Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect rootkit and possibly several others.


  • This topic is locked This topic is locked
10 replies to this topic

#1 jpatburke

jpatburke

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 03 October 2012 - 08:48 PM

I have a serious redirect problem. Ive run about 5 diff rootkit scans and several virus/maulware scans
I also have a "recomended by you" pop-up/virus

So far Ive run:
Combo fix(SORRY DIDNT KNOW)
Hijack this
TDSS
SOPHOS
RKILL
MINITOOLBOX
GMER
ESATS
Temp File Cleaner
CCleaner
AVG
Maulware bytes
Search and destroy
Kaperski

I should have started here but I found 20 different sites that got me nowhere...

Thanks in advance!!!!

****************************************************************************************
DSS TXT:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by James at 19:07:18 on 2012-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1793 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\James\Desktop\KILLA\dhtv5rdf.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://lenovo.msn.com
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} - hxxp://50.15.200.65:8080/RSVideoOcx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D87E65F4-34CD-4C34-8C8D-BD6FC4DC071C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FDE642B8-1F87-44A5-9CDC-42781E13655B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FDE642B8-1F87-44A5-9CDC-42781E13655B}\8416E63702249656270284165737 : DhcpNameServer = 10.1.10.1 192.168.1.1
TCP: Interfaces\{FDE642B8-1F87-44A5-9CDC-42781E13655B}\A7D246F67623E243 : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{FDE642B8-1F87-44A5-9CDC-42781E13655B}\B61686E637 : DhcpNameServer = 172.16.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\qxm3hjnh.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-12 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-1 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-1 676936]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-12 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?]
R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\system32\Drivers\vmuvcflt.sys --> C:\windows\system32\Drivers\vmuvcflt.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-10-3 67584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-10-26 8192]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250288]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 cricutexpression2;cricutexpression2;C:\windows\system32\DRIVERS\cricutexpression2_x64.sys --> C:\windows\system32\DRIVERS\cricutexpression2_x64.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 HPFXBULKLEDM;HPFXBULKLEDM;C:\windows\system32\drivers\hppdbulkio.sys --> C:\windows\system32\drivers\hppdbulkio.sys [?]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 114144]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-7 116648]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-7 116648]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-03 22:58:29 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-10-03 22:35:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-03 22:05:48 -------- d-----w- C:\Users\James\AppData\Local\Apps
2012-10-03 21:59:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-03 21:43:47 98816 ----a-w- C:\windows\sed.exe
2012-10-03 21:43:47 518144 ----a-w- C:\windows\SWREG.exe
2012-10-03 21:43:47 256000 ----a-w- C:\windows\PEV.exe
2012-10-03 21:43:47 208896 ----a-w- C:\windows\MBR.exe
2012-10-02 22:14:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-01 21:58:33 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-10-01 21:58:33 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-10-01 21:18:29 -------- d-----w- C:\ProgramData\Sophos
2012-10-01 21:18:21 73728 ----a-r- C:\Users\James\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-10-01 21:18:21 73728 ----a-r- C:\Users\James\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-10-01 21:18:21 73728 ----a-r- C:\Users\James\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-10-01 21:18:16 -------- d-----w- C:\Program Files (x86)\Sophos
2012-10-01 08:17:42 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2012-10-01 08:14:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-01 08:14:33 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-10-01 08:14:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 16:21:35 -------- d-----w- C:\Users\James\AppData\Local\{52D1B6E2-1107-41C5-B506-25824A5269E4}
2012-09-29 16:16:46 -------- d-----w- C:\Users\James\AppData\Local\{AE600F86-18AC-4425-A945-F3C1DABAC6E9}
2012-09-26 07:44:01 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-09-13 21:01:27 -------- d-----w- C:\Users\James\AppData\Local\{530A0633-938F-4F8E-854A-28C0B5D2747E}
2012-09-12 00:08:04 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-12 00:08:04 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 00:08:03 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 00:08:03 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-12 00:08:02 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-12 00:08:02 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 00:08:02 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-04 00:08:45 -------- d-----w- C:\Program Files (x86)\MagicISO
.
==================== Find3M ====================
.
2012-10-02 19:34:51 59 ----a-w- C:\windows\wpd99.drv
2012-09-21 07:14:55 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 07:14:55 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 01:24:56 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-26 20:58:21 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2012-08-26 20:58:19 916456 ----a-w- C:\windows\System32\deployJava1.dll
2012-08-26 20:58:19 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-08-24 20:43:16 384352 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-08-13 10:11:06 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2012-07-26 08:21:28 291680 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
.
============= FINISH: 19:09:40.41 ===============

*********************************************************************************************************
GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-03 19:53:04
Windows 6.1.7601 Service Pack 1
Running: dhtv5rdf.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\James\AppData\Local\Temp\NOD4C61.tmp 4162630 bytes
File C:\Users\James\AppData\Local\Temp\NOD507F.tmp 239102 bytes
File C:\Users\James\AppData\Local\Temp\NOD50EE.tmp 1895 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 03 October 2012 - 08:52 PM

Hello jpatburke,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


Do you have a USb Flash Drive you can use? Can you tell me which browsers it is redirecting in? Internet Explorer, Firefox, Chrome?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jpatburke

jpatburke
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 03 October 2012 - 09:04 PM

THANKS!!!
Forgot to mention I followed the primer on Virus removal to the "T"...
-James

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 04 October 2012 - 09:34 PM

Do you have a USB Flash Drive you can use? Can you tell me which browsers it is redirecting in? Internet Explorer, Firefox, Chrome?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 jpatburke

jpatburke
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 04 October 2012 - 10:22 PM

Fire fox is all I use. I have ie but it seems OK but I'm not positive. Mozilla is a mess... yes I have A flash drive and have backed up my data already....

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 04 October 2012 - 10:25 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 06 October 2012 - 10:47 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 jpatburke

jpatburke
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 06 October 2012 - 10:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 05-10-2012 03:04:27
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-07-12] (Lenovo)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-07-12] (Lenovo)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service [4407808 2012-07-31] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [MaxtorOneTouch] C:\Program Files (x86)\Maxtor\OneTouch\utils\Onetouch.exe [712704 2006-03-01] (Maxtor Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [81920 2005-10-17] (Maxtor Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-10-01] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-07-31] (CobianSoft, Luis Cobian)
2 KMService; C:\windows\SysWow64\srvany.exe [8192 2011-10-25] ()
2 MaxBackServiceInt; "C:\Program Files (x86)\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [184320 2006-02-15] ()
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 NTService1; "C:\Program Files (x86)\Maxtor\OneTouch\Utils\SyncServices.exe" [106496 2006-02-07] ( )

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 cricutexpression2; C:\Windows\System32\DRIVERS\cricutexpression2_x64.sys [70672 2011-11-11] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
3 BcmSqlStartupSvc; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 CLKMSVC10_3A60B698; [x]
2 CLKMSVC10_C3B3B687; [x]
2 DriverService; [x]
2 iATAgentService; [x]
2 idealife Update Service; [x]
3 IGRS; [x]
2 IviRegMgr; [x]
2 nvUpdatusService; [x]
2 PCCarerService; [x]
2 ReadyComm.DirectRouter; [x]
2 RichVideo; [x]
2 RtLedService; [x]
2 SeaPort; [x]
2 SoftwareService; [x]
3 SQLWriter; [x]
2 Stereo Service; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-04 21:21 - 2012-10-04 21:21 - 00000000 ____D C:\Users\All Users\Maxtor
2012-10-04 21:15 - 2012-10-04 21:19 - 00000000 ____D C:\Program Files (x86)\Maxtor
2012-10-04 21:15 - 2012-10-04 21:15 - 00002094 ____A C:\Users\Public\Desktop\Maxtor OneTouch Manager.lnk
2012-10-04 19:59 - 2012-10-04 19:59 - 00000000 ____D C:\FRST
2012-10-03 23:57 - 2012-10-04 00:35 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E12.480p.WEB-DL.x264-mSD
2012-10-03 23:50 - 2012-10-04 00:20 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E13.HDTV.XviD-LOL
2012-10-03 23:47 - 2012-10-04 00:55 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E11.480p.WEB-DL.x264-mSD
2012-10-03 23:43 - 2012-10-03 23:46 - 00000000 ____D C:\Users\James\Downloads\South.Park.S16E09.REPACK.HDTV.XviD-AFG
2012-10-03 16:07 - 2012-10-03 16:07 - 00607260 ____R (Swearware) C:\Users\James\Downloads\dds.com
2012-10-03 16:06 - 2012-10-03 16:06 - 00000472 ____A C:\Users\James\Downloads\defogger_disable.log
2012-10-03 16:06 - 2012-10-03 16:06 - 00000000 ____A C:\Users\James\defogger_reenable
2012-10-03 16:05 - 2012-10-03 16:05 - 00050477 ____A C:\Users\James\Downloads\Defogger.exe
2012-10-03 14:58 - 2012-10-03 15:02 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-10-03 14:35 - 2012-10-03 14:35 - 02322184 ____A (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu(1).exe
2012-10-03 14:35 - 2012-10-03 14:35 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-03 14:05 - 2012-10-03 14:05 - 00000000 ____D C:\Users\James\AppData\Local\Apps\2.0
2012-10-03 14:00 - 2012-10-03 16:07 - 00000000 ____D C:\Users\James\Desktop\KILLA
2012-10-03 13:54 - 2012-10-03 13:54 - 00021114 ____A C:\ComboFix.txt
2012-10-03 13:43 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-03 13:43 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-03 13:43 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-03 13:43 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-03 13:43 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-03 13:43 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-03 13:43 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-03 13:43 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-03 13:42 - 2012-10-03 13:54 - 00000000 ____D C:\Qoobox
2012-10-03 13:42 - 2012-10-03 13:52 - 00000000 ____D C:\Windows\erdnt
2012-10-03 13:42 - 2012-10-03 13:42 - 04761955 ____R (Swearware) C:\Users\James\Downloads\ComboFix.exe
2012-10-02 19:12 - 2012-10-02 20:08 - 00000000 ____D C:\Users\James\Downloads\Sons.of.Anarchy.S05E04.HDTV.x264-2HD
2012-10-02 17:56 - 2012-10-02 17:56 - 00003850 ____A C:\Users\James\Documents\hans - Shortcut.lnk
2012-10-02 14:58 - 2012-10-02 14:58 - 00001135 ____A C:\Users\James\Desktop\hoast.txt
2012-10-02 14:26 - 2012-10-02 14:27 - 00034000 ____A C:\Users\James\Downloads\Result.txt
2012-10-02 14:20 - 2012-10-02 14:20 - 00751391 ____A (Farbar) C:\Users\James\Downloads\MiniToolBox.exe
2012-10-02 14:17 - 2012-10-02 14:17 - 02322184 ____A (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2012-10-02 14:14 - 2012-10-02 14:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-02 05:46 - 2012-08-28 17:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-10-02 05:46 - 2012-08-28 17:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-10-02 05:46 - 2012-08-28 17:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-10-02 05:45 - 2012-10-02 05:46 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log
2012-10-02 05:45 - 2012-10-02 05:45 - 00000000 ____D C:\Users\All Users\McAfee
2012-10-02 00:17 - 2012-10-04 21:20 - 00002112 ____A C:\Windows\PFRO.log
2012-10-01 14:07 - 2012-10-01 14:07 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-10-01 14:07 - 2012-10-01 14:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-10-01 14:07 - 2012-10-01 14:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-01 14:07 - 2012-10-01 14:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-01 14:07 - 2012-10-01 14:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-01 14:07 - 2012-10-01 14:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-01 14:07 - 2012-10-01 14:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-10-01 14:07 - 2012-10-01 14:07 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-10-01 14:07 - 2012-10-01 14:07 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-10-01 14:07 - 2012-10-01 14:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-10-01 14:07 - 2012-10-01 14:07 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-10-01 14:04 - 2012-10-01 14:08 - 00003249 ____A C:\Windows\IE9_main.log
2012-10-01 14:00 - 2012-10-04 23:39 - 00000840 ____A C:\Windows\setupact.log
2012-10-01 14:00 - 2012-10-01 14:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-01 13:58 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-10-01 13:58 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-10-01 13:40 - 2012-10-01 13:40 - 03941312 ____A (Piriform Ltd) C:\Users\James\Downloads\ccsetup323.exe
2012-10-01 13:29 - 2012-10-01 13:30 - 00002600 ____A C:\Users\James\Desktop\Rkill.txt
2012-10-01 13:29 - 2012-10-01 13:29 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2012-10-01 13:18 - 2012-10-01 13:18 - 00003205 ____A C:\Users\James\Desktop\Sophos Virus Removal Tool.lnk
2012-10-01 13:18 - 2012-10-01 13:18 - 00000000 ____D C:\Users\All Users\Sophos
2012-10-01 13:18 - 2012-10-01 13:18 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-10-01 13:16 - 2012-10-01 13:17 - 79963288 ____A (Sophos Limited) C:\Users\James\Downloads\Sophos Virus Removal Tool.exe
2012-10-01 13:13 - 2012-10-01 13:13 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\James\Downloads\tdsskiller(1).exe
2012-10-01 00:17 - 2012-10-01 00:17 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes
2012-10-01 00:14 - 2012-10-01 00:14 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-01 00:14 - 2012-10-01 00:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-01 00:14 - 2012-10-01 00:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-01 00:14 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-01 00:13 - 2012-10-01 00:13 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-30 20:54 - 2012-09-30 21:02 - 00000000 ____D C:\Users\James\Downloads\Treme.S03E02.HDTV.XviD-AFG
2012-09-30 19:44 - 2012-09-30 20:53 - 00000000 ____D C:\Users\James\Downloads\Homeland.S02E01.HDTV.x264-EVOLVE
2012-09-30 18:57 - 2012-09-30 19:45 - 00000000 ____D C:\Users\James\Downloads\Dexter.S07E01.HDTV.x264-EVOLVE
2012-09-30 18:35 - 2012-10-01 00:02 - 00000000 ____D C:\Users\James\Downloads\Boardwalk.Empire.S03E03.HDTV.x264-ASAP
2012-09-30 18:10 - 2012-09-30 18:25 - 00000000 ____D C:\Users\James\Downloads\Strike.Back.S03E08.HDTV.XviD-AFG
2012-09-29 19:04 - 2012-10-03 23:43 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E10.HDTV.XviD-ASAP
2012-09-29 08:21 - 2012-09-29 08:21 - 00000000 ____D C:\Users\James\AppData\Local\{52D1B6E2-1107-41C5-B506-25824A5269E4}
2012-09-29 08:16 - 2012-09-29 08:16 - 00000000 ____D C:\Users\James\AppData\Local\{AE600F86-18AC-4425-A945-F3C1DABAC6E9}
2012-09-28 19:37 - 2012-10-03 01:50 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E09.HDTV.XviD-P0W4
2012-09-28 19:37 - 2012-10-03 01:08 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E08.HDTV.XviD-ASAP
2012-09-28 19:37 - 2012-10-03 00:25 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E07.Past.Imperfect.HDTV.XviD-FQM
2012-09-27 12:47 - 2012-09-27 12:47 - 00011411 ____A C:\Users\James\Documents\hijackthis1.txt
2012-09-26 21:56 - 2012-09-26 23:56 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E05.480p.HDTV.x264-mSD
2012-09-26 21:54 - 2012-09-29 21:43 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E06.Dont.Hate.the.Player.PROPER.HDTV.XviD-FQM
2012-09-26 21:54 - 2012-09-28 20:20 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E04.HDTV.XviD-LOL
2012-09-26 21:54 - 2012-09-28 19:30 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E03.Love.Sick.HDTV.XviD-FQM
2012-09-26 21:17 - 2012-09-27 22:26 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E02.HDTV.XviD-LOL
2012-09-26 16:54 - 2012-09-27 13:02 - 00000000 ____D C:\Users\James\Downloads\backups
2012-09-26 16:48 - 2012-09-27 08:38 - 00011378 ____A C:\Users\James\Downloads\hijackthis.log
2012-09-26 16:47 - 2012-09-26 16:47 - 00388608 ____A (Trend Micro Inc.) C:\Users\James\Downloads\HijackThis.exe
2012-09-26 00:04 - 2012-09-26 00:55 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S03E01.The.New.Guy.HDTV.XviD-FQM
2012-09-25 23:44 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 23:16 - 2012-09-25 23:47 - 00000000 ____D C:\Users\James\Downloads\Warehouse.13.S04E01.HDTV.XviD-AFG
2012-09-25 20:32 - 2012-09-25 23:15 - 00000000 ____D C:\Users\James\Downloads\Sons.of.Anarchy.S05E03.HDTV.x264-ASAP
2012-09-23 22:49 - 2012-09-23 22:55 - 24329985 ____A C:\Users\James\Downloads\littleblondeom.flv
2012-09-23 22:32 - 2012-09-23 22:35 - 13725562 ____A C:\Users\James\Downloads\hotstrip.flv
2012-09-23 19:36 - 2012-09-23 20:39 - 00000000 ____D C:\Users\James\Downloads\Treme.S03E01.HDTV.x264-EVOLVE
2012-09-23 18:52 - 2012-09-23 19:42 - 00000000 ____D C:\Users\James\Downloads\Boardwalk.Empire.S03E02.HDTV.x264-EVOLVE
2012-09-23 13:39 - 2012-09-23 13:40 - 00000000 ____D C:\Users\James\Downloads\Arbitrage 2012 HDRiP Xvid AC3-BHRG
2012-09-23 13:38 - 2012-09-23 17:23 - 00000000 ____D C:\Users\James\Downloads\Strike.Back.S03E07.HDTV.x264-EVOLVE
2012-09-23 12:14 - 2012-09-23 12:14 - 00000000 ____D C:\Users\James\Downloads\Butter 2012 DVDSCR XviD-PSEUDO
2012-09-22 18:14 - 2012-09-22 19:35 - 00000000 ____D C:\Users\James\Downloads\Cosmopolis.2012.LIMITED.DVDRip.XviD-Larceny
2012-09-22 16:54 - 2012-09-22 14:43 - 00000000 ____D C:\Users\James\Downloads\Pack7
2012-09-22 16:51 - 2012-09-22 16:54 - 15625696 ____A C:\Users\James\Downloads\Pack7.rar
2012-09-21 17:06 - 2012-09-21 17:06 - 00000000 ____D C:\Users\James\Downloads\Moonrise.Kingdom.2012.LiMiTED.BRRip.XVID.AbSurdiTy
2012-09-21 13:10 - 2012-09-21 13:10 - 33527096 ____A (Pure Networks, Inc.) C:\Users\James\Downloads\RouterSetup_dir615_410.exe
2012-09-16 19:13 - 2012-09-16 19:30 - 00000000 ____D C:\Users\James\Downloads\Boardwalk.Empire.S03E01.HDTV.XviD-AFG
2012-09-13 13:01 - 2012-09-13 13:01 - 00000000 ____D C:\Users\James\AppData\Local\{530A0633-938F-4F8E-854A-28C0B5D2747E}
2012-09-11 16:08 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 16:08 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 16:08 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 16:08 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 16:08 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 16:08 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 16:08 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-06 00:22 - 2012-09-06 00:26 - 00000000 ____D C:\Users\James\Downloads\Real_acct_owner

==================== 3 Months Modified Files ==================

2012-10-04 23:39 - 2012-10-01 14:00 - 00000840 ____A C:\Windows\setupact.log
2012-10-04 23:39 - 2011-10-25 17:33 - 00549015 ____A C:\FaceProv.log
2012-10-04 23:39 - 2011-07-12 08:37 - 02252563 ____A C:\Windows\System32\fastboot.set
2012-10-04 23:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-04 23:38 - 2011-07-12 07:58 - 01309505 ____A C:\Windows\WindowsUpdate.log
2012-10-04 23:36 - 2012-08-07 11:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-04 23:14 - 2012-04-10 11:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-04 22:26 - 2012-08-07 11:18 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-04 21:55 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-04 21:28 - 2009-07-13 20:45 - 00028928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:28 - 2009-07-13 20:45 - 00028928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:20 - 2012-10-02 00:17 - 00002112 ____A C:\Windows\PFRO.log
2012-10-04 21:16 - 2002-12-31 21:13 - 4077216768 ____A C:\Users\James\Documents\newbackupoct2011.pst
2012-10-04 21:15 - 2012-10-04 21:15 - 00002094 ____A C:\Users\Public\Desktop\Maxtor OneTouch Manager.lnk
2012-10-03 16:07 - 2012-10-03 16:07 - 00607260 ____R (Swearware) C:\Users\James\Downloads\dds.com
2012-10-03 16:06 - 2012-10-03 16:06 - 00000472 ____A C:\Users\James\Downloads\defogger_disable.log
2012-10-03 16:06 - 2012-10-03 16:06 - 00000000 ____A C:\Users\James\defogger_reenable
2012-10-03 16:05 - 2012-10-03 16:05 - 00050477 ____A C:\Users\James\Downloads\Defogger.exe
2012-10-03 14:35 - 2012-10-03 14:35 - 02322184 ____A (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu(1).exe
2012-10-03 13:54 - 2012-10-03 13:54 - 00021114 ____A C:\ComboFix.txt
2012-10-03 13:52 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-10-03 13:42 - 2012-10-03 13:42 - 04761955 ____R (Swearware) C:\Users\James\Downloads\ComboFix.exe
2012-10-02 19:04 - 2011-10-30 02:36 - 00001456 ____A C:\Users\James\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-10-02 17:56 - 2012-10-02 17:56 - 00003850 ____A C:\Users\James\Documents\hans - Shortcut.lnk
2012-10-02 14:58 - 2012-10-02 14:58 - 00001135 ____A C:\Users\James\Desktop\hoast.txt
2012-10-02 14:56 - 2012-02-24 12:27 - 00000838 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-10-02 14:27 - 2012-10-02 14:26 - 00034000 ____A C:\Users\James\Downloads\Result.txt
2012-10-02 14:20 - 2012-10-02 14:20 - 00751391 ____A (Farbar) C:\Users\James\Downloads\MiniToolBox.exe
2012-10-02 14:17 - 2012-10-02 14:17 - 02322184 ____A (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2012-10-02 11:34 - 2011-10-26 12:19 - 00000059 ____A C:\Windows\wpd99.drv
2012-10-02 05:46 - 2012-10-02 05:45 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log
2012-10-01 14:08 - 2012-10-01 14:04 - 00003249 ____A C:\Windows\IE9_main.log
2012-10-01 14:07 - 2012-10-01 14:07 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-10-01 14:07 - 2012-10-01 14:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-10-01 14:07 - 2012-10-01 14:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-01 14:07 - 2012-10-01 14:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-01 14:07 - 2012-10-01 14:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-01 14:07 - 2012-10-01 14:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-01 14:07 - 2012-10-01 14:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-10-01 14:07 - 2012-10-01 14:07 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-10-01 14:07 - 2012-10-01 14:07 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-10-01 14:07 - 2012-10-01 14:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-10-01 14:07 - 2012-10-01 14:07 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-10-01 14:07 - 2012-10-01 14:07 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-10-01 14:07 - 2012-10-01 14:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-10-01 14:00 - 2012-10-01 14:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-01 13:41 - 2012-01-06 03:27 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-01 13:40 - 2012-10-01 13:40 - 03941312 ____A (Piriform Ltd) C:\Users\James\Downloads\ccsetup323.exe
2012-10-01 13:30 - 2012-10-01 13:29 - 00002600 ____A C:\Users\James\Desktop\Rkill.txt
2012-10-01 13:29 - 2012-10-01 13:29 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2012-10-01 13:18 - 2012-10-01 13:18 - 00003205 ____A C:\Users\James\Desktop\Sophos Virus Removal Tool.lnk
2012-10-01 13:17 - 2012-10-01 13:16 - 79963288 ____A (Sophos Limited) C:\Users\James\Downloads\Sophos Virus Removal Tool.exe
2012-10-01 13:13 - 2012-10-01 13:13 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\James\Downloads\tdsskiller(1).exe
2012-10-01 00:14 - 2012-10-01 00:14 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-01 00:13 - 2012-10-01 00:13 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-27 12:47 - 2012-09-27 12:47 - 00011411 ____A C:\Users\James\Documents\hijackthis1.txt
2012-09-27 08:38 - 2012-09-26 16:48 - 00011378 ____A C:\Users\James\Downloads\hijackthis.log
2012-09-26 16:47 - 2012-09-26 16:47 - 00388608 ____A (Trend Micro Inc.) C:\Users\James\Downloads\HijackThis.exe
2012-09-23 22:55 - 2012-09-23 22:49 - 24329985 ____A C:\Users\James\Downloads\littleblondeom.flv
2012-09-23 22:35 - 2012-09-23 22:32 - 13725562 ____A C:\Users\James\Downloads\hotstrip.flv
2012-09-22 16:54 - 2012-09-22 16:51 - 15625696 ____A C:\Users\James\Downloads\Pack7.rar
2012-09-21 13:10 - 2012-09-21 13:10 - 33527096 ____A (Pure Networks, Inc.) C:\Users\James\Downloads\RouterSetup_dir615_410.exe
2012-09-20 23:14 - 2012-04-10 11:05 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-20 23:14 - 2011-10-25 21:28 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-12 00:31 - 2009-07-13 20:45 - 04988776 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-12 00:01 - 2011-10-26 00:36 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-11 05:38 - 2011-10-25 18:05 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-10 16:59 - 2011-10-25 17:34 - 00113912 ____A C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 14:04 - 2012-10-01 00:14 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-03 16:31 - 2012-09-03 16:31 - 00001799 ____A C:\Users\James\Desktop\MagicISO.lnk
2012-09-03 16:14 - 2012-09-03 16:14 - 00001065 ____A C:\Users\James\Downloads\boot.ima.rar
2012-08-28 17:24 - 2012-07-07 08:29 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-28 17:24 - 2012-01-22 03:48 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-08-28 17:10 - 2012-10-02 05:46 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-08-28 17:10 - 2012-10-02 05:46 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-08-28 17:09 - 2012-10-02 05:46 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-08-26 14:07 - 2012-08-26 14:07 - 03178400 ____A (McAfee, Inc.) C:\Users\James\Downloads\MCPR.exe
2012-08-26 12:58 - 2012-08-26 12:58 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-26 12:58 - 2012-08-26 12:58 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-26 12:58 - 2012-08-26 12:58 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-26 12:58 - 2012-08-26 12:58 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-26 12:58 - 2012-08-26 12:58 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-26 12:58 - 2012-08-26 12:58 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-24 12:43 - 2012-08-24 12:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-22 10:12 - 2012-09-11 16:08 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 16:08 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 16:08 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 16:08 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-25 23:44 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-16 18:55 - 2011-10-25 22:48 - 00000039 ____A C:\Windows\vbaddin.ini
2012-08-14 06:17 - 2012-08-14 06:17 - 00263186 ____A C:\Users\James\Downloads\Minecraft.exe
2012-08-14 05:36 - 2012-08-14 05:36 - 00010794 ____A C:\Users\James\Documents\pen invoices 2012.xlsx
2012-08-13 02:21 - 2012-08-13 02:21 - 00001376 ____A C:\Users\James\Desktop\Future Soldier - Shortcut.lnk
2012-08-13 02:11 - 2012-08-13 00:01 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-07 11:23 - 2012-08-07 11:23 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-08-02 09:58 - 2012-09-11 16:08 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 16:08 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-29 16:24 - 2012-07-29 16:24 - 00001953 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-07-29 16:20 - 2012-05-31 11:57 - 00010125 ____A C:\Users\James\Desktop\Payroll 5-30.xlsx
2012-07-29 01:51 - 2012-07-29 01:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-07-26 00:21 - 2012-07-26 00:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-24 19:00 - 2012-07-24 19:00 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-20 09:39 - 2012-07-20 09:39 - 00008156 ____A C:\Users\James\Downloads\LogoCraft.ttf
2012-07-18 10:15 - 2012-08-15 18:42 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 07:11 - 2012-07-12 07:11 - 00010444 ____A C:\Users\James\Documents\Utilities (Autosaved).xlsx

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-03 14:15:17
Restore point made on: 2012-10-03 15:14:36
Restore point made on: 2012-10-04 21:06:43
Restore point made on: 2012-10-04 21:16:47
Restore point made on: 2012-10-04 21:19:22
Restore point made on: 2012-10-04 21:28:27

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4039.86 MB
Available physical RAM: 3432.38 MB
Total Pagefile: 4038.06 MB
Available Pagefile: 3431.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:224.16 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0 GB) NTFS
4 Drive g: (TRAVELDRIVE) (Removable) (Total:3.6 GB) (Free:2.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 3696 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 421 GB 201 MB
Partition 0 Extended 28 GB 422 GB
Partition 4 Logical 28 GB 422 GB
Partition 3 OEM 14 GB 451 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 200 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 421 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LENOVO NTFS Partition 28 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3692 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G TRAVELDRIVE FAT32 Removable 3692 MB Healthy

=========================================================

Last Boot: 2012-09-26 01:49

==================== End Of Log =============================

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 07 October 2012 - 03:32 PM

Hello,

Let uninstall and reinstall Firefox and see if that helps. Sometime with these new infections after cleaning them up we just need to reinstall. When you uninstall Firefox make sure when it ask about deleting personal data you select yes let it delete everything.

Let me know how it is doing once you have uninstalled and reinstalled Firefox.

Edited by fireman4it, 07 October 2012 - 03:32 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 10 October 2012 - 08:42 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 PM

Posted 13 October 2012 - 09:33 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users