Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:JS/Medfos.B constantly being removed by MSE


  • This topic is locked This topic is locked
12 replies to this topic

#1 solarparade

solarparade

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 November 2012 - 09:12 PM

For a few days, Microsoft Security Essentials has been telling me that this trojan is being cleaned, only to do the same thing 3 minutes later, so it obviously isn't getting the job done. Malwarebytes did the same thing, it removed it but it came right back. Any help is appreciated! :lol:

Attached Files

  • Attached File  DDS.txt   29.38KB   1 downloads
  • Attached File  GWER.log   96.75KB   1 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 02 November 2012 - 09:19 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 solarparade

solarparade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 November 2012 - 12:14 AM

Thank you for the speedy response!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
Ran by SYSTEM at 03-11-2012 01:00:24
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [x]
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11780712 2011-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [x]
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [x]
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe" [2153328 2011-11-21] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PATHPILOT] C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk [x]
HKU\vault\...\Run: [Google Update] "C:\Users\vault\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-08] (Google Inc.)
HKU\vault\...\Run: [MusicManager] "C:\Users\vault\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7321600 2012-08-31] (Google Inc.)
HKU\vault\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [399736 2012-10-13] (BitTorrent, Inc.)
HKU\vault\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\vault\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-09-08] (Valve Corporation)
HKU\vault\...\Run: [F.lux] "C:\Users\vault\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\vault\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-28] ()
HKU\vault\...\Run: [Spotify Web Helper] "C:\Users\vault\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-30] (Spotify Ltd)
HKU\vault\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-01] (Google Inc.)
HKU\vault\...\Run: [etasr] rundll32.exe "C:\Users\vault\AppData\Roaming\etasr.dll",set_palette_to_rgb [445952 2012-10-31] (ULi Electronics Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 129.21.3.17 129.21.4.18
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FocalFilterHelper.lnk
ShortcutTarget: FocalFilterHelper.lnk -> C:\Program Files (x86)\FocalFilter\FocalFilterHelper.exe (Microsoft)
Startup: C:\Users\vault\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ===================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-10-23] (DT Soft Ltd)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-02 20:50 - 2012-11-02 20:50 - 00000000 ____D C:\FRST
2012-11-02 20:49 - 2012-11-02 20:50 - 01459963 ____A (Farbar) C:\Users\vault\Downloads\FRST64.exe
2012-11-02 18:11 - 2012-11-02 18:11 - 00099074 ____A C:\Users\vault\Documents\GWER.log
2012-11-02 17:43 - 2012-11-02 17:43 - 00302592 ____A C:\Users\vault\Downloads\m73y6i8h.exe
2012-11-02 17:43 - 2012-11-02 17:43 - 00030080 ____A C:\Users\vault\Documents\DDS.txt
2012-11-02 17:42 - 2012-11-02 17:42 - 00030080 ____A C:\Users\vault\Desktop\dds.txt
2012-11-02 17:40 - 2012-11-02 17:40 - 00687724 ____R (Swearware) C:\Users\vault\Downloads\dds.com
2012-11-02 17:40 - 2012-11-02 17:40 - 00050477 ____A C:\Users\vault\Downloads\Defogger.exe
2012-11-02 17:40 - 2012-11-02 17:40 - 00000552 ____A C:\Users\vault\Downloads\defogger_disable.log
2012-11-02 17:40 - 2012-11-02 17:40 - 00000178 ____A C:\Users\vault\defogger_reenable
2012-11-02 15:31 - 2012-11-02 15:33 - 103121447 ____A C:\Users\vault\Downloads\A_Slower_Speed_of_Light.zip
2012-11-01 22:42 - 2012-11-01 22:43 - 00000000 ____D C:\Users\vault\Downloads\Suicide Silence - The Black Crown (2011) [V0]
2012-11-01 21:02 - 2012-11-01 21:02 - 00000000 ____D C:\Users\vault\Downloads\King Crimson - In The Wake Of Poseidon (2010) - V0
2012-11-01 20:45 - 2012-11-01 20:46 - 00000000 ____D C:\Users\vault\Downloads\King Crimson - 2009 - In The Court Of The Crimson King (40th Anniversary Edition) (2009 Stereo Mix) [V0]
2012-11-01 11:37 - 2012-11-01 11:38 - 00018353 ____A C:\Windows\DirectX.log
2012-11-01 10:27 - 2012-11-01 10:28 - 00000000 ____D C:\Users\vault\Downloads\Rilo Kiley - Under The Blacklights (V0)
2012-11-01 09:01 - 2012-11-02 20:49 - 00001410 ____A C:\Windows\setupact.log
2012-11-01 09:01 - 2012-11-01 09:01 - 00000000 ____A C:\Windows\setuperr.log
2012-10-31 21:08 - 2012-10-31 21:08 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-31 21:08 - 2012-10-31 21:08 - 00000000 ____D C:\Users\vault\AppData\Roaming\Malwarebytes
2012-10-31 21:08 - 2012-10-31 21:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-31 21:08 - 2012-10-31 21:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-31 21:08 - 2012-09-29 15:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-31 21:07 - 2012-10-31 21:07 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\vault\Downloads\mbam-setup-1.65.1.1000.exe
2012-10-31 21:04 - 2012-10-31 21:04 - 68354112 ____A (Microsoft Corporation) C:\Users\vault\Downloads\mpam-fe.exe
2012-10-31 20:16 - 2012-10-31 20:16 - 00000000 ____D C:\Users\vault\Mari0
2012-10-31 20:13 - 2012-10-31 20:13 - 00445952 ____A (ULi Electronics Inc.) C:\Users\vault\AppData\Roaming\etasr.dll
2012-10-31 20:12 - 2012-10-31 20:12 - 00000000 ____D C:\Users\vault\AppData\Roaming\Google
2012-10-31 18:03 - 2012-10-31 18:04 - 00000000 ____D C:\Users\vault\Downloads\Black Sabbath - Black Sabbath [Vinyl,pbthalFM2012,v0]
2012-10-31 17:12 - 2012-10-31 20:16 - 00000000 ____D C:\Users\vault\AppData\Roaming\LOVE
2012-10-31 17:12 - 2012-10-31 17:12 - 00000000 ____D C:\Users\vault\Downloads\ntt
2012-10-31 17:11 - 2012-10-31 17:11 - 04630207 ____A C:\Users\vault\Downloads\nottetris2-win.zip
2012-10-31 14:13 - 2012-10-31 14:13 - 00000000 ____D C:\Users\vault\Downloads\Starbleeper - 2010 - Reptilians [V0]
2012-10-31 13:58 - 2012-10-31 13:58 - 00000000 ____D C:\Users\vault\Downloads\Whirr & Monster Ghost - Graveface Split 7 inch (2012) - WEB
2012-10-30 06:39 - 2012-10-30 06:39 - 00000000 ____D C:\Users\vault\Downloads\Metric - Fantasies [V0]
2012-10-29 14:34 - 2012-10-29 14:35 - 00000000 ____D C:\Users\vault\Downloads\Early Graves - 2012 - Red Horse
2012-10-28 12:54 - 2012-10-28 12:54 - 00000000 ____D C:\Users\vault\AppData\Local\FocalFilter
2012-10-28 12:52 - 2012-10-28 12:54 - 00000000 ____D C:\Users\vault\AppData\Roaming\FocalFilter
2012-10-28 12:03 - 2012-10-28 12:03 - 00001920 ____A C:\Users\Public\Desktop\FocalFilter.lnk
2012-10-28 12:03 - 2012-10-28 12:03 - 00000000 ____D C:\Program Files (x86)\FocalFilter
2012-10-28 12:01 - 2012-10-28 12:01 - 00000000 ____D C:\Users\vault\AppData\Local\Downloaded Installations
2012-10-28 12:00 - 2012-10-28 12:00 - 02108902 ____A (FocalFilter) C:\Users\vault\Downloads\FocalFilter_Setup_October2012.exe
2012-10-28 11:42 - 2012-10-28 11:42 - 00001731 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-10-28 11:38 - 2012-10-28 11:38 - 00000000 ____D C:\Riot Games
2012-10-28 10:50 - 2012-11-02 20:53 - 00000000 ____D C:\Users\vault\AppData\Local\PMB Files
2012-10-28 10:50 - 2012-10-28 11:29 - 00000000 ____D C:\Users\vault\Desktop\League of legends
2012-10-28 10:50 - 2012-10-28 10:50 - 00000000 ____D C:\Users\All Users\PMB Files
2012-10-28 10:49 - 2012-10-28 10:49 - 02353512 ____A C:\Users\vault\Downloads\LeagueofLegends.exe
2012-10-28 10:49 - 2012-10-28 10:49 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-10-28 10:19 - 2008-04-03 18:45 - 48997066 ____A () C:\Users\vault\Downloads\yumenikki0.10eng.exe
2012-10-27 19:24 - 2012-10-27 19:24 - 00000465 ____A C:\Users\vault\Downloads\BantControl.txt
2012-10-27 19:24 - 2012-10-27 19:24 - 00000465 ____A C:\Users\vault\Downloads\BantControl(1).txt
2012-10-27 18:45 - 2012-10-27 18:45 - 00000000 ____D C:\Users\vault\Downloads\The Orange Box Original Soundtrack
2012-10-27 18:45 - 2012-10-27 18:45 - 00000000 ____D C:\Users\vault\Downloads\Fin V0
2012-10-27 18:44 - 2012-10-27 18:45 - 00000000 ____D C:\Users\vault\Downloads\El Ten Eleven [2005] [El Ten Eleven]
2012-10-27 18:44 - 2012-10-27 18:44 - 00000000 ____D C:\Users\vault\Downloads\Jason Lescalleet - Songs About Nothing (2012) [V0]
2012-10-27 18:44 - 2012-10-27 18:44 - 00000000 ____D C:\Users\vault\Downloads\Giant Drag - Hearts And Unicorns (2005) [MP3 V0]
2012-10-27 17:12 - 2012-10-27 17:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-10-27 17:11 - 2012-10-27 17:11 - 00000000 ____D C:\Users\vault\Documents\Prince of Persia
2012-10-27 17:06 - 2008-07-12 04:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-10-27 17:06 - 2008-07-12 04:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-10-27 17:06 - 2008-07-12 04:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-10-27 17:06 - 2008-07-12 04:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-10-27 17:06 - 2008-07-12 04:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-10-27 17:06 - 2008-07-12 04:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-10-27 13:10 - 2012-10-27 13:10 - 07282280 ____A C:\Users\vault\Downloads\A Song of Ice and Fire - George RR Martin.mobi
2012-10-27 13:10 - 2012-10-27 13:10 - 00397468 ____A C:\Users\vault\Downloads\How to Win Friends & Influence People - Dale Carnegie.mobi
2012-10-27 11:32 - 2012-10-27 11:32 - 23919157 ____A (Igor Pavlov) C:\Users\vault\Downloads\tor-browser-2.2.39-4_en-US.exe
2012-10-26 21:42 - 2012-10-27 13:11 - 00000000 ____D C:\Users\vault\Documents\Calibre Library
2012-10-26 21:41 - 2012-10-26 21:43 - 00000000 ____D C:\Users\vault\AppData\Roaming\calibre
2012-10-26 21:41 - 2012-10-26 21:41 - 00000971 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-10-26 21:41 - 2012-10-26 21:41 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-10-26 21:39 - 2012-10-26 21:40 - 50210816 ____A C:\Users\vault\Downloads\calibre-0.9.4.msi
2012-10-26 21:39 - 2012-10-26 21:39 - 00278603 ____A C:\Users\vault\Downloads\Year of the Black Rainbow.mobi
2012-10-26 20:18 - 2012-10-26 20:19 - 00000000 ____D C:\Users\vault\Downloads\Vijay_Iyer_Trio--Accelerando-2012-OMA
2012-10-26 20:17 - 2012-10-26 20:18 - 00000000 ____D C:\Users\vault\Downloads\Robert Glasper Experiment - Black Radio (2012) [V0]
2012-10-26 19:29 - 2012-10-26 19:29 - 00000426 ____A C:\Users\vault\Downloads\mtgdailyeventcoverageptrtr12topmoderndecksx92.txt
2012-10-26 19:18 - 2012-10-26 19:18 - 00000000 ____D C:\Users\All Users\PopCap Games
2012-10-26 19:13 - 2012-10-26 19:17 - 00000000 ____D C:\Users\vault\Downloads\PopCap.Games.Plants.vs.Zombies.v1.2.0.1073.Game.of.the.Year.Edition-LMi
2012-10-26 15:49 - 2012-10-26 15:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-24 20:58 - 2012-10-24 20:58 - 00001174 ____A C:\Users\vault\Downloads\izzet-izzet-or-something-else.dec
2012-10-24 20:38 - 2012-10-24 20:40 - 00000000 ____D C:\Users\vault\Downloads\Astrobrite - Whitenoise Superstar
2012-10-24 20:38 - 2012-10-24 20:39 - 00000000 ____D C:\Users\vault\Downloads\The Angelic Process-Weighing Souls With Sand [2007-MP3-V0 (VBR)-Log]
2012-10-24 20:38 - 2012-10-24 20:39 - 00000000 ____D C:\Users\vault\Downloads\Stella Luna — Stargazer [2002-V0]
2012-10-24 20:30 - 2012-10-24 20:30 - 00000000 ____D C:\Users\vault\Downloads\Paul Lansky - More Than Idle Chatter (1994) [V0 log]
2012-10-24 20:29 - 2012-10-24 20:30 - 00000000 ____D C:\Users\vault\Downloads\The Disintegration Loops I (V0)
2012-10-24 18:05 - 2012-10-24 18:05 - 00000953 ____A C:\Users\vault\Downloads\70-lands-edh.dec
2012-10-24 17:56 - 2012-10-24 17:56 - 00000000 ____D C:\Users\vault\Downloads\Pig Destro
2012-10-24 15:49 - 2012-10-24 15:49 - 00000000 ____D C:\Users\vault\Downloads\Sonic Youth - Daydream Nation [V0 MP3]
2012-10-24 11:18 - 2012-10-24 11:18 - 00000000 ____D C:\Users\vault\Downloads\Pig Destroyer - Book Burner (2012) [V0]
2012-10-24 06:07 - 2012-10-24 06:07 - 00000000 ____D C:\Users\vault\Downloads\Born Gold - Little Sleepwalker
2012-10-23 14:04 - 2012-10-23 14:04 - 00000000 ____D C:\Users\vault\AppData\Local\SKIDROW
2012-10-23 14:03 - 2012-10-23 14:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-10-23 13:54 - 2012-10-23 14:04 - 00000000 ____D C:\Program Files (x86)\Dishonored
2012-10-23 13:51 - 2012-11-01 06:41 - 00000000 ____D C:\Users\vault\AppData\Roaming\DAEMON Tools Pro
2012-10-23 13:51 - 2012-10-23 13:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-10-23 13:50 - 2012-10-23 13:53 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-10-23 13:49 - 2012-10-23 13:54 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
2012-10-23 13:47 - 2012-10-23 13:48 - 00000000 ____D C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD
2012-10-23 13:23 - 2012-10-23 13:40 - 00000000 ____D C:\Users\vault\Downloads\Dishonored-Black_Box
2012-10-22 19:30 - 2012-10-22 19:31 - 00000000 ____D C:\Users\vault\Downloads\Chip's Challenge - Halfbit Hero [V0]
2012-10-22 19:30 - 2012-10-22 19:30 - 00000000 ____D C:\Users\vault\Downloads\Chip's Challenge - 1bit Wonder [V0]
2012-10-22 19:12 - 2012-10-22 19:12 - 00000000 ____D C:\Users\vault\Downloads\Merzbow - Merzbeat (2002) [V0]
2012-10-22 18:51 - 2012-10-22 18:52 - 00000000 ____D C:\Users\vault\Downloads\Modest Mouse - Lonesome Crowded West
2012-10-20 21:44 - 2012-10-20 21:44 - 00000526 ____A C:\Users\vault\Downloads\mtgdailyeventcoverageptrtr12top8decksx7.txt
2012-10-18 20:45 - 2012-10-18 20:48 - 00000000 ____D C:\Users\vault\AppData\Roaming\ImgBurn
2012-10-18 20:39 - 2012-10-18 20:39 - 00001880 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-10-18 20:39 - 2012-10-18 20:39 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-10-18 20:35 - 2012-10-18 20:57 - 00000000 ____D C:\Users\vault\Downloads\Boards of Canada - 2005 - The Campfire Headphase [FLAC]
2012-10-18 19:05 - 2012-10-26 18:31 - 00000000 ____D C:\Users\vault\Documents\StarCraft II
2012-10-18 19:05 - 2012-10-18 19:10 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-10-18 19:05 - 2012-10-18 19:05 - 00001157 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-10-18 19:05 - 2012-10-18 19:05 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-10-18 19:04 - 2012-10-18 19:04 - 00000000 ____D C:\Users\All Users\Battle.net
2012-10-18 19:03 - 2012-10-18 19:04 - 42389504 ____A (Blizzard Entertainment) C:\Users\vault\Downloads\StarCraft-II-Setup-enUS.exe
2012-10-18 18:07 - 2012-10-18 18:24 - 839909376 ____A C:\Users\vault\Downloads\linuxmint-13-cinnamon-dvd-64bit.iso
2012-10-18 14:54 - 2012-10-18 14:54 - 01060625 ____A (pendrivelinux.com) C:\Users\vault\Downloads\Universal-USB-Installer-1.9.1.2.exe
2012-10-18 14:47 - 2012-10-18 14:48 - 02501520 ____A C:\Users\vault\Downloads\wubi.exe
2012-10-18 14:45 - 2012-10-18 14:50 - 800063488 ____A C:\Users\vault\Downloads\quantal.iso
2012-10-17 20:49 - 2012-10-17 20:50 - 00000000 ____D C:\Users\vault\Downloads\Ringo Deathstarr [2009] Sparkler
2012-10-17 20:48 - 2012-10-17 20:49 - 00000000 ____D C:\Users\vault\Downloads\Ringo Deathstarr - Ringo Deathstarr EP (2007) [V0]
2012-10-17 20:47 - 2012-10-17 20:47 - 00000000 ____D C:\Users\vault\Downloads\An Autumn For Crippled Children - Only The Ocean Knows (2012)
2012-10-17 15:09 - 2012-10-17 15:09 - 00000000 ____D C:\Users\vault\Downloads\Whirr - Part Time Punks Sessions [V0]
2012-10-14 19:00 - 2012-10-14 19:00 - 00000000 ____D C:\Users\vault\Downloads\Gerry Mulligan - Feelin' Good
2012-10-14 17:38 - 2012-10-14 17:38 - 00000000 ____D C:\Users\vault\Downloads\2012 - Psychic Love Damage V0
2012-10-14 17:30 - 2012-10-14 17:30 - 00000000 ____D C:\Users\vault\Downloads\Herbie Hancock - Head Hunters (1997) - Columbia-v0
2012-10-14 11:22 - 2012-10-14 11:22 - 00000000 ____D C:\Users\vault\Downloads\Black Moth Super Rainbow - Cobra Juicy (2012) [V0]
2012-10-14 09:37 - 2012-10-14 09:37 - 00000000 ____D C:\Users\vault\Downloads\Converge - When Forever Comes Crashing (remaster) [V0]
2012-10-13 09:59 - 2012-10-13 10:13 - 00000000 ____D C:\Users\vault\Downloads\Dave Brubeck (1959) Time Out [Classic Records 45RPM 180g 4LP SteveMTNO rip].V0
2012-10-12 19:36 - 2012-10-12 19:36 - 00000869 ____A C:\Users\vault\Downloads\mtgo-cube-september-2012-copy-2012-10-12-12-10-12-8.dec
2012-10-12 19:36 - 2012-10-12 19:36 - 00000806 ____A C:\Users\vault\Downloads\mtgo-cube-september-2012-copy-2012-10-12-12-10-12-8.txt
2012-10-12 16:37 - 2012-10-12 16:37 - 00000000 ____D C:\Users\vault\Downloads\Torche-Harmonicraft-2012-FNT
2012-10-10 20:37 - 2012-10-10 20:40 - 00000000 ____D C:\Users\vault\Downloads\Philip Glass & Robert Wilson - Einstein on the Beach
2012-10-10 20:31 - 2012-10-10 20:44 - 00000000 ____D C:\Users\vault\Downloads\Bloodhound Gang - 1999 - Hooray For Boobies - [FLAC]
2012-10-10 20:31 - 2012-10-10 20:41 - 00000000 ____D C:\Users\vault\Downloads\Melody Gardot - 2009 - My One And Only Thrill
2012-10-10 20:31 - 2012-10-10 20:35 - 00000000 ____D C:\Users\vault\Downloads\Dave Brubeck Quartet - Time Out (US Mono) (V0)
2012-10-10 20:31 - 2012-10-10 20:33 - 00000000 ____D C:\Users\vault\Downloads\Bloodhound Gang - Hooray For Boobies
2012-10-10 20:31 - 2012-10-10 20:31 - 00000000 ____D C:\Users\vault\Downloads\Philip_Glass-Robert_Wilson-1993-Einstein_on_the_Beach-[V0]
2012-10-10 20:31 - 2012-10-10 20:31 - 00000000 ____D C:\Users\vault\Downloads\Melody Gardot (2009) - My One And Only Thrill [V0]
2012-10-10 17:56 - 2012-10-10 17:56 - 00000405 ____A C:\Users\vault\Downloads\junksuperfriendsv2.txt
2012-10-10 09:45 - 2012-10-10 09:57 - 00000000 ___AD C:\Users\vault\Downloads\RSSS
2012-10-10 09:44 - 2012-10-10 09:44 - 07471151 ____A C:\Users\vault\Downloads\RSSS.zip
2012-10-09 19:40 - 2012-10-09 19:42 - 00000000 ____D C:\Users\vault\Downloads\Moonrise.Kingdom.2012.720p.BluRay.DTS.x264-DON
2012-10-09 19:33 - 2012-10-09 19:33 - 00000000 ____D C:\Users\vault\Downloads\Ty Segall - Twins [V0]
2012-10-09 14:42 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 14:42 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 14:42 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 14:42 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 14:41 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 14:41 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 14:41 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 14:41 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 14:41 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 14:41 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 14:41 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 14:41 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 14:41 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 14:41 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 14:41 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 14:41 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 14:41 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 14:41 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 14:41 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 14:41 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 14:41 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 14:41 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 14:41 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 14:41 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 14:41 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 14:41 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 13:11 - 2012-10-09 13:11 - 00000777 ____A C:\Users\vault\Desktop\Toribash.lnk
2012-10-09 13:11 - 2012-10-09 13:11 - 00000000 ____D C:\Users\vault\AppData\Roaming\Toribash
2012-10-09 13:11 - 2012-10-09 13:11 - 00000000 ____D C:\Games
2012-10-09 13:10 - 2012-10-09 13:11 - 18108802 ____A (Nabi Studios Pte Ltd ) C:\Users\vault\Downloads\Toribash-4.1-Setup.exe
2012-10-08 17:42 - 2012-10-08 17:42 - 00731923 ____A C:\Users\vault\Downloads\Plath, Sylvia - The Bell Jar.mobi
2012-10-08 17:35 - 2012-10-08 17:36 - 00000000 ____D C:\Users\vault\Downloads\Sleigh_Bells-Reign_Of_Terror-2012-MTD
2012-10-08 17:35 - 2012-10-08 17:35 - 00000000 ____D C:\Users\vault\Downloads\Sleigh Bells-2010-Treats [V0]
2012-10-08 16:42 - 2012-10-08 16:42 - 00000000 ____D C:\Users\vault\Downloads\Disc 2
2012-10-08 15:43 - 2012-10-08 15:43 - 00099328 ____A C:\Users\vault\Downloads\ScreenCap.exe
2012-10-07 17:41 - 2012-10-07 17:41 - 00000000 ____D C:\Users\vault\Downloads\The New Caledonia - Lotus [2007] - MP3 V0
2012-10-07 04:50 - 2012-10-07 04:50 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-07 04:50 - 2012-10-07 04:50 - 00000000 ____D C:\Program Files\CCleaner
2012-10-07 04:49 - 2012-10-07 04:49 - 03941312 ____A (Piriform Ltd) C:\Users\vault\Downloads\ccsetup323.exe
2012-10-06 12:26 - 2012-10-06 12:26 - 00000000 ____D C:\Users\vault\Downloads\Madeon – The City Remixes EP
2012-10-05 20:35 - 2012-10-05 20:35 - 00609880 ____A C:\Users\vault\Downloads\cbsidlm-tr1_7-PangoBright-75327791.exe
2012-10-05 20:35 - 2012-10-05 20:35 - 00114400 ____A (Pangolin Laser Systems Inc.) C:\Users\vault\Downloads\PangoBright.exe
2012-10-05 09:43 - 2012-10-05 09:44 - 09272595 ____A C:\Users\vault\Downloads\pidgin-2.10.6(1).exe
2012-10-04 18:28 - 2012-10-04 18:28 - 00000440 ____A C:\Users\vault\Downloads\r.zip
2012-10-04 16:25 - 2012-10-04 16:25 - 00000000 ____D C:\Users\vault\Downloads\Coheed and Cambria - The Afterman - Ascension [V0]
2012-10-04 16:25 - 2012-10-04 16:25 - 00000000 ____D C:\Users\vault\Downloads\Coheed and Cambria - The Afterman - Ascension [320]
2012-10-04 13:37 - 2012-10-04 13:38 - 00000000 ____D C:\Users\vault\Downloads\Various - Made In Iceland V (v0)
2012-10-04 12:40 - 2012-10-04 12:40 - 00000000 ____D C:\Users\vault\Downloads\Ty Segall and White Fence - Hair (V0)

==================== 3 Months Modified Files ==================

2012-11-02 20:54 - 2012-05-01 15:09 - 01443709 ____A C:\Windows\WindowsUpdate.log
2012-11-02 20:52 - 2009-07-13 21:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-02 20:50 - 2012-11-02 20:49 - 01459963 ____A (Farbar) C:\Users\vault\Downloads\FRST64.exe
2012-11-02 20:49 - 2012-11-01 09:01 - 00001410 ____A C:\Windows\setupact.log
2012-11-02 20:48 - 2012-10-02 03:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-02 20:15 - 2012-09-08 07:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097665607-1011041330-2731554553-1000UA.job
2012-11-02 20:11 - 2012-05-01 15:25 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-02 19:11 - 2012-05-01 15:25 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-02 18:11 - 2012-11-02 18:11 - 00099074 ____A C:\Users\vault\Documents\GWER.log
2012-11-02 17:43 - 2012-11-02 17:43 - 00302592 ____A C:\Users\vault\Downloads\m73y6i8h.exe
2012-11-02 17:43 - 2012-11-02 17:43 - 00030080 ____A C:\Users\vault\Documents\DDS.txt
2012-11-02 17:42 - 2012-11-02 17:42 - 00030080 ____A C:\Users\vault\Desktop\dds.txt
2012-11-02 17:40 - 2012-11-02 17:40 - 00687724 ____R (Swearware) C:\Users\vault\Downloads\dds.com
2012-11-02 17:40 - 2012-11-02 17:40 - 00050477 ____A C:\Users\vault\Downloads\Defogger.exe
2012-11-02 17:40 - 2012-11-02 17:40 - 00000552 ____A C:\Users\vault\Downloads\defogger_disable.log
2012-11-02 17:40 - 2012-11-02 17:40 - 00000178 ____A C:\Users\vault\defogger_reenable
2012-11-02 17:30 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-02 17:30 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-02 17:25 - 2012-09-10 09:44 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-11-02 15:33 - 2012-11-02 15:31 - 103121447 ____A C:\Users\vault\Downloads\A_Slower_Speed_of_Light.zip
2012-11-02 01:15 - 2012-09-08 07:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097665607-1011041330-2731554553-1000Core.job
2012-11-01 11:38 - 2012-11-01 11:37 - 00018353 ____A C:\Windows\DirectX.log
2012-11-01 09:01 - 2012-11-01 09:01 - 00000000 ____A C:\Windows\setuperr.log
2012-10-31 21:08 - 2012-10-31 21:08 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-31 21:07 - 2012-10-31 21:07 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\vault\Downloads\mbam-setup-1.65.1.1000.exe
2012-10-31 21:04 - 2012-10-31 21:04 - 68354112 ____A (Microsoft Corporation) C:\Users\vault\Downloads\mpam-fe.exe
2012-10-31 20:13 - 2012-10-31 20:13 - 00445952 ____A (ULi Electronics Inc.) C:\Users\vault\AppData\Roaming\etasr.dll
2012-10-31 17:11 - 2012-10-31 17:11 - 04630207 ____A C:\Users\vault\Downloads\nottetris2-win.zip
2012-10-30 21:57 - 2012-10-30 21:57 - 01390306 ____A C:\Users\vault\Downloads\PlanetPronDecoy.apk
2012-10-29 17:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-28 12:03 - 2012-10-28 12:03 - 00001920 ____A C:\Users\Public\Desktop\FocalFilter.lnk
2012-10-28 12:00 - 2012-10-28 12:00 - 02108902 ____A (FocalFilter) C:\Users\vault\Downloads\FocalFilter_Setup_October2012.exe
2012-10-28 11:42 - 2012-10-28 11:42 - 00001731 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-10-28 10:49 - 2012-10-28 10:49 - 02353512 ____A C:\Users\vault\Downloads\LeagueofLegends.exe
2012-10-27 19:24 - 2012-10-27 19:24 - 00000465 ____A C:\Users\vault\Downloads\BantControl.txt
2012-10-27 19:24 - 2012-10-27 19:24 - 00000465 ____A C:\Users\vault\Downloads\BantControl(1).txt
2012-10-27 17:12 - 2012-10-27 17:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-10-27 13:10 - 2012-10-27 13:10 - 07282280 ____A C:\Users\vault\Downloads\A Song of Ice and Fire - George RR Martin.mobi
2012-10-27 13:10 - 2012-10-27 13:10 - 00397468 ____A C:\Users\vault\Downloads\How to Win Friends & Influence People - Dale Carnegie.mobi
2012-10-27 11:32 - 2012-10-27 11:32 - 23919157 ____A (Igor Pavlov) C:\Users\vault\Downloads\tor-browser-2.2.39-4_en-US.exe
2012-10-26 21:41 - 2012-10-26 21:41 - 00000971 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-10-26 21:40 - 2012-10-26 21:39 - 50210816 ____A C:\Users\vault\Downloads\calibre-0.9.4.msi
2012-10-26 21:39 - 2012-10-26 21:39 - 00278603 ____A C:\Users\vault\Downloads\Year of the Black Rainbow.mobi
2012-10-26 19:29 - 2012-10-26 19:29 - 00000426 ____A C:\Users\vault\Downloads\mtgdailyeventcoverageptrtr12topmoderndecksx92.txt
2012-10-24 20:58 - 2012-10-24 20:58 - 00001174 ____A C:\Users\vault\Downloads\izzet-izzet-or-something-else.dec
2012-10-24 18:05 - 2012-10-24 18:05 - 00000953 ____A C:\Users\vault\Downloads\70-lands-edh.dec
2012-10-23 13:51 - 2012-10-23 13:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-10-20 21:44 - 2012-10-20 21:44 - 00000526 ____A C:\Users\vault\Downloads\mtgdailyeventcoverageptrtr12top8decksx7.txt
2012-10-18 20:39 - 2012-10-18 20:39 - 00001880 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-10-18 19:05 - 2012-10-18 19:05 - 00001157 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-10-18 19:04 - 2012-10-18 19:03 - 42389504 ____A (Blizzard Entertainment) C:\Users\vault\Downloads\StarCraft-II-Setup-enUS.exe
2012-10-18 18:24 - 2012-10-18 18:07 - 839909376 ____A C:\Users\vault\Downloads\linuxmint-13-cinnamon-dvd-64bit.iso
2012-10-18 14:54 - 2012-10-18 14:54 - 01060625 ____A (pendrivelinux.com) C:\Users\vault\Downloads\Universal-USB-Installer-1.9.1.2.exe
2012-10-18 14:50 - 2012-10-18 14:45 - 800063488 ____A C:\Users\vault\Downloads\quantal.iso
2012-10-18 14:48 - 2012-10-18 14:47 - 02501520 ____A C:\Users\vault\Downloads\wubi.exe
2012-10-13 10:11 - 2012-09-08 07:22 - 00000958 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-10-12 19:36 - 2012-10-12 19:36 - 00000869 ____A C:\Users\vault\Downloads\mtgo-cube-september-2012-copy-2012-10-12-12-10-12-8.dec
2012-10-12 19:36 - 2012-10-12 19:36 - 00000806 ____A C:\Users\vault\Downloads\mtgo-cube-september-2012-copy-2012-10-12-12-10-12-8.txt
2012-10-10 17:56 - 2012-10-10 17:56 - 00000405 ____A C:\Users\vault\Downloads\junksuperfriendsv2.txt
2012-10-10 09:44 - 2012-10-10 09:44 - 07471151 ____A C:\Users\vault\Downloads\RSSS.zip
2012-10-09 13:11 - 2012-10-09 13:11 - 00000777 ____A C:\Users\vault\Desktop\Toribash.lnk
2012-10-09 13:11 - 2012-10-09 13:10 - 18108802 ____A (Nabi Studios Pte Ltd ) C:\Users\vault\Downloads\Toribash-4.1-Setup.exe
2012-10-08 17:42 - 2012-10-08 17:42 - 00731923 ____A C:\Users\vault\Downloads\Plath, Sylvia - The Bell Jar.mobi
2012-10-08 15:43 - 2012-10-08 15:43 - 00099328 ____A C:\Users\vault\Downloads\ScreenCap.exe
2012-10-08 10:48 - 2012-10-02 03:48 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-10-08 10:48 - 2012-10-02 03:35 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 10:48 - 2011-11-24 19:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-07 04:50 - 2012-10-07 04:50 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-07 04:49 - 2012-10-07 04:49 - 03941312 ____A (Piriform Ltd) C:\Users\vault\Downloads\ccsetup323.exe
2012-10-05 20:35 - 2012-10-05 20:35 - 00609880 ____A C:\Users\vault\Downloads\cbsidlm-tr1_7-PangoBright-75327791.exe
2012-10-05 20:35 - 2012-10-05 20:35 - 00114400 ____A (Pangolin Laser Systems Inc.) C:\Users\vault\Downloads\PangoBright.exe
2012-10-05 09:44 - 2012-10-05 09:43 - 09272595 ____A C:\Users\vault\Downloads\pidgin-2.10.6(1).exe
2012-10-04 18:28 - 2012-10-04 18:28 - 00000440 ____A C:\Users\vault\Downloads\r.zip
2012-10-03 15:16 - 2012-10-03 15:16 - 03466248 ____A (TrueCrypt Foundation) C:\Users\vault\Downloads\TrueCrypt Setup 7.1a.exe
2012-10-03 15:16 - 2012-10-03 15:16 - 00231376 ____A (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys
2012-10-03 15:15 - 2012-10-03 15:14 - 11494690 ____A C:\Users\vault\Downloads\stone_soup-0.11.0-win32-installer.exe
2012-10-02 16:56 - 2012-10-02 16:56 - 00001177 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-10-02 16:55 - 2012-10-02 16:55 - 03709536 ____A (TeamViewer GmbH) C:\Users\vault\Downloads\TeamViewer_Setup_en.exe
2012-10-02 13:38 - 2012-10-02 13:38 - 00001022 ____A C:\Users\vault\Desktop\Audacity.lnk
2012-10-02 13:37 - 2012-10-02 13:37 - 21415874 ____A (Audacity Team ) C:\Users\vault\Downloads\audacity-win-2.0.2.exe
2012-10-01 23:01 - 2012-09-08 12:25 - 00002155 ____A C:\Windows\epplauncher.mif
2012-09-30 21:39 - 2012-09-30 20:21 - 41286560 ____A C:\Users\vault\Downloads\Spirited.Away.2001.x264.DTS.AC3.HDTV.1080p.mkv
2012-09-30 19:41 - 2012-09-30 19:41 - 00001305 ____A C:\Users\vault\Downloads\Draft #1396365 deck.dec
2012-09-29 15:54 - 2012-10-31 21:08 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-27 19:54 - 2012-09-27 19:53 - 138004622 ____A C:\Users\vault\Downloads\Wallpapers.zip
2012-09-26 20:22 - 2012-09-26 20:22 - 04022504 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
2012-09-26 20:22 - 2012-09-26 20:22 - 00033846 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2012-09-26 20:22 - 2012-09-26 20:22 - 00017950 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.dat
2012-09-26 20:22 - 2012-09-26 20:22 - 00013082 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.dat
2012-09-26 20:21 - 2012-09-26 20:22 - 00033846 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.bmp
2012-09-24 14:57 - 2012-09-24 14:57 - 00001085 ____A C:\Users\Public\Desktop\Exact Audio Copy.lnk
2012-09-24 14:57 - 2012-09-24 14:56 - 04422611 ____A C:\Users\vault\Downloads\eac-1.0beta3.exe
2012-09-23 15:26 - 2012-09-08 07:13 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-09-21 23:17 - 2009-07-13 20:45 - 00430192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-20 14:08 - 2012-09-20 14:07 - 01400244 ____A C:\Users\vault\Downloads\Serenity.rar
2012-09-20 14:00 - 2012-09-20 13:59 - 01321232 ____A C:\Users\vault\Downloads\Rainmeter-2.4-r1626-beta.exe
2012-09-19 16:15 - 2012-09-19 16:15 - 07949735 ____A C:\Users\vault\Downloads\cards(1).xml
2012-09-19 16:11 - 2012-09-19 16:11 - 07968179 ____A C:\Users\vault\Downloads\cards.xml
2012-09-19 08:12 - 2012-09-19 08:10 - 93443108 ____A C:\Users\vault\Downloads\RngDthstrr-Mv-2012-320.rar
2012-09-19 08:11 - 2012-09-19 08:10 - 01138397 ____A C:\Users\vault\Downloads\7z922.exe
2012-09-19 08:05 - 2012-09-19 08:04 - 06810928 ____A (GoForSharing LLC) C:\Users\vault\Downloads\aktiv-mp3-recorder-setup.exe
2012-09-19 07:57 - 2012-09-19 07:57 - 00001269 ____A C:\Users\Public\Desktop\StationRipper.lnk
2012-09-19 07:56 - 2012-09-19 07:56 - 02897570 ____A C:\Users\vault\Downloads\StationRipperInst.exe
2012-09-17 07:49 - 2012-09-08 06:50 - 00115448 ____A C:\Users\vault\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-15 19:51 - 2012-09-15 19:51 - 22617148 ____A C:\Users\vault\Downloads\vlc-2.0.3-win32.exe
2012-09-15 19:51 - 2012-09-15 19:51 - 00001081 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-09-15 18:54 - 2012-09-15 18:54 - 09549681 ____A C:\Users\vault\Downloads\setupwpbdv12j.exe
2012-09-15 14:56 - 2012-09-15 14:56 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\vault\Downloads\CDFPlayer_8.0.4_WIN.exe
2012-09-15 13:27 - 2012-09-15 13:27 - 00795217 ____A C:\Users\vault\Downloads\Win7LogonBackgroundChanger_1_5_2.zip
2012-09-14 19:09 - 2012-09-14 19:08 - 10449147 ____A C:\Users\vault\Downloads\vaultx%27s+Snatches.zip
2012-09-14 11:19 - 2012-10-09 14:41 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 14:41 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-13 19:56 - 2012-09-13 19:56 - 14601911 ____A C:\Users\vault\Downloads\Death Grips - Black Google - 02 Guillotine.zip
2012-09-12 07:14 - 2012-09-12 07:14 - 02095104 ____A C:\Users\vault\Downloads\QuakeLiveNP_520.msi
2012-09-11 19:04 - 2012-09-11 19:04 - 09272595 ____A C:\Users\vault\Downloads\pidgin-2.10.6.exe
2012-09-11 18:16 - 2012-09-11 18:16 - 00001778 ____A C:\Users\vault\Desktop\Spotify.lnk
2012-09-11 18:15 - 2012-09-11 18:15 - 00087360 ____A (Spotify Ltd) C:\Users\vault\Downloads\SpotifySetup.exe
2012-09-10 23:31 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-09-10 11:39 - 2012-09-10 11:39 - 01359824 ____A C:\Users\vault\Downloads\pc-decrapifier-2.2.8.exe
2012-09-10 11:17 - 2012-09-10 11:17 - 02135728 ____A C:\Users\vault\Downloads\installspeedfan446.exe
2012-09-10 11:17 - 2012-09-10 11:17 - 00001022 ____A C:\Users\vault\Desktop\SpeedFan.lnk
2012-09-10 11:17 - 2012-09-10 11:17 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-09-10 09:28 - 2012-09-10 09:28 - 00889416 ____A (Microsoft Corporation) C:\Users\vault\Downloads\dotNetFx40_Full_setup.exe
2012-09-10 07:31 - 2012-09-10 07:29 - 336309940 ____A C:\Users\vault\Downloads\KSP_win_0_16.zip
2012-09-09 23:07 - 2012-09-08 12:25 - 00734478 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-09 17:22 - 2012-09-09 17:18 - 251362145 ____A (Jonas Kyratzes ) C:\Users\vault\Downloads\Ph32setup.exe
2012-09-09 17:19 - 2012-09-09 17:18 - 38829543 ____A C:\Users\vault\Downloads\Ph32patch.zip
2012-09-08 21:09 - 2012-09-08 21:08 - 10658016 ____A C:\Users\vault\Downloads\cockatrice_win32_20120702.exe
2012-09-08 20:20 - 2012-09-08 20:20 - 00559424 ____A C:\Users\vault\Downloads\flux-setup.exe
2012-09-08 12:24 - 2012-09-08 12:24 - 12621696 ____A (Microsoft Corporation) C:\Users\vault\Downloads\mseinstall.exe
2012-09-08 12:11 - 2012-09-08 12:11 - 00001868 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-09-08 12:10 - 2012-09-08 12:10 - 01633360 ____A (ooVoo LLC) C:\Users\vault\Downloads\ooVooSetup.exe
2012-09-08 11:50 - 2012-09-08 11:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-09-08 11:17 - 2012-09-08 11:17 - 00000928 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-08 11:17 - 2012-09-08 11:17 - 00000880 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2012-09-08 11:16 - 2012-09-08 11:16 - 01606656 ____A C:\Users\vault\Downloads\SteamInstall.msi
2012-09-08 11:16 - 2012-09-08 11:15 - 04403856 ____A ( ) C:\Users\vault\Downloads\cpu-z_1.61-setup-en.exe
2012-09-08 10:24 - 2012-09-08 10:24 - 18578215 ____A C:\Users\vault\Downloads\ClementineSetup-1.0.1.exe
2012-09-08 09:46 - 2012-09-08 09:46 - 00946352 ____A (Skype Technologies S.A.) C:\Users\vault\Downloads\SkypeSetup.exe
2012-09-08 09:46 - 2012-09-08 09:46 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-08 07:22 - 2012-09-08 07:21 - 00896912 ____A (BitTorrent, Inc.) C:\Users\vault\Downloads\uTorrent.exe
2012-09-08 07:11 - 2012-09-08 07:11 - 02414672 ____A (Logitech Inc.) C:\Users\vault\Downloads\setpoint632_smart.exe
2012-09-08 07:04 - 2012-09-08 07:04 - 00739808 ____A (Google Inc.) C:\Users\vault\Downloads\musicmanagerinstaller.exe
2012-09-08 06:57 - 2012-09-08 06:57 - 17790056 ____A (Mozilla) C:\Users\vault\Downloads\Firefox Setup 15.0.1 (1).exe
2012-09-08 06:57 - 2012-09-08 06:57 - 00001145 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-08 06:56 - 2012-09-08 06:56 - 17790056 ____A (Mozilla) C:\Users\vault\Downloads\Firefox Setup 15.0.1.exe
2012-09-08 04:52 - 2012-09-08 04:52 - 00000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-09-08 04:51 - 2012-09-08 04:51 - 00000020 ___SH C:\Users\vault\ntuser.ini
2012-08-31 10:19 - 2012-10-09 14:42 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2012-03-20 16:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 14:42 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 14:42 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 14:42 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-09 14:41 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 14:41 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-23 09:29 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-23 09:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-23 09:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 09:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 09:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-23 09:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-23 09:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 09:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 09:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 09:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 09:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 09:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 09:29 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 09:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 09:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 09:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 09:29 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 09:29 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 09:29 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 09:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 09:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 09:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 09:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 09:29 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 09:29 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 09:29 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 09:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 09:29 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 09:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 09:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 09:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 09:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 03:39 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 03:39 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 03:39 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 03:39 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-25 19:36 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-09 14:41 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 14:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 14:41 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 14:41 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 14:41 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 14:41 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 14:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 14:41 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 14:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 14:41 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 14:41 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 14:41 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 14:41 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 14:41 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 14:41 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 14:41 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 14:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 14:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-09 14:41 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 14:41 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-31 21:23:54
Restore point made on: 2012-11-01 06:42:59
Restore point made on: 2012-11-01 11:37:06

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6050.69 MB
Available physical RAM: 5355.32 MB
Total Pagefile: 6048.89 MB
Available Pagefile: 5340.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (TI106348W0B) (Fixed) (Total:587.35 GB) (Free:367.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (PENDRIVE) (Removable) (Total:15.2 GB) (Free:15.11 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 1024 KB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 587 GB 1501 MB
Partition 0 Extended 94 GB 588 GB
Partition 4 Logical 88 GB 588 GB
Partition 5 Logical 6049 MB 677 GB
Partition 3 Primary 15 GB 683 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106348W0B NTFS Partition 587 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 5
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 1768 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PENDRIVE FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-10-26 11:27

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-03 01:02:51
Running from F:\




================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 03 November 2012 - 12:45 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKU\vault\...\Run: [etasr] rundll32.exe "C:\Users\vault\AppData\Roaming\etasr.dll",set_palette_to_rgb [445952 2012-10-31] (ULi Electronics Inc.)
C:\Users\vault\AppData\Roaming\etasr.dll
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 solarparade

solarparade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 November 2012 - 02:25 AM

I did as instructed. FRST went fine, but when I ran ComboFix, things generally got chaotic. After getting the final ComboFix log and rebooting, many of the default programs that run on startup could not start due to various errors, with "C++ Runtime" and "WinSock" errors being among them. Also, nothing could connect to the internet even though the indicator said the connection was fine and troubleshooting did nothing. I went ahead and used the system restore point that ComboFix created and now everything runs fine. Here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-03 02:42:31 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\vault\Software\Microsoft\Windows\CurrentVersion\Run\\etasr Value deleted successfully.
C:\Users\vault\AppData\Roaming\etasr.dll moved successfully.

==== End of Fixlog ====

ComboFix 12-11-02.02 - vault 11/03/2012 2:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3871 [GMT -4:00]
Running from: c:\users\vault\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files (x86)\Complitly\FireFoxUninstaller.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\System.Data.SQLite.dll
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\programdata\Roaming
c:\users\vault\AppData\Roaming\Love
c:\users\vault\AppData\Roaming\Love\mari0\options.txt
c:\users\vault\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\vault\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\vault\AppData\Roaming\Love\not_tetris_2\options.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 04:50 . 2012-11-03 04:50 -------- d-----w- C:\FRST
2012-11-02 13:58 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE5573AD-418F-4E76-A702-5C3605096C7D}\mpengine.dll
2012-11-01 05:24 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-01 05:08 . 2012-11-01 05:08 -------- d-----w- c:\users\vault\AppData\Roaming\Malwarebytes
2012-11-01 05:08 . 2012-11-01 05:08 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 05:08 . 2012-11-01 05:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 05:08 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 04:16 . 2012-11-01 04:16 -------- d-----w- c:\users\vault\Mari0
2012-10-28 20:54 . 2012-10-28 20:54 -------- d-----w- c:\users\vault\AppData\Local\FocalFilter
2012-10-28 20:52 . 2012-10-28 20:54 -------- d-----w- c:\users\vault\AppData\Roaming\FocalFilter
2012-10-28 20:03 . 2012-10-28 20:03 -------- d-----w- c:\program files (x86)\FocalFilter
2012-10-28 20:01 . 2012-10-28 20:01 -------- d-----w- c:\users\vault\AppData\Local\Downloaded Installations
2012-10-28 19:38 . 2012-10-28 19:38 -------- d-----w- C:\Riot Games
2012-10-28 18:50 . 2012-11-03 06:56 -------- d-----w- c:\users\vault\AppData\Local\PMB Files
2012-10-28 18:50 . 2012-10-28 18:50 -------- d-----w- c:\programdata\PMB Files
2012-10-28 18:49 . 2012-10-28 18:49 -------- d-----w- c:\program files (x86)\Pando Networks
2012-10-28 01:06 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-10-27 05:41 . 2012-10-27 05:43 -------- d-----w- c:\users\vault\AppData\Roaming\calibre
2012-10-27 05:41 . 2012-10-27 05:41 -------- d-----w- c:\program files (x86)\Calibre2
2012-10-27 03:18 . 2012-10-27 03:18 -------- d-----w- c:\programdata\PopCap Games
2012-10-23 22:04 . 2012-10-23 22:04 -------- d-----w- c:\users\vault\AppData\Local\SKIDROW
2012-10-23 21:54 . 2012-10-23 22:04 -------- d-----w- c:\program files (x86)\Dishonored
2012-10-23 21:51 . 2012-10-23 21:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-23 21:51 . 2012-11-01 14:41 -------- d-----w- c:\users\vault\AppData\Roaming\DAEMON Tools Pro
2012-10-23 21:50 . 2012-10-23 21:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-10-23 21:49 . 2012-10-23 21:54 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-10-20 17:40 . 2012-10-02 11:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69A4A1A7-0DE9-46F4-AC49-47294BD684B9}\gapaengine.dll
2012-10-19 04:45 . 2012-10-19 04:48 -------- d-----w- c:\users\vault\AppData\Roaming\ImgBurn
2012-10-19 04:39 . 2012-10-19 04:39 -------- d-----w- c:\program files (x86)\ImgBurn
2012-10-19 03:05 . 2012-10-19 03:10 -------- d-----w- c:\program files (x86)\StarCraft II
2012-10-19 03:05 . 2012-10-19 03:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-19 03:05 . 2012-10-19 03:05 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-19 03:04 . 2012-10-19 03:04 -------- d-----w- c:\programdata\Battle.net
2012-10-09 22:42 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:42 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 22:42 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-09 22:42 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 21:11 . 2012-10-09 21:11 -------- d-----w- c:\users\vault\AppData\Roaming\Toribash
2012-10-09 21:11 . 2012-11-03 05:15 -------- d-----w- C:\Games
2012-10-07 12:50 . 2012-10-07 12:50 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 18:48 . 2012-10-02 11:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 18:48 . 2011-11-25 03:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 18:48 . 2012-10-02 11:48 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-03 23:16 . 2012-10-03 23:16 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-10-02 11:45 . 2012-10-02 11:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-27 04:22 . 2012-09-27 04:22 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-09-23 23:26 . 2012-09-08 15:13 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-08 22:27 . 2011-03-29 02:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-08 15:13 . 2012-09-08 15:13 53248 ----a-r- c:\users\vault\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-23 17:29 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 17:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 17:29 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 17:29 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 17:29 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 17:29 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 17:29 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 17:29 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 17:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 17:29 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 17:29 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 17:29 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 17:29 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 17:29 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 17:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 17:29 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 17:29 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 17:29 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 17:29 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 17:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 17:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 17:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 11:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 11:39 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 11:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 11:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 03:36 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-09 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\vault\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-31 7321600]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-13 399736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-08 1353080]
"F.lux"="c:\users\vault\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-28 3093624]
"Spotify Web Helper"="c:\users\vault\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 1199576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\vault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-9-16 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FocalFilterHelper.lnk - c:\program files (x86)\FocalFilter\FocalFilterHelper.exe [2012-10-25 176640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-21 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-06-10 482384]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-23 283200]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-05-01 20592]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 18:48]
.
2012-11-03 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-09-10 17:44]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 23:25]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 23:25]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097665607-1011041330-2731554553-1000Core.job
- c:\users\vault\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 15:05]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097665607-1011041330-2731554553-1000UA.job
- c:\users\vault\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-05 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 129.21.3.17 129.21.4.18
FF - ProfilePath - c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2012-09-08 15:28; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2012-09-08 15:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-09-14 23:17; readability@readability.com; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\readability@readability.com.xpi
FF - ExtSQL: 2012-11-02 02:41; jid0-cNanOXb3cGmEEBVGF1SQwEJecGg@jetpack; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\jid0-cNanOXb3cGmEEBVGF1SQwEJecGg@jetpack.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-PATHPILOT - c:\program files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
AddRemove-Salts & Solubility - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
.
**************************************************************************
.
Completion time: 2012-11-03 03:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 07:03
.
Pre-Run: 394,346,123,264 bytes free
Post-Run: 393,839,685,632 bytes free
.
- - End Of File - - A8D0BCDAD0403A045BCA6C8842BA8461

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 03 November 2012 - 09:45 AM

glad you were able to use the restore point to get things back working again, sometimes malware is very unhappy to be ripped out and causes all sorts of chaos,

we just have to sweep for leftovers


Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 solarparade

solarparade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 November 2012 - 04:15 PM

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 13:40:37
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : vault - VAULT-PC
# Boot Mode : Normal
# Running from : C:\Users\vault\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\vault\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\vault\AppData\Roaming\Complitly

***** [Registry] *****

Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\vault\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2601 octets] - [03/11/2012 13:40:37]

########## EOF - C:\AdwCleaner[S1].txt - [2661 octets] ##########

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
vault :: VAULT-PC [administrator]

11/3/2012 2:10:44 PM
mbam-log-2012-11-03 (14-10-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204570
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Program Files (x86)\DAEMON Tools Pro\Patch.exe a variant of Win32/HackTool.Patcher.AD application
C:\Users\vault\Downloads\cbsidlm-tr1_7-PangoBright-75327791.exe Win32/DownloadAdmin.D application
C:\Users\vault\Downloads\r.zip Archbomb.ZIP trojan
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51.rar multiple threats
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51d.zip multiple threats
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Crack\Patch.exe a variant of Win32/HackTool.Patcher.AD application
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Setup\DAEMONToolsPro510-0333.exe Win32/OpenCandy application
C:\Users\vault\Downloads\What.CD Toolbox 5 for Windows\Content Analysis\Adobe Audition CS5.5\keygen.exe a variant of Win32/Keygen.BH application
C:\Users\vault\Downloads\What.CD Toolbox 5 for Windows\Metadata\Tag.And.Rename.v3.5.7.WinALL.Cracked-BRD\Patch.exe a variant of Win32/HackTool.Patcher.T application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 03 November 2012 - 04:21 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\DAEMON Tools Pro\Patch.exe 
C:\Users\vault\Downloads\cbsidlm-tr1_7-PangoBright-75327791.exe 
C:\Users\vault\Downloads\r.zip 
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51.rar 
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51d.zip 
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Crack\Patch.exe 
C:\Users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Setup\DAEMONToolsPro510-0333.exe 
C:\Users\vault\Downloads\What.CD Toolbox 5 for Windows\Content Analysis\Adobe Audition CS5.5\keygen.exe 
C:\Users\vault\Downloads\What.CD Toolbox 5 for Windows\Metadata\Tag.And.Rename.v3.5.7.WinALL.Cracked-BRD\Patch.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 solarparade

solarparade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 November 2012 - 06:34 PM

ComboFix 12-11-04.01 - vault 11/03/2012 18:50:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3690 [GMT -4:00]
Running from: c:\users\vault\Desktop\ComboFix.exe
Command switches used :: c:\users\vault\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\DAEMON Tools Pro\Patch.exe"
"c:\users\vault\Downloads\cbsidlm-tr1_7-PangoBright-75327791.exe"
"c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51.rar"
"c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51d.zip"
"c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Crack\Patch.exe"
"c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Setup\DAEMONToolsPro510-0333.exe"
"c:\users\vault\Downloads\r.zip"
"c:\users\vault\Downloads\What.CD Toolbox 5 for Windows\Content Analysis\Adobe Audition CS5.5\keygen.exe"
"c:\users\vault\Downloads\What.CD Toolbox 5 for Windows\Metadata\Tag.And.Rename.v3.5.7.WinALL.Cracked-BRD\Patch.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DAEMON Tools Pro\Patch.exe
c:\users\vault\Downloads\cbsidlm-tr1_7-PangoBright-75327791.exe
c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51.rar
c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\brdtp51d.zip
c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Crack\Patch.exe
c:\users\vault\Downloads\Daemon.Tools.Pro.Advanced.v5.1.0.333.Multilingual.Cracked.6000th.Release-BRD\Setup\DAEMONToolsPro510-0333.exe
c:\users\vault\Downloads\r.zip
c:\users\vault\Downloads\What.CD Toolbox 5 for Windows\Content Analysis\Adobe Audition CS5.5\keygen.exe
c:\users\vault\Downloads\What.CD Toolbox 5 for Windows\Metadata\Tag.And.Rename.v3.5.7.WinALL.Cracked-BRD\Patch.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 23:20 . 2012-11-03 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 18:14 . 2012-11-03 18:14 -------- d-----w- c:\program files (x86)\ESET
2012-11-03 07:26 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8170B466-6AD4-4A9C-8E34-1B834B66A28A}\mpengine.dll
2012-11-03 07:20 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-03 04:50 . 2012-11-03 04:50 -------- d-----w- C:\FRST
2012-11-01 05:08 . 2012-11-01 05:08 -------- d-----w- c:\users\vault\AppData\Roaming\Malwarebytes
2012-11-01 05:08 . 2012-11-01 05:08 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 05:08 . 2012-11-01 05:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 05:08 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 04:16 . 2012-11-01 04:16 -------- d-----w- c:\users\vault\Mari0
2012-10-28 20:54 . 2012-10-28 20:54 -------- d-----w- c:\users\vault\AppData\Local\FocalFilter
2012-10-28 20:52 . 2012-10-28 20:54 -------- d-----w- c:\users\vault\AppData\Roaming\FocalFilter
2012-10-28 20:03 . 2012-10-28 20:03 -------- d-----w- c:\program files (x86)\FocalFilter
2012-10-28 20:01 . 2012-10-28 20:01 -------- d-----w- c:\users\vault\AppData\Local\Downloaded Installations
2012-10-28 19:38 . 2012-10-28 19:38 -------- d-----w- C:\Riot Games
2012-10-28 18:50 . 2012-11-03 23:20 -------- d-----w- c:\users\vault\AppData\Local\PMB Files
2012-10-28 18:50 . 2012-11-03 07:16 -------- d-----w- c:\programdata\PMB Files
2012-10-28 18:49 . 2012-10-28 18:49 -------- d-----w- c:\program files (x86)\Pando Networks
2012-10-28 01:06 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-10-28 01:06 . 2008-07-12 12:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-10-27 05:41 . 2012-10-27 05:43 -------- d-----w- c:\users\vault\AppData\Roaming\calibre
2012-10-27 05:41 . 2012-10-27 05:41 -------- d-----w- c:\program files (x86)\Calibre2
2012-10-27 03:18 . 2012-10-27 03:18 -------- d-----w- c:\programdata\PopCap Games
2012-10-23 22:04 . 2012-10-23 22:04 -------- d-----w- c:\users\vault\AppData\Local\SKIDROW
2012-10-23 21:54 . 2012-10-23 22:04 -------- d-----w- c:\program files (x86)\Dishonored
2012-10-23 21:51 . 2012-10-23 21:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-23 21:51 . 2012-11-01 14:41 -------- d-----w- c:\users\vault\AppData\Roaming\DAEMON Tools Pro
2012-10-23 21:50 . 2012-11-03 23:19 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-10-23 21:49 . 2012-10-23 21:54 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-10-20 17:40 . 2012-10-02 11:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69A4A1A7-0DE9-46F4-AC49-47294BD684B9}\gapaengine.dll
2012-10-19 04:45 . 2012-10-19 04:48 -------- d-----w- c:\users\vault\AppData\Roaming\ImgBurn
2012-10-19 04:39 . 2012-10-19 04:39 -------- d-----w- c:\program files (x86)\ImgBurn
2012-10-19 03:05 . 2012-10-19 03:10 -------- d-----w- c:\program files (x86)\StarCraft II
2012-10-19 03:05 . 2012-10-19 03:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-19 03:05 . 2012-10-19 03:05 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-19 03:04 . 2012-10-19 03:04 -------- d-----w- c:\programdata\Battle.net
2012-10-09 22:42 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:42 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 22:42 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-09 22:42 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 21:11 . 2012-10-09 21:11 -------- d-----w- c:\users\vault\AppData\Roaming\Toribash
2012-10-09 21:11 . 2012-11-03 05:15 -------- d-----w- C:\Games
2012-10-07 12:50 . 2012-10-07 12:50 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 18:48 . 2012-10-02 11:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 18:48 . 2011-11-25 03:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 18:48 . 2012-10-02 11:48 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-03 23:16 . 2012-10-03 23:16 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-10-02 11:45 . 2012-10-02 11:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-27 04:22 . 2012-09-27 04:22 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-09-23 23:26 . 2012-09-08 15:13 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-08 22:27 . 2011-03-29 02:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-08 15:13 . 2012-09-08 15:13 53248 ----a-r- c:\users\vault\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-23 17:29 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 17:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 17:29 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 17:29 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 17:29 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 17:29 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 17:29 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 17:29 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 17:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 17:29 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 17:29 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 17:29 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 17:29 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 17:29 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 17:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 17:29 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 17:29 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 17:29 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 17:29 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 17:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 17:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 17:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 11:39 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 11:39 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 11:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 11:39 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 03:36 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-09 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\vault\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-13 399736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-08 1353080]
"F.lux"="c:\users\vault\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-28 3093624]
"Spotify Web Helper"="c:\users\vault\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 1199576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PATHPILOT"="c:\program files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk" [BU]
.
c:\users\vault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-9-16 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FocalFilterHelper.lnk - c:\program files (x86)\FocalFilter\FocalFilterHelper.exe [2012-10-25 176640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-21 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-06-10 482384]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-23 283200]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-05-01 20592]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 18:48]
.
2012-11-03 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-09-10 17:44]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 23:25]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 23:25]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097665607-1011041330-2731554553-1000Core.job
- c:\users\vault\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 15:05]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097665607-1011041330-2731554553-1000UA.job
- c:\users\vault\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-05 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 129.21.3.17 129.21.4.18
FF - ProfilePath - c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2012-09-08 15:28; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2012-09-08 15:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-09-14 23:17; readability@readability.com; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\readability@readability.com.xpi
FF - ExtSQL: 2012-11-02 02:41; jid0-cNanOXb3cGmEEBVGF1SQwEJecGg@jetpack; c:\users\vault\AppData\Roaming\Mozilla\Firefox\Profiles\81k5ekkt.default\extensions\jid0-cNanOXb3cGmEEBVGF1SQwEJecGg@jetpack.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-11-03 19:26:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 23:26
ComboFix2.txt 2012-11-03 07:03
.
Pre-Run: 392,249,880,576 bytes free
Post-Run: 392,111,288,320 bytes free
.
- - End Of File - - 0F40808A4023C4F00339037409BF2255


MiniToolBox by Farbar Version: 23-07-2012
Ran by vault (administrator) on 03-11-2012 at 19:33:03
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

µTorrent (Version: 2.2.1)
7-Zip 9.22beta
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X MUI (Version: 10.0.0)
Audacity 2.0.2 (Version: 2.0.2)
BIT.TRIP RUNNER
calibre (Version: 0.9.4)
CCleaner (Version: 3.23)
Clementine (Version: 1.0.1)
Cockatrice
Counter-Strike: Source
CPUID CPU-Z 1.61.3
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 5.1.0.0333)
dBpoweramp DSP Effects (Version: Release 7)
dBpoweramp Music Converter (Version: Release 14.2)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dishonored version 5.1 (Version: 5.1)
Dota 2
Dungeon Crawl Stone Soup (Version: 0.11.0)
Dungeons of Dredmor
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Exact Audio Copy 1.0beta3 (Version: 1.0beta3)
F.lux
FocalFilter (Version: 0.9.00)
Frozen Synapse
FTL: Faster Than Light
Google Talk Plugin (Version: 3.10.2.10212)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
ImgBurn (Version: 2.5.7.0)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2430)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® WiDi (Version: 2.1.42.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software (Version: 6.05.0000)
JMicron Flash Media Controller Driver (Version: 1.0.59.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
League of Legends (Version: 1.3)
Logitech SetPoint 6.32 (Version: 6.32.20)
Magic: The Gathering - Duels of the Planeswalkers 2013
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mathematica Extras 8.0 (2609412) (Version: 8.0.4)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Music Manager
ooVoo (Version: 3.5.3018)
Pando Media Booster (Version: 2.6.0.8)
Pidgin (Version: 2.10.6)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Prince of Persia
Quake Live Mozilla Plugin (Version: 1.0.520)
Rainmeter (Version: 2.4 beta r1626)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6323)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Salts & Solubility
Skype™ 5.10 (Version: 5.10.116)
SpeedFan (remove only)
Spotify (Version: 0.8.5.1333.g822e0de8)
StarCraft II (Version: 1.5.3.23260)
StationRipper 2.98.5 (Version: 2.98.5)
Steam (Version: 1.0.0.0)
Super Crate Box
Super Meat Boy
Synaptics Pointing Device Driver (Version: 15.2.11.1)
Team Fortress 2
TeamViewer 7 (Version: 7.0.14563)
The Binding of Isaac
Ticket to Ride
Torchlight II
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.0)
Toshiba Book Place (Version: 2.2.7530)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.37C)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
TOSHIBA Media Controller (Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.5)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (Version: 1.0.4)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.2001)
TOSHIBA Service Station (Version: 2.3.0)
TOSHIBA Sleep Utility (Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.7.06-A)
TOSHIBA Web Camera Application (Version: 2.0.3.30)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TrueCrypt (Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Utility Common Driver (Version: 1.0.52.3C)
VLC media player 2.0.3 (Version: 2.0.3)
West Point Bridge Designer 2012 (2nd Edition) (remove only)
Windows 7 Logon Background Changer (Version: 1.5.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (Version: 8.0.4)
XChat-WDK (x64) (Version: 15.03.0.0)
Yume Nikki 0.10 English

**** End of log ****

Farbar Service Scanner Version: 03-11-2012
Ran by vault (administrator) on 03-11-2012 at 19:34:12
Running from "C:\Users\vault\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Everything is running fine! =D

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 03 November 2012 - 06:50 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS, Farbar and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 solarparade

solarparade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 November 2012 - 10:22 PM

Thank you so much!!!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 04 November 2012 - 07:09 AM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 AM

Posted 04 November 2012 - 07:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users