Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Virus.win64.zaccess


  • This topic is locked This topic is locked
4 replies to this topic

#1 Sporked

Sporked

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 21 December 2012 - 02:51 PM

Hi,

I am having troulbe with a virus, I beleive it is Virus.win64.zaccess. I got the name from tdsskiller, which didn't fix it.


I have the DDS logs below and attached, I also ran a Farbar scan, its log is also below.

Thanks for the help.


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457
Run by Michael at 11:42:22 on 2012-12-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7314 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Michael\Downloads\FRST64.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.dell.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Chromium] rundll32.exe "C:\Users\Michael\AppData\Local\Cyberlink\Chromium\trijtzxoi.dll",RunServiceW
uRun: [FalloutNV] rundll32.exe "C:\Users\Michael\AppData\Local\MFAData\FalloutNV\iodogynlo.dll",DllRegisterServerW
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{2B835876-D9A8-4F3C-95AF-89EE7C3D52BC} : NameServer = 75.75.75.75,75.75.75.76
TCP: Interfaces\{7CA4EA21-AD2E-45CD-B96F-C2D0BE273C56} : DHCPNameServer = 192.168.1.254
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-22 55856]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 30568]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2011-7-22 657920]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-22 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-22 412776]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-22 203264]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/22 18:56:32;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-22 13336]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-22 115216]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-22 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-22 176640]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-24 1255736]
.
=============== Created Last 30 ================
.
2012-12-21 19:29:02 -------- d-----w- C:\FRST
2012-12-21 19:18:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-12-21 19:08:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-21 17:51:03 -------- d-----w- C:\Users\Michael\AppData\Local\{26C72547-EC67-4E6D-8D35-20BC5380A1DF}
2012-12-21 11:00:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 11:00:13 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 11:00:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 11:00:13 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 05:21:57 -------- d-----w- C:\Users\Michael\AppData\Local\{6AC379F1-87C7-4622-8E26-C5B332B3C722}
2012-12-20 17:21:46 -------- d-----w- C:\Users\Michael\AppData\Local\{175F190B-95E0-405C-B2CE-EA1A987E6B2D}
2012-12-20 05:21:35 -------- d-----w- C:\Users\Michael\AppData\Local\{6042AFA9-9258-451F-AB05-9097765BE12A}
2012-12-19 17:21:11 -------- d-----w- C:\Users\Michael\AppData\Local\{10A8F34B-D5A0-4029-AF0F-27E9D7637E83}
2012-12-19 05:20:59 -------- d-----w- C:\Users\Michael\AppData\Local\{D51042E6-1BCD-449E-BD72-CA0748BFC266}
2012-12-18 17:20:48 -------- d-----w- C:\Users\Michael\AppData\Local\{D7F85508-3AC6-487C-BE10-070AC20D2EC8}
2012-12-18 05:20:36 -------- d-----w- C:\Users\Michael\AppData\Local\{3452D02F-55B8-43A2-884D-074FE1A7B4F3}
2012-12-17 17:20:25 -------- d-----w- C:\Users\Michael\AppData\Local\{599BDE24-FD66-425C-9B18-3433C0E12BDC}
2012-12-17 05:20:14 -------- d-----w- C:\Users\Michael\AppData\Local\{CB88434C-2BD4-4B4B-BEE2-E14A73782C8C}
2012-12-16 17:20:02 -------- d-----w- C:\Users\Michael\AppData\Local\{C40D77B7-9898-4059-ADDA-40D24D67734A}
2012-12-16 08:00:12 -------- d-----w- C:\Users\Michael\AppData\Roaming\Carbon
2012-12-16 05:19:51 -------- d-----w- C:\Users\Michael\AppData\Local\{5FAFD3A3-20B6-4B3A-8859-D74A0FF24479}
2012-12-15 17:19:39 -------- d-----w- C:\Users\Michael\AppData\Local\{FFE60271-09C4-439D-92CC-A87894F30930}
2012-12-15 05:19:28 -------- d-----w- C:\Users\Michael\AppData\Local\{9E9B7BD9-ED29-4A02-A8BE-10E3CE681C87}
2012-12-14 17:19:16 -------- d-----w- C:\Users\Michael\AppData\Local\{FD6C3E14-89FD-4592-9386-2D42799A2211}
2012-12-14 05:19:05 -------- d-----w- C:\Users\Michael\AppData\Local\{4DA7CF95-6A90-41D1-A83B-34956EDC5C1F}
2012-12-13 17:18:54 -------- d-----w- C:\Users\Michael\AppData\Local\{7320A266-ED98-4EA7-BDDA-E9E8DE43F6B8}
2012-12-13 05:18:42 -------- d-----w- C:\Users\Michael\AppData\Local\{35555C28-7744-4F9C-A07D-786308655BCE}
2012-12-12 17:18:31 -------- d-----w- C:\Users\Michael\AppData\Local\{C253A0D3-0460-4166-84E0-8FD97136388A}
2012-12-12 06:57:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 05:14:31 -------- d-----w- C:\Users\Michael\AppData\Local\{DA3F3842-3265-4E0A-A52B-5F80CBB83E24}
2012-12-11 17:14:19 -------- d-----w- C:\Users\Michael\AppData\Local\{80D1984A-C42C-4D2C-A86C-E1340500376F}
2012-12-11 05:14:08 -------- d-----w- C:\Users\Michael\AppData\Local\{922CB0AA-8E08-4B1A-8655-B081483524C5}
2012-12-10 17:13:56 -------- d-----w- C:\Users\Michael\AppData\Local\{D04F08A7-10BB-48DC-BDF2-47BF7795921C}
2012-12-10 05:13:45 -------- d-----w- C:\Users\Michael\AppData\Local\{9EA0F5D1-8EE3-41A3-B76A-2AA7E8F9E01E}
2012-12-09 17:13:34 -------- d-----w- C:\Users\Michael\AppData\Local\{EE100D3B-FA53-4285-8997-786644D9C9E5}
2012-12-07 22:48:38 -------- d-----w- C:\Users\Michael\AppData\Local\{9CA98B69-631D-46DD-AE79-25466B3BF085}
2012-12-07 10:48:27 -------- d-----w- C:\Users\Michael\AppData\Local\{7440DABF-AE50-4481-8E14-8CAB089B75C2}
2012-12-06 22:48:16 -------- d-----w- C:\Users\Michael\AppData\Local\{A51B223B-4D51-4DAD-A76E-48D6EACDA911}
2012-12-06 10:48:04 -------- d-----w- C:\Users\Michael\AppData\Local\{845A0E8C-65FA-4D0B-AC42-985DAE4F5EFC}
2012-12-03 10:46:43 -------- d-----w- C:\Users\Michael\AppData\Local\{FE012AAD-4217-4200-A330-3F2D8B4BAC70}
2012-12-02 22:46:18 -------- d-----w- C:\Users\Michael\AppData\Local\{7F5D0FBA-78D7-40BC-9847-DD2A18C885D6}
2012-12-02 10:46:07 -------- d-----w- C:\Users\Michael\AppData\Local\{4545F81F-775B-4ED3-8A4C-D052C1AD88AE}
2012-12-01 22:45:56 -------- d-----w- C:\Users\Michael\AppData\Local\{56AC8DFB-217D-4DF2-8426-AC5EE48B9C89}
2012-12-01 10:45:44 -------- d-----w- C:\Users\Michael\AppData\Local\{6C75CC4F-BEA9-4E2C-B46C-9EFC886976BA}
2012-11-30 22:45:33 -------- d-----w- C:\Users\Michael\AppData\Local\{43F6C129-D3D3-4858-8F91-63E416E4AC74}
2012-11-30 10:45:21 -------- d-----w- C:\Users\Michael\AppData\Local\{22CA0E60-3BB3-4610-B2FF-79F23B6C20EC}
2012-11-29 22:45:10 -------- d-----w- C:\Users\Michael\AppData\Local\{00EC6A51-473E-435A-930F-BFA3794A793F}
2012-11-29 10:44:59 -------- d-----w- C:\Users\Michael\AppData\Local\{F00AB40F-FBF8-4B0D-91CD-B6DD6A01058F}
2012-11-28 22:44:47 -------- d-----w- C:\Users\Michael\AppData\Local\{5FB49C64-98DA-4556-BCF0-4BC22B0847E1}
2012-11-28 10:44:24 -------- d-----w- C:\Users\Michael\AppData\Local\{1AD124D7-C0A9-4311-98A8-722657D31125}
2012-11-27 22:44:12 -------- d-----w- C:\Users\Michael\AppData\Local\{E0C9A3B7-B202-46DB-AA82-E1190FBDF2C6}
2012-11-27 10:44:01 -------- d-----w- C:\Users\Michael\AppData\Local\{C7DA6976-6286-4DF3-AB37-8D9257F78942}
2012-11-26 22:43:49 -------- d-----w- C:\Users\Michael\AppData\Local\{A4B396AE-CF88-401A-ACF2-46F71B9E9BE6}
2012-11-26 10:43:38 -------- d-----w- C:\Users\Michael\AppData\Local\{9C33CFF5-BE3D-49BD-B5DD-9C91BD944EC8}
2012-11-25 22:43:26 -------- d-----w- C:\Users\Michael\AppData\Local\{677B1930-4DE8-4FE3-B4D4-7BC0603E2FB9}
2012-11-25 10:43:15 -------- d-----w- C:\Users\Michael\AppData\Local\{0F60BFED-60E6-4742-A3AF-12A7D148EFD1}
2012-11-24 22:42:58 -------- d-----w- C:\Users\Michael\AppData\Local\{F68ACD09-BD6C-4E7A-8B56-A85C7AEDEF1D}
2012-11-24 10:42:46 -------- d-----w- C:\Users\Michael\AppData\Local\{92EB3559-62E7-417D-B436-FCCE19063684}
2012-11-24 07:42:30 -------- d-----w- C:\Users\Michael\AppData\Local\SCE
2012-11-24 07:42:30 -------- d-----w- C:\Crash
2012-11-24 07:42:29 -------- d-----w- C:\Users\Michael\AppData\Local\Sony Online Entertainment
2012-11-23 22:42:35 -------- d-----w- C:\Users\Michael\AppData\Local\{9AC9F285-4B93-43D6-98A2-1C8875E2EAF0}
2012-11-23 10:42:24 -------- d-----w- C:\Users\Michael\AppData\Local\{C0FD43F0-7391-4506-9074-A31430649ABE}
2012-11-22 22:42:00 -------- d-----w- C:\Users\Michael\AppData\Local\{42BA9D72-96EE-4050-AF2D-314759ADD5EE}
2012-11-22 10:41:36 -------- d-----w- C:\Users\Michael\AppData\Local\{30F4061E-5361-4DD3-97F4-B63E430ACD06}
2012-11-21 22:41:25 -------- d-----w- C:\Users\Michael\AppData\Local\{55ED9871-C039-40A0-9876-DCFCC9E2F5F5}
.
==================== Find3M ====================
.
2012-12-12 19:16:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 19:16:09 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 05:29:23 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-22 21:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 11:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-05 11:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 10:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 11:43:25.79 ===============














Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2012
Ran by Michael at 21-12-2012 11:29:05
Running from C:\Users\Michael\Downloads
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-12-21 11:28 - 2012-12-21 11:28 - 01461035 ____A (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2012-12-21 11:18 - 2012-12-21 11:18 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-21 11:08 - 2012-12-21 11:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-21 11:06 - 2012-12-21 11:15 - 00003772 ____A C:\Users\Michael\Desktop\Rkill.txt
2012-12-21 11:06 - 2012-12-21 11:06 - 00000000 ____D C:\Users\Michael\Desktop\rkill
2012-12-21 11:03 - 2012-12-21 11:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\explorer.exe
2012-12-21 11:03 - 2012-12-21 11:03 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Michael\Desktop\explorer2.exe
2012-12-21 09:51 - 2012-12-21 09:51 - 00000000 ____D C:\Users\Michael\AppData\Local\{26C72547-EC67-4E6D-8D35-20BC5380A1DF}
2012-12-21 03:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 03:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 03:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 03:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-20 21:21 - 2012-12-20 21:22 - 00000000 ____D C:\Users\Michael\AppData\Local\{6AC379F1-87C7-4622-8E26-C5B332B3C722}
2012-12-20 09:21 - 2012-12-20 09:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{175F190B-95E0-405C-B2CE-EA1A987E6B2D}
2012-12-19 21:21 - 2012-12-19 21:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{6042AFA9-9258-451F-AB05-9097765BE12A}
2012-12-19 09:21 - 2012-12-19 09:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{10A8F34B-D5A0-4029-AF0F-27E9D7637E83}
2012-12-18 21:20 - 2012-12-18 21:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{D51042E6-1BCD-449E-BD72-CA0748BFC266}
2012-12-18 09:20 - 2012-12-18 09:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{D7F85508-3AC6-487C-BE10-070AC20D2EC8}
2012-12-17 21:20 - 2012-12-17 21:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{3452D02F-55B8-43A2-884D-074FE1A7B4F3}
2012-12-17 09:20 - 2012-12-17 09:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{599BDE24-FD66-425C-9B18-3433C0E12BDC}
2012-12-16 21:20 - 2012-12-16 21:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{CB88434C-2BD4-4B4B-BEE2-E14A73782C8C}
2012-12-16 09:20 - 2012-12-16 09:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{C40D77B7-9898-4059-ADDA-40D24D67734A}
2012-12-16 00:00 - 2012-12-16 00:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Carbon
2012-12-15 23:50 - 2012-12-15 23:50 - 00000222 ____A C:\Users\Michael\Desktop\AirMech.url
2012-12-15 21:19 - 2012-12-15 21:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{5FAFD3A3-20B6-4B3A-8859-D74A0FF24479}
2012-12-15 09:19 - 2012-12-15 09:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{FFE60271-09C4-439D-92CC-A87894F30930}
2012-12-14 21:19 - 2012-12-14 21:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{9E9B7BD9-ED29-4A02-A8BE-10E3CE681C87}
2012-12-14 09:19 - 2012-12-14 09:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{FD6C3E14-89FD-4592-9386-2D42799A2211}
2012-12-14 02:02 - 2012-12-21 09:50 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Michael.job
2012-12-14 02:02 - 2012-12-21 02:09 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Michael.job
2012-12-14 02:02 - 2012-12-19 23:05 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Michael.job
2012-12-13 21:19 - 2012-12-13 21:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{4DA7CF95-6A90-41D1-A83B-34956EDC5C1F}
2012-12-13 09:18 - 2012-12-13 09:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{7320A266-ED98-4EA7-BDDA-E9E8DE43F6B8}
2012-12-12 21:18 - 2012-12-12 21:18 - 00000000 ____D C:\Users\Michael\AppData\Local\{35555C28-7744-4F9C-A07D-786308655BCE}
2012-12-12 09:18 - 2012-12-12 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\{C253A0D3-0460-4166-84E0-8FD97136388A}
2012-12-12 03:00 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 03:00 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 03:00 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 03:00 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 03:00 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 03:00 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 03:00 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 03:00 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 03:00 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 03:00 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 03:00 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 03:00 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 03:00 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 03:00 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 03:00 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 03:00 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 03:00 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 03:00 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 03:00 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 03:00 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 03:00 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 03:00 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 03:00 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 03:00 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 03:00 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 03:00 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 03:00 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 03:00 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 03:00 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 03:00 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 03:00 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 03:00 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-11 22:57 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 22:57 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 22:57 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 22:57 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 22:57 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 22:57 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 22:57 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 22:57 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 22:57 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 22:57 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 22:57 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 22:57 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 22:57 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 22:57 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 22:57 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 22:57 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 22:57 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 22:57 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 22:57 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 22:57 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 21:14 - 2012-12-11 21:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{DA3F3842-3265-4E0A-A52B-5F80CBB83E24}
2012-12-11 09:14 - 2012-12-11 09:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{80D1984A-C42C-4D2C-A86C-E1340500376F}
2012-12-10 21:14 - 2012-12-10 21:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{922CB0AA-8E08-4B1A-8655-B081483524C5}
2012-12-10 09:13 - 2012-12-10 09:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{D04F08A7-10BB-48DC-BDF2-47BF7795921C}
2012-12-09 21:13 - 2012-12-09 21:13 - 00000000 ____D C:\Users\Michael\AppData\Local\{9EA0F5D1-8EE3-41A3-B76A-2AA7E8F9E01E}
2012-12-09 09:13 - 2012-12-09 09:13 - 00000000 ____D C:\Users\Michael\AppData\Local\{EE100D3B-FA53-4285-8997-786644D9C9E5}
2012-12-07 14:48 - 2012-12-07 14:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{9CA98B69-631D-46DD-AE79-25466B3BF085}
2012-12-07 02:48 - 2012-12-07 02:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{7440DABF-AE50-4481-8E14-8CAB089B75C2}
2012-12-06 14:48 - 2012-12-06 14:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{A51B223B-4D51-4DAD-A76E-48D6EACDA911}
2012-12-06 02:48 - 2012-12-06 02:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{845A0E8C-65FA-4D0B-AC42-985DAE4F5EFC}
2012-12-03 02:46 - 2012-12-05 14:47 - 00000000 ____D C:\Users\Michael\AppData\Local\{FE012AAD-4217-4200-A330-3F2D8B4BAC70}
2012-12-02 14:46 - 2012-12-02 14:46 - 00000000 ____D C:\Users\Michael\AppData\Local\{7F5D0FBA-78D7-40BC-9847-DD2A18C885D6}
2012-12-02 02:46 - 2012-12-02 02:46 - 00000000 ____D C:\Users\Michael\AppData\Local\{4545F81F-775B-4ED3-8A4C-D052C1AD88AE}
2012-12-01 14:45 - 2012-12-01 14:46 - 00000000 ____D C:\Users\Michael\AppData\Local\{56AC8DFB-217D-4DF2-8426-AC5EE48B9C89}
2012-12-01 02:45 - 2012-12-01 02:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{6C75CC4F-BEA9-4E2C-B46C-9EFC886976BA}
2012-11-30 14:45 - 2012-11-30 14:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{43F6C129-D3D3-4858-8F91-63E416E4AC74}
2012-11-30 02:45 - 2012-11-30 02:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{22CA0E60-3BB3-4610-B2FF-79F23B6C20EC}
2012-11-29 14:45 - 2012-11-29 14:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{00EC6A51-473E-435A-930F-BFA3794A793F}
2012-11-29 02:44 - 2012-11-29 02:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{F00AB40F-FBF8-4B0D-91CD-B6DD6A01058F}
2012-11-28 14:44 - 2012-11-28 14:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{5FB49C64-98DA-4556-BCF0-4BC22B0847E1}
2012-11-28 02:44 - 2012-11-28 02:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{1AD124D7-C0A9-4311-98A8-722657D31125}
2012-11-27 14:44 - 2012-11-27 14:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{E0C9A3B7-B202-46DB-AA82-E1190FBDF2C6}
2012-11-27 02:44 - 2012-11-27 02:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{C7DA6976-6286-4DF3-AB37-8D9257F78942}
2012-11-26 14:43 - 2012-11-26 14:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{A4B396AE-CF88-401A-ACF2-46F71B9E9BE6}
2012-11-26 02:43 - 2012-11-26 02:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{9C33CFF5-BE3D-49BD-B5DD-9C91BD944EC8}
2012-11-25 14:43 - 2012-11-25 14:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{677B1930-4DE8-4FE3-B4D4-7BC0603E2FB9}
2012-11-25 02:43 - 2012-11-25 02:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{0F60BFED-60E6-4742-A3AF-12A7D148EFD1}
2012-11-24 14:42 - 2012-11-24 14:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{F68ACD09-BD6C-4E7A-8B56-A85C7AEDEF1D}
2012-11-24 02:42 - 2012-11-24 02:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{92EB3559-62E7-417D-B436-FCCE19063684}
2012-11-23 23:42 - 2012-11-23 23:42 - 00000000 ____D C:\Users\Michael\AppData\Local\Sony Online Entertainment
2012-11-23 23:42 - 2012-11-23 23:42 - 00000000 ____D C:\Users\Michael\AppData\Local\SCE
2012-11-23 23:42 - 2012-11-23 23:42 - 00000000 ____D C:\Crash
2012-11-23 14:42 - 2012-11-23 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{9AC9F285-4B93-43D6-98A2-1C8875E2EAF0}
2012-11-23 07:43 - 2012-11-23 07:43 - 00000222 ____A C:\Users\Michael\Desktop\PlanetSide 2.url
2012-11-23 02:42 - 2012-11-23 02:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{C0FD43F0-7391-4506-9074-A31430649ABE}
2012-11-22 19:55 - 2012-11-22 19:55 - 00000000 ____D C:\Users\Michael\Documents\Telltale Games
2012-11-22 17:21 - 2012-11-22 17:21 - 00000222 ____A C:\Users\Michael\Desktop\The Walking Dead.url
2012-11-22 14:42 - 2012-11-22 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{42BA9D72-96EE-4050-AF2D-314759ADD5EE}
2012-11-22 02:41 - 2012-11-22 02:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{30F4061E-5361-4DD3-97F4-B63E430ACD06}
2012-11-21 14:41 - 2012-11-21 14:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{55ED9871-C039-40A0-9876-DCFCC9E2F5F5}
2012-11-21 02:41 - 2012-11-21 02:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{BE08DE5B-91D5-46C2-8578-34E455707FA0}


==================== One Month Modified Files and Folders =======

2012-12-21 11:28 - 2012-12-21 11:28 - 01461035 ____A (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2012-12-21 11:18 - 2012-12-21 11:18 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-21 11:17 - 2012-12-21 11:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-21 11:17 - 2009-07-13 21:13 - 00779982 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-21 11:15 - 2012-12-21 11:06 - 00003772 ____A C:\Users\Michael\Desktop\Rkill.txt
2012-12-21 11:12 - 2011-06-22 15:48 - 01594274 ____A C:\Windows\WindowsUpdate.log
2012-12-21 11:12 - 2009-07-13 20:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-21 11:12 - 2009-07-13 20:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-21 11:09 - 2012-11-01 10:38 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-21 11:06 - 2012-12-21 11:06 - 00000000 ____D C:\Users\Michael\Desktop\rkill
2012-12-21 11:04 - 2012-12-21 11:03 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\explorer.exe
2012-12-21 11:03 - 2012-12-21 11:03 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Michael\Desktop\explorer2.exe
2012-12-21 11:02 - 2011-07-22 23:17 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-21 10:54 - 2011-07-24 14:06 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-21 10:16 - 2012-09-10 10:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-21 09:51 - 2012-12-21 09:51 - 00000000 ____D C:\Users\Michael\AppData\Local\{26C72547-EC67-4E6D-8D35-20BC5380A1DF}
2012-12-21 09:50 - 2012-12-14 02:02 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Michael.job
2012-12-21 09:50 - 2011-07-26 21:23 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-21 09:50 - 2011-07-23 09:50 - 00000000 ____D C:\Users\Michael\Tracing
2012-12-21 09:50 - 2011-07-22 23:17 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-21 09:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-21 09:02 - 2010-11-20 19:47 - 00584930 ____A C:\Windows\PFRO.log
2012-12-21 09:02 - 2009-07-13 20:51 - 00039508 ____A C:\Windows\setupact.log
2012-12-21 03:17 - 2009-07-13 20:45 - 00322280 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-21 02:09 - 2012-12-14 02:02 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Michael.job
2012-12-21 02:00 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2012-12-21 00:15 - 2012-02-06 15:29 - 00000000 ____D C:\Users\Michael\AppData\Local\PMB Files
2012-12-21 00:15 - 2012-02-06 15:29 - 00000000 ____D C:\Users\All Users\PMB Files
2012-12-20 21:22 - 2012-12-20 21:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{6AC379F1-87C7-4622-8E26-C5B332B3C722}
2012-12-20 09:21 - 2012-12-20 09:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{175F190B-95E0-405C-B2CE-EA1A987E6B2D}
2012-12-19 23:05 - 2012-12-14 02:02 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Michael.job
2012-12-19 21:21 - 2012-12-19 21:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{6042AFA9-9258-451F-AB05-9097765BE12A}
2012-12-19 09:21 - 2012-12-19 09:21 - 00000000 ____D C:\Users\Michael\AppData\Local\{10A8F34B-D5A0-4029-AF0F-27E9D7637E83}
2012-12-19 03:18 - 2012-01-03 19:15 - 00000000 ____D C:\Users\All Users\Skype
2012-12-18 21:21 - 2012-12-18 21:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{D51042E6-1BCD-449E-BD72-CA0748BFC266}
2012-12-18 09:20 - 2012-12-18 09:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{D7F85508-3AC6-487C-BE10-070AC20D2EC8}
2012-12-17 21:20 - 2012-12-17 21:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{3452D02F-55B8-43A2-884D-074FE1A7B4F3}
2012-12-17 09:20 - 2012-12-17 09:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{599BDE24-FD66-425C-9B18-3433C0E12BDC}
2012-12-17 01:56 - 2012-11-01 09:30 - 00000000 ____D C:\Users\Michael\AppData\Local\MFAData
2012-12-16 21:20 - 2012-12-16 21:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{CB88434C-2BD4-4B4B-BEE2-E14A73782C8C}
2012-12-16 10:34 - 2012-01-03 19:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2012-12-16 09:20 - 2012-12-16 09:20 - 00000000 ____D C:\Users\Michael\AppData\Local\{C40D77B7-9898-4059-ADDA-40D24D67734A}
2012-12-16 09:11 - 2012-12-21 03:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 03:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 03:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 03:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-16 00:00 - 2012-12-16 00:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Carbon
2012-12-15 23:50 - 2012-12-15 23:50 - 00000222 ____A C:\Users\Michael\Desktop\AirMech.url
2012-12-15 21:20 - 2012-12-15 21:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{5FAFD3A3-20B6-4B3A-8859-D74A0FF24479}
2012-12-15 09:19 - 2012-12-15 09:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{FFE60271-09C4-439D-92CC-A87894F30930}
2012-12-14 21:19 - 2012-12-14 21:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{9E9B7BD9-ED29-4A02-A8BE-10E3CE681C87}
2012-12-14 09:19 - 2012-12-14 09:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{FD6C3E14-89FD-4592-9386-2D42799A2211}
2012-12-13 21:19 - 2012-12-13 21:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{4DA7CF95-6A90-41D1-A83B-34956EDC5C1F}
2012-12-13 09:19 - 2012-12-13 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\{7320A266-ED98-4EA7-BDDA-E9E8DE43F6B8}
2012-12-12 21:18 - 2012-12-12 21:18 - 00000000 ____D C:\Users\Michael\AppData\Local\{35555C28-7744-4F9C-A07D-786308655BCE}
2012-12-12 11:16 - 2012-09-10 10:09 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 11:16 - 2011-07-22 23:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-12 09:18 - 2012-12-12 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\{C253A0D3-0460-4166-84E0-8FD97136388A}
2012-12-12 03:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-11 22:02 - 2009-07-13 21:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-11 21:14 - 2012-12-11 21:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{DA3F3842-3265-4E0A-A52B-5F80CBB83E24}
2012-12-11 09:14 - 2012-12-11 09:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{80D1984A-C42C-4D2C-A86C-E1340500376F}
2012-12-10 21:14 - 2012-12-10 21:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{922CB0AA-8E08-4B1A-8655-B081483524C5}
2012-12-10 09:14 - 2012-12-10 09:13 - 00000000 ____D C:\Users\Michael\AppData\Local\{D04F08A7-10BB-48DC-BDF2-47BF7795921C}
2012-12-09 21:13 - 2012-12-09 21:13 - 00000000 ____D C:\Users\Michael\AppData\Local\{9EA0F5D1-8EE3-41A3-B76A-2AA7E8F9E01E}
2012-12-09 09:13 - 2012-12-09 09:13 - 00000000 ____D C:\Users\Michael\AppData\Local\{EE100D3B-FA53-4285-8997-786644D9C9E5}
2012-12-09 09:09 - 2012-11-01 10:39 - 00000971 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-09 08:39 - 2011-07-26 18:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SoftGrid Client
2012-12-07 14:48 - 2012-12-07 14:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{9CA98B69-631D-46DD-AE79-25466B3BF085}
2012-12-07 02:48 - 2012-12-07 02:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{7440DABF-AE50-4481-8E14-8CAB089B75C2}
2012-12-06 14:48 - 2012-12-06 14:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{A51B223B-4D51-4DAD-A76E-48D6EACDA911}
2012-12-06 02:48 - 2012-12-06 02:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{845A0E8C-65FA-4D0B-AC42-985DAE4F5EFC}
2012-12-05 14:47 - 2012-12-03 02:46 - 00000000 ____D C:\Users\Michael\AppData\Local\{FE012AAD-4217-4200-A330-3F2D8B4BAC70}
2012-12-02 14:46 - 2012-12-02 14:46 - 00000000 ____D C:\Users\Michael\AppData\Local\{7F5D0FBA-78D7-40BC-9847-DD2A18C885D6}
2012-12-02 02:46 - 2012-12-02 02:46 - 00000000 ____D C:\Users\Michael\AppData\Local\{4545F81F-775B-4ED3-8A4C-D052C1AD88AE}
2012-12-01 14:46 - 2012-12-01 14:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{56AC8DFB-217D-4DF2-8426-AC5EE48B9C89}
2012-12-01 02:45 - 2012-12-01 02:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{6C75CC4F-BEA9-4E2C-B46C-9EFC886976BA}
2012-11-30 14:45 - 2012-11-30 14:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{43F6C129-D3D3-4858-8F91-63E416E4AC74}
2012-11-30 02:45 - 2012-11-30 02:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{22CA0E60-3BB3-4610-B2FF-79F23B6C20EC}
2012-11-29 14:45 - 2012-11-29 14:45 - 00000000 ____D C:\Users\Michael\AppData\Local\{00EC6A51-473E-435A-930F-BFA3794A793F}
2012-11-29 02:45 - 2012-11-29 02:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{F00AB40F-FBF8-4B0D-91CD-B6DD6A01058F}
2012-11-28 14:44 - 2012-11-28 14:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{5FB49C64-98DA-4556-BCF0-4BC22B0847E1}
2012-11-28 02:44 - 2012-11-28 02:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{1AD124D7-C0A9-4311-98A8-722657D31125}
2012-11-27 14:44 - 2012-11-27 14:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{E0C9A3B7-B202-46DB-AA82-E1190FBDF2C6}
2012-11-27 02:44 - 2012-11-27 02:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{C7DA6976-6286-4DF3-AB37-8D9257F78942}
2012-11-26 14:44 - 2012-11-26 14:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{A4B396AE-CF88-401A-ACF2-46F71B9E9BE6}
2012-11-26 02:43 - 2012-11-26 02:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{9C33CFF5-BE3D-49BD-B5DD-9C91BD944EC8}
2012-11-25 20:01 - 2011-07-27 17:07 - 00000000 ____D C:\Users\Michael\Documents\Neverwinter Nights 2
2012-11-25 14:43 - 2012-11-25 14:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{677B1930-4DE8-4FE3-B4D4-7BC0603E2FB9}
2012-11-25 02:43 - 2012-11-25 02:43 - 00000000 ____D C:\Users\Michael\AppData\Local\{0F60BFED-60E6-4742-A3AF-12A7D148EFD1}
2012-11-24 18:32 - 2012-01-03 19:15 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-24 18:32 - 2012-01-03 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-24 14:43 - 2012-11-24 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{F68ACD09-BD6C-4E7A-8B56-A85C7AEDEF1D}
2012-11-24 02:42 - 2012-11-24 02:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{92EB3559-62E7-417D-B436-FCCE19063684}
2012-11-23 23:42 - 2012-11-23 23:42 - 00000000 ____D C:\Users\Michael\AppData\Local\Sony Online Entertainment
2012-11-23 23:42 - 2012-11-23 23:42 - 00000000 ____D C:\Users\Michael\AppData\Local\SCE
2012-11-23 23:42 - 2012-11-23 23:42 - 00000000 ____D C:\Crash
2012-11-23 23:42 - 2011-06-22 15:57 - 00507509 ____A C:\Windows\DirectX.log
2012-11-23 14:42 - 2012-11-23 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{9AC9F285-4B93-43D6-98A2-1C8875E2EAF0}
2012-11-23 07:43 - 2012-11-23 07:43 - 00000222 ____A C:\Users\Michael\Desktop\PlanetSide 2.url
2012-11-23 02:42 - 2012-11-23 02:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{C0FD43F0-7391-4506-9074-A31430649ABE}
2012-11-23 01:55 - 2011-08-27 10:50 - 00000000 ____D C:\Users\Michael\AppData\Local\Apple
2012-11-22 19:55 - 2012-11-22 19:55 - 00000000 ____D C:\Users\Michael\Documents\Telltale Games
2012-11-22 17:21 - 2012-11-22 17:21 - 00000222 ____A C:\Users\Michael\Desktop\The Walking Dead.url
2012-11-22 14:42 - 2012-11-22 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{42BA9D72-96EE-4050-AF2D-314759ADD5EE}
2012-11-22 02:41 - 2012-11-22 02:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{30F4061E-5361-4DD3-97F4-B63E430ACD06}
2012-11-21 19:26 - 2012-12-11 22:57 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-21 14:41 - 2012-11-21 14:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{55ED9871-C039-40A0-9876-DCFCC9E2F5F5}
2012-11-21 02:41 - 2012-11-21 02:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{BE08DE5B-91D5-46C2-8578-34E455707FA0}


ZeroAccess:
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\L
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\L\00000004.@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\L\201d3dde
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\L\76603ac3
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U\00000004.@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U\00000008.@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U\000000cb.@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U\80000000.@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U\80000032.@
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 9206.93 MB
Available physical RAM: 7589.3 MB
Total Pagefile: 18412.04 MB
Available Pagefile: 16826.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:659.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.55 GB) NTFS
3 Drive e: (KOTOR) (CDROM) (Total:2.44 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 917 GB 1024 KB
Partition 2 Primary 13 GB 917 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OSDisk NTFS Partition 917 GB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Recovery NTFS Partition 13 GB Healthy

=========================================================

Last Boot: 2012-12-15 04:21

==================== End Of Log =============================

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:43 AM

Posted 21 December 2012 - 04:10 PM

services.exe is infected, ComboFix is usually able to replace it, but if it doesn't do it automatically for us, we can look for a replacement manually with FRST afterwards. Please run the following:

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 21 December 2012 - 04:10 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Sporked

Sporked
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 22 December 2012 - 05:03 PM

Thans for the help here are the log files.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2012
Ran by SYSTEM at 2012-12-22 13:12:23 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{0ca6c63a-4428-7f05-5248-0ed3e7a7a204} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====




ComboFix 12-12-22.02 - Michael 12/22/2012 13:35:36.1.12 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7236 [GMT -8:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-21 19:29 . 2012-12-21 19:29 -------- d-----w- C:\FRST
2012-12-21 19:18 . 2012-12-21 19:18 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-21 19:08 . 2012-12-21 19:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-21 11:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 11:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 11:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 08:00 . 2012-12-16 08:00 -------- d-----w- c:\users\Michael\AppData\Roaming\Carbon
2012-12-12 06:57 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-25 02:32 . 2012-11-25 02:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-24 07:42 . 2012-11-24 07:42 -------- d-----w- c:\users\Michael\AppData\Local\SCE
2012-11-24 07:42 . 2012-11-24 07:42 -------- d-----w- C:\Crash
2012-11-24 07:42 . 2012-11-24 07:42 -------- d-----w- c:\users\Michael\AppData\Local\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 19:16 . 2012-09-10 18:09 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 19:16 . 2011-07-23 07:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 05:29 . 2012-08-30 19:12 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-22 21:02 . 2012-10-22 21:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 00:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 00:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 00:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 11:48 . 2012-10-15 11:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-16 04:01 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 04:01 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 04:01 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 04:01 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 11:32 . 2012-10-05 11:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 06:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 04:01 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 04:01 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 04:01 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 04:01 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 04:01 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 04:01 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 04:01 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 04:01 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 04:01 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 04:01 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 04:01 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 10:30 . 2012-10-02 10:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-30 03:54 . 2011-07-24 22:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-16 04:00 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 04:00 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 05:29 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-23 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-06 1354736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-11-07 28846216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-17 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/22 18:56;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-27 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-27 176640]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-17 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-26 657920]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 19:16]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 07:17]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 07:17]
.
2012-12-20 c:\windows\Tasks\ReclaimerUpdateFiles_Michael.job
- c:\users\Michael\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 07:01]
.
2012-12-22 c:\windows\Tasks\ReclaimerUpdateXML_Michael.job
- c:\users\Michael\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 07:01]
.
2012-12-22 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Michael.job
- c:\users\Michael\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 07:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-05 10081312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{2B835876-D9A8-4F3C-95AF-89EE7C3D52BC}: NameServer = 75.75.75.75,75.75.75.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Chromium - c:\users\Michael\AppData\Local\Cyberlink\Chromium\trijtzxoi.dll
Wow6432Node-HKCU-Run-FalloutNV - c:\users\Michael\AppData\Local\MFAData\FalloutNV\iodogynlo.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:51,59,2b,81,3e,26,cd,01
.
[HKEY_USERS\S-1-5-21-775338352-4291298577-2361866147-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-775338352-4291298577-2361866147-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-12-22 13:47:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-22 21:47
.
Pre-Run: 707,222,986,752 bytes free
Post-Run: 708,789,202,944 bytes free
.
- - End Of File - - 0A6A9F52B78A416391FBF4B8636E28D5

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:43 AM

Posted 22 December 2012 - 05:42 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:43 AM

Posted 30 December 2012 - 08:02 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users