Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with livesearch redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 orion2x10

orion2x10

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 09 January 2013 - 11:37 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2012 10:20:04 AM
System Uptime: 1/9/2013 12:57:13 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FT292
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz | Microprocessor | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 67.222 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 1/7/2013 6:32:44 PM - Windows Update
RP49: 1/8/2013 2:09:25 AM - Installed AVG 2013
RP50: 1/8/2013 2:10:22 AM - Installed AVG 2013
RP51: 1/9/2013 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AVG 2013
Backup Assistant Plus
Desktop Calendar 1.1.3.1951
DIRECTV Player
EPSON Printer Software
ffdshow [rev 2527] [2008-12-19]
Free Alarm Clock 2.7.0
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
Remote Mouse version 2.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Spotify
Strongvault Online Backup
The Weather Channel App
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinPatrol
WinZip 16.5
XWindows Dock
Yahoo! Toolbar
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 12:57:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Laptop at 13:15:42 on 2013-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1070 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{637C60C6-E7BE-4135-9DFF-D0D55FD92868} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{81BFDA6E-88F5-4E14-8461-F75CBBF03B9D} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{81BFDA6E-88F5-4E14-8461-F75CBBF03B9D}\35475616C69647966697F6573616E6 : DHCPNameServer = 192.168.42.1
TCP: Interfaces\{81BFDA6E-88F5-4E14-8461-F75CBBF03B9D}\64F68764960323 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{81BFDA6E-88F5-4E14-8461-F75CBBF03B9D}\64F68764964363 : DHCPNameServer = 192.168.42.1
TCP: Interfaces\{81BFDA6E-88F5-4E14-8461-F75CBBF03B9D}\64F68764965353 : DHCPNameServer = 192.168.42.1
TCP: Interfaces\{81BFDA6E-88F5-4E14-8461-F75CBBF03B9D}\C696E6B6379737 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B46947B8-BBA1-4F8C-A19A-CD3489575DE1} : DHCPNameServer = 198.224.159.135 198.224.158.135
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-17 26984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-20 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-20 682344]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\common files\avg secure search\vtoolbarupdater\13.3.2\ToolbarUpdater.exe [2013-1-8 894920]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-20 21104]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-8 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2106-02-06 05:28:17 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-05-06 18:40:02 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-05-06 18:39:38 -------- d-----w- c:\windows\Panther
2013-05-06 18:39:00 37 ----a-w- C:\DevMgr.bat
2013-05-06 18:39:00 -------- d-----w- c:\windows\OEM
2013-05-06 18:38:48 -------- d-----w- c:\windows\ConfigSetRoot
2013-05-06 18:33:11 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-05-06 18:30:12 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-05-06 18:30:12 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-05-06 18:30:12 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-05-06 18:30:11 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-05-06 18:27:43 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-06 18:27:43 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-06 18:27:43 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-06 18:24:09 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-05-06 18:24:09 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-05-06 18:23:51 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-05-06 18:23:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2013-05-06 18:23:18 22528 ----a-w- c:\windows\system32\lsass.exe
2013-05-06 18:23:18 22016 ----a-w- c:\windows\system32\secur32.dll
2013-05-06 18:23:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-05-06 18:23:18 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-05-06 18:23:18 100352 ----a-w- c:\windows\system32\sspicli.dll
2013-05-06 18:23:17 314880 ----a-w- c:\windows\system32\webio.dll
2013-05-06 18:23:00 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-05-06 18:23:00 1328128 ----a-w- c:\windows\system32\quartz.dll
2013-05-06 18:22:42 67072 ----a-w- c:\windows\system32\packager.dll
2013-05-06 18:18:37 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-06 18:18:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-05-06 18:18:11 708608 ----a-w- c:\program files\common files\system\wab32.dll
2013-05-06 18:18:00 75776 ----a-w- c:\windows\system32\psisrndr.ax
2013-05-06 18:18:00 465408 ----a-w- c:\windows\system32\psisdecd.dll
2013-05-06 18:17:47 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-05-06 18:17:46 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-05-06 18:15:54 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-05-06 18:15:54 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-05-06 18:15:54 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-05-06 18:15:54 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-05-06 18:15:54 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-05-06 18:15:54 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-05-06 18:15:20 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-05-06 18:15:20 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-05-06 18:15:20 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-05-06 18:15:11 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-05-06 18:15:11 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-05-06 18:15:02 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-05-06 18:14:54 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2013-05-06 18:14:54 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-05-06 18:14:54 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-05-06 18:14:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-05-06 18:14:33 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-05-06 18:14:24 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-05-06 18:14:24 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-05-06 18:14:15 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-05-06 18:14:07 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-05-06 18:13:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-05-06 18:13:49 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-05-06 18:13:49 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-05-06 18:13:42 642048 ----a-w- c:\windows\system32\CPFilters.dll
2013-05-06 18:13:41 850944 ----a-w- c:\windows\system32\sbe.dll
2013-05-06 18:13:41 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2013-05-06 18:10:47 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eefcacbb-3d76-4693-b014-a45021d1813a}\mpengine.dll
2013-05-06 18:10:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-05-06 18:03:58 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2013-05-06 17:58:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-06 17:58:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 17:57:44 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-06 17:53:03 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2013-05-06 17:53:03 1601536 ----a-w- c:\windows\system32\stlang.dll
2013-05-06 17:53:03 102400 ----a-w- c:\windows\system32\stacsv.exe
2013-05-06 17:53:03 -------- d-----w- c:\program files\Sigmatel
2013-01-09 04:44:44 -------- d-----w- c:\windows\ERUNT
2013-01-09 04:43:51 -------- d-----w- C:\JRT
2013-01-09 01:07:42 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{de355ead-db5e-451f-a7b7-743111b0cb6d}\mpengine.dll
2013-01-08 19:27:33 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 19:27:26 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-08 19:25:53 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 19:25:18 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 19:25:15 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 08:15:48 -------- d-----w- c:\users\laptop\appdata\roaming\AVG2013
2013-01-08 08:14:22 -------- d-----w- c:\users\laptop\appdata\roaming\TuneUp Software
2013-01-08 08:13:47 -------- d-----w- c:\program files\AVG Secure Search
2013-01-08 08:11:06 -------- d--h--w- C:\$AVG
2013-01-08 08:11:05 -------- d-----w- c:\programdata\AVG2013
2013-01-08 08:10:07 -------- d-----w- c:\program files\AVG
2013-01-08 08:05:31 -------- d-----w- c:\users\laptop\appdata\local\MFAData
2013-01-08 08:05:31 -------- d-----w- c:\users\laptop\appdata\local\Avg2013
2013-01-08 08:05:31 -------- d-----w- c:\programdata\MFAData
2013-01-08 00:33:08 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-07 22:56:48 710504 ----a-w- c:\windows\is-N8156.exe
2013-01-07 22:50:13 -------- d-----w- c:\users\laptop\appdata\roaming\WinPatrol
2013-01-07 22:50:03 -------- d-----w- c:\program files\BillP Studios
2013-01-07 22:41:03 -------- d-----w- c:\program files\Trend Micro
2013-01-07 04:20:04 -------- d-----w- c:\users\laptop\appdata\local\Programs
2013-01-06 07:53:59 -------- d-----w- c:\program files\common files\MSSoap
2013-01-06 07:52:22 -------- d-----w- c:\program files\Yahoo!
2013-01-06 07:51:22 -------- d-----w- c:\programdata\APN
2012-12-22 09:20:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:20:09 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:01:19 -------- d-----w- c:\windows\CheckSur
2012-12-21 04:16:23 -------- d-----w- c:\users\laptop\appdata\roaming\Malwarebytes
2012-12-21 04:16:17 -------- d-----w- c:\programdata\Malwarebytes
2012-12-21 04:16:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-21 04:16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-21 03:48:22 -------- d-----w- c:\program files\Enigma Software Group
2012-12-21 03:48:04 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-21 03:48:01 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-12-20 06:10:40 -------- d-----w- c:\users\laptop\appdata\local\Spotify
2012-12-20 06:09:24 -------- d-----w- c:\users\laptop\appdata\roaming\Spotify
2012-12-20 06:09:11 -------- d-----w- c:\users\laptop\appdata\local\Deployment
2012-12-20 06:09:11 -------- d-----w- c:\users\laptop\appdata\local\Apps
2012-12-14 19:51:55 -------- d-----w- c:\users\laptop\appdata\roaming\DesktopCal
2012-12-14 19:51:49 -------- d-----w- c:\program files\DesktopCal
2012-12-14 19:23:42 -------- d-----w- c:\program files\The Weather Channel
2012-12-14 19:23:10 -------- d-----w- c:\users\laptop\appdata\local\The Weather Channel
2012-12-11 23:38:31 293376 ----a-w- c:\windows\system32\KernelBase.dll
.
==================== Find3M ====================
.
2013-01-08 08:13:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-22 19:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 09:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 13:16:15.47 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:47 AM

Posted 10 January 2013 - 09:42 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 13 January 2013 - 03:24 PM

im sorry for not doing this earlier i have been busy, i will try to upload tonight or tomorrow though

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:47 AM

Posted 13 January 2013 - 04:04 PM

ok, that's fine

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 14 January 2013 - 03:31 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2013
Ran by Laptop at 14-01-2013 14:26:36
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.
ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-05-06 12:51 - 2012-08-08 05:50 - 00001269 ____A C:\Windows\DtcInstall.log
2013-05-06 12:51 - 2012-08-08 05:48 - 00002297 ____A C:\Windows\TSSysprep.log
2013-05-06 12:40 - 2013-05-06 12:40 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-05-06 12:39 - 2013-05-06 12:39 - 00000000 ____D C:\Windows\OEM
2013-05-06 12:39 - 2012-08-08 05:50 - 00000000 ____D C:\Windows\Panther
2013-05-06 12:39 - 2012-05-14 14:02 - 00000037 ____A C:\DevMgr.bat
2013-05-06 12:38 - 2013-05-06 12:38 - 00000000 ____D C:\Windows\ConfigSetRoot
2013-05-06 12:33 - 2013-05-06 12:33 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-06 12:27 - 2013-05-06 12:27 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-05-06 12:27 - 2013-05-06 12:27 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-05-06 12:27 - 2013-05-06 12:27 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-05-06 12:24 - 2013-05-06 12:24 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-05-06 12:24 - 2013-05-06 12:24 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-05-06 12:23 - 2013-05-06 12:23 - 01328128 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 01288472 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 01038848 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00100352 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-05-06 12:23 - 2013-05-06 12:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-05-06 12:22 - 2013-05-06 12:22 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-05-06 12:18 - 2013-05-06 12:18 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-05-06 12:18 - 2013-05-06 12:18 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-05-06 12:18 - 2013-05-06 12:18 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-05-06 12:18 - 2013-05-06 12:18 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-06 12:17 - 2013-05-06 12:17 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-05-06 12:17 - 2013-05-06 12:17 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00223744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2013-05-06 12:14 - 2013-05-06 12:14 - 00741376 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00311808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00310272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00270336 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2013-05-06 12:14 - 2013-05-06 12:14 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00114688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2013-05-06 12:13 - 2013-05-06 12:13 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2013-05-06 12:13 - 2013-05-06 12:13 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-05-06 12:10 - 2012-01-31 06:44 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-06 12:06 - 2013-05-06 12:06 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-06 12:04 - 2010-06-02 05:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-05-06 12:04 - 2010-06-02 05:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-05-06 12:04 - 2010-06-02 05:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-05-06 12:04 - 2010-05-26 12:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-05-06 12:04 - 2010-05-26 12:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-05-06 12:04 - 2010-05-26 12:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-05-06 12:04 - 2010-05-26 12:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-05-06 12:04 - 2010-05-26 12:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-05-06 12:04 - 2010-02-04 11:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-05-06 12:04 - 2010-02-04 11:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-05-06 12:04 - 2010-02-04 11:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-05-06 12:04 - 2010-02-04 11:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-05-06 12:04 - 2009-09-04 18:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-05-06 12:04 - 2009-09-04 18:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-05-06 12:04 - 2009-09-04 18:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-05-06 12:04 - 2009-09-04 18:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-05-06 12:04 - 2009-09-04 18:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-05-06 12:04 - 2009-09-04 18:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-05-06 12:04 - 2009-09-04 18:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-05-06 12:04 - 2009-09-04 18:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-05-06 12:04 - 2009-03-16 15:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-05-06 12:04 - 2009-03-16 15:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-05-06 12:04 - 2009-03-16 15:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-05-06 12:04 - 2009-03-09 16:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-05-06 12:04 - 2009-03-09 16:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-05-06 12:04 - 2009-03-09 16:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-05-06 12:04 - 2008-10-15 07:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-05-06 12:04 - 2008-10-15 07:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-05-06 12:04 - 2008-10-15 07:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-05-06 12:03 - 2008-10-27 11:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-05-06 12:03 - 2008-10-27 11:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-05-06 12:03 - 2008-10-27 11:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-05-06 12:03 - 2008-10-27 11:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-05-06 12:03 - 2008-07-31 11:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-05-06 12:03 - 2008-07-31 11:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-05-06 12:03 - 2008-07-31 11:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-05-06 12:03 - 2008-07-10 12:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-05-06 12:03 - 2008-07-10 12:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-05-06 12:03 - 2008-07-10 12:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-05-06 12:03 - 2008-05-30 15:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-05-06 12:03 - 2008-05-30 15:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-05-06 12:03 - 2008-05-30 15:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-05-06 12:03 - 2008-05-30 15:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-05-06 12:03 - 2008-05-30 15:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-05-06 12:03 - 2008-05-30 15:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-05-06 12:03 - 2008-05-30 15:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-05-06 12:03 - 2008-03-05 17:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-05-06 12:03 - 2008-03-05 17:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-05-06 12:03 - 2008-03-05 17:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-05-06 12:03 - 2008-03-05 16:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-05-06 12:03 - 2008-03-05 16:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-05-06 12:03 - 2008-02-06 00:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-05-06 12:03 - 2007-10-22 04:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-05-06 12:03 - 2007-10-22 04:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-05-06 12:03 - 2007-10-12 16:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-05-06 12:03 - 2007-10-12 16:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-05-06 12:03 - 2007-10-02 10:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-05-06 12:03 - 2007-07-20 01:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-05-06 12:03 - 2007-07-19 19:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-05-06 12:03 - 2007-07-19 19:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-05-06 12:03 - 2007-07-19 19:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-05-06 12:03 - 2007-06-20 21:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-05-06 12:03 - 2007-05-16 17:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-05-06 12:03 - 2007-05-16 17:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-05-06 12:03 - 2007-05-16 17:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-05-06 12:03 - 2007-04-04 19:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-05-06 12:03 - 2007-04-04 19:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-05-06 12:03 - 2007-03-15 17:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-05-06 12:03 - 2007-03-12 17:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-05-06 12:03 - 2007-03-12 17:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-05-06 12:03 - 2007-03-05 13:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-05-06 12:03 - 2007-01-24 16:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-05-06 12:03 - 2006-12-08 13:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-05-06 12:03 - 2006-11-29 14:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-05-06 12:03 - 2006-11-29 14:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-05-06 12:03 - 2006-09-28 17:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-05-06 12:03 - 2006-09-28 17:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-05-06 12:03 - 2006-07-28 10:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-05-06 12:03 - 2006-07-28 10:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-05-06 12:03 - 2006-05-31 08:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-05-06 12:03 - 2006-03-31 13:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-05-06 12:03 - 2006-03-31 13:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-05-06 12:03 - 2006-03-31 13:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-05-06 12:03 - 2006-02-03 09:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-05-06 12:03 - 2006-02-03 09:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-05-06 12:03 - 2006-02-03 09:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-05-06 12:03 - 2005-12-05 19:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-05-06 12:03 - 2005-07-22 20:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-05-06 12:03 - 2005-05-26 16:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-05-06 12:03 - 2005-03-18 18:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-05-06 12:03 - 2005-02-05 20:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-05-06 11:59 - 2012-09-08 12:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-06 11:58 - 2013-05-06 11:58 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-06 11:58 - 2013-01-09 01:11 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-06 11:58 - 2013-01-09 01:11 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-06 11:58 - 2012-10-02 02:01 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-06 11:57 - 2012-10-02 02:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-06 11:56 - 2013-05-06 11:56 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-06 11:56 - 2013-05-06 11:56 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-06 11:56 - 2013-05-06 11:56 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-06 11:56 - 2013-05-06 11:56 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-06 11:56 - 2013-01-01 22:34 - 00000000 ____D C:\Users\All Users\Adobe
2013-05-06 11:53 - 2013-05-06 11:53 - 00000000 ____D C:\Program Files\Sigmatel
2013-05-06 11:53 - 2007-09-13 13:45 - 04947968 ____A (IDT, Inc.) C:\Windows\System32\stacgui.cpl
2013-05-06 11:53 - 2007-09-13 13:45 - 00102400 ____A (IDT, Inc.) C:\Windows\System32\stacsv.exe
2013-05-06 11:53 - 2007-04-10 16:02 - 01601536 ____A (SigmaTel, Inc.) C:\Windows\System32\stlang.dll
2013-05-06 11:46 - 2013-05-06 11:47 - 00018090 ____A C:\Windows\System32\rpkdriverinst.log
2013-05-06 11:43 - 2013-05-06 11:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2013-01-14 16:01 - 2013-01-14 16:01 - 00000000 ____D C:\Restore
2013-01-12 23:57 - 2013-01-14 14:26 - 00000000 ____D C:\FRST
2013-01-12 23:57 - 2013-01-12 23:58 - 00909506 ____A (Farbar) C:\Users\Laptop\Downloads\FRST (1).exe
2013-01-09 13:16 - 2013-01-09 13:16 - 00018696 ____A C:\Users\Laptop\Desktop\dds.txt
2013-01-09 13:16 - 2013-01-09 13:16 - 00003505 ____A C:\Users\Laptop\Desktop\attach.txt
2013-01-09 13:15 - 2013-01-09 13:15 - 00688992 ____R (Swearware) C:\Users\Laptop\Desktop\dds.com
2013-01-09 12:52 - 2013-01-09 13:17 - 00000000 ____D C:\Users\Laptop\Desktop\virus2
2013-01-08 22:53 - 2013-01-08 22:53 - 00016490 ____A C:\Users\Laptop\Desktop\Result.txt
2013-01-08 22:52 - 2013-01-08 22:52 - 00752283 ____A (Farbar) C:\Users\Laptop\Desktop\MiniToolBox.exe
2013-01-08 22:51 - 2013-01-08 22:51 - 00752283 ____A (Farbar) C:\Users\Laptop\Downloads\MiniToolBox.exe.xnjg0lu.partial
2013-01-08 22:51 - 2013-01-08 22:51 - 00000000 ____A C:\Users\Laptop\Desktop\MiniToolBox.exe.88g37cw.partial
2013-01-08 22:49 - 2013-01-08 22:49 - 00012581 ____A C:\Users\Laptop\Desktop\JRT.txt
2013-01-08 22:44 - 2013-01-08 22:44 - 00000000 ____D C:\Windows\ERUNT
2013-01-08 22:43 - 2013-01-08 22:43 - 00499023 ____A (Oleg N. Scherbakov) C:\Users\Laptop\Desktop\JRT.exe
2013-01-08 22:43 - 2013-01-08 22:43 - 00000000 ____D C:\JRT
2013-01-08 22:40 - 2013-01-08 22:40 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Laptop\Desktop\tdsskiller.exe
2013-01-08 22:20 - 2013-01-08 22:56 - 00000000 ____D C:\Users\Laptop\Desktop\virus
2013-01-08 22:20 - 2013-01-08 22:20 - 00002326 ____A C:\Users\Laptop\Desktop\Rkill.txt
2013-01-08 22:18 - 2013-01-08 22:18 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Laptop\Desktop\rkill.com
2013-01-08 13:27 - 2012-11-22 20:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 13:27 - 2012-11-08 22:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-08 13:25 - 2012-11-22 20:48 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-08 13:25 - 2012-11-19 22:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 13:25 - 2012-10-31 22:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 02:15 - 2013-01-08 02:15 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\AVG2013
2013-01-08 02:14 - 2013-01-08 02:14 - 00000942 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-01-08 02:14 - 2013-01-08 02:14 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\TuneUp Software
2013-01-08 02:13 - 2013-01-08 02:13 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-01-08 02:11 - 2013-01-08 02:14 - 00000000 ____D C:\Users\All Users\AVG2013
2013-01-08 02:11 - 2013-01-08 02:11 - 00000000 ___HD C:\$AVG
2013-01-08 02:10 - 2013-01-08 02:10 - 00000000 ____D C:\Program Files\AVG
2013-01-08 02:05 - 2013-01-14 14:15 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-08 02:05 - 2013-01-08 02:39 - 00000000 ____D C:\Users\Laptop\AppData\Local\Avg2013
2013-01-08 02:05 - 2013-01-08 02:05 - 00000000 ____D C:\Users\Laptop\AppData\Local\MFAData
2013-01-07 16:56 - 2013-01-07 16:56 - 00710504 ____A C:\Windows\is-N8156.exe
2013-01-07 16:56 - 2013-01-07 16:56 - 00011277 ____A C:\Windows\is-N8156.msg
2013-01-07 16:56 - 2013-01-07 16:56 - 00000380 ____A C:\Windows\is-N8156.lst
2013-01-07 16:50 - 2013-01-07 16:50 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinPatrol
2013-01-07 16:50 - 2013-01-07 16:50 - 00000000 ____D C:\Program Files\BillP Studios
2013-01-07 16:41 - 2013-01-07 16:41 - 00002050 ____A C:\Users\Laptop\Desktop\HijackThis.lnk
2013-01-07 16:41 - 2013-01-07 16:41 - 00000000 ____D C:\Program Files\Trend Micro
2013-01-07 16:40 - 2013-01-07 16:40 - 00812344 ____A (Trend Micro Inc.) C:\Users\Laptop\Desktop\HJTInstall.exe
2013-01-06 01:53 - 2013-01-06 01:53 - 00000000 ____D C:\Program Files\Common Files\MSSoap
2013-01-06 01:52 - 2013-01-08 02:19 - 00000000 ____D C:\Users\All Users\Yahoo!
2013-01-06 01:52 - 2013-01-08 02:19 - 00000000 ____D C:\Program Files\Yahoo!
2013-01-06 01:52 - 2013-01-06 01:52 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Yahoo!
2013-01-06 01:52 - 2013-01-06 01:52 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2013-01-06 01:51 - 2013-01-06 01:51 - 00000000 ____D C:\Users\All Users\APN
2013-01-05 22:41 - 2013-01-05 22:42 - 06115552 ____A (Custody X Change ) C:\Users\Laptop\Downloads\CustodyXChange.exe
2013-01-02 00:34 - 2013-01-02 00:34 - 00061552 ____A C:\Users\Laptop\Downloads\RemoteDroidServer_v1.5 (1).zip
2013-01-01 22:31 - 2013-01-14 13:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-22 03:20 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-22 03:20 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-22 03:01 - 2012-12-22 03:01 - 00000000 ____D C:\Windows\CheckSur
2012-12-20 22:16 - 2013-01-09 03:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-20 22:16 - 2013-01-07 16:56 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-20 22:16 - 2012-12-20 22:16 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Malwarebytes
2012-12-20 22:16 - 2012-12-20 22:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-20 22:16 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-20 21:48 - 2012-12-20 21:53 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-20 21:48 - 2012-12-20 21:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-12-20 21:48 - 2012-12-20 21:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-12-20 19:58 - 2012-12-20 19:58 - 00751078 ____A C:\Users\Laptop\AppData\Roaming\1.bmp
2012-12-20 13:21 - 2012-12-20 13:21 - 00001996 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-20 13:21 - 2012-12-20 13:21 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-12-20 13:21 - 2012-12-20 13:21 - 00000000 ____D C:\Program Files\Adobe
2012-12-20 00:10 - 2013-01-08 20:04 - 00000000 ____D C:\Users\Laptop\AppData\Local\Spotify
2012-12-20 00:10 - 2012-12-20 00:10 - 00001819 ____A C:\Users\Laptop\Desktop\Spotify.lnk
2012-12-20 00:09 - 2013-01-09 03:25 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Spotify
2012-12-20 00:09 - 2012-12-20 00:09 - 00000000 ____D C:\Users\Laptop\AppData\Local\Deployment
2012-12-20 00:09 - 2012-12-20 00:09 - 00000000 ____D C:\Users\Laptop\AppData\Local\Apps\2.0
2012-12-19 10:54 - 2012-12-19 10:54 - 00002177 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-12-18 16:06 - 2012-12-18 16:06 - 00203744 ____A C:\Windows\Minidump\121812-23665-01.dmp

==================== One Month Modified Files and Folders ========

2013-05-06 12:45 - 2011-04-11 20:24 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-06 12:45 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-06 12:40 - 2013-05-06 12:40 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-05-06 12:39 - 2013-05-06 12:39 - 00000000 ____D C:\Windows\OEM
2013-05-06 12:38 - 2013-05-06 12:38 - 00000000 ____D C:\Windows\ConfigSetRoot
2013-05-06 12:33 - 2013-05-06 12:33 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-06 12:27 - 2013-05-06 12:27 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-05-06 12:27 - 2013-05-06 12:27 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-05-06 12:27 - 2013-05-06 12:27 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-05-06 12:24 - 2013-05-06 12:24 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-05-06 12:24 - 2013-05-06 12:24 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-05-06 12:23 - 2013-05-06 12:23 - 01328128 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 01288472 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 01038848 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00100352 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-05-06 12:23 - 2013-05-06 12:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-05-06 12:23 - 2013-05-06 12:23 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-05-06 12:22 - 2013-05-06 12:22 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-05-06 12:18 - 2013-05-06 12:18 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-05-06 12:18 - 2013-05-06 12:18 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-05-06 12:18 - 2013-05-06 12:18 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-05-06 12:18 - 2013-05-06 12:18 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-06 12:17 - 2013-05-06 12:17 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-05-06 12:17 - 2013-05-06 12:17 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00223744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-05-06 12:15 - 2013-05-06 12:15 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2013-05-06 12:15 - 2013-05-06 12:15 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2013-05-06 12:14 - 2013-05-06 12:14 - 00741376 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00311808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00310272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00270336 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2013-05-06 12:14 - 2013-05-06 12:14 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00114688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-06 12:14 - 2013-05-06 12:14 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-05-06 12:14 - 2013-05-06 12:14 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2013-05-06 12:13 - 2013-05-06 12:13 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2013-05-06 12:13 - 2013-05-06 12:13 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2013-05-06 12:13 - 2013-05-06 12:13 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-05-06 12:06 - 2013-05-06 12:06 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-06 11:58 - 2013-05-06 11:58 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-06 11:56 - 2013-05-06 11:56 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-06 11:56 - 2013-05-06 11:56 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-06 11:56 - 2013-05-06 11:56 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-06 11:56 - 2013-05-06 11:56 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-06 11:56 - 2013-05-06 11:56 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-06 11:53 - 2013-05-06 11:53 - 00000000 ____D C:\Program Files\Sigmatel
2013-05-06 11:47 - 2013-05-06 11:46 - 00018090 ____A C:\Windows\System32\rpkdriverinst.log
2013-05-06 11:43 - 2013-05-06 11:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2013-01-14 16:01 - 2013-01-14 16:01 - 00000000 ____D C:\Restore
2013-01-14 14:26 - 2013-01-12 23:57 - 00000000 ____D C:\FRST
2013-01-14 14:16 - 2012-09-04 09:11 - 01677124 ____A C:\Windows\WindowsUpdate.log
2013-01-14 14:16 - 2009-07-13 22:34 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-14 14:16 - 2009-07-13 22:34 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-14 14:15 - 2013-01-08 02:05 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-14 14:11 - 2012-12-04 19:57 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-14 14:11 - 2012-08-08 05:47 - 00026041 ____A C:\Windows\setupact.log
2013-01-14 14:11 - 2009-07-13 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-14 13:46 - 2013-01-01 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-14 13:46 - 2012-12-04 19:57 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-12 23:58 - 2013-01-12 23:57 - 00909506 ____A (Farbar) C:\Users\Laptop\Downloads\FRST (1).exe
2013-01-12 23:52 - 2010-11-20 15:01 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-09 13:17 - 2013-01-09 12:52 - 00000000 ____D C:\Users\Laptop\Desktop\virus2
2013-01-09 13:16 - 2013-01-09 13:16 - 00018696 ____A C:\Users\Laptop\Desktop\dds.txt
2013-01-09 13:16 - 2013-01-09 13:16 - 00003505 ____A C:\Users\Laptop\Desktop\attach.txt
2013-01-09 13:15 - 2013-01-09 13:15 - 00688992 ____R (Swearware) C:\Users\Laptop\Desktop\dds.com
2013-01-09 03:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-09 03:31 - 2009-07-13 22:33 - 00266808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 03:30 - 2012-12-20 22:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-09 03:30 - 2012-09-11 23:02 - 00011826 ____A C:\Windows\PFRO.log
2013-01-09 03:30 - 2012-09-04 09:41 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-01-09 03:25 - 2012-12-20 00:09 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Spotify
2013-01-09 03:00 - 2012-09-11 23:26 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 01:11 - 2013-05-06 11:58 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-09 01:11 - 2013-05-06 11:58 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-08 22:56 - 2013-01-08 22:20 - 00000000 ____D C:\Users\Laptop\Desktop\virus
2013-01-08 22:53 - 2013-01-08 22:53 - 00016490 ____A C:\Users\Laptop\Desktop\Result.txt
2013-01-08 22:52 - 2013-01-08 22:52 - 00752283 ____A (Farbar) C:\Users\Laptop\Desktop\MiniToolBox.exe
2013-01-08 22:51 - 2013-01-08 22:51 - 00752283 ____A (Farbar) C:\Users\Laptop\Downloads\MiniToolBox.exe.xnjg0lu.partial
2013-01-08 22:51 - 2013-01-08 22:51 - 00000000 ____A C:\Users\Laptop\Desktop\MiniToolBox.exe.88g37cw.partial
2013-01-08 22:49 - 2013-01-08 22:49 - 00012581 ____A C:\Users\Laptop\Desktop\JRT.txt
2013-01-08 22:44 - 2013-01-08 22:44 - 00000000 ____D C:\Windows\ERUNT
2013-01-08 22:43 - 2013-01-08 22:43 - 00499023 ____A (Oleg N. Scherbakov) C:\Users\Laptop\Desktop\JRT.exe
2013-01-08 22:43 - 2013-01-08 22:43 - 00000000 ____D C:\JRT
2013-01-08 22:40 - 2013-01-08 22:40 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Laptop\Desktop\tdsskiller.exe
2013-01-08 22:20 - 2013-01-08 22:20 - 00002326 ____A C:\Users\Laptop\Desktop\Rkill.txt
2013-01-08 22:18 - 2013-01-08 22:18 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Laptop\Desktop\rkill.com
2013-01-08 20:04 - 2012-12-20 00:10 - 00000000 ____D C:\Users\Laptop\AppData\Local\Spotify
2013-01-08 02:39 - 2013-01-08 02:05 - 00000000 ____D C:\Users\Laptop\AppData\Local\Avg2013
2013-01-08 02:19 - 2013-01-06 01:52 - 00000000 ____D C:\Users\All Users\Yahoo!
2013-01-08 02:19 - 2013-01-06 01:52 - 00000000 ____D C:\Program Files\Yahoo!
2013-01-08 02:15 - 2013-01-08 02:15 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\AVG2013
2013-01-08 02:14 - 2013-01-08 02:14 - 00000942 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-01-08 02:14 - 2013-01-08 02:14 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\TuneUp Software
2013-01-08 02:14 - 2013-01-08 02:11 - 00000000 ____D C:\Users\All Users\AVG2013
2013-01-08 02:13 - 2013-01-08 02:13 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-01-08 02:13 - 2012-09-17 18:41 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-08 02:11 - 2013-01-08 02:11 - 00000000 ___HD C:\$AVG
2013-01-08 02:10 - 2013-01-08 02:10 - 00000000 ____D C:\Program Files\AVG
2013-01-08 02:05 - 2013-01-08 02:05 - 00000000 ____D C:\Users\Laptop\AppData\Local\MFAData
2013-01-07 16:56 - 2013-01-07 16:56 - 00710504 ____A C:\Windows\is-N8156.exe
2013-01-07 16:56 - 2013-01-07 16:56 - 00011277 ____A C:\Windows\is-N8156.msg
2013-01-07 16:56 - 2013-01-07 16:56 - 00000380 ____A C:\Windows\is-N8156.lst
2013-01-07 16:56 - 2012-12-20 22:16 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-07 16:50 - 2013-01-07 16:50 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinPatrol
2013-01-07 16:50 - 2013-01-07 16:50 - 00000000 ____D C:\Program Files\BillP Studios
2013-01-07 16:44 - 2012-09-04 09:20 - 00000000 ____D C:\Users\Laptop\AppData\Local\VirtualStore
2013-01-07 16:41 - 2013-01-07 16:41 - 00002050 ____A C:\Users\Laptop\Desktop\HijackThis.lnk
2013-01-07 16:41 - 2013-01-07 16:41 - 00000000 ____D C:\Program Files\Trend Micro
2013-01-07 16:40 - 2013-01-07 16:40 - 00812344 ____A (Trend Micro Inc.) C:\Users\Laptop\Desktop\HJTInstall.exe
2013-01-07 01:34 - 2012-09-11 22:53 - 00000000 ____D C:\Users\Laptop\AppData\Local\Zoom_Downloader
2013-01-06 22:20 - 2012-11-13 15:00 - 00001019 ____A C:\Users\Public\Desktop\Remote Mouse.lnk
2013-01-06 22:20 - 2012-11-13 14:59 - 00000000 ____D C:\Program Files\Remote Mouse
2013-01-06 01:53 - 2013-01-06 01:53 - 00000000 ____D C:\Program Files\Common Files\MSSoap
2013-01-06 01:52 - 2013-01-06 01:52 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Yahoo!
2013-01-06 01:52 - 2013-01-06 01:52 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2013-01-06 01:51 - 2013-01-06 01:51 - 00000000 ____D C:\Users\All Users\APN
2013-01-05 22:42 - 2013-01-05 22:41 - 06115552 ____A (Custody X Change ) C:\Users\Laptop\Downloads\CustodyXChange.exe
2013-01-02 00:34 - 2013-01-02 00:34 - 00061552 ____A C:\Users\Laptop\Downloads\RemoteDroidServer_v1.5 (1).zip
2013-01-01 22:34 - 2013-05-06 11:56 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-26 19:15 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\NDF
2012-12-22 03:01 - 2012-12-22 03:01 - 00000000 ____D C:\Windows\CheckSur
2012-12-20 22:43 - 2012-09-17 23:23 - 00000000 ____D C:\Windows\Minidump
2012-12-20 22:16 - 2012-12-20 22:16 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Malwarebytes
2012-12-20 22:16 - 2012-12-20 22:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-20 22:03 - 2012-09-04 09:41 - 00000252 ____A C:\Users\Laptop\Desktop\AVG - Antivirus and Internet Security Virus Protection.url
2012-12-20 21:53 - 2012-12-20 21:48 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-20 21:48 - 2012-12-20 21:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-12-20 21:48 - 2012-12-20 21:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-12-20 19:58 - 2012-12-20 19:58 - 00751078 ____A C:\Users\Laptop\AppData\Roaming\1.bmp
2012-12-20 13:21 - 2012-12-20 13:21 - 00001996 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-20 13:21 - 2012-12-20 13:21 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-12-20 13:21 - 2012-12-20 13:21 - 00000000 ____D C:\Program Files\Adobe
2012-12-20 13:16 - 2012-10-06 00:35 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\vlc
2012-12-20 13:16 - 2012-10-06 00:35 - 00000000 ____D C:\Users\Laptop\AppData\Local\Backup Assistant Plus
2012-12-20 00:10 - 2012-12-20 00:10 - 00001819 ____A C:\Users\Laptop\Desktop\Spotify.lnk
2012-12-20 00:09 - 2012-12-20 00:09 - 00000000 ____D C:\Users\Laptop\AppData\Local\Deployment
2012-12-20 00:09 - 2012-12-20 00:09 - 00000000 ____D C:\Users\Laptop\AppData\Local\Apps\2.0
2012-12-19 10:54 - 2012-12-19 10:54 - 00002177 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-12-19 10:54 - 2012-12-04 19:57 - 00000000 ____D C:\Program Files\Google
2012-12-18 16:06 - 2012-12-18 16:06 - 00203744 ____A C:\Windows\Minidump\121812-23665-01.dmp
2012-12-18 16:06 - 2012-09-17 23:23 - 229545251 ____A C:\Windows\MEMORY.DMP
2012-12-16 08:13 - 2012-12-22 03:20 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 08:13 - 2012-12-22 03:20 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 2038.12 MB
Available physical RAM: 1412.38 MB
Total Pagefile: 4076.24 MB
Available Pagefile: 3466.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.06 MB

==================== Partitions =============================

1 Drive c: (Windows) (Fixed) (Total:93.06 GB) (Free:64.31 GB) NTFS
3 Drive e: (CORSAIR) (Removable) (Total:30.61 GB) (Free:22.76 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B
Disk 1 Online 30 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 93 GB 101 MB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 93 GB Healthy Boot

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 30 GB 20 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E CORSAIR FAT32 Removable 30 GB Healthy

=========================================================

Last Boot: 2013-01-06 06:37

==================== End Of Log ============================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:47 AM

Posted 14 January 2013 - 07:30 PM

The tool wasn't run from the recovery environment, but I got enough information from the log, so please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 15 January 2013 - 03:09 AM

ComboFix 13-01-14.01 - Laptop 01/15/2013 1:59.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1021 [GMT -6:00]
Running from: c:\users\Laptop\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
C:\restore
c:\restore\recovery.wim
c:\users\Laptop\Documents\ShopToWin
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2106-02-06 05:28 . 2002-07-25 07:07 614532 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2013-05-06 18:40 . 2013-05-06 18:40 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-05-06 18:39 . 2012-08-08 11:50 -------- d-----w- c:\windows\Panther
2013-05-06 18:39 . 2013-05-06 18:39 -------- d-----w- c:\windows\OEM
2013-05-06 18:39 . 2012-05-14 20:02 37 ----a-w- C:\DevMgr.bat
2013-05-06 18:38 . 2013-05-06 18:38 -------- d-----w- c:\windows\ConfigSetRoot
2013-05-06 18:33 . 2013-05-06 18:33 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-05-06 18:30 . 2013-05-06 18:30 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-05-06 18:30 . 2013-05-06 18:30 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-05-06 18:30 . 2013-05-06 18:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-05-06 18:30 . 2013-05-06 18:30 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-05-06 18:27 . 2013-05-06 18:27 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-06 18:27 . 2013-05-06 18:27 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-06 18:27 . 2013-05-06 18:27 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-06 18:24 . 2013-05-06 18:24 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-05-06 18:24 . 2013-05-06 18:24 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-05-06 18:23 . 2013-05-06 18:23 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-05-06 18:23 . 2013-05-06 18:23 1288472 ----a-w- c:\windows\system32\ntdll.dll
2013-05-06 18:23 . 2013-05-06 18:23 22528 ----a-w- c:\windows\system32\lsass.exe
2013-05-06 18:23 . 2013-05-06 18:23 22016 ----a-w- c:\windows\system32\secur32.dll
2013-05-06 18:23 . 2013-05-06 18:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-05-06 18:23 . 2013-05-06 18:23 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-05-06 18:23 . 2013-05-06 18:23 100352 ----a-w- c:\windows\system32\sspicli.dll
2013-05-06 18:23 . 2013-05-06 18:23 314880 ----a-w- c:\windows\system32\webio.dll
2013-05-06 18:23 . 2013-05-06 18:23 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-05-06 18:23 . 2013-05-06 18:23 1328128 ----a-w- c:\windows\system32\quartz.dll
2013-05-06 18:22 . 2013-05-06 18:22 67072 ----a-w- c:\windows\system32\packager.dll
2013-05-06 18:18 . 2013-05-06 18:18 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-06 18:18 . 2013-05-06 18:18 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-05-06 18:18 . 2013-05-06 18:18 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-05-06 18:18 . 2013-05-06 18:18 75776 ----a-w- c:\windows\system32\psisrndr.ax
2013-05-06 18:18 . 2013-05-06 18:18 465408 ----a-w- c:\windows\system32\psisdecd.dll
2013-05-06 18:17 . 2013-05-06 18:17 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-05-06 18:17 . 2013-05-06 18:17 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-05-06 18:15 . 2013-05-06 18:15 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2013-05-06 18:15 . 2013-05-06 18:15 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-05-06 18:15 . 2013-05-06 18:15 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-05-06 18:15 . 2013-05-06 18:15 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-05-06 18:15 . 2013-05-06 18:15 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-05-06 18:15 . 2013-05-06 18:15 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-05-06 18:15 . 2013-05-06 18:15 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-05-06 18:15 . 2013-05-06 18:15 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-05-06 18:15 . 2013-05-06 18:15 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-05-06 18:15 . 2013-05-06 18:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-05-06 18:15 . 2013-05-06 18:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-05-06 18:15 . 2013-05-06 18:15 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-05-06 18:14 . 2013-05-06 18:14 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2013-05-06 18:14 . 2013-05-06 18:14 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-05-06 18:14 . 2013-05-06 18:14 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-05-06 18:14 . 2013-05-06 18:14 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-05-06 18:14 . 2013-05-06 18:14 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-05-06 18:14 . 2013-05-06 18:14 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-05-06 18:14 . 2013-05-06 18:14 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-05-06 18:14 . 2013-05-06 18:14 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-05-06 18:14 . 2013-05-06 18:14 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-05-06 18:13 . 2013-05-06 18:13 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-05-06 18:13 . 2013-05-06 18:13 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-05-06 18:13 . 2013-05-06 18:13 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-05-06 18:13 . 2013-05-06 18:13 642048 ----a-w- c:\windows\system32\CPFilters.dll
2013-05-06 18:13 . 2013-05-06 18:13 850944 ----a-w- c:\windows\system32\sbe.dll
2013-05-06 18:13 . 2013-05-06 18:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2013-05-06 18:10 . 2012-04-18 10:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEFCACBB-3D76-4693-B014-A45021D1813A}\mpengine.dll
2013-05-06 18:10 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-05-06 18:06 . 2013-05-06 18:06 -------- d-----w- c:\program files\Microsoft.NET
2013-05-06 18:03 . 2008-10-27 17:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2013-05-06 17:59 . 2012-09-08 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2013-05-06 17:58 . 2013-01-09 07:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-06 17:58 . 2013-01-09 07:11 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 17:58 . 2013-05-06 17:58 -------- d-----w- c:\windows\system32\Macromed
2013-05-06 17:57 . 2012-10-02 08:00 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-06 17:53 . 2013-05-06 17:53 -------- d-----w- c:\program files\Sigmatel
2013-05-06 17:53 . 2007-09-13 19:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2013-05-06 17:53 . 2007-09-13 19:45 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2013-05-06 17:53 . 2007-04-10 22:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2013-01-15 08:06 . 2013-01-15 08:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-15 07:56 . 2013-01-15 07:56 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4967B27C-5695-4A57-9EF4-03221550C240}\MpKsl83802ac6.sys
2013-01-14 21:14 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4967B27C-5695-4A57-9EF4-03221550C240}\mpengine.dll
2013-01-14 20:45 . 2013-01-14 20:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-13 09:12 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-13 05:57 . 2013-01-14 20:26 -------- d-----w- C:\FRST
2013-01-09 04:44 . 2013-01-09 04:44 -------- d-----w- c:\windows\ERUNT
2013-01-09 04:43 . 2013-01-09 04:43 -------- d-----w- C:\JRT
2013-01-08 19:27 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 19:27 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-08 19:25 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 19:25 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 19:25 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 08:15 . 2013-01-08 08:15 -------- d-----w- c:\users\Laptop\AppData\Roaming\AVG2013
2013-01-08 08:14 . 2013-01-08 08:14 -------- d-----w- c:\users\Laptop\AppData\Roaming\TuneUp Software
2013-01-08 08:13 . 2013-01-08 08:13 -------- d-----w- c:\program files\AVG Secure Search
2013-01-08 08:11 . 2013-01-08 08:11 -------- d-----w- C:\$AVG
2013-01-08 08:11 . 2013-01-08 08:14 -------- d-----w- c:\programdata\AVG2013
2013-01-08 08:10 . 2013-01-08 08:10 -------- d-----w- c:\program files\AVG
2013-01-08 08:05 . 2013-01-15 03:02 -------- d-----w- c:\programdata\MFAData
2013-01-08 08:05 . 2013-01-08 08:39 -------- d-----w- c:\users\Laptop\AppData\Local\Avg2013
2013-01-08 08:05 . 2013-01-08 08:05 -------- d-----w- c:\users\Laptop\AppData\Local\MFAData
2013-01-07 22:56 . 2013-01-07 22:56 710504 ----a-w- c:\windows\is-N8156.exe
2013-01-07 22:50 . 2013-01-07 22:50 -------- d-----w- c:\users\Laptop\AppData\Roaming\WinPatrol
2013-01-07 22:50 . 2013-01-07 22:50 -------- d-----w- c:\program files\BillP Studios
2013-01-07 22:41 . 2013-01-07 22:41 -------- d-----w- c:\program files\Trend Micro
2013-01-07 04:20 . 2013-01-07 04:20 -------- d-----w- c:\users\Laptop\AppData\Local\Programs
2013-01-06 07:52 . 2013-01-08 08:19 -------- d-----w- c:\programdata\Yahoo!
2013-01-06 07:52 . 2013-01-08 08:19 -------- d-----w- c:\program files\Yahoo!
2013-01-06 07:52 . 2013-01-06 07:52 -------- d-----w- c:\programdata\Yahoo! Companion
2013-01-06 07:52 . 2013-01-06 07:52 -------- d-----w- c:\users\Laptop\AppData\Roaming\Yahoo!
2013-01-06 07:51 . 2013-01-06 07:51 -------- d-----w- c:\programdata\APN
2012-12-22 09:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:01 . 2012-12-22 09:01 -------- d-----w- c:\windows\CheckSur
2012-12-21 04:16 . 2012-12-21 04:16 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes
2012-12-21 04:16 . 2012-12-21 04:16 -------- d-----w- c:\programdata\Malwarebytes
2012-12-21 04:16 . 2013-01-09 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-21 04:16 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-21 03:48 . 2012-12-21 03:48 -------- d-----w- c:\program files\Enigma Software Group
2012-12-21 03:48 . 2012-12-21 03:53 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-21 03:48 . 2012-12-21 03:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-20 19:21 . 2012-12-20 19:21 -------- d-----w- c:\program files\Common Files\Adobe
2012-12-20 06:10 . 2013-01-09 02:04 -------- d-----w- c:\users\Laptop\AppData\Local\Spotify
2012-12-20 06:09 . 2013-01-09 09:25 -------- d-----w- c:\users\Laptop\AppData\Roaming\Spotify
2012-12-20 06:09 . 2012-12-20 06:09 -------- d-----w- c:\users\Laptop\AppData\Local\Deployment
2012-12-20 06:09 . 2012-12-20 06:09 -------- d-----w- c:\users\Laptop\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 08:13 . 2012-09-18 00:41 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-12-04 23:01 . 2012-12-04 23:01 63384 ----a-r- c:\users\Laptop\AppData\Roaming\Microsoft\Installer\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}\ARPPRODUCTICON.exe
2012-11-29 00:37 . 2012-11-29 00:38 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7ADA9222-6290-4C89-BD52-059D8345A852}\gapaengine.dll
2012-11-16 05:33 . 2012-11-16 05:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-14 02:09 . 2012-12-12 09:02 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 09:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 09:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 09:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 09:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 09:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-11 23:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-11 23:38 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-22 19:02 . 2012-10-22 19:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-08 1046984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 MpKsl83802ac6;MpKsl83802ac6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4967B27C-5695-4A57-9EF4-03221550C240}\MpKsl83802ac6.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [x]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL83802AC6
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 05:52 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 07:12]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-05 01:57]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-05 01:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\progra~2\INSTAL~1\{A62F9~1\Setup.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-15 02:08:42
ComboFix-quarantined-files.txt 2013-01-15 08:08
.
Pre-Run: 71,018,127,360 bytes free
Post-Run: 70,556,504,064 bytes free
.
- - End Of File - - DC0C7181046F52FE78F67D87C4EEFFF2

#8 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 15 January 2013 - 05:55 AM

this might have fixed my problem but IE still seems slower than it should.

#9 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 15 January 2013 - 08:30 AM

also what is your input on endpoint antivirus

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:47 AM

Posted 15 January 2013 - 06:33 PM

we still have more work to do, so stay with me.

I've never tried Endpoint Antivirus, so can't comment on how useful it is, I'm a big fan of Microsoft Security Essentials, it's excellent and free

please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 January 2013 - 12:00 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x86
Ran by Laptop on Tue 01/15/2013 at 19:44:16.59
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\fast free converter"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/15/2013 at 19:47:19.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]

1/15/2013 8:06:07 PM
mbam-log-2013-01-15 (20-06-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199874
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







C:\Program Files\Trend Micro\HijackThis\backups\backup-20130107-164336-199.dll a variant of Win32/Adware.Yontoo.A application
C:\Users\Laptop\AppData\Local\Temp\pkg_c1493e70\bitzipper2.exe probably a variant of Win32/InstallIQ application
C:\Users\Laptop\Downloads\BitZipper2013TrialSetupEn.exe a variant of Win32/InstallIQ application

#12 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 January 2013 - 01:39 PM

i guess i mistakenly forgot to post adwcleaner log so i had to run it again. i hope it didnt mess anything up we are trying to work on.




# AdwCleaner v2.105 - Logfile created 01/16/2013 at 12:33:12
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Laptop - LAPTOP-PC
# Boot Mode : Normal
# Running from : C:\Users\Laptop\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7418 octets] - [15/01/2013 19:52:35]
AdwCleaner[S2].txt - [791 octets] - [16/01/2013 12:33:12]

########## EOF - C:\AdwCleaner[S2].txt - [850 octets] ##########

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:47 AM

Posted 16 January 2013 - 06:18 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\Trend Micro\HijackThis\backups\backup-20130107-164336-199.dll 
C:\Users\Laptop\AppData\Local\Temp\pkg_c1493e70\bitzipper2.exe 
C:\Users\Laptop\Downloads\BitZipper2013TrialSetupEn.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.



NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 orion2x10

orion2x10
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 January 2013 - 11:40 PM

computer seems to be doing great now thank you.


ComboFix 13-01-16.01 - Laptop 01/16/2013 22:20:59.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.969 [GMT -6:00]
Running from: C:\Users\Laptop\Desktop\ComboFix.exe
Command switches used :: C:\Users\Laptop\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"C:\Program Files\Trend Micro\HijackThis\backups\backup-20130107-164336-199.dll"
"C:\Users\Laptop\AppData\Local\Temp\pkg_c1493e70\bitzipper2.exe"
"C:\Users\Laptop\Downloads\BitZipper2013TrialSetupEn.exe"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Trend Micro\HijackThis\backups\backup-20130107-164336-199.dll
C:\Users\Laptop\AppData\Local\Temp\pkg_c1493e70\bitzipper2.exe
C:\Users\Laptop\Downloads\BitZipper2013TrialSetupEn.exe
C:\Users\Laptop\HJTInstall.exe


((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))


2106-02-06 05:28:17 . 2002-07-25 07:07:36 614532 ----a-w- C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2013-05-06 18:40:02 . 2013-05-06 18:40:02 56176 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2013-05-06 18:39:38 . 2012-08-08 11:50:37 -------- d-----w- C:\Windows\Panther
2013-05-06 18:39:00 . 2013-05-06 18:39:00 -------- d-----w- C:\Windows\OEM
2013-05-06 18:39:00 . 2012-05-14 20:02:12 37 ----a-w- C:\DevMgr.bat
2013-05-06 18:38:48 . 2013-05-06 18:38:54 -------- d-----w- C:\Windows\ConfigSetRoot
2013-05-06 18:33:11 . 2013-05-06 18:33:11 1077248 ----a-w- C:\Windows\system32\DWrite.dll
2013-05-06 18:30:12 . 2013-05-06 18:30:12 989184 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-05-06 18:30:12 . 2013-05-06 18:30:12 969216 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-05-06 18:30:12 . 2013-05-06 18:30:12 1221632 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-05-06 18:30:11 . 2013-05-06 18:30:12 936960 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-05-06 18:27:43 . 2013-05-06 18:27:43 5120 ----a-w- C:\Windows\system32\wmi.dll
2013-05-06 18:27:43 . 2013-05-06 18:27:43 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2013-05-06 18:27:43 . 2013-05-06 18:27:43 159232 ----a-w- C:\Windows\system32\imagehlp.dll
2013-05-06 18:24:09 . 2013-05-06 18:24:09 826880 ----a-w- C:\Windows\system32\rdpcore.dll
2013-05-06 18:24:09 . 2013-05-06 18:24:09 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2013-05-06 18:23:51 . 2013-05-06 18:23:51 690688 ----a-w- C:\Windows\system32\msvcrt.dll
2013-05-06 18:23:38 . 2013-05-06 18:23:38 1288472 ----a-w- C:\Windows\system32\ntdll.dll
2013-05-06 18:23:18 . 2013-05-06 18:23:18 22528 ----a-w- C:\Windows\system32\lsass.exe
2013-05-06 18:23:18 . 2013-05-06 18:23:18 22016 ----a-w- C:\Windows\system32\secur32.dll
2013-05-06 18:23:18 . 2013-05-06 18:23:18 15872 ----a-w- C:\Windows\system32\sspisrv.dll
2013-05-06 18:23:18 . 2013-05-06 18:23:18 100352 ----a-w- C:\Windows\system32\sspicli.dll
2013-05-06 18:23:17 . 2013-05-06 18:23:17 314880 ----a-w- C:\Windows\system32\webio.dll
2013-05-06 18:23:00 . 2013-05-06 18:23:00 1328128 ----a-w- C:\Windows\system32\quartz.dll
2013-05-06 18:22:42 . 2013-05-06 18:22:42 67072 ----a-w- C:\Windows\system32\packager.dll
2013-05-06 18:18:37 . 2013-05-06 18:18:37 38912 ----a-w- C:\Windows\system32\csrsrv.dll
2013-05-06 18:18:28 . 2013-05-06 18:18:28 534528 ----a-w- C:\Windows\system32\EncDec.dll
2013-05-06 18:18:11 . 2013-05-06 18:18:11 708608 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-05-06 18:18:00 . 2013-05-06 18:18:00 75776 ----a-w- C:\Windows\system32\psisrndr.ax
2013-05-06 18:18:00 . 2013-05-06 18:18:00 465408 ----a-w- C:\Windows\system32\psisdecd.dll
2013-05-06 18:17:47 . 2013-05-06 18:17:47 233472 ----a-w- C:\Windows\system32\oleacc.dll
2013-05-06 18:17:46 . 2013-05-06 18:17:47 571904 ----a-w- C:\Windows\system32\oleaut32.dll
2013-05-06 18:15:54 . 2013-05-06 18:15:54 94208 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2013-05-06 18:15:54 . 2013-05-06 18:15:54 86016 ----a-w- C:\Windows\system32\odbccu32.dll
2013-05-06 18:15:54 . 2013-05-06 18:15:54 81920 ----a-w- C:\Windows\system32\odbccr32.dll
2013-05-06 18:15:54 . 2013-05-06 18:15:54 319488 ----a-w- C:\Windows\system32\odbcjt32.dll
2013-05-06 18:15:54 . 2013-05-06 18:15:54 163840 ----a-w- C:\Windows\system32\odbctrac.dll
2013-05-06 18:15:54 . 2013-05-06 18:15:54 122880 ----a-w- C:\Windows\system32\odbccp32.dll
2013-05-06 18:15:20 . 2013-05-06 18:15:20 96768 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2013-05-06 18:15:20 . 2013-05-06 18:15:20 223744 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2013-05-06 18:15:20 . 2013-05-06 18:15:20 123904 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2013-05-06 18:15:11 . 2013-05-06 18:15:11 60416 ----a-w- C:\Windows\system32\drivers\BTHUSB.SYS
2013-05-06 18:15:02 . 2013-05-06 18:15:02 293376 ----a-w- C:\Windows\system32\umpnpmgr.dll
2013-05-06 18:14:54 . 2013-05-06 18:14:54 311808 ----a-w- C:\Windows\system32\drivers\srv.sys
2013-05-06 18:14:54 . 2013-05-06 18:14:54 310272 ----a-w- C:\Windows\system32\drivers\srv2.sys
2013-05-06 18:14:54 . 2013-05-06 18:14:54 114688 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2013-05-06 18:14:42 . 2013-05-06 18:14:42 338944 ----a-w- C:\Windows\system32\drivers\afd.sys
2013-05-06 18:14:33 . 2013-05-06 18:14:34 741376 ----a-w- C:\Windows\system32\inetcomm.dll
2013-05-06 18:14:24 . 2013-05-06 18:14:24 28672 ----a-w- C:\Windows\system32\dnscacheugc.exe
2013-05-06 18:14:24 . 2013-05-06 18:14:24 132608 ----a-w- C:\Windows\system32\dnsrslvr.dll
2013-05-06 18:14:15 . 2013-05-06 18:14:15 70656 ----a-w- C:\Windows\system32\fontsub.dll
2013-05-06 18:14:07 . 2013-05-06 18:14:07 191488 ----a-w- C:\Windows\system32\FXSCOVER.exe
2013-05-06 18:13:59 . 2013-05-06 18:13:59 69632 ----a-w- C:\Windows\system32\drivers\bowser.sys
2013-05-06 18:13:49 . 2013-05-06 18:13:49 1164288 ----a-w- C:\Windows\system32\mfc42u.dll
2013-05-06 18:13:49 . 2013-05-06 18:13:49 1137664 ----a-w- C:\Windows\system32\mfc42.dll
2013-05-06 18:13:42 . 2013-05-06 18:13:42 642048 ----a-w- C:\Windows\system32\CPFilters.dll
2013-05-06 18:13:41 . 2013-05-06 18:13:41 850944 ----a-w- C:\Windows\system32\sbe.dll
2013-05-06 18:13:41 . 2013-05-06 18:13:41 199680 ----a-w- C:\Windows\system32\mpg2splt.ax
2013-05-06 18:10:47 . 2012-04-18 10:06:48 6734704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EEFCACBB-3D76-4693-B014-A45021D1813A}\mpengine.dll
2013-05-06 18:10:21 . 2012-01-31 12:44:05 237072 ------w- C:\Windows\system32\MpSigStub.exe
2013-05-06 18:03:58 . 2008-10-27 17:04:18 514384 ----a-w- C:\Windows\system32\XAudio2_3.dll
2013-05-06 17:59:02 . 2012-09-08 18:44:30 -------- d-----w- C:\Program Files\Microsoft Silverlight
2013-05-06 17:58:46 . 2013-01-09 07:11:59 697864 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-05-06 17:58:45 . 2013-01-09 07:11:59 74248 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 17:58:44 . 2013-05-06 17:58:44 -------- d-----w- C:\Windows\system32\Macromed
2013-05-06 17:57:44 . 2012-10-02 08:00:59 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-05-06 17:53:03 . 2013-05-06 17:53:03 -------- d-----w- C:\Program Files\Sigmatel
2013-05-06 17:53:03 . 2007-09-13 19:45:38 102400 ----a-w- C:\Windows\system32\stacsv.exe
2013-05-06 17:53:03 . 2007-09-13 19:45:16 4947968 ----a-w- C:\Windows\system32\stacgui.cpl
2013-05-06 17:53:03 . 2007-04-10 22:02:00 1601536 ----a-w- C:\Windows\system32\stlang.dll
2013-01-17 04:28:07 . 2013-01-17 04:28:07 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-01-16 19:08:11 . 2001-10-28 22:42:30 116224 ----a-w- C:\Windows\system32\pdfcmnnt.dll
2013-01-16 19:08:11 . 1998-06-24 06:00:00 137000 ----a-w- C:\Windows\system32\MSMAPI32.OCX
2013-01-16 19:08:09 . 2013-01-16 19:08:23 -------- d-----w- C:\Program Files\PDFCreator
2013-01-16 19:08:09 . 1998-07-06 06:00:00 23552 ----a-w- C:\Windows\system32\MSMPIDE.DLL
2013-01-16 03:40:01 . 2013-01-16 03:40:01 -------- d-----w- C:\Program Files\ESET
2013-01-16 02:06:52 . 2013-01-08 04:57:31 6991832 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22EB091A-B1E4-4ED9-9E00-5057B5352ECE}\mpengine.dll
2013-01-15 14:17:17 . 2013-01-15 14:20:50 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Audacity
2013-01-15 14:08:17 . 2013-01-15 14:08:17 -------- d-----w- C:\Users\Laptop\AppData\Roaming\OpenOffice.org
2013-01-15 14:06:07 . 2013-01-15 14:06:16 -------- d-----w- C:\Program Files\OpenOffice.org 3
2013-01-15 13:56:31 . 2013-01-15 13:56:43 -------- d-----w- C:\Program Files\Audacity
2013-01-15 13:01:10 . 2013-01-15 13:01:10 -------- d-----w- C:\Program Files\VS Revo Group
2013-01-15 12:55:50 . 2013-01-15 13:03:44 -------- d-----w- C:\Users\Laptop\AppData\Roaming\BitZipper
2013-01-15 11:56:55 . 2013-01-15 11:56:55 -------- d-----w- C:\Program Files\Microsoft
2013-01-15 11:56:06 . 2013-01-15 11:56:06 -------- d-----w- C:\Program Files\CONEXANT
2013-01-15 11:53:49 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2013-01-15 11:53:49 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2013-01-15 11:53:49 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2013-01-15 11:52:57 . 2012-07-26 02:33:43 66560 ----a-w- C:\Windows\system32\drivers\WUDFPf.sys
2013-01-15 11:52:57 . 2012-07-26 02:32:51 155136 ----a-w- C:\Windows\system32\drivers\WUDFRd.sys
2013-01-15 11:52:55 . 2012-07-26 03:20:40 73216 ----a-w- C:\Windows\system32\WUDFSvc.dll
2013-01-15 11:52:54 . 2012-07-26 03:20:40 172032 ----a-w- C:\Windows\system32\WUDFPlatform.dll
2013-01-15 11:52:52 . 2012-07-26 03:21:03 196608 ----a-w- C:\Windows\system32\WUDFHost.exe
2013-01-15 11:52:52 . 2012-07-26 03:20:40 613888 ----a-w- C:\Windows\system32\WUDFx.dll
2013-01-15 11:52:52 . 2012-07-26 03:20:40 38912 ----a-w- C:\Windows\system32\WUDFCoinstaller.dll
2013-01-15 11:35:13 . 2011-02-18 05:39:44 31232 ----a-w- C:\Windows\system32\prevhost.exe
2013-01-15 11:35:07 . 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\system32\ntshrui.dll
2013-01-15 11:35:04 . 2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\explorer.exe
2013-01-15 11:33:49 . 2012-11-30 04:47:45 293376 ----a-w- C:\Windows\system32\KernelBase.dll
2013-01-15 11:32:56 . 2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\system32\esent.dll
2013-01-15 11:28:43 . 2011-02-19 06:30:54 805376 ----a-w- C:\Windows\system32\FntCache.dll
2013-01-15 11:28:42 . 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\system32\d2d1.dll
2013-01-15 11:25:46 . 2011-02-03 05:54:43 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2013-01-15 08:12:18 . 2012-11-08 18:00:47 6812136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-14 20:45:31 . 2013-01-14 20:45:31 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-13 05:57:59 . 2013-01-14 20:26:36 -------- d-----w- C:\FRST
2013-01-09 04:44:44 . 2013-01-09 04:44:44 -------- d-----w- C:\Windows\ERUNT
2013-01-09 04:43:51 . 2013-01-16 01:43:49 -------- d-----w- C:\JRT
2013-01-08 19:27:33 . 2012-11-23 02:56:23 2345984 ----a-w- C:\Windows\system32\win32k.sys
2013-01-08 19:27:26 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\system32\win32spl.dll
2013-01-08 19:25:53 . 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\system32\msxml6.dll
2013-01-08 19:25:18 . 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\system32\ncrypt.dll
2013-01-08 19:25:15 . 2012-11-23 02:48:41 49152 ----a-w- C:\Windows\system32\taskhost.exe
2013-01-08 08:15:48 . 2013-01-08 08:15:48 -------- d-----w- C:\Users\Laptop\AppData\Roaming\AVG2013
2013-01-08 08:14:22 . 2013-01-08 08:14:22 -------- d-----w- C:\Users\Laptop\AppData\Roaming\TuneUp Software
2013-01-08 08:11:06 . 2013-01-08 08:11:06 -------- d-----w- C:\$AVG
2013-01-08 08:11:05 . 2013-01-08 08:14:58 -------- d-----w- C:\ProgramData\AVG2013
2013-01-08 08:10:07 . 2013-01-08 08:10:07 -------- d-----w- C:\Program Files\AVG
2013-01-08 08:05:31 . 2013-01-17 04:13:12 -------- d-----w- C:\ProgramData\MFAData
2013-01-08 08:05:31 . 2013-01-08 08:39:19 -------- d-----w- C:\Users\Laptop\AppData\Local\Avg2013
2013-01-08 08:05:31 . 2013-01-08 08:05:31 -------- d-----w- C:\Users\Laptop\AppData\Local\MFAData
2013-01-07 22:56:48 . 2013-01-07 22:56:48 710504 ----a-w- C:\Windows\is-N8156.exe
2013-01-07 22:50:13 . 2013-01-15 12:33:42 -------- d-----w- C:\Users\Laptop\AppData\Roaming\WinPatrol
2013-01-07 22:50:03 . 2013-01-07 22:50:03 -------- d-----w- C:\Program Files\BillP Studios
2013-01-07 22:41:03 . 2013-01-07 22:41:03 -------- d-----w- C:\Program Files\Trend Micro


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-08 08:13:20 . 2012-09-18 00:41:43 26984 ----a-w- C:\Windows\system32\drivers\avgtpx86.sys
2012-12-04 23:01:17 . 2012-12-04 23:01:17 63384 ----a-r- C:\Users\Laptop\AppData\Roaming\Microsoft\Installer\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}\ARPPRODUCTICON.exe
2012-11-29 00:37:42 . 2012-11-29 00:38:37 740840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7ADA9222-6290-4C89-BD52-059D8345A852}\gapaengine.dll
2012-11-16 05:33:26 . 2012-11-16 05:33:26 94048 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2012-11-14 02:09:22 . 2012-12-12 09:02:44 1800704 ----a-w- C:\Windows\system32\jscript9.dll
2012-11-14 01:58:15 . 2012-12-12 09:02:42 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-11-14 01:57:37 . 2012-12-12 09:02:45 1129472 ----a-w- C:\Windows\system32\wininet.dll
2012-11-14 01:49:25 . 2012-12-12 09:02:46 142848 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-11-14 01:48:27 . 2012-12-12 09:02:47 420864 ----a-w- C:\Windows\system32\vbscript.dll
2012-11-14 01:44:42 . 2012-12-12 09:02:48 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-11-09 04:42:49 . 2012-12-11 23:38:15 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-11-02 05:11:31 . 2012-12-11 23:38:20 376832 ----a-w- C:\Windows\system32\dpnet.dll
2012-10-22 19:02:46 . 2012-10-22 19:02:46 179936 ----a-w- C:\Windows\system32\drivers\avgidsdriverx.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 21:29:41 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 19:44:48 405504]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 22:19:44 947176]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 02:43:34 926896]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 21:21:22 404712]
"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe" [2012-12-11 09:52:44 3147384]

C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2013\avgidsagent.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;C:\Windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;C:\Windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;C:\Windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx86.sys [x]
S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2013\avgwdsvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MotoHelper;MotoHelper Service;C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [x]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 05:52:13 1606760 ----a-w- C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

Contents of the 'Scheduled Tasks' folder

2013-01-17 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 17:58:46 . 2013-01-09 07:12:03]

2013-01-17 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-05 01:57:53 . 2012-12-05 01:57:50]

2013-01-17 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-05 01:57:53 . 2012-12-05 01:57:50]


------- Supplementary Scan -------

uStart Page = hxxp://msn.com/
TCP: DhcpNameServer = 192.168.2.1

- - - - ORPHANS REMOVED - - - -

HKLM-Run-vProt - C:\Program Files\AVG Secure Search\vprot.exe

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:47 AM

Posted 17 January 2013 - 07:16 PM

It appears half of the log was cut off if you could please repost it

also, the log shows you have two antivirus products installed:

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

Having more than one antivirus can cause system slowdowns, conflicts and crashes.

I suggest uninstalling AVG, use the AVG removal tool

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

please let me know if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users