Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection with google redirect and FBI virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 zirkaiva

zirkaiva

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 21 September 2012 - 04:07 PM

I was infected with FBI virus. I got rid of it (or I thought so)using DrWeb. Next I ran various commercial and free antivirus and rootkit removal utilities. Very often when I double click on a search result from Google it first opens different destination, although on the second attempt most of the time it will go to the right destination After running catchme.exe I got: detected NTDLL code modification: ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -202 151764, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48 , ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization e rror Attached is DDS extra result as per instructions . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Administrator at 16:46:49 on 2012-09-21 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: DocuCom PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe /autostart mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler mRun: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload mRun: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini" mRun: [PDFCreHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NUANCE~1.LNK - C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisableLocalMachineRun = 0 (0x0) uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) uPolicies-explorer: DisableCurrentUserRun = 0 (0x0) uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) uPolicies-explorer: NoFile = 0 (0x0) uPolicies-explorer: HideClock = 0 (0x0) uPolicies-explorer: NoDevMgrUpdate = 0 (0x0) uPolicies-explorer: NoDFSTab = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) uPolicies-explorer: NoEncryptOnMove = 0 (0x0) uPolicies-explorer: NoResolveTrack = 0 (0x0) uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-explorer: DisableLocalMachineRun = 0 (0x0) mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) mPolicies-explorer: DisableCurrentUserRun = 0 (0x0) mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) mPolicies-explorer: NoFile = 0 (0x0) mPolicies-explorer: HideClock = 0 (0x0) mPolicies-explorer: NoDevMgrUpdate = 0 (0x0) mPolicies-explorer: NoDFSTab = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoEncryptOnMove = 0 (0x0) mPolicies-explorer: NoResolveTrack = 0 (0x0) mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: NoDispAppearancePage = 0 (0x0) mPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: NoViewOnDrive = 0 (0x0) dPolicies-explorer: DisableLocalMachineRun = 0 (0x0) dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) dPolicies-explorer: DisableCurrentUserRun = 0 (0x0) dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) dPolicies-explorer: NoFile = 0 (0x0) dPolicies-explorer: HideClock = 0 (0x0) dPolicies-explorer: NoDevMgrUpdate = 0 (0x0) dPolicies-explorer: NoDFSTab = 0 (0x0) dPolicies-explorer: NoWindowsUpdate = 0 (0x0) dPolicies-explorer: NoEncryptOnMove = 0 (0x0) dPolicies-explorer: NoResolveTrack = 0 (0x0) dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) dPolicies-system: NoDispAppearancePage = 0 (0x0) dPolicies-system: NoDispSettingsPage = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: mshs.com\wormhole DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{48EE6237-CC20-437C-B29C-938C5ED5E007} : DhcpNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun-x64: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe /autostart mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRun-x64: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler mRun-x64: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload mRun-x64: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini" mRun-x64: [PDFCreHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe mRun-x64: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ir9rpbn2.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ir9rpbn2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ir9rpbn2.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ir9rpbn2.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 4657792a-9bf4-4430-94e2-c6404f8ef122 FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader, FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108317 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 2e43fc4d00000000000014dae91fd2a9 FF - user.js: extensions.BabylonToolbar_i.hardId - 2e43fc4d00000000000014dae91fd2a9 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:10:16 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods_i.hmpg - true FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto FF - user.js: extensions.funmoods_i.dfltSrch - true FF - user.js: extensions.funmoods_i.srchPrvdr - Search FF - user.js: extensions.funmoods_i.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q= FF - user.js: extensions.funmoods_i.id - 2e43fc4d00000000000014dae91fd2a9 FF - user.js: extensions.funmoods_i.instlDay - 15475 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1620:23:02 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - ironto FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-09-21 20:30:10 147456 ----a-w- C:\catchme.exe 2012-09-21 18:49:14 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys 2012-09-21 18:48:00 454175 ----a-w- C:\ProgramData\1348252855.bdinstall.bin 2012-09-21 18:44:02 -------- d-----w- C:\ProgramData\BDLogging 2012-09-21 18:43:56 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys 2012-09-21 18:43:56 511328 ----a-w- C:\Windows\capicom.dll 2012-09-21 18:43:53 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2012-09-21 18:43:46 577248 ----a-w- C:\Windows\System32\drivers\avckf.sys 2012-09-21 18:43:46 258736 ----a-w- C:\Windows\System32\drivers\avchv.sys 2012-09-21 18:43:44 700384 ----a-w- C:\Windows\System32\drivers\avc3.sys 2012-09-21 18:43:38 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Bitdefender 2012-09-21 18:43:36 -------- d-----w- C:\ProgramData\Bitdefender 2012-09-21 18:41:12 138232 ----a-w- C:\Windows\System32\drivers\gzflt.sys 2012-09-21 18:41:11 350160 ----a-w- C:\Windows\System32\drivers\trufos.sys 2012-09-21 18:41:11 -------- d-----w- C:\Program Files\Bitdefender 2012-09-21 18:40:49 -------- d-----w- C:\Program Files\Common Files\Bitdefender 2012-09-21 12:45:49 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B43D3685-FBA6-4957-AA59-17E087FC4326}\mpengine.dll 2012-09-21 12:45:39 9308616 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2012-09-20 10:13:09 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-20 10:13:08 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-20 01:33:30 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ESET 2012-09-20 01:33:30 -------- d-----w- C:\Users\Administrator\AppData\Local\ESET 2012-09-20 00:10:42 -------- d-----w- C:\Program Files (x86)\G DATA Software 2012-09-19 23:55:50 -------- d-----w- C:\Users\Administrator\AppData\Roaming\f-secure 2012-09-19 23:43:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\QuickScan 2012-09-19 23:39:19 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL 2012-09-19 23:39:18 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2012-09-19 23:32:50 -------- d-----w- C:\Program Files (x86)\ESET 2012-09-17 01:46:37 -------- d-----w- C:\ProgramData\F-Secure 2012-09-17 01:35:36 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-09-17 01:33:16 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-09-17 01:33:15 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-09-17 01:33:01 -------- d-----w- C:\ProgramData\PC Tools 2012-09-17 01:33:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TestApp 2012-09-16 18:33:43 -------- d-----w- C:\Backreg 2012-09-16 16:14:34 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-09-16 14:28:33 -------- d-----w- C:\BackSys 2012-09-16 09:41:20 801897 ----a-w- C:\Windows\SysWow64\sig.bin 2012-09-16 03:23:13 -------- d-----w- C:\ProgramData\RegRun 2012-09-16 03:21:46 2 --shatr- C:\Windows\winstart.bat 2012-09-16 03:20:29 -------- d-----w- C:\Program Files (x86)\UnHackMe 2012-09-16 02:49:50 16504 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys 2012-09-16 02:49:49 106648 ----a-w- C:\Windows\System32\drivers\GRD.sys 2012-09-16 02:26:24 -------- d-----w- C:\Windows\SysWow64\BioAPIFFDB 2012-09-16 02:26:16 59768 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys 2012-09-16 02:25:09 -------- d-----w- C:\ProgramData\G DATA 2012-09-16 02:25:09 -------- d-----w- C:\Program Files (x86)\G Data 2012-09-16 02:25:09 -------- d-----w- C:\Program Files (x86)\Common Files\G Data 2012-09-16 02:23:27 -------- d-----w- C:\Users\Administrator\AppData\Local\Downloaded Installations 2012-09-16 01:19:50 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-16 00:32:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com 2012-09-16 00:31:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-09-16 00:31:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-09-16 00:29:16 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes 2012-09-16 00:29:10 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-16 00:29:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-16 00:29:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 12:24:15 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 12:24:15 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 12:24:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 12:24:14 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 12:24:13 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 12:24:13 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 12:24:13 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-09 16:44:34 -------- d-----w- C:\Program Files (x86)\BBSAK 2012-09-09 12:43:34 -------- d-----w- C:\Program Files (x86)\Web Photo Album 2012-09-09 12:43:32 -------- d-----w- C:\Program Files (x86)\Red Eye Remover 2012-09-07 01:44:22 -------- d-----w- C:\Program Files (x86)\Research In Motion Limited 2012-09-07 01:44:22 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion 2012-09-06 10:31:42 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-09-05 23:15:47 -------- d-----w- C:\Users\Administrator\AppData\Local\lptmp2075488068 2012-09-05 22:07:52 -------- d--h--w- C:\Users\Administrator\AppData\Roaming\555AFED4 2012-09-03 16:48:17 -------- d-----r- C:\Users\Administrator\Virtual Machines 2012-09-03 16:43:42 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui 2012-09-03 16:30:50 -------- d-----w- C:\Program Files\Windows XP Mode 2012-09-03 16:21:20 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-03 16:21:20 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-03 16:21:14 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-02 16:17:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited 2012-09-02 16:17:57 -------- d-----w- C:\ProgramData\Canneverbe Limited 2012-09-02 13:35:47 -------- d-----w- C:\$RECYCLE.BIN 2012-09-02 13:29:29 98816 ----a-w- C:\Windows\sed.exe 2012-09-02 13:29:29 518144 ----a-w- C:\Windows\SWREG.exe 2012-09-02 13:29:29 256000 ----a-w- C:\Windows\PEV.exe 2012-09-02 13:29:29 208896 ----a-w- C:\Windows\MBR.exe 2012-09-01 19:17:37 -------- d-----w- C:\Users\Administrator\Doctor Web 2012-09-01 17:50:36 -------- d-----w- C:\Users\Administrator\AppData\Local\{86FFE36B-F45D-11E1-8270-B8AC6F996F26} 2012-09-01 14:05:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\.techniclauncher 2012-09-01 03:02:52 -------- d-----w- C:\Program Files\CCleaner 2012-09-01 00:13:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\NVIDIA 2012-09-01 00:12:21 -------- d-----w- C:\Users\Administrator\AppData\Roaming\.minecraft 2012-08-29 23:35:45 -------- d-----w- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2012-08-29 09:53:43 -------- d-----w- C:\Windows\System32\SPReview 2012-08-29 09:53:00 -------- d-----w- C:\Windows\System32\EventProviders 2012-08-29 09:52:39 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-08-29 09:52:39 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-08-29 09:52:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-08-29 02:23:33 485376 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr 2012-08-29 02:23:33 1147392 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe 2012-08-29 02:23:33 -------- d-----w- C:\Program Files\MyDefrag v4.3.1 2012-08-28 07:05:06 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-08-28 01:37:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-08-28 01:37:20 -------- d-----w- C:\Program Files (x86)\Application Verifier 2012-08-28 01:37:19 -------- d-----w- C:\Program Files\Application Verifier 2012-08-28 01:37:16 -------- d-----w- C:\ProgramData\Windows App Certification Kit 2012-08-28 01:35:57 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft 2012-08-28 01:35:41 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-08-28 01:34:15 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2012-08-28 01:33:48 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools 2012-08-28 01:33:39 -------- d-----w- C:\Program Files\Microsoft 2012-08-28 01:33:21 -------- d-----w- C:\Program Files\IIS Express 2012-08-28 01:33:21 -------- d-----w- C:\Program Files (x86)\IIS Express 2012-08-28 01:32:50 -------- d-----w- C:\Program Files (x86)\NuGet 2012-08-28 01:32:39 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services 2012-08-28 01:32:31 -------- d-----w- C:\Program Files\IIS 2012-08-28 01:30:22 -------- d-----w- C:\Program Files (x86)\Windows Kits 2012-08-28 01:26:22 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer 2012-08-28 01:23:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0 2012-08-28 01:23:21 -------- d-----w- C:\Program Files\Microsoft Visual Studio 11.0 2012-08-28 01:09:06 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft 2012-08-28 01:09:05 -------- d-----w- C:\ProgramData\Package Cache 2012-08-27 02:05:20 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2012-08-27 02:05:14 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2012-08-27 02:04:08 -------- d-----w- C:\Windows\SysWow64\1033 2012-08-27 02:04:08 -------- d-----w- C:\Windows\System32\1033 2012-08-27 02:04:08 -------- d-----w- C:\Program Files\Microsoft SQL Server 2012-08-27 02:02:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-08-27 02:00:58 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules 2012-08-27 01:47:58 -------- d-----w- C:\Users\Administrator\AppData\Local\LogMeIn 2012-08-27 01:47:56 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2012-08-27 01:47:56 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys 2012-08-27 01:47:56 59808 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll 2012-08-27 01:47:56 34720 ----a-w- C:\Windows\System32\LMIport.dll 2012-08-27 01:47:53 80800 ----a-w- C:\Windows\System32\LMIinit.dll 2012-08-27 01:47:50 -------- d-----w- C:\ProgramData\LogMeIn 2012-08-27 01:47:38 -------- d-----w- C:\Program Files (x86)\LogMeIn 2012-08-27 00:42:28 -------- d-----w- C:\Users\Administrator\NetgearVPN-Tunnel 2012-08-27 00:42:03 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-27 00:42:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-27 00:41:59 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-26 23:15:47 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-08-26 23:12:46 -------- d--h--w- C:\ProgramData\CanonIJScan 2012-08-26 23:11:16 -------- d-----w- C:\Users\Administrator\AppData\Roaming\FLEXnet 2012-08-26 23:11:14 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Zeon 2012-08-26 23:11:06 -------- d-----w- C:\Users\Administrator\AppData\Local\ScanSoft 2012-08-26 23:11:06 -------- d-----w- C:\Users\Administrator\AppData\Local\gladinet 2012-08-26 23:09:07 -------- d--h--w- C:\Gladinet 2012-08-26 23:06:42 -------- d-----w- C:\ProgramData\Nuance 2012-08-26 23:06:33 -------- d-----w- C:\ProgramData\zeon 2012-08-26 23:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared 2012-08-26 23:04:56 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Nuance 2012-08-26 23:04:38 -------- d-----w- C:\Windows\pixtran 2012-08-26 23:04:09 -------- d-----w- C:\Program Files (x86)\Nuance 2012-08-26 22:43:46 -------- d-----w- C:\Program Files (x86)\Canon 2012-08-26 22:43:44 106496 ----a-w- C:\Windows\SysWow64\CNC560U.dll 2012-08-26 22:43:43 303104 ----a-w- C:\Windows\SysWow64\CNC560L.dll 2012-08-26 22:43:43 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2012-08-26 22:42:17 353792 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL 2012-08-26 22:42:17 336896 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2012-08-26 22:42:17 144384 ----a-w- C:\Windows\System32\CNMN6UI.DLL 2012-08-26 22:42:17 -------- d-----w- C:\Windows\System32\STRING 2012-08-26 22:42:17 -------- d-----w- C:\Windows\System32\CHM 2012-08-26 22:42:08 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA0.DLL 2012-08-26 22:42:08 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA0.DLL 2012-08-26 22:41:46 336896 ----a-w- C:\Windows\System32\CNMLMA0.DLL 2012-08-26 22:41:42 244736 ----a-w- C:\Windows\System32\CNMIUA0.DLL 2012-08-26 22:40:28 -------- d-----w- C:\Users\Administrator\AppData\Local\Adobe 2012-08-26 20:55:12 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-08-26 20:53:48 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-08-26 20:53:13 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-08-26 20:52:36 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft Help 2012-08-26 20:22:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Windows Live Writer 2012-08-26 20:22:12 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live Writer 2012-08-26 19:34:03 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-08-26 19:15:30 -------- d-----w- C:\Users\Administrator\AppData\Local\TransMac 2012-08-26 19:15:24 -------- d-----w- C:\Program Files (x86)\TransMac 2012-08-26 19:11:03 -------- d-----w- C:\Users\Administrator\AppData\Local\WinZip 2012-08-26 17:20:24 2565632 ----a-w- C:\Windows\System32\esent.dll 2012-08-26 17:20:24 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2012-08-26 17:20:24 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-26 17:20:23 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2012-08-26 17:20:23 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2012-08-26 17:20:23 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2012-08-26 17:20:22 96768 ----a-w- C:\Windows\System32\fsutil.exe 2012-08-26 17:20:22 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2012-08-26 17:20:22 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2012-08-26 17:20:22 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2012-08-26 17:20:21 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2012-08-26 17:19:50 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2012-08-26 16:08:19 -------- d-----w- C:\Windows\System32\appmgmt 2012-08-26 16:03:42 61264 ----a-w- C:\Windows\System32\drivers\gpt_loader.sys 2012-08-26 16:03:37 43344 ----a-w- C:\Windows\System32\drivers\mounthlp.sys 2012-08-26 16:02:54 51536 ----a-w- C:\Windows\System32\drivers\apmwin.sys 2012-08-26 16:02:51 16208 ----a-w- C:\Windows\System32\drivers\hfsplusrec.sys 2012-08-26 16:02:49 201040 ----a-w- C:\Windows\System32\drivers\hfsplus.sys 2012-08-26 16:02:49 -------- d-----w- C:\Program Files (x86)\Paragon Software 2012-08-26 15:04:59 522752 ----a-w- C:\Windows\SysWow64\d3d11.dll 2012-08-26 15:03:59 167936 ----a-w- C:\Windows\SysWow64\QSHVHOST.DLL 2012-08-26 15:02:59 80720 ----a-w- C:\Windows\SysWow64\mscories.dll 2012-08-26 15:01:59 48640 ----a-w- C:\Windows\System32\drivers\umbus.sys 2012-08-26 15:00:59 681472 ----a-w- C:\Windows\System32\WUDFx.dll 2012-08-26 14:59:59 31744 ----a-w- C:\Windows\System32\drivers\usbrpm.sys 2012-08-26 14:58:46 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui 2012-08-26 14:58:46 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui 2012-08-26 14:58:43 399872 ----a-w- C:\Windows\System32\dpx.dll 2012-08-26 14:58:43 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll 2012-08-26 14:58:37 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll 2012-08-26 14:58:24 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2012-08-26 14:58:24 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2012-08-26 14:58:24 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll 2012-08-26 14:56:58 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2012-08-26 14:56:58 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-08-26 14:56:52 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2012-08-26 14:53:52 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-26 14:47:18 -------- d-----w- C:\Users\Administrator\AppData\Roaming\uTorrent 2012-08-26 14:42:18 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2012-08-26 14:42:18 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2012-08-26 14:42:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2012-08-26 14:42:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2012-08-26 14:42:17 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2012-08-26 14:42:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2012-08-26 14:42:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2012-08-26 14:38:06 -------- d-----w- C:\Users\Administrator\AppData\Local\NeoSmart_Technologies 2012-08-26 14:33:24 -------- d-----w- C:\Windows\en 2012-08-26 14:32:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-08-26 14:32:14 57280 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-08-26 14:32:04 -------- d-----w- C:\Windows\PCHEALTH 2012-08-26 14:30:55 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2012-08-26 14:30:55 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll 2012-08-26 14:30:55 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll 2012-08-26 14:30:55 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2012-08-26 14:30:54 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll 2012-08-26 14:30:54 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll 2012-08-26 14:30:54 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll 2012-08-26 14:30:54 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll 2012-08-26 14:30:49 -------- d-----w- C:\NST 2012-08-26 14:30:32 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-08-26 14:30:32 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-08-26 14:29:56 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies 2012-08-26 14:29:52 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2012-08-26 14:29:52 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2012-08-26 14:29:29 5563840 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dcaa39e01cd839603\skydrivesetup.exe 2012-08-26 14:29:29 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive 2012-08-26 14:29:29 -------- d-----r- C:\Users\Administrator\SkyDrive 2012-08-26 14:29:21 -------- d-----w- C:\ProgramData\Microsoft SkyDrive 2012-08-26 14:27:13 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e1c055411cd839607\DSETUP.dll 2012-08-26 14:27:13 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e1c055411cd839607\DXSETUP.exe 2012-08-26 14:27:13 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e1c055411cd839607\dsetup32.dll 2012-08-26 14:27:09 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dfe2dbb41cd839605\DSETUP.dll 2012-08-26 14:27:09 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dfe2dbb41cd839605\DXSETUP.exe 2012-08-26 14:27:09 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dfe2dbb41cd839605\dsetup32.dll 2012-08-26 14:27:03 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dba5492e1cd839602\DXSETUP.exe 2012-08-26 14:27:03 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dba5492e1cd839602\dsetup32.dll 2012-08-26 14:27:02 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dba5492e1cd839602\DSETUP.dll 2012-08-26 14:26:48 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live 2012-08-26 14:26:24 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-08-26 12:32:32 -------- d-----w- C:\Users\Administrator\AppData\Local\Macromedia 2012-08-26 12:26:18 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla 2012-08-26 12:22:30 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-08-26 12:19:08 -------- d-----r- C:\Program Files (x86)\Skype 2012-08-26 12:15:03 -------- d-----w- C:\Program Files\Microsoft LifeCam 2012-08-26 12:15:03 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam 2012-08-26 12:14:59 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll 2012-08-26 12:14:59 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll 2012-08-26 07:19:37 -------- d-----w- C:\Windows\SysWow64\Wat 2012-08-26 07:19:37 -------- d-----w- C:\Windows\System32\Wat 2012-08-26 07:01:16 -------- d-sh--w- C:\Windows\Installer 2012-08-26 06:59:43 -------- d-----w- C:\Windows\Panther 2012-08-26 06:59:30 -------- d-----w- C:\Boot 2012-08-26 04:02:08 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-08-26 04:02:05 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-08-26 03:59:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-08-26 03:59:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-08-26 03:59:59 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-08-26 03:59:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-08-26 03:59:59 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-26 03:59:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-26 03:59:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-08-26 03:54:57 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2012-08-26 03:53:59 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2012-08-26 03:52:49 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-08-26 03:51:55 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2012-08-26 03:51:52 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2012-08-26 03:51:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2012-08-26 03:51:50 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2012-08-26 03:51:47 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2012-08-26 03:51:47 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2012-08-26 03:51:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-08-26 03:51:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-08-26 03:51:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-08-26 03:49:59 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax 2012-08-26 03:49:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-08-26 03:49:47 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-08-26 03:49:47 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-08-26 03:49:46 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-08-26 03:49:45 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-08-26 03:47:19 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-26 03:47:19 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-26 03:45:17 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-08-26 03:45:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-08-26 03:44:05 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-08-26 03:44:05 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-08-26 03:44:05 136704 ----a-w- C:\Windows\System32\browser.dll 2012-08-26 03:42:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-26 03:41:57 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2012-08-26 03:40:59 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-08-26 03:25:33 77312 ----a-w- C:\Windows\System32\packager.dll 2012-08-26 03:25:33 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-08-26 03:12:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-08-26 03:12:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-08-26 03:12:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-08-26 03:09:53 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-08-26 03:09:49 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-08-26 03:09:44 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-08-26 03:09:44 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-08-25 20:21:58 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2012-08-25 20:21:58 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2012-08-25 20:21:58 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-08-25 20:20:35 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2012-08-25 20:20:23 385512 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys . ==================== Find3M ==================== . 2012-08-29 10:00:28 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-08-29 10:00:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-08-21 18:44:36 28416 ----a-w- C:\Windows\System32\drivers\RimUsb_AMD64.sys 2012-07-28 06:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR 2012-07-26 23:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll 2012-07-26 23:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll 2012-07-26 23:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll 2012-07-26 23:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll 2012-07-26 23:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll 2012-07-26 19:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll 2012-07-26 19:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll 2012-07-26 19:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll 2012-07-26 19:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll 2012-07-26 19:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-17 19:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL 2012-07-17 18:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL . ============= FINISH: 16:47:36.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:33 AM

Posted 25 September 2012 - 07:52 PM

Hello zirkaiva, and welcome back to the MRT forums!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • When posting a new log, please make sure WordWrap is unchecked. What you posted is nearly unreadable!

==========

:step1:
We need to see some information about what is happening in your machine as of now. Please perform the following scan again:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

:step2:
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

What I would like to see in your next reply!

  • The DDS log
  • The minimized attach.txt from the DDS scan
  • The aswMBR log
bloopie

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:33 AM

Posted 28 September 2012 - 06:24 PM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:33 AM

Posted 30 September 2012 - 03:32 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users