_DJ_v7.0_PRO___Crack_[ChattChitto_RG].5888476.TPB.torrent
2012-08-18 01:50 - 2012-08-18 01:50 - 00012593 ____A C:\Users\Alice\Downloads\[isoHunt] Virtual_DJ_v7.0_PRO___Crack_[ChattChitto_RG].5888476.TPB (1).torrent
2012-08-17 11:18 - 2012-08-17 11:18 - 00017262 ____A C:\Users\Alice\Downloads\[isoHunt] WWE MONDAY NIGHT RAW 13 08 2012 Bzingaz.mp4.torrent
2012-08-17 11:03 - 2012-08-17 11:03 - 00011515 ____A C:\Users\Alice\Downloads\[isoHunt] WWE.Raw.08.13.12.DSR.XviD-XWT (1).torrent
2012-08-17 10:52 - 2012-08-17 10:52 - 00021951 ____A C:\Users\Alice\Downloads\[isoHunt] WWE.Raw.08.13.12.DSR.XviD-XWT.torrent
2012-08-17 07:47 - 2012-08-17 07:47 - 00015752 ____A C:\Users\Alice\Downloads\[isoHunt] The Raid Redemption 2011 BRRiP XViD AC3 - Ryan.torrent
2012-08-17 04:47 - 2012-08-17 04:47 - 00015316 ____A C:\Users\Alice\Downloads\[isoHunt] Fortune_Street_[WBFS]_(ST7E01)__NTSC__[wiiGM].6895587.TPB.torrent
2012-08-17 04:46 - 2012-08-17 04:46 - 00014717 ____A C:\Users\Alice\Downloads\[isoHunt] Harvest_Moon_-_Tree_of_Tranquility_[WBFS]_(R84EE9)__NTSC__[wiiGM.6156204.TPB.torrent
2012-08-17 04:45 - 2012-08-17 04:45 - 00017307 ____A C:\Users\Alice\Downloads\[isoHunt] RMGE01 Super Mario Galaxy.torrent
2012-08-17 04:45 - 2012-08-17 04:45 - 00010851 ____A C:\Users\Alice\Downloads\[isoHunt] S3ZE52 Men in Black - Alien Crisis.torrent
2012-08-17 04:44 - 2012-08-17 04:44 - 00014755 ____A C:\Users\Alice\Downloads\[isoHunt] The_Sims_3_[WBFS]_(S3ME69)__NTSC__[wiiGM].6641535.TPB.torrent
2012-08-17 04:35 - 2012-08-17 04:35 - 00019943 ____A C:\Users\Alice\Downloads\[isoHunt] R92E01 Pikmin 2.torrent
2012-08-17 03:39 - 2012-08-17 03:39 - 00014487 ____A C:\Users\Alice\Downloads\[isoHunt] New.SUPER.MARIO.BROS.wii.ntsc.wbfs.5907327.TPB.torrent
2012-08-17 03:38 - 2012-08-17 03:37 - 00012247 ____A C:\Users\Alice\Downloads\[isoHunt] LoZ Skyward Sword(SUKE01).wbfs.torrent
2012-08-17 03:36 - 2012-08-17 03:36 - 00016479 ____A C:\Users\Alice\Downloads\[isoHunt] Brave [S6BP4Q].torrent
2012-08-17 03:35 - 2012-08-17 03:35 - 00016168 ____A C:\Users\Alice\Downloads\[isoHunt] SJHE41 Just Dance - Greatest Hits.torrent
2012-08-17 02:57 - 2012-08-17 02:57 - 00018110 ____A C:\Users\Alice\Downloads\[isoHunt] SAZE52 The Amazing Spider-Man.torrent
2012-08-17 02:55 - 2012-08-17 02:55 - 00011955 ____A C:\Users\Alice\Downloads\[isoHunt] 1B62793F4C42824D140FACAD12A85D20CE90A503.torrent
2012-08-17 02:33 - 2012-08-17 02:33 - 00019783 ____A C:\Users\Alice\Downloads\[isoHunt] SV3EG9 Madagascar 3.torrent
2012-08-17 02:32 - 2012-08-17 02:32 - 00017999 ____A C:\Users\Alice\Downloads\[isoHunt] Rhythm_Heaven_Fever_[WBFS]_(SOME01)__NTSC__[wiiGM].7021328.TPB.torrent
2012-08-17 02:29 - 2012-08-17 02:29 - 00012291 ____A C:\Users\Alice\Downloads\[isoHunt] Kirby__s__Dream_Land_[WBFS]_(SUKE01)__NTSC__[wiiGM].6769502.TPB.torrent
2012-08-17 02:28 - 2012-08-17 02:28 - 00014600 ____A C:\Users\Alice\Downloads\[isoHunt] PPNE01 New Super Mario Bros. Wii 2 - The Next Levels.torrent
2012-08-16 12:14 - 2012-08-16 12:13 - 00092709 ____A C:\Users\Alice\Desktop\ark.log
2012-08-16 10:15 - 2012-08-16 10:15 - 00294216 ____A C:\Users\Alice\Downloads\gmer.zip
2012-08-16 10:12 - 2012-08-16 10:12 - 00012850 ____A C:\Users\Alice\Desktop\DDS.txt
2012-08-16 10:12 - 2012-08-16 10:12 - 00009147 ____A C:\Users\Alice\Desktop\Attach.txt
2012-08-16 10:04 - 2012-08-16 10:04 - 00607260 ____R (Swearware) C:\Users\Alice\Desktop\dds.com
2012-08-16 10:04 - 2012-08-16 10:04 - 00607260 ____A (Swearware) C:\Users\Alice\Downloads\dds.com
2012-08-16 10:02 - 2012-08-16 10:02 - 00000446 ____A C:\Users\Alice\Downloads\defogger_disable.log
2012-08-16 10:02 - 2012-08-16 10:02 - 00000000 ____A C:\Users\Alice\defogger_reenable
2012-08-16 10:01 - 2012-08-16 10:01 - 00050477 ____A C:\Users\Alice\Downloads\Defogger.exe
2012-08-16 10:01 - 2012-08-16 10:01 - 00050477 ____A C:\Users\Alice\Downloads\Defogger (1).exe
2012-08-16 08:36 - 2012-08-16 08:35 - 00001918 ____A C:\Users\Alice\Desktop\Rkill.txt
2012-08-16 08:34 - 2012-08-16 08:34 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Alice\Desktop\rkill.exe
2012-08-15 12:14 - 2012-08-15 12:14 - 00017336 ____A C:\Users\Alice\Downloads\[isoHunt] edbcd689df6a3d35f24e11928df045ad8bd2bdda.torrent
2012-08-15 12:12 - 2012-08-15 12:12 - 00042862 ____A C:\Users\Alice\Downloads\[isoHunt] Mr.Bean_Complete_DVDrip_Collection.4999692.TPB.torrent
2012-08-15 11:31 - 2012-08-15 11:31 - 00056439 ____A C:\Users\Alice\Downloads\[isoHunt] The.Business[2005]DvDrip.AC3[Eng]-aXXo.torrent
2012-08-15 11:20 - 2012-08-15 11:20 - 00014423 ____A C:\Users\Alice\Downloads\[isoHunt] Flubber.(1997).XviD-LintF.torrent
2012-08-15 11:18 - 2012-08-15 11:18 - 00014303 ____A C:\Users\Alice\Downloads\[isoHunt] Matilda.1996.elytista.5926725.TPB.torrent
2012-08-15 09:23 - 2012-08-15 09:23 - 00001965 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-15 09:23 - 2012-08-15 09:22 - 19171856 ____A (SUPERAntiSpyware.com) C:\Users\Alice\Downloads\SUPERAntiSpyware (1).exe
2012-08-15 09:22 - 2012-08-15 09:22 - 19171856 ____A (SUPERAntiSpyware.com) C:\Users\Alice\Downloads\SUPERAntiSpyware.exe
2012-08-15 09:08 - 2010-11-20 13:48 - 00113904 ____A C:\Windows\PFRO.log
2012-08-15 08:54 - 2012-08-15 08:54 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 08:53 - 2012-08-15 08:52 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Alice\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-15 08:03 - 2012-08-15 08:03 - 00023352 ____A C:\Users\Alice\Downloads\[isoHunt] Modern_Family_-_The_Complete_Season_2_[HDTV].6423558.TPB.torrent
2012-08-15 07:49 - 2012-08-15 07:49 - 00033846 ____A C:\Users\Alice\Downloads\[isoHunt] Stuart Little Trilogy.torrent
2012-08-15 07:47 - 2012-08-15 07:47 - 00013883 ____A C:\Users\Alice\Downloads\[isoHunt] Walt_Disney____s_Oliver_and_Company.4898496.TPB.torrent
2012-08-15 07:35 - 2012-04-02 10:21 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 07:35 - 2012-04-02 10:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-13 10:10 - 2012-08-13 10:10 - 00013297 ____A C:\Users\Alice\Downloads\Stuart.Little.(1999).torrent
2012-08-13 10:07 - 2012-08-13 10:07 - 00027507 ____A C:\Users\Alice\Downloads\Police.Academy.FULL.PACK.(1984-1994).torrent
2012-08-13 10:04 - 2012-08-13 10:04 - 00012293 ____A C:\Users\Alice\Downloads\Police.Squad!.-.1982.TV.Comedy.(Basis.for.Naked.Gun.Movies).torrent
2012-08-13 10:00 - 2012-08-13 10:00 - 00014429 ____A C:\Users\Alice\Downloads\Inglourious.Basterds.2009.DVDRip.XviD-MegaPlay.torrent
2012-08-13 09:55 - 2012-08-13 09:54 - 00020715 ____A C:\Users\Alice\Downloads\[isoHunt] The Simpsons - Season 20.torrent
2012-08-13 08:48 - 2012-08-13 08:48 - 00027770 ____A C:\Users\Alice\Downloads\Modern.Family.Season.1.torrent
2012-08-13 08:37 - 2012-08-13 08:37 - 00127642 ____A C:\Users\Alice\Downloads\Ted.2012.TS.V2.Xvid.Ac3.ADTRG.torrent
2012-08-13 08:27 - 2012-08-13 08:27 - 00014795 ____A C:\Users\Alice\Downloads\The.Five-Year.Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy.torrent
2012-08-12 10:54 - 2012-08-12 10:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-11 03:05 - 2012-08-11 03:05 - 00015982 ____A C:\Users\Alice\Downloads\LEGO.Batman.2.DC.Super.Heroes.torrent
2012-08-11 03:04 - 2012-08-11 03:04 - 00023149 ____A C:\Users\Alice\Downloads\WWE.12.(2011).torrent
2012-08-11 03:02 - 2012-08-11 03:02 - 00022763 ____A C:\Users\Alice\Downloads\Super.Mario.Galaxy.2.torrent
2012-08-11 02:51 - 2012-08-11 02:51 - 00018917 ____A C:\Users\Alice\Downloads\Wii-Soul.Calibur.Legends.PAL.torrent
2012-08-11 02:49 - 2012-08-11 02:49 - 00014414 ____A C:\Users\Alice\Downloads\Wii-Kung.Fu.Panda.Legendary.Warriors.PAL.torrent
2012-08-11 02:44 - 2012-08-11 02:44 - 00019327 ____A C:\Users\Alice\Downloads\Wii-Ice.Age.3.PAL.torrent
2012-08-10 17:45 - 2012-08-10 17:45 - 00029511 ____A C:\Users\Alice\Downloads\[isoHunt] Wii Wads.torrent
2012-08-10 16:11 - 2012-08-10 16:10 - 06959040 ____A C:\Users\Alice\Downloads\USBLoaderGX_v3.0_IOS249.wad
2012-08-10 13:16 - 2012-08-10 13:15 - 28710760 ____A (GridinSoft LLC) C:\Users\Alice\Downloads\gtk2126-setup.exe
2012-08-10 13:13 - 2012-08-10 13:12 - 00407872 ____A C:\Users\Alice\Downloads\iexplore.exe
2012-08-10 13:08 - 2012-03-23 15:55 - 01632551 ____A C:\Windows\WindowsUpdate.log
2012-08-10 13:05 - 2012-08-10 13:05 - 00006544 ____N C:\bootsqm.dat
2012-08-10 10:49 - 2012-08-10 10:49 - 00476160 ____A (Andrew Zhezherun) C:\Users\Alice\AppData\Roaming\ocetc.dll
2012-08-10 10:48 - 2012-08-10 10:48 - 00162816 __ASH (Crytek) C:\Users\Alice\AppData\Roaming\hesvs.dll
2012-08-10 04:54 - 2012-08-10 04:54 - 00096269 ____A C:\Users\Alice\Downloads\[isoHunt] Quiz Party PAL Wii-SUSHi [ Wii ][ MULTi ][ Www.EliteDescargas.Com ].torrent
2012-08-10 04:49 - 2012-08-10 04:49 - 00019721 ____A C:\Users\Alice\Downloads\[isoHunt] Zumba Fitness 2 [Wii][NTSC][Scrubbed]-TLS.torrent
2012-08-10 04:45 - 2012-08-10 04:45 - 00022740 ____A C:\Users\Alice\Downloads\[isoHunt] WWE_12_(2011)_[Wii][MULTi5][PAL].6833690.TPB.torrent
2012-08-10 04:43 - 2012-08-10 04:43 - 00023214 ____A C:\Users\Alice\Downloads\[isoHunt] Mario.And.Sonic.At.The.London.2012.Olympic.Games._-_Wii_(ISO)_[P.6926795.TPB.torrent
2012-08-10 01:03 - 2012-08-10 01:03 - 00145824 ____A C:\Windows\Minidump\081012-36535-01.dmp
2012-08-09 15:59 - 2012-08-09 15:58 - 01895685 ____A C:\Users\Alice\Downloads\4-X_Evil_Dead.mym
2012-08-09 14:50 - 2012-08-09 14:49 - 00893324 ____A C:\Users\Alice\Downloads\Wii Game Manager 1.5.0.2.rar
2012-08-09 14:41 - 2012-08-09 14:40 - 12086624 ____A (EaseUS ) C:\Users\Alice\Downloads\epm (1).exe
2012-08-09 14:40 - 2012-08-09 14:39 - 12086624 ____A (EaseUS ) C:\Users\Alice\Downloads\epm.exe
2012-08-09 02:28 - 2012-08-09 02:28 - 00001059 ____A C:\Users\Alice\Desktop\FAT32 GUI Formatter.lnk
2012-08-08 13:39 - 2012-08-08 13:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2012-08-07 05:19 - 2012-08-07 05:19 - 00021534 ____A C:\Users\Alice\Downloads\[isoHunt] Richard_Gere_Collection__Hachiko_A_Dog_s_Story_(2009)(NLsubs)_TB.6855710.TPB.torrent
2012-08-07 05:11 - 2012-05-30 14:17 - 00001057 ____A C:\Users\Alice\AppData\Roaming\vso_ts_preview.xml
2012-08-06 12:28 - 2012-08-06 12:28 - 00014799 ____A C:\Users\Alice\Downloads\[isoHunt] V-H-S 2012 VODRip XViD-sC0rp (1).torrent
2012-08-06 12:27 - 2012-08-06 12:27 - 00014799 ____A C:\Users\Alice\Downloads\[isoHunt] V-H-S 2012 VODRip XViD-sC0rp.torrent
2012-08-06 12:02 - 2012-08-06 12:02 - 00138676 ____A C:\Users\Alice\Downloads\[isoHunt] V_H_S.2012.VODRip.XVID.HS.torrent
2012-08-06 11:53 - 2012-08-06 11:53 - 00014546 ____A C:\Users\Alice\Downloads\[isoHunt] Wrath of the Titans 2012 BDRip XviD-INSPiRAL.torrent
2012-08-04 05:09 - 2012-08-04 05:09 - 00057279 ____A C:\Users\Alice\Downloads\[isoHunt] Stomp.The.Yard[2007]DvDrip[Eng]-aXXo.torrent
2012-08-04 04:48 - 2012-08-04 04:48 - 00028933 ____A C:\Users\Alice\Downloads\[isoHunt] The Notebook (2004) [ENG] [DVDrip].avi.torrent
2012-08-01 03:03 - 2012-08-01 03:03 - 00015341 ____A C:\Users\Alice\Downloads\Mystikal_-_Ghetto_Fabulous_(No_Limit).torrent
2012-08-01 03:02 - 2012-08-01 03:02 - 00021912 ____A C:\Users\Alice\Downloads\Mystikal_-_Unpredictable_-_Dailynova.torrent
2012-08-01 02:59 - 2012-08-01 02:59 - 00015934 ____A C:\Users\Alice\Downloads\Mystikal_-_Mind_Of_Mystikal.torrent
2012-08-01 02:54 - 2012-08-01 02:16 - 68011587 ____A C:\Users\Alice\Downloads\Onyx-Bacdafucup1993.rar
2012-08-01 02:19 - 2012-08-01 02:19 - 00035822 ____A C:\Users\Alice\Downloads\Onyx-Full_Discography.torrent
2012-07-31 04:26 - 2012-07-31 04:26 - 00145816 ____A C:\Windows\Minidump\073112-39187-01.dmp
2012-07-29 11:52 - 2012-07-29 11:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-26 02:50 - 2012-07-26 02:50 - 00017910 ____A C:\Users\Alice\Downloads\[isoHunt] ill Manors (Deluxe).torrent
2012-07-20 03:15 - 2012-07-20 03:15 - 00145824 ____A C:\Windows\Minidump\072012-35349-01.dmp
2012-07-17 09:14 - 2012-07-17 09:14 - 00023128 ____A C:\Users\Alice\Downloads\[isoHunt] EA_Sports_Grand_Slam_Tennis_(2009)_[Wii][PAL][MULTi5].6239293.TPB.torrent
2012-07-17 08:59 - 2012-07-17 08:59 - 02057466 ____A C:\Users\Alice\Downloads\homebrew_browser_v0.3.9c.zip
2012-07-17 07:33 - 2012-07-17 07:33 - 01899561 ____A C:\Users\Alice\Downloads\ModMii Installer.exe
2012-07-17 07:33 - 2012-07-17 07:33 - 00000592 ____A C:\Users\Alice\Desktop\ModMii.lnk
2012-07-16 09:06 - 2012-03-23 09:35 - 00000836 ____A C:\Users\Alice\Downloads\Downloads.lnk
2012-07-16 09:06 - 2009-07-13 20:53 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-15 18:01 - 2012-07-15 18:00 - 00260928 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-10 12:52 - 2012-07-10 12:52 - 00028774 ____A C:\Users\Alice\Downloads\[isoHunt] My.Flesh.and.Blood.XviD.AC3.torrent
2012-07-10 07:09 - 2012-07-10 07:08 - 00017531 ____A C:\Users\Alice\Downloads\[isoHunt] Eastbound and Down Season 2.torrent
2012-07-09 11:40 - 2012-07-09 11:40 - 00026857 ____A C:\Users\Alice\Downloads\[isoHunt] Submarine.2011.720p.BDRip.x264.AC3.dxva-HDLiTE.torrent
2012-07-09 10:45 - 2012-07-09 10:45 - 00014903 ____A C:\Users\Alice\Downloads\[isoHunt] Take.Me.Home.Tonight.2011.DVDRip.XViD-EP1C.torrent
2012-07-09 10:43 - 2012-07-09 10:42 - 00057631 ____A C:\Users\Alice\Downloads\[isoHunt] Russell.Kane.Smokescreens.And.Castles.Live.DVDRip.XviD-HAGGiS.6809458.TPB.torrent
2012-07-09 09:49 - 2012-07-09 09:49 - 00086645 ____A C:\Users\Alice\Downloads\[isoHunt] The_Fresh_Prince_of_Bel-Air_Season_2_(iPod__PSP__Mobile).6737064.TPB.torrent
2012-07-06 04:10 - 2012-07-06 04:10 - 00000927 ____A C:\Users\Alice\Desktop\MagicDisc.lnk
2012-07-06 04:09 - 2012-07-06 04:09 - 01352435 ____A C:\Users\Alice\Downloads\setup_magicdisc (1).exe
2012-07-06 04:09 - 2012-07-06 04:08 - 01352435 ____A C:\Users\Alice\Downloads\setup_magicdisc.exe
2012-07-03 04:46 - 2012-08-15 08:54 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 04:18 - 2012-07-03 04:18 - 00177642 ____A C:\Users\Alice\Downloads\[isoHunt] Fresh Prince - Season 1 DVD.torrent
2012-06-27 19:02 - 2012-06-27 19:01 - 00145824 ____A C:\Windows\Minidump\062812-34257-01.dmp
2012-06-25 07:04 - 2012-06-25 07:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-21 16:02 - 2012-06-21 16:01 - 00739832 ____A (Google Inc.) C:\Users\Alice\Downloads\GoogleEarthPluginSetup.exe
2012-06-11 18:40 - 2012-07-15 18:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 12:18 - 2012-06-09 12:18 - 00001815 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-06-09 12:17 - 2012-06-09 12:16 - 06118990 ____A (LIGHTNING UK!) C:\Users\Alice\Downloads\SetupImgBurn_2.5.7.0.exe
2012-06-08 20:41 - 2012-07-15 18:14 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-15 18:14 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-15 18:14 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-15 18:14 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 09:11 - 2012-06-05 09:09 - 40549546 ____A C:\Users\Alice\Downloads\TEW2005_setup.exe
2012-06-03 10:48 - 2012-06-03 10:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-06-03 10:47 - 2012-06-03 10:47 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
2012-06-02 14:19 - 2012-06-22 13:40 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 13:40 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 13:40 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 13:38 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 13:38 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 13:40 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 13:38 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-22 13:36 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-22 13:36 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-16 09:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-16 09:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-16 09:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-16 09:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-16 09:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-16 09:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-16 09:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-16 09:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-16 09:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-16 09:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-16 09:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-16 09:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-16 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-16 09:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-15 18:14 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-15 18:14 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-15 18:14 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-15 18:14 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-15 18:14 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 20:54 - 2012-05-31 20:54 - 00145824 ____A C:\Windows\Minidump\060112-35427-01.dmp
2012-05-31 03:25 - 2012-03-24 13:31 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 14:16 - 2012-05-30 14:16 - 00001190 ____A C:\Users\Alice\Desktop\ConvertXtoDVD 4.lnk

ZeroAccess:
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\@
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\L
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\n
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\U
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\U\00000001.@
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\U\80000000.@
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}\U\800000cb.@

ZeroAccess:
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\@
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\L
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\n
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\U
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\U\00000001.@
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\U\80000000.@
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 1014.19 MB
Available physical RAM: 628.59 MB
Total Pagefile: 1014.19 MB
Available Pagefile: 638.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.6 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:15.77 GB) NTFS
2 Drive e: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
3 Drive f: (3Connect) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
5 Drive h: (USB2) (Removable) (Total:1.8 GB) (Free:1.8 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1852 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1848 MB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H USB2 FAT Removable 1848 MB Healthy

==================================================================================

Last Boot: 2012-08-06 17:20

======================= End Of Log ==========================





Oddly the services.exe search log isn't there so I will generate this again and post it in about 20 minutes.

Thanks,
Mike

#8 mikehealey

mikehealey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 25 August 2012 - 07:50 PM

Here is the search log:

Farbar Recovery Scan Tool Version: 25-08-2012
Ran by SYSTEM at 2012-08-26 01:38:29
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____N (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===


Thanks,
Mike

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 25 August 2012 - 07:56 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [hesvs] rundll32.exe "C:\Users\Alice\AppData\Roaming\hesvs.dll",BindContext [162816 2012-08-10] (Crytek)
HKLM\...\Run: [ocetc] "C:\Windows\System32\rundll32.exe" "C:\Users\Alice\AppData\Roaming\ocetc.dll",CallMethod [476160 2012-08-10] (Andrew Zhezherun)
HKU\Alice\...\Run: [ocetc] "C:\Windows\System32\rundll32.exe" "C:\Users\Alice\AppData\Roaming\ocetc.dll",CallMethod [476160 2012-08-10] (Andrew Zhezherun)
HKU\Alice\...\Run: [hesvs] rundll32.exe "C:\Users\Alice\AppData\Roaming\hesvs.dll",BindContext [162816 2012-08-10] (Crytek)
2012-08-10 10:50 - 2012-08-10 10:50 - 00000000 ____D C:\Users\Alice\AppData\Local\{2EAAFD4C-E31C-11E1-8270-B8AC6F996F26}
2012-08-10 10:49 - 2012-08-11 02:46 - 00000000 ____D C:\Users\All Users\6F638BC80046AEB615397666F875EF7E
2012-08-10 10:49 - 2012-08-10 10:49 - 00476160 ____A (Andrew Zhezherun) C:\Users\Alice\AppData\Roaming\ocetc.dll
2012-08-10 10:48 - 2012-08-10 10:48 - 00162816 __ASH (Crytek) C:\Users\Alice\AppData\Roaming\hesvs.dll
2012-08-10 10:48 - 2012-08-10 10:48 - 00000000 ____D C:\Windows\Sun
2012-08-10 10:48 - 2012-08-10 10:48 - 00000000 ____D C:\Users\Alice\AppData\Roaming\Avbyvi
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa}
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 mikehealey

mikehealey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 25 August 2012 - 09:14 PM

Hi there, followed the required steps, here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-08-2012
Ran by SYSTEM at 2012-08-26 02:26:37 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hesvs Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ocetc Value deleted successfully.
HKEY_USERS\Alice\Software\Microsoft\Windows\CurrentVersion\Run\\ocetc Value deleted successfully.
HKEY_USERS\Alice\Software\Microsoft\Windows\CurrentVersion\Run\\hesvs Value deleted successfully.
C:\Users\Alice\AppData\Local\{2EAAFD4C-E31C-11E1-8270-B8AC6F996F26} moved successfully.
C:\Users\All Users\6F638BC80046AEB615397666F875EF7E moved successfully.
C:\Users\Alice\AppData\Roaming\ocetc.dll moved successfully.
C:\Users\Alice\AppData\Roaming\hesvs.dll moved successfully.
C:\Windows\Sun moved successfully.
C:\Users\Alice\AppData\Roaming\Avbyvi moved successfully.
C:\Windows\Installer\{008add37-0248-66d4-0acc-d022945d6afa} moved successfully.
C:\Users\Alice\AppData\Local\{008add37-0248-66d4-0acc-d022945d6afa} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====




ComboFix 12-08-25.04 - Alice 08/26/2012 2:42.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.451 [GMT 1:00]
Running from: c:\users\Alice\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alice\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 01:51 . 2012-08-26 01:54 -------- d-----w- c:\users\Alice\AppData\Local\temp
2012-08-18 09:58 . 2012-08-18 10:05 -------- d-----w- c:\program files\VirtualDJ
2012-08-16 23:20 . 2012-08-16 23:20 -------- d-----w- C:\FRST
2012-08-15 17:24 . 2012-08-15 17:24 -------- d-----w- c:\users\Alice\AppData\Roaming\SUPERAntiSpyware.com
2012-08-15 17:23 . 2012-08-15 17:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-15 17:23 . 2012-08-15 17:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-15 16:54 . 2012-08-15 16:54 -------- d-----w- c:\users\Alice\AppData\Roaming\Malwarebytes
2012-08-15 16:54 . 2012-08-15 16:54 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 16:54 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 16:54 . 2012-08-15 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 21:19 . 2012-08-10 21:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-10 21:17 . 2012-08-10 22:19 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-08-10 18:50 . 2012-08-10 18:50 -------- d-----w- c:\windows\scoped_dir_6064_708
2012-08-10 15:29 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99EBF85-4137-473A-B88E-6147DB833EA0}\mpengine.dll
2012-08-09 22:42 . 2012-05-17 16:36 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-08-09 22:42 . 2011-07-29 12:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-08-09 22:42 . 2011-07-29 12:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-08-09 22:42 . 2011-07-29 12:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-08-09 22:42 . 2011-07-29 12:54 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2012-08-09 22:42 . 2012-08-09 22:42 -------- d-----w- c:\program files\EaseUS
2012-08-07 12:27 . 2012-08-07 12:27 -------- d-----w- C:\found.000
2012-07-29 19:52 . 2012-07-29 19:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 15:35 . 2012-04-02 18:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 15:35 . 2012-04-02 18:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:40 . 2012-07-16 02:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-16 02:14 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-16 02:14 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-16 02:14 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 21:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:40 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 21:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 21:40 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 21:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 21:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-22 21:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-16 17:02 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-16 17:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-16 17:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-16 17:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-16 17:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-16 02:14 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-16 02:14 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-16 02:14 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-16 02:14 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-16 02:14 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 11:25 . 2012-03-24 21:31 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-16 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-7-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 12:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:35]
.
2012-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000Core.job
- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 04:22]
.
2012-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000UA.job
- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 04:22]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 00:02]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 00:02]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000Core.job
- c:\users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 22:08]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000UA.job
- c:\users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 22:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-26 02:59:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 01:59
.
Pre-Run: 17,378,062,336 bytes free
Post-Run: 18,085,826,560 bytes free
.
- - End Of File - - B2B91E829CFA77D2100A7CF8B59460B8


As a sidenote, laptop is running very well, better than it has in quite a while.

Thanks,
Mike

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 25 August 2012 - 09:20 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 mikehealey

mikehealey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 26 August 2012 - 12:02 AM

MBAM showed no detections:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alice :: ALICE-PC [administrator]

8/26/2012 3:33:13 AM
mbam-log-2012-08-26 (03-33-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189425
Time elapsed: 14 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET:


C:\FRST\Quarantine\hesvs.dll a variant of Win32/Medfos.CO trojan
C:\FRST\Quarantine\ocetc.dll a variant of Win32/Medfos.CM trojan
C:\FRST\Quarantine\services.exe Win32/Sirefef.FC trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\n Win32/Sirefef.EV trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\{008add37-0248-66d4-0acc-d022945d6afa}\n Win32/Sirefef.EV trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\{008add37-0248-66d4-0acc-d022945d6afa}\U\00000001.@ Win32/Conedex.I trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\{008add37-0248-66d4-0acc-d022945d6afa}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{008add37-0248-66d4-0acc-d022945d6afa}\{008add37-0248-66d4-0acc-d022945d6afa}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\Program Files\1ClickDownload\1ClickSettingsManager.exe Win32/Adware.1ClickDownload.E application
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Alice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5425378a-6d08c057 a variant of Win32/Injector.VFF trojan
C:\Users\Alice\Downloads\gtk2126-setup.exe a variant of Win32/1AntiVirus application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application


Thanks,
Mike

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 26 August 2012 - 07:35 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\1ClickDownload\1ClickSettingsManager.exe 
C:\Program Files\Yontoo\YontooIEClient.dll a
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
C:\Users\Alice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5425378a-6d08c057 
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 mikehealey

mikehealey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 29 August 2012 - 05:21 PM

Combifix Log:

ComboFix 12-08-29.03 - Alice 08/29/2012 22:57:23.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.463 [GMT 1:00]
Running from: c:\users\Alice\Desktop\ComboFix.exe
Command switches used :: c:\users\Alice\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\1ClickDownload\1ClickSettingsManager.exe"
"c:\program files\Yontoo\YontooIEClient.dll a"
"c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
"c:\users\Alice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5425378a-6d08c057"
"c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\{021F9C70-D545-4F48-9A8C-4D0AD7019ED4}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 22:07 . 2012-08-29 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 22:07 . 2012-08-29 22:07 -------- d-----w- c:\users\Alice\AppData\Local\temp
2012-08-26 11:54 . 2012-08-26 11:54 -------- d-----w- c:\users\Alice\AppData\Roaming\AVG2012
2012-08-26 11:53 . 2012-08-26 11:53 -------- d-----w- c:\users\Alice\AppData\Local\AVG Secure Search
2012-08-26 11:53 . 2012-08-26 11:53 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-26 11:52 . 2012-08-26 11:52 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-26 11:52 . 2012-08-26 11:52 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-26 11:52 . 2012-08-26 11:53 -------- d-----w- c:\program files\AVG Secure Search
2012-08-26 11:51 . 2012-08-26 11:51 -------- d-----w- C:\$AVG
2012-08-26 11:51 . 2012-08-29 16:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-26 11:51 . 2012-08-26 11:57 -------- d-----w- c:\programdata\AVG2012
2012-08-26 11:49 . 2012-08-26 11:49 -------- d-----w- c:\program files\AVG
2012-08-26 11:45 . 2012-08-29 16:47 -------- d-----w- c:\programdata\MFAData
2012-08-26 11:45 . 2012-08-26 11:45 -------- d--h--w- c:\programdata\Common Files
2012-08-26 11:26 . 2012-08-26 11:26 -------- d-----w- c:\program files\CCleaner
2012-08-26 02:55 . 2012-08-26 02:55 -------- d-----w- c:\program files\ESET
2012-08-26 02:07 . 2012-08-26 02:07 -------- d-----w- c:\users\Alice\AppData\Roaming\Birdstep Technology
2012-08-26 02:07 . 2011-03-23 15:17 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-08-26 02:07 . 2012-08-26 02:07 -------- d-----w- c:\program files\3 Mobile Broadband
2012-08-26 02:07 . 2012-08-26 02:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-08-18 09:58 . 2012-08-18 10:05 -------- d-----w- c:\program files\VirtualDJ
2012-08-16 23:20 . 2012-08-16 23:20 -------- d-----w- C:\FRST
2012-08-15 17:24 . 2012-08-15 17:24 -------- d-----w- c:\users\Alice\AppData\Roaming\SUPERAntiSpyware.com
2012-08-15 17:23 . 2012-08-15 17:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-15 17:23 . 2012-08-15 17:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-15 16:54 . 2012-08-15 16:54 -------- d-----w- c:\users\Alice\AppData\Roaming\Malwarebytes
2012-08-15 16:54 . 2012-08-15 16:54 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 16:54 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 16:54 . 2012-08-15 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 21:19 . 2012-08-10 21:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-10 21:17 . 2012-08-26 11:29 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-08-10 18:50 . 2012-08-10 18:50 -------- d-----w- c:\windows\scoped_dir_6064_708
2012-08-10 15:29 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99EBF85-4137-473A-B88E-6147DB833EA0}\mpengine.dll
2012-08-09 22:42 . 2012-05-17 16:36 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-08-09 22:42 . 2011-07-29 12:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-08-09 22:42 . 2011-07-29 12:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-08-09 22:42 . 2011-07-29 12:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-08-09 22:42 . 2011-07-29 12:54 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2012-08-09 22:42 . 2012-08-09 22:42 -------- d-----w- c:\program files\EaseUS
2012-08-07 12:27 . 2012-08-07 12:27 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 22:50 . 2012-04-02 18:21 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 22:50 . 2012-04-02 18:21 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 19:52 . 2012-07-29 19:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:40 . 2012-07-16 02:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-16 02:14 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-16 02:14 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-16 02:14 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 21:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:40 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 21:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 21:40 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 21:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 21:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-22 21:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-16 17:02 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-16 17:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-16 17:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-16 17:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-16 17:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-16 02:14 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-16 02:14 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-16 02:14 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-16 02:14 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-16 02:14 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-26_01.54.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-20 21:20 . 2012-08-26 02:06 29232 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-29 16:04 47802 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-24 11:30 . 2012-08-29 16:04 11364 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1637884598-1792768165-3903356993-1000_UserData.bin
+ 2012-01-31 03:46 . 2012-01-31 03:46 31952 c:\windows\System32\drivers\avgrkx86.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 41040 c:\windows\System32\drivers\avgmfx86.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 17232 c:\windows\System32\drivers\avgidsshimx.sys
+ 2012-04-19 03:50 . 2012-04-19 03:50 24896 c:\windows\System32\drivers\avgidshx.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 24144 c:\windows\System32\drivers\avgidsfilterx.sys
+ 2012-08-28 22:50 . 2012-08-28 22:50 28160 c:\windows\Installer\4f1c1.msi
+ 2012-08-26 16:45 . 2012-08-29 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-26 01:15 . 2012-08-26 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 16:45 . 2012-08-29 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-26 01:15 . 2012-08-26 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 07:39 . 2012-08-29 08:52 315476 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2012-08-28 23:33 669086 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-25 22:47 669086 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-25 22:47 125240 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-08-28 23:33 125240 c:\windows\System32\perfc009.dat
+ 2012-08-28 22:50 . 2012-08-28 22:50 690888 c:\windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-08-28 22:50 . 2012-08-28 22:50 474824 c:\windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
+ 2012-04-02 18:21 . 2012-08-28 22:50 250568 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:33 . 2012-08-26 13:18 408464 c:\windows\System32\FNTCACHE.DAT
+ 2012-03-19 04:17 . 2012-03-19 04:17 301248 c:\windows\System32\drivers\avgtdix.sys
+ 2012-02-22 04:25 . 2012-02-22 04:25 235216 c:\windows\System32\drivers\avgldx86.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 139856 c:\windows\System32\drivers\avgidsdriverx.sys
+ 2012-03-23 17:15 . 2012-08-29 16:01 147456 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-23 17:15 . 2012-08-26 01:53 147456 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2012-08-29 16:01 983040 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-08-26 01:53 983040 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:47 . 2012-08-26 01:07 385572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-08-26 14:50 385572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-23 17:15 . 2012-08-26 01:53 2195456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-23 17:15 . 2012-08-29 16:01 2195456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-29 11:39 . 2012-08-26 21:41 2985270 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1637884598-1792768165-3903356993-1000-8192.dat
+ 2012-08-26 11:45 . 2012-08-26 11:45 5164032 c:\windows\Installer\282063.msi
+ 2012-08-26 11:48 . 2012-08-26 11:48 2208768 c:\windows\Installer\28205f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-26 11:52 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-26 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-26 1162848]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-26 1020512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 12:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-16 04:22 138096 ----atw- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:50]
.
2012-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000Core.job
- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 04:22]
.
2012-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000UA.job
- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 04:22]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 00:02]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 00:02]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000Core.job
- c:\users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 22:08]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637884598-1792768165-3903356993-1000UA.job
- c:\users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 22:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-29 23:11:32
ComboFix-quarantined-files.txt 2012-08-29 22:11
ComboFix2.txt 2012-08-26 01:59
.
Pre-Run: 15,934,775,296 bytes free
Post-Run: 15,996,174,336 bytes free
.
- - End Of File - - 18B9B9AC6DF39D69880635E39A60FE9C




Minitoolbox log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Alice (administrator) on 29-08-2012 at 23:16:13
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
3Connect (Version: 3.0.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.10.620)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.22)
ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.8)
EaseUS Partition Master 9.1.1 Home Edition
ESET Online Scanner v3
Facebook Messenger 2.1.4590.0 (Version: 2.1.4590.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 21.0.1180.83)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.021)
Huawei modem
ImgBurn (Version: 2.5.7.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 10.6.1.7)
Java™ 6 Update 26 (Version: 6.0.260)
K-Lite Mega Codec Pack 7.2.0 (Version: 7.2.0)
MagicDisc 2.7.106
Mall Tycoon 3
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Rapport (Version: 3.5.1201.94)
SUPERAntiSpyware (Version: 5.5.1012)
TEW2005
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Virtual DJ Pro Full - Atomix Productions
VLC media player 2.0.1 (Version: 2.0.1)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

**** End of log ****



Farbar SS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Alice (administrator) on 29-08-2012 at 23:18:11
Running from "C:\Users\Alice\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




Laptop is running efficiently and quickly. Only thing that has changed is the laptop no longer charges and has to remain constantly plugged in. I don't think this has anything to do with the virus and is purely coincidence. Everything else is fine!

Thanks,
Mike

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 29 August 2012 - 05:32 PM

the laptop no longer charges and has to remain constantly plugged in.


Go to “Start,” “Control Panel” and “Power Options.” Check the battery recharging tab. If the battery is able to take a charge, there will be an indicator that charging is happening now. If the battery can no longer take a charge, there will probably be a red X over the battery icon



NEXT



Your BITS registry key is missing so we need to replace it or your windows update will not work, please download the attached registry fix and save it to your desktop.
Right click and choose to Merge it into your registry (then delete the file as you wont need it again)

Now reboot the computer and check that windows update is working correctly.





NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version


please let me know how that goes,

if all is ok then we can clean up our tools

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users