Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit


  • This topic is locked This topic is locked
24 replies to this topic

#1 krazyistkarl

krazyistkarl

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 01 May 2013 - 11:47 PM

Hi, I was trying to remove privitizeVPN and was told I was infected with ZeroAccess rootkit.

 

here is the DDS logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2

Run by Karl at 22:32:22 on 2013-05-01

Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.7639.5851 [GMT -6:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\dwm.exe

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

C:\windows\system32\lxebcoms.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\dashost.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\windows\system32\taskhostex.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

C:\windows\Explorer.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files (x86)\Samsung\Settings\sSettings.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Samsung\S Agent\CommonAgent.exe

C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\system32\vssvc.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12

uDefault_Page_URL = hxxp://samsung13.msn.com

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Z1] cmd /c "C:\Users\Karl\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

dRunOnce: [Application Restart #2] C:\Program Files (x86)\Samsung\Settings\CmdServer\VendorAPIRun64.exe /info /RestartByRestartManager:CA0787A3-78FF-43ca-BE43-8E4FE9816C3B

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.43.1

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772} : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\2375942554234333 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\2375942554234333 : DHCPNameServer = 172.16.1.254

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\25F6E6E697F546F6262637D2368627963747D616376656675627 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\25F6E6E697F546F6262637D2368627963747D616376656675627 : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\3516D6563757E62416E66666 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\3516D6563757E62416E66666 : DHCPNameServer = 192.168.180.1

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\841627163797E6 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{4875BE79-F449-4F9A-9944-12B1554EA772}\841627163797E6 : DHCPNameServer = 172.16.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"

x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-mPolicies-System: DisableCAD = dword:1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\

FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12

FF - prefs.js: network.proxy.ftp - 198.154.114.100

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.http - 198.154.114.100

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 198.154.114.100

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 198.154.114.100

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 2

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-03-22 14:20; mediahint@jetpack; C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\extensions\mediahint@jetpack.xpi

FF - ExtSQL: 2013-04-08 21:25; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi

FF - ExtSQL: 2013-04-09 00:26; adblockpopups@jessehakanen.net; C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\extensions\adblockpopups@jessehakanen.net.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2012-12-19 79528]

R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2012-12-19 26280]

R1 avkmgr;avkmgr;C:\windows\System32\Drivers\avkmgr.sys [2013-4-18 28600]

R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-12-21 168608]

R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-12-21 92536]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-19 239616]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-18 86752]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-18 110816]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584]

R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]

R2 avgntflt;avgntflt;C:\windows\System32\Drivers\avgntflt.sys [2013-4-18 100712]

R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-8-26 1593976]

R2 iPodDrv;iPodDrv;C:\windows\System32\Drivers\iPodDrv.sys [2012-12-20 14952]

R2 lxeb_device;lxeb_device;C:\windows\System32\lxebcoms.exe -service --> C:\windows\System32\lxebcoms.exe -service [?]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-4-18 1153368]

R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-12-27 2879176]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-10 323584]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-12-21 88728]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-12-19 98472]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-12-21 344216]

R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-12-21 114840]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-12-21 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-12-21 178840]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-12-21 76952]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-12-21 135832]

R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-12-21 567808]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-12-21 313712]

R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-12-21 23408]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-8-28 683664]

R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-12-19 57000]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-4-29 1431888]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-05-02 01:20:54        --------   d-----w-                C:\Users\Karl\AppData\Roaming\Malwarebytes

2013-05-02 01:18:07        --------   d-----w-                C:\ProgramData\Malwarebytes

2013-05-02 01:18:06        25928    ----a-w-                C:\windows\System32\drivers\mbam.sys

2013-05-02 01:18:06        --------   d-----w-                C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-01 21:28:30        101         ----a-w-                C:\windows\DeleteOnReboot.bat

2013-05-01 04:57:51        --------   d-----w-                C:\Users\Karl\AppData\Roaming\WebApp

2013-04-30 04:53:29        --------   d-----w-                C:\Users\Karl\AppData\Local\cache

2013-04-30 04:32:03        --------   d-----w-                C:\Program Files\Common Files\Macrovision Shared

2013-04-30 04:29:02        --------   d-----w-                C:\Users\Karl\AppData\Local\Autodesk

2013-04-30 04:29:02        --------   d-----w-                C:\Program Files\Common Files\Autodesk Shared

2013-04-30 04:29:02        --------   d-----w-                C:\Program Files\Autodesk

2013-04-30 04:28:24        --------   d-----w-                C:\Program Files (x86)\Autodesk

2013-04-30 04:27:08        --------   d-----w-                C:\Program Files (x86)\Common Files\Autodesk Shared

2013-04-30 03:43:13        --------   d--h--w-               C:\windows\msdownld.tmp

2013-04-30 03:42:54        --------   d-----w-                C:\windows\SysWow64\directx

2013-04-30 02:24:21        2582888                ----a-w-                C:\windows\System32\D3DCompiler_42.dll

2013-04-30 02:24:21        1974616                ----a-w-                C:\windows\SysWow64\D3DCompiler_42.dll

2013-04-30 02:24:20        523088  ----a-w-                C:\windows\System32\d3dx10_42.dll

2013-04-30 02:24:20        453456  ----a-w-                C:\windows\SysWow64\d3dx10_42.dll

2013-04-30 02:24:20        285024  ----a-w-                C:\windows\System32\d3dx11_42.dll

2013-04-30 02:24:20        235344  ----a-w-                C:\windows\SysWow64\d3dx11_42.dll

2013-04-30 02:24:19        2475352                ----a-w-                C:\windows\System32\D3DX9_42.dll

2013-04-30 02:24:18        1892184                ----a-w-                C:\windows\SysWow64\D3DX9_42.dll

2013-04-30 02:03:51        --------   d-----w-                C:\Users\Karl\AppData\Roaming\Autodesk

2013-04-30 01:56:40        --------   d-----w-                C:\Autodesk

2013-04-18 19:12:20        --------   d-----w-                C:\Users\Karl\AppData\Roaming\Avira

2013-04-18 19:07:55        --------   d-----w-                C:\ProgramData\Spybot - Search & Destroy

2013-04-18 19:07:55        --------   d-----w-                C:\Program Files (x86)\Spybot - Search & Destroy

2013-04-18 19:07:35        28600    ----a-w-                C:\windows\System32\drivers\avkmgr.sys

2013-04-18 19:07:35        100712  ----a-w-                C:\windows\System32\drivers\avgntflt.sys

2013-04-18 19:07:32        --------   d-----w-                C:\ProgramData\Avira

2013-04-18 19:07:32        --------   d-----w-                C:\Program Files (x86)\Avira

2013-04-18 19:02:28        9317456                ----a-w-                C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43C61C87-069C-4D7C-B460-B361B113B3C4}\mpengine.dll

2013-04-18 05:53:22        9311288                ----a-w-                C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-04-14 18:10:54        --------   d-----w-                C:\windows\LastGood.Tmp

2013-04-14 08:38:23        --------   d-----w-                C:\Samsung Galaxy S3 ToolKit

2013-04-14 04:01:07        375808  ----a-w-                C:\windows\SysWow64\ReAgent.dll

2013-04-14 04:01:07        1011200                ----a-w-                C:\windows\System32\reseteng.dll

2013-04-14 03:31:29        78176    ----a-w-                C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 03:31:28        692576  ----a-w-                C:\windows\SysWow64\FlashPlayerApp.exe

2013-04-12 16:19:59        811928  ----a-w-                C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2013-04-12 02:29:59        893952  ----a-w-                C:\windows\SysWow64\winmde.dll

2013-04-10 21:44:49        4041728                ----a-w-                C:\windows\System32\win32k.sys

2013-04-10 21:44:47        6991592                ----a-w-                C:\windows\System32\ntoskrnl.exe

.

==================== Find3M  ====================

.

2013-04-02 10:34:28        282744  ------w- C:\windows\System32\MpSigStub.exe

2013-03-14 21:55:34        95648    ----a-w-                C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-14 21:55:27        861088  ----a-w-                C:\windows\SysWow64\npDeployJava1.dll

2013-03-14 21:55:27        782240  ----a-w-                C:\windows\SysWow64\deployJava1.dll

2013-03-02 10:57:48        337128  ----a-w-                C:\windows\System32\drivers\USBXHCI.SYS

2013-03-02 10:57:46        77544    ----a-w-                C:\windows\System32\drivers\storahci.sys

2013-03-02 10:57:46        332520  ----a-w-                C:\windows\System32\drivers\storport.sys

2013-03-02 10:57:46        283880  ----a-w-                C:\windows\System32\drivers\spaceport.sys

2013-03-02 10:45:20        148712  ----a-w-                C:\windows\System32\drivers\tpm.sys

2013-03-02 10:45:19        194792  ----a-w-                C:\windows\System32\drivers\sdbus.sys

2013-03-02 10:45:10        125160  ----a-w-                C:\windows\System32\drivers\dumpsd.sys

2013-03-02 10:39:39        495336  ----a-w-                C:\windows\System32\drivers\vhdmp.sys

2013-03-02 10:39:38        69864    ----a-w-                C:\windows\System32\drivers\pdc.sys

2013-03-02 10:39:32        327912  ----a-w-                C:\windows\System32\drivers\Classpnp.sys

2013-03-02 09:59:37        2231528                ----a-w-                C:\windows\System32\drivers\tcpip.sys

2013-03-02 09:59:36        411880  ----a-w-                C:\windows\System32\drivers\FWPKCLNT.SYS

2013-03-02 08:24:08        34304    ----a-w-                C:\windows\SysWow64\wuapp.exe

2013-03-02 08:23:43        83968    ----a-w-                C:\windows\SysWow64\wudriver.dll

2013-03-02 08:23:43        125952  ----a-w-                C:\windows\SysWow64\wuwebv.dll

2013-03-02 08:23:30        1338880                ----a-w-                C:\windows\SysWow64\WindowsCodecs.dll

2013-03-02 08:23:28        601088  ----a-w-                C:\windows\SysWow64\Windows.Globalization.dll

2013-03-02 08:23:28        504320  ----a-w-                C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

2013-03-02 08:23:19        8857088                ----a-w-                C:\windows\SysWow64\twinui.dll

2013-03-02 08:23:19        246784  ----a-w-                C:\windows\SysWow64\ubpm.dll

2013-03-02 08:23:04        356352  ----a-w-                C:\windows\SysWow64\SettingSync.dll

2013-03-02 08:23:04        100864  ----a-w-                C:\windows\SysWow64\SettingSyncInfo.dll

2013-03-02 08:22:36        357888  ----a-w-                C:\windows\SysWow64\netcfgx.dll

2013-03-02 08:22:32        5091840                ----a-w-                C:\windows\SysWow64\mstscax.dll

2013-03-02 08:22:18        361984  ----a-w-                C:\windows\SysWow64\MFMediaEngine.dll

2013-03-02 08:22:17        850944  ----a-w-                C:\windows\SysWow64\mfasfsrcsnk.dll

2013-03-02 08:21:56        550912  ----a-w-                C:\windows\SysWow64\drvstore.dll

2013-03-02 08:21:52        36352    ----a-w-                C:\windows\SysWow64\DevDispItemProvider.dll

2013-03-02 08:21:40        309760  ----a-w-                C:\windows\SysWow64\BCP47Langs.dll

2013-03-02 08:21:39        2033664                ----a-w-                C:\windows\SysWow64\authui.dll

2013-03-02 08:21:32        145408  ----a-w-                C:\windows\SysWow64\powercfg.cpl

2013-03-02 02:44:59        448512  ----a-w-                C:\windows\System32\SettingSync.dll

2013-03-02 02:44:59        128512  ----a-w-                C:\windows\System32\SettingSyncInfo.dll

2013-03-02 02:44:41        455168  ----a-w-                C:\windows\System32\netcfgx.dll

2013-03-02 02:44:41        117248  ----a-w-                C:\windows\System32\NdisImPlatform.dll

2013-03-02 02:44:38        5978624                ----a-w-                C:\windows\System32\mstscax.dll

2013-03-02 02:44:30        468992  ----a-w-                C:\windows\System32\MFMediaEngine.dll

2013-03-02 02:44:29        1048576                ----a-w-                C:\windows\System32\mfasfsrcsnk.dll

2013-03-02 02:44:08        703488  ----a-w-                C:\windows\System32\drvstore.dll

2013-03-02 02:44:07        150016  ----a-w-                C:\windows\System32\discan.dll

2013-03-02 02:44:05        49152    ----a-w-                C:\windows\System32\DevDispItemProvider.dll

2013-03-02 02:43:59        1933312                ----a-w-                C:\windows\System32\wbem\cimwin32.dll

2013-03-02 02:43:56        389120  ----a-w-                C:\windows\System32\BCP47Langs.dll

2013-03-02 02:43:55        2302464                ----a-w-                C:\windows\System32\authui.dll

2013-03-02 02:43:51        2146304                ----a-w-                C:\windows\System32\actxprxy.dll

2013-03-02 02:43:50        156160  ----a-w-                C:\windows\System32\powercfg.cpl

2013-03-02 02:15:53        26112    ----a-w-                C:\windows\System32\drivers\mouhid.sys

2013-03-01 04:56:33        156672  ----a-w-                C:\windows\System32\drivers\rfcomm.sys

2013-03-01 04:56:18        30720    ----a-w-                C:\windows\System32\drivers\monitor.sys

2013-03-01 04:55:37        1175040                ----a-w-                C:\windows\System32\drivers\bthport.sys

2013-02-21 22:59:08        2063240                ----a-w-                C:\ProgramData\MakeMarkerFile.exe

2013-02-21 10:30:16        1766912                ----a-w-                C:\windows\SysWow64\wininet.dll

2013-02-21 10:29:39        2877440                ----a-w-                C:\windows\SysWow64\jscript9.dll

2013-02-21 10:29:37        61440    ----a-w-                C:\windows\SysWow64\iesetup.dll

2013-02-21 10:29:37        109056  ----a-w-                C:\windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07        2240512                ----a-w-                C:\windows\System32\wininet.dll

2013-02-21 10:15:00        915968  ----a-w-                C:\windows\System32\uxtheme.dll

2013-02-21 10:14:09        3958784                ----a-w-                C:\windows\System32\jscript9.dll

2013-02-21 10:14:05        136704  ----a-w-                C:\windows\System32\iesysprep.dll

2013-02-19 09:53:00        534528  ----a-w-                C:\windows\SysWow64\uxtheme.dll

2013-02-15 07:58:59        39936    ----a-w-                C:\windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40        444416  ----a-w-                C:\windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04        44032    ----a-w-                C:\windows\SysWow64\UXInit.dll

2013-02-12 00:56:19        53760    ----a-w-                C:\windows\System32\UXInit.dll

2013-02-12 00:17:50        20992    ----a-w-                C:\windows\System32\drivers\usb8023.sys

2013-02-07 01:33:01        754176  ----a-w-                C:\windows\SysWow64\actxprxy.dll

2013-02-06 13:42:10        203544  ----a-w-                C:\windows\System32\drivers\ssudmdm.sys

2013-02-06 13:42:08        102936  ----a-w-                C:\windows\System32\drivers\ssudbus.sys

2013-02-05 22:31:11        622080  ----a-w-                C:\windows\System32\drivers\srv2.sys

2013-02-05 22:29:09        370688  ----a-w-                C:\windows\System32\drivers\mrxsmb.sys

2013-02-05 22:28:48        247808  ----a-w-                C:\windows\System32\drivers\srvnet.sys

2013-02-05 22:28:36        215552  ----a-w-                C:\windows\System32\drivers\mrxsmb20.sys

2013-02-02 11:19:44        496872  ----a-w-                C:\windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44        446184  ----a-w-                C:\windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:33        61672    ----a-w-                C:\windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54        1933544                ----a-w-                C:\windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54        993512  ----a-w-                C:\windows\System32\drivers\ndis.sys

2013-02-02 09:42:07        2207232                ----a-w-                C:\windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58        375808  ----a-w-                C:\windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55        80896    ----a-w-                C:\windows\SysWow64\tasklist.exe

2013-02-02 08:40:55        79360    ----a-w-                C:\windows\SysWow64\taskkill.exe

2013-02-02 08:40:36        155136  ----a-w-                C:\windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35        370688  ----a-w-                C:\windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27        131072  ----a-w-                C:\windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26        410624  ----a-w-                C:\windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22        197632  ----a-w-                C:\windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22        10792448             ----a-w-                C:\windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:39:59        325632  ----a-w-                C:\windows\SysWow64\schannel.dll

2013-02-02 08:39:47        18432    ----a-w-                C:\windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34        55296    ----a-w-                C:\windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34        15872    ----a-w-                C:\windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34        12288    ----a-w-                C:\windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33        115712  ----a-w-                C:\windows\SysWow64\netprofm.dll

2013-02-02 08:39:15        157696  ----a-w-                C:\windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54        567808  ----a-w-                C:\windows\SysWow64\duser.dll

2013-02-02 08:24:19        107520  ----a-w-                C:\windows\System32\taskkill.exe

.

============= FINISH: 22:33:57.14 ===============

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 02 May 2013 - 07:59 PM


Hello krazyistkarl

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 03 May 2013 - 02:29 AM

hi Gringo, here are the logs

Results of screen317's Security Check version 0.99.63 

   x64 (UAC is enabled) 

 Internet Explorer 9 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

Avira Desktop     

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 Spybot - Search & Destroy

 Malwarebytes Anti-Malware version 1.75.0.1300 

 Java 7 Update 21 

 Adobe Flash Player        11.6.602.180 

 Adobe Reader 10.1.6 Adobe Reader out of Date! 

 Mozilla Firefox (20.0.1)

 Google Chrome 26.0.1410.43 

 Google Chrome 26.0.1410.64 

````````Process Check: objlist.exe by Laurent```````` 

 Avira Antivir avgnt.exe

 Avira Antivir avguard.exe

 Symantec Norton Online Backup NOBuAgent.exe 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````

 

 

 

 

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 01:08:36

# Updated 28/04/2013 by Xplode

# Operating system : Windows 8  (64 bits)

# User : Karl - KARL

# Boot Mode : Normal

# Running from : C:\Users\Karl\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\ProgramData\boost_interprocess

 

***** [Registry] *****

 

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

File : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v26.0.1410.64

 

File : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [14050 octets] - [01/05/2013 00:11:22]

AdwCleaner[R2].txt - [1196 octets] - [03/05/2013 01:06:14]

AdwCleaner[S1].txt - [287 octets] - [30/04/2013 23:21:35]

AdwCleaner[S2].txt - [287 octets] - [01/05/2013 00:14:23]

AdwCleaner[S3].txt - [14602 octets] - [01/05/2013 15:28:56]

AdwCleaner[S4].txt - [1133 octets] - [03/05/2013 01:08:36]

 

########## EOF - C:\AdwCleaner[S4].txt - [1193 octets] ##########

 

 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Karl [Admin rights]

Mode : Remove -- Date : 05/03/2013 01:27:14

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST1000LM 024 HN-M101MBB SATA Disk Device +++++

--- User ---

[MBR] 31ab48b35f16c735b2ffb89867937f8b

[BSP] 25b73c7bc708bf1000f854c4084ac5d6 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2]_D_05032013_02d0127.txt >>

RKreport[1]_S_05032013_02d0124.txt ; RKreport[2]_D_05032013_02d0127.txt



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 03 May 2013 - 07:16 AM


Hello krazyistkarl

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 07 May 2013 - 01:37 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 07 May 2013 - 08:24 PM

Hi Gringo, sorry I fell off the page for a few days.

I tried downloading and running combofix but it said it was not compatible with my operating system (windows 8)



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 07 May 2013 - 08:41 PM


Hello krazyistkarl

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
  • Second Type the following in the edit box after "Search:". services.exe
  • Click the Search button
  • It will make a log (Search.txt)
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 09 May 2013 - 07:21 PM

I asume after running the tool I reboot into windows, and now I cant find the logs



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 09 May 2013 - 08:33 PM

look on the pen drive and see if it is there if not try to run it again please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 10 May 2013 - 01:19 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by SYSTEM on 09-05-2013 17:59:04
Running from G:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13191312 2012-12-21] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2862448 2012-12-21] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Karl\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Karl\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\Karl\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-18] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 lxeb_device; C:\windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2879176 2012-12-27] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-12-19] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-12-21] (Windows ® Win 7 DDK provider)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
S1 avipbb; \SystemRoot\system32\DRIVERS\avipbb.sys [x]
S1 avkmgr; \SystemRoot\system32\DRIVERS\avkmgr.sys [x]
S1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [x]
S3 SBIOSIO; \??\C:\Users\Karl\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-09 17:58 - 2013-05-09 17:58 - 00000000 ____D C:\FRST
2013-05-07 19:51 - 2013-05-07 19:51 - 01874784 ____A (Farbar) C:\Users\Karl\Desktop\FRST64.exe
2013-05-07 17:23 - 2013-05-07 17:23 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-07 17:19 - 2013-05-07 17:20 - 05067045 ____A (Swearware) C:\Users\Karl\Downloads\ComboFix.exe
2013-05-02 23:27 - 2013-05-02 23:27 - 00001340 ____A C:\Users\Karl\Desktop\RKreport[2]_D_05032013_02d0127.txt
2013-05-02 23:24 - 2013-05-02 23:24 - 00001287 ____A C:\Users\Karl\Desktop\RKreport[1]_S_05032013_02d0124.txt
2013-05-02 23:12 - 2013-05-02 23:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-02 23:09 - 2013-05-02 23:09 - 00001262 ____A C:\AdwCleaner[S4].txt
2013-05-02 23:06 - 2013-05-02 23:06 - 00001196 ____A C:\AdwCleaner[R2].txt
2013-05-01 23:17 - 2013-05-01 23:17 - 00003926 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-01 23:17 - 2013-04-04 03:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-01 23:17 - 2013-04-04 03:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-01 23:17 - 2013-04-04 03:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-01 20:43 - 2013-05-01 20:43 - 00026470 ____A C:\Users\Karl\Desktop\DDSzeroaccess.txt
2013-05-01 20:34 - 2013-05-01 20:34 - 00006747 ____A C:\Users\Karl\Desktop\attach.txt
2013-05-01 20:34 - 2013-05-01 20:33 - 00026470 ____A C:\Users\Karl\Desktop\dds.txt
2013-05-01 20:31 - 2013-05-01 20:31 - 00688992 ____R (Swearware) C:\Users\Karl\Downloads\dds.com
2013-05-01 19:27 - 2013-05-01 19:28 - 00028947 ____A C:\Users\Karl\Downloads\Result.txt
2013-05-01 19:25 - 2013-05-01 19:25 - 00003198 ____A C:\Users\Karl\Downloads\FSS.txt
2013-05-01 19:24 - 2013-05-01 19:24 - 00760723 ____A (Farbar) C:\Users\Karl\Downloads\MiniToolBox.exe
2013-05-01 19:23 - 2013-05-01 19:23 - 00354299 ____A (Farbar) C:\Users\Karl\Downloads\FSS.exe
2013-05-01 17:20 - 2013-05-01 17:20 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Malwarebytes
2013-05-01 17:19 - 2013-05-01 17:19 - 00000000 ____D C:\Users\Karl\Downloads\mbar-1.05.0.1001
2013-05-01 17:18 - 2013-05-01 17:18 - 00001141 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-01 17:18 - 2013-05-01 17:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-01 17:18 - 2013-05-01 17:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-01 17:18 - 2013-04-04 12:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-01 17:13 - 2013-05-01 17:13 - 00002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-01 16:30 - 2013-05-01 16:31 - 17380232 ____A (Adobe Systems Incorporated) C:\Users\Karl\Downloads\flashplayer_11_ax_debug.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Karl\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-01 14:11 - 2013-05-01 14:12 - 12917756 ____A C:\Users\Karl\Downloads\mbar-1.05.0.1001.zip
2013-05-01 13:48 - 2013-05-02 23:25 - 00000000 ____D C:\Users\Karl\Desktop\RK_Quarantine
2013-05-01 13:28 - 2013-05-02 23:09 - 00000202 ____A C:\Windows\DeleteOnReboot.bat
2013-05-01 13:28 - 2013-05-01 13:28 - 00014602 ____A C:\AdwCleaner[S3].txt
2013-04-30 22:45 - 2013-04-30 22:45 - 00001567 ____A C:\Users\Karl\Desktop\AutoCad tutorial.lnk
2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\Users\Karl\Downloads\AutoCad_TheBasics_Tutorial Lessons
2013-04-30 22:26 - 2013-04-30 22:35 - 00000000 ____D C:\Users\Karl\Downloads\Ansys v14 by MAGNITUDE
2013-04-30 22:25 - 2013-04-30 22:42 - 2537794529 ____A C:\Users\Karl\Downloads\SW2013_SP0.0_64bits_Crack_[hispargentino].rar
2013-04-30 22:14 - 2013-04-30 22:14 - 00000287 ____A C:\AdwCleaner[S2].txt
2013-04-30 22:11 - 2013-04-30 22:11 - 00014050 ____A C:\AdwCleaner[R1].txt
2013-04-30 21:35 - 2013-05-02 23:21 - 00001501 ____A C:\Users\Karl\Desktop\RogueKillerX64(1) - Shortcut.lnk
2013-04-30 21:35 - 2013-04-30 21:35 - 00791040 ____A C:\Users\Karl\Downloads\RogueKillerX64(1).exe
2013-04-30 21:21 - 2013-04-30 21:21 - 00001436 ____A C:\Users\Karl\Desktop\adwcleaner - Shortcut.lnk
2013-04-30 21:21 - 2013-04-30 21:21 - 00000287 ____A C:\AdwCleaner[S1].txt
2013-04-30 21:20 - 2013-04-30 21:20 - 00791040 ____A C:\Users\Karl\Downloads\RogueKillerX64.exe
2013-04-30 21:19 - 2013-04-30 21:19 - 00001050 ____A C:\Users\Karl\Desktop\SecurityCheck - Shortcut.lnk
2013-04-30 21:17 - 2013-04-30 21:17 - 00628743 ____A C:\Users\Karl\Downloads\adwcleaner.exe
2013-04-30 21:15 - 2013-04-30 21:15 - 00890825 ____A C:\Users\Karl\Downloads\SecurityCheck.exe
2013-04-30 20:57 - 2013-04-30 20:57 - 00000000 ____D C:\Users\Karl\AppData\Roaming\WebApp
2013-04-29 20:53 - 2013-05-02 16:28 - 00000000 ____D C:\Users\Karl\AppData\Local\cache
2013-04-29 20:42 - 2013-04-29 20:42 - 00000000 ____D C:\ProgramData\FLEXnet
2013-04-29 20:36 - 2013-04-29 20:36 - 00002091 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2013-04-29 20:35 - 2013-04-29 20:35 - 00000000 ____D C:\Users\Karl\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2013-04-29 20:32 - 2013-04-29 20:32 - 00000153 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-04-29 20:32 - 2013-04-29 20:32 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-04-29 20:31 - 2013-04-29 20:31 - 00002120 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2013-04-29 20:29 - 2013-04-29 20:58 - 00000000 ____D C:\Users\Karl\AppData\Local\Autodesk
2013-04-29 20:29 - 2013-04-29 20:36 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-04-29 20:29 - 2013-04-29 20:35 - 00000000 ____D C:\Program Files\Autodesk
2013-04-29 20:28 - 2013-04-29 20:28 - 00000000 ____D C:\Program Files (x86)\Autodesk
2013-04-29 20:03 - 2010-06-02 02:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-04-29 20:03 - 2010-06-02 02:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-04-29 20:03 - 2010-06-02 02:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-04-29 20:03 - 2010-06-02 02:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-04-29 20:03 - 2010-06-02 02:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-04-29 20:03 - 2010-06-02 02:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-04-29 20:03 - 2010-05-26 09:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-04-29 20:03 - 2010-02-04 08:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-04-29 20:03 - 2009-09-04 15:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-04-29 20:03 - 2009-09-04 15:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-04-29 20:03 - 2009-09-04 15:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-04-29 20:03 - 2009-09-04 15:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-04-29 20:03 - 2009-09-04 15:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-04-29 20:03 - 2009-09-04 15:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-04-29 20:03 - 2009-09-04 15:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-04-29 20:03 - 2009-09-04 15:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-04-29 20:03 - 2009-03-16 12:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-04-29 20:03 - 2009-03-16 12:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-04-29 20:03 - 2009-03-16 12:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-04-29 20:03 - 2009-03-16 12:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-04-29 20:03 - 2009-03-16 12:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-04-29 20:03 - 2009-03-16 12:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-04-29 20:03 - 2009-03-09 13:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-04-29 20:03 - 2009-03-09 13:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-04-29 20:03 - 2009-03-09 13:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-04-29 20:03 - 2009-03-09 13:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-04-29 20:03 - 2009-03-09 13:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-04-29 20:03 - 2009-03-09 13:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-04-29 20:03 - 2008-10-27 08:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-04-29 20:03 - 2008-10-10 02:52 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-04-29 20:03 - 2008-10-10 02:52 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-04-29 20:03 - 2008-10-10 02:52 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-04-29 20:03 - 2008-10-10 02:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-04-29 20:03 - 2008-10-10 02:52 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-04-29 20:03 - 2008-10-10 02:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-04-29 20:03 - 2008-07-31 08:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-04-29 20:03 - 2008-07-31 08:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-04-29 20:03 - 2008-07-31 08:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-04-29 20:03 - 2008-07-31 08:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-04-29 20:03 - 2008-07-31 08:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-04-29 20:03 - 2008-07-31 08:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-04-29 20:03 - 2008-07-10 09:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-04-29 20:03 - 2008-07-10 09:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-04-29 20:03 - 2008-07-10 09:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-04-29 20:03 - 2008-07-10 09:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-04-29 20:03 - 2008-07-10 09:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-04-29 20:03 - 2008-07-10 09:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-04-29 20:03 - 2008-05-30 12:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-04-29 20:03 - 2008-05-30 12:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-04-29 20:03 - 2008-05-30 12:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-04-29 20:03 - 2008-05-30 12:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-04-29 20:03 - 2008-05-30 12:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-04-29 20:03 - 2008-05-30 12:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-04-29 20:03 - 2008-05-30 12:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-04-29 20:03 - 2008-05-30 12:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-04-29 20:03 - 2008-05-30 12:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-04-29 20:03 - 2008-05-30 12:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-04-29 20:03 - 2008-05-30 12:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-04-29 20:03 - 2008-05-30 12:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-04-29 20:03 - 2008-05-30 12:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-04-29 20:03 - 2008-05-30 12:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-04-29 20:03 - 2008-03-05 14:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-04-29 20:03 - 2008-03-05 14:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-04-29 20:03 - 2008-03-05 14:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-04-29 20:03 - 2008-03-05 14:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-04-29 20:03 - 2008-03-05 14:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-04-29 20:03 - 2008-03-05 14:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-04-29 20:03 - 2008-03-05 13:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-04-29 20:03 - 2008-03-05 13:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-04-29 20:03 - 2008-03-05 13:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-04-29 20:03 - 2008-03-05 13:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-04-29 20:03 - 2008-02-05 21:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-04-29 20:03 - 2008-02-05 21:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-04-29 20:03 - 2007-10-22 01:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-04-29 20:03 - 2007-10-22 01:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-04-29 20:03 - 2007-10-22 01:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-04-29 20:03 - 2007-10-22 01:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-04-29 20:03 - 2007-10-12 13:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-04-29 20:03 - 2007-10-12 13:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-04-29 20:03 - 2007-10-12 13:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-04-29 20:03 - 2007-10-12 13:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-04-29 20:03 - 2007-10-02 07:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-04-29 20:03 - 2007-10-02 07:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-04-29 20:03 - 2007-07-19 22:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-04-29 20:03 - 2007-07-19 22:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-04-29 20:03 - 2007-07-19 16:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-04-29 20:03 - 2007-07-19 16:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-04-29 20:03 - 2007-07-19 16:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-04-29 20:03 - 2007-07-19 16:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-04-29 20:03 - 2007-07-19 16:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-04-29 20:03 - 2007-07-19 16:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-04-29 20:03 - 2007-06-20 18:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-04-29 20:03 - 2007-06-20 18:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-04-29 20:03 - 2007-05-16 14:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-04-29 20:03 - 2007-05-16 14:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-04-29 20:03 - 2007-05-16 14:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-04-29 20:03 - 2007-05-16 14:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-04-29 20:03 - 2007-05-16 14:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-04-29 20:03 - 2007-05-16 14:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-04-29 20:03 - 2007-04-04 16:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-04-29 20:03 - 2007-04-04 16:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-04-29 20:03 - 2007-04-04 16:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-04-29 20:03 - 2007-04-04 16:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-04-29 20:03 - 2007-03-15 14:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-04-29 20:03 - 2007-03-15 14:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-04-29 20:03 - 2007-03-12 14:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-04-29 20:03 - 2007-03-12 14:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-04-29 20:03 - 2007-03-12 14:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-04-29 20:03 - 2007-03-12 14:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-04-29 20:03 - 2007-03-05 10:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-04-29 20:03 - 2007-03-05 10:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-04-29 20:03 - 2007-01-24 13:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-04-29 20:03 - 2007-01-24 13:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-04-29 20:03 - 2006-12-08 10:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-04-29 20:03 - 2006-12-08 10:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-04-29 20:03 - 2006-11-29 11:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-04-29 20:03 - 2006-11-29 11:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-04-29 20:03 - 2006-11-29 11:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-04-29 20:03 - 2006-11-29 11:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-04-29 20:03 - 2006-09-28 14:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-04-29 20:03 - 2006-09-28 14:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-04-29 20:03 - 2006-09-28 14:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-04-29 20:03 - 2006-09-28 14:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-04-29 20:03 - 2006-07-28 07:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-04-29 20:03 - 2006-07-28 07:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-04-29 20:03 - 2006-07-28 07:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-04-29 20:03 - 2006-07-28 07:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-04-29 20:03 - 2006-05-31 05:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-04-29 20:03 - 2006-05-31 05:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-04-29 20:03 - 2006-03-31 10:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-04-29 20:03 - 2006-03-31 10:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-04-29 20:03 - 2006-03-31 10:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-04-29 20:03 - 2006-03-31 10:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-04-29 20:03 - 2006-02-03 06:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-04-29 20:03 - 2006-02-03 06:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-04-29 20:03 - 2006-02-03 06:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-04-29 20:03 - 2006-02-03 06:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-04-29 20:03 - 2006-02-03 06:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-04-29 20:03 - 2006-02-03 06:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-04-29 20:03 - 2005-12-05 16:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-04-29 20:03 - 2005-12-05 16:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-04-29 20:03 - 2005-07-22 17:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-04-29 20:03 - 2005-07-22 17:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-04-29 20:03 - 2005-05-26 13:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-04-29 20:03 - 2005-05-26 13:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-04-29 20:03 - 2005-03-18 15:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-04-29 20:03 - 2005-03-18 15:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-04-29 20:03 - 2005-02-05 17:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-04-29 20:03 - 2005-02-05 17:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-04-29 19:43 - 2013-04-29 20:02 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-04-29 19:42 - 2013-04-29 20:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-04-29 19:42 - 2013-04-29 19:46 - 19622496 ____A (Microsoft Corporation) C:\Users\Karl\Downloads\Windows-KB890830-V4.19.exe
2013-04-29 19:42 - 2013-04-29 19:42 - 00292184 ____A (Microsoft Corporation) C:\Users\Karl\Downloads\dxwebsetup.exe
2013-04-29 18:24 - 2013-04-29 20:26 - 00010689 ____A C:\Windows\DirectX.log
2013-04-29 18:24 - 2009-09-04 15:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-04-29 18:24 - 2009-09-04 15:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-04-29 18:24 - 2006-03-31 10:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-04-29 18:24 - 2006-03-31 10:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-04-29 18:03 - 2013-04-29 20:53 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Autodesk
2013-04-29 18:03 - 2013-04-29 20:53 - 00000000 ____D C:\ProgramData\Autodesk
2013-04-29 17:56 - 2013-04-29 17:56 - 00000000 ____D C:\Autodesk
2013-04-29 15:43 - 2013-04-29 17:58 - 00000000 ____D C:\Users\Karl\Downloads\DSS SolidWorks 2013 SP0 X32 X64 with SN and Activator
2013-04-29 15:35 - 2013-05-01 13:41 - 00000000 ____D C:\Users\Karl\Downloads\autocad2012 x64
2013-04-18 11:12 - 2013-04-18 11:12 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Avira
2013-04-18 11:08 - 2013-04-18 11:08 - 00001288 ____A C:\Users\Karl\Desktop\Spybot - Search & Destroy.lnk
2013-04-18 11:07 - 2013-04-18 11:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-04-18 11:07 - 2013-04-18 11:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-04-18 11:07 - 2013-04-18 11:07 - 00002086 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-04-18 11:07 - 2013-04-18 11:07 - 00000000 ____D C:\ProgramData\Avira
2013-04-18 11:07 - 2013-04-18 11:07 - 00000000 ____D C:\Program Files (x86)\Avira
2013-04-18 11:07 - 2013-04-18 11:06 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-04-18 11:07 - 2013-04-18 11:06 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-04-18 11:07 - 2013-04-18 11:06 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-04-18 10:50 - 2013-04-18 11:04 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\Karl\Downloads\spybotsd162.exe
2013-04-18 10:49 - 2013-04-18 10:49 - 02092792 ____A C:\Users\Karl\Downloads\avira_free_antivirus.exe
2013-04-16 20:33 - 2013-05-07 20:33 - 00000284 ____A C:\Windows\Tasks\AutoKMS.job
2013-04-16 19:52 - 2013-04-16 19:53 - 00000000 ____D C:\Windows\LastGood
2013-04-16 19:45 - 2013-04-16 19:46 - 03209812 ____A C:\Users\Karl\Downloads\androidfiletransfer.dmg
2013-04-14 23:31 - 2013-04-15 00:13 - 280155388 ____A C:\Users\Karl\Downloads\JellyBean747_ver1_gapps.zip.part
2013-04-14 10:10 - 2013-04-14 10:12 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-04-14 00:38 - 2013-04-16 19:48 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-04-14 00:38 - 2013-04-14 00:38 - 00001612 ____A C:\Users\Karl\Desktop\Samsung GS3 ToolKit.lnk
2013-04-13 20:01 - 2013-03-02 00:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-04-13 20:01 - 2013-03-01 18:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2013-04-13 19:56 - 2013-04-30 11:46 - 00495728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-13 19:52 - 2013-04-13 19:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-04-13 19:40 - 2013-04-13 19:40 - 00000000 ____D C:\Users\Karl\Documents\SelfMV
2013-04-13 19:39 - 2013-04-13 19:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-04-13 19:31 - 2013-04-02 14:08 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-13 19:31 - 2013-04-02 14:08 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-13 19:22 - 2013-04-13 20:11 - 119614500 ____A (SkipSoft Ltd, markskippen@gmail.com) C:\Users\Karl\Downloads\Samsung_Galaxy_S3_ToolKit_v7.0.exe
2013-04-13 19:08 - 2013-04-13 19:20 - 95799572 ____A (SkipSoft Ltd, markskippen@gmail.com) C:\Users\Karl\Downloads\Samsung_Galaxy_S3_ToolKit_v7.0.exe.part
2013-04-13 14:39 - 2013-04-13 14:48 - 00000000 ____D C:\Users\Karl\Desktop\102NIKON
2013-04-13 13:52 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Karl\Desktop\karl gopro
2013-04-13 10:00 - 2013-04-13 10:02 - 00000000 ____D C:\Users\Karl\Desktop\101_FUJI
2013-04-12 08:19 - 2013-04-12 08:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 18:30 - 2013-03-02 02:39 - 00327912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2013-04-11 18:30 - 2013-03-02 01:59 - 02231528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-11 18:30 - 2013-03-02 00:23 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-04-11 18:30 - 2013-03-02 00:23 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-04-11 18:30 - 2013-03-02 00:23 - 01338880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-11 18:30 - 2013-03-02 00:23 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-04-11 18:30 - 2013-03-02 00:22 - 05091840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-11 18:30 - 2013-03-02 00:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-04-11 18:30 - 2013-03-02 00:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-04-11 18:30 - 2013-03-02 00:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 19748864 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 03240448 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 01627648 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 01161728 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 01149952 ____A (Microsoft Corporation) C:\Windows\System32\winmde.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 01101824 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 00951808 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 00645120 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2013-04-11 18:30 - 2013-03-01 18:45 - 00171008 ____A (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll
2013-04-11 18:30 - 2013-03-01 18:44 - 05978624 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 18:30 - 2013-03-01 18:44 - 01048576 ____A (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2013-04-11 18:30 - 2013-03-01 18:43 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-04-11 18:30 - 2013-03-01 18:43 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-04-11 18:29 - 2013-03-02 03:02 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-04-11 18:29 - 2013-03-02 02:57 - 00337128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-04-11 18:29 - 2013-03-02 02:57 - 00332520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-04-11 18:29 - 2013-03-02 02:57 - 00283880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-04-11 18:29 - 2013-03-02 02:57 - 00077544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2013-04-11 18:29 - 2013-03-02 02:45 - 00194792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2013-04-11 18:29 - 2013-03-02 02:45 - 00148712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-04-11 18:29 - 2013-03-02 02:45 - 00125160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2013-04-11 18:29 - 2013-03-02 02:39 - 00495336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2013-04-11 18:29 - 2013-03-02 02:39 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-04-11 18:29 - 2013-03-02 01:59 - 00411880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-04-11 18:29 - 2013-03-02 00:24 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-04-11 18:29 - 2013-03-02 00:23 - 00893952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00601088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-04-11 18:29 - 2013-03-02 00:23 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-04-11 18:29 - 2013-03-02 00:21 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-04-11 18:29 - 2013-03-02 00:21 - 00550912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-04-11 18:29 - 2013-03-02 00:21 - 00145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-04-11 18:29 - 2013-03-02 00:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\usbmon.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\fsquirt.exe
2013-04-11 18:29 - 2013-03-01 18:45 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-04-11 18:29 - 2013-03-01 18:45 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe
2013-04-11 18:29 - 2013-03-01 18:45 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\WSDPrintProxy.DLL
2013-04-11 18:29 - 2013-03-01 18:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-04-11 18:29 - 2013-03-01 18:45 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-04-11 18:29 - 2013-03-01 18:44 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2013-04-11 18:29 - 2013-03-01 18:44 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll
2013-04-11 18:29 - 2013-03-01 18:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2013-04-11 18:29 - 2013-03-01 18:44 - 00150016 ____A (Microsoft Corporation) C:\Windows\System32\discan.dll
2013-04-11 18:29 - 2013-03-01 18:44 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll
2013-04-11 18:29 - 2013-03-01 18:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\NdisImPlatform.dll
2013-04-11 18:29 - 2013-03-01 18:44 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2013-04-11 18:29 - 2013-03-01 18:43 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-04-11 18:29 - 2013-03-01 18:43 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl
2013-04-11 18:29 - 2013-03-01 18:15 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2013-04-11 18:29 - 2013-02-28 20:56 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2013-04-11 18:29 - 2013-02-28 20:56 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2013-04-11 18:29 - 2013-02-28 20:55 - 01175040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-04-11 18:29 - 2013-02-20 15:08 - 00387867 ____A C:\Windows\System32\ApnDatabase.xml
2013-04-10 13:46 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 13:46 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 13:46 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 13:46 - 2013-02-21 02:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 13:46 - 2013-02-21 02:15 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-04-10 13:46 - 2013-02-21 02:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 13:46 - 2013-02-21 02:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 13:46 - 2013-02-21 02:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 13:46 - 2013-02-19 01:53 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-04-10 13:44 - 2013-03-19 14:19 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 13:44 - 2013-03-06 22:50 - 06991592 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

==================== One Month Modified Files and Folders =======

2013-05-09 17:58 - 2013-05-09 17:58 - 00000000 ____D C:\FRST
2013-05-09 15:54 - 2012-07-25 21:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-05-09 15:49 - 2013-02-13 10:39 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-09 15:44 - 2012-12-22 11:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-09 15:25 - 2012-07-25 23:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-09 15:21 - 2012-07-25 23:21 - 00064508 ____A C:\Windows\setupact.log
2013-05-09 15:04 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-05-09 14:25 - 2012-08-28 01:25 - 01809128 ____A C:\Windows\WindowsUpdate.log
2013-05-09 10:49 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-05-07 20:33 - 2013-04-16 20:33 - 00000284 ____A C:\Windows\Tasks\AutoKMS.job
2013-05-07 19:51 - 2013-05-07 19:51 - 01874784 ____A (Farbar) C:\Users\Karl\Desktop\FRST64.exe
2013-05-07 17:23 - 2013-05-07 17:23 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-07 17:20 - 2013-05-07 17:19 - 05067045 ____A (Swearware) C:\Users\Karl\Downloads\ComboFix.exe
2013-05-03 00:18 - 2012-12-21 08:27 - 00000000 ____D C:\ProgramData\WinClon
2013-05-03 00:17 - 2013-02-13 10:39 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-02 23:27 - 2013-05-02 23:27 - 00001340 ____A C:\Users\Karl\Desktop\RKreport[2]_D_05032013_02d0127.txt
2013-05-02 23:25 - 2013-05-01 13:48 - 00000000 ____D C:\Users\Karl\Desktop\RK_Quarantine
2013-05-02 23:24 - 2013-05-02 23:24 - 00001287 ____A C:\Users\Karl\Desktop\RKreport[1]_S_05032013_02d0124.txt
2013-05-02 23:21 - 2013-04-30 21:35 - 00001501 ____A C:\Users\Karl\Desktop\RogueKillerX64(1) - Shortcut.lnk
2013-05-02 23:19 - 2012-12-21 08:38 - 00000000 ____D C:\ProgramData\Adobe
2013-05-02 23:12 - 2013-05-02 23:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-02 23:11 - 2012-07-25 23:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-02 23:09 - 2013-05-02 23:09 - 00001262 ____A C:\AdwCleaner[S4].txt
2013-05-02 23:09 - 2013-05-01 13:28 - 00000202 ____A C:\Windows\DeleteOnReboot.bat
2013-05-02 23:06 - 2013-05-02 23:06 - 00001196 ____A C:\AdwCleaner[R2].txt
2013-05-02 16:28 - 2013-04-29 20:53 - 00000000 ____D C:\Users\Karl\AppData\Local\cache
2013-05-01 23:17 - 2013-05-01 23:17 - 00003926 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-01 23:17 - 2013-03-14 13:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-01 23:07 - 2012-08-05 13:07 - 00725204 ____A C:\Windows\PFRO.log
2013-05-01 20:43 - 2013-05-01 20:43 - 00026470 ____A C:\Users\Karl\Desktop\DDSzeroaccess.txt
2013-05-01 20:34 - 2013-05-01 20:34 - 00006747 ____A C:\Users\Karl\Desktop\attach.txt
2013-05-01 20:33 - 2013-05-01 20:34 - 00026470 ____A C:\Users\Karl\Desktop\dds.txt
2013-05-01 20:31 - 2013-05-01 20:31 - 00688992 ____R (Swearware) C:\Users\Karl\Downloads\dds.com
2013-05-01 19:28 - 2013-05-01 19:27 - 00028947 ____A C:\Users\Karl\Downloads\Result.txt
2013-05-01 19:25 - 2013-05-01 19:25 - 00003198 ____A C:\Users\Karl\Downloads\FSS.txt
2013-05-01 19:24 - 2013-05-01 19:24 - 00760723 ____A (Farbar) C:\Users\Karl\Downloads\MiniToolBox.exe
2013-05-01 19:23 - 2013-05-01 19:23 - 00354299 ____A (Farbar) C:\Users\Karl\Downloads\FSS.exe
2013-05-01 17:20 - 2013-05-01 17:20 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Malwarebytes
2013-05-01 17:19 - 2013-05-01 17:19 - 00000000 ____D C:\Users\Karl\Downloads\mbar-1.05.0.1001
2013-05-01 17:18 - 2013-05-01 17:18 - 00001141 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-01 17:18 - 2013-05-01 17:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-01 17:18 - 2013-05-01 17:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-01 17:13 - 2013-05-01 17:13 - 00002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-01 16:31 - 2013-05-01 16:30 - 17380232 ____A (Adobe Systems Incorporated) C:\Users\Karl\Downloads\flashplayer_11_ax_debug.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Karl\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-01 14:12 - 2013-05-01 14:11 - 12917756 ____A C:\Users\Karl\Downloads\mbar-1.05.0.1001.zip
2013-05-01 13:41 - 2013-04-29 15:35 - 00000000 ____D C:\Users\Karl\Downloads\autocad2012 x64
2013-05-01 13:28 - 2013-05-01 13:28 - 00014602 ____A C:\AdwCleaner[S3].txt
2013-05-01 13:26 - 2012-12-21 09:20 - 00000000 ____D C:\Users\Karl\AppData\Roaming\uTorrent
2013-04-30 22:45 - 2013-04-30 22:45 - 00001567 ____A C:\Users\Karl\Desktop\AutoCad tutorial.lnk
2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\Users\Karl\Downloads\AutoCad_TheBasics_Tutorial Lessons
2013-04-30 22:42 - 2013-04-30 22:25 - 2537794529 ____A C:\Users\Karl\Downloads\SW2013_SP0.0_64bits_Crack_[hispargentino].rar
2013-04-30 22:35 - 2013-04-30 22:26 - 00000000 ____D C:\Users\Karl\Downloads\Ansys v14 by MAGNITUDE
2013-04-30 22:14 - 2013-04-30 22:14 - 00000287 ____A C:\AdwCleaner[S2].txt
2013-04-30 22:11 - 2013-04-30 22:11 - 00014050 ____A C:\AdwCleaner[R1].txt
2013-04-30 21:35 - 2013-04-30 21:35 - 00791040 ____A C:\Users\Karl\Downloads\RogueKillerX64(1).exe
2013-04-30 21:21 - 2013-04-30 21:21 - 00001436 ____A C:\Users\Karl\Desktop\adwcleaner - Shortcut.lnk
2013-04-30 21:21 - 2013-04-30 21:21 - 00000287 ____A C:\AdwCleaner[S1].txt
2013-04-30 21:20 - 2013-04-30 21:20 - 00791040 ____A C:\Users\Karl\Downloads\RogueKillerX64.exe
2013-04-30 21:19 - 2013-04-30 21:19 - 00001050 ____A C:\Users\Karl\Desktop\SecurityCheck - Shortcut.lnk
2013-04-30 21:17 - 2013-04-30 21:17 - 00628743 ____A C:\Users\Karl\Downloads\adwcleaner.exe
2013-04-30 21:15 - 2013-04-30 21:15 - 00890825 ____A C:\Users\Karl\Downloads\SecurityCheck.exe
2013-04-30 20:57 - 2013-04-30 20:57 - 00000000 ____D C:\Users\Karl\AppData\Roaming\WebApp
2013-04-30 19:12 - 2012-12-21 09:18 - 00000000 ____D C:\Users\Karl\AppData\Roaming\CyberLink
2013-04-30 11:46 - 2013-04-13 19:56 - 00495728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-29 20:58 - 2013-04-29 20:29 - 00000000 ____D C:\Users\Karl\AppData\Local\Autodesk
2013-04-29 20:53 - 2013-04-29 18:03 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Autodesk
2013-04-29 20:53 - 2013-04-29 18:03 - 00000000 ____D C:\ProgramData\Autodesk
2013-04-29 20:49 - 2013-02-03 18:08 - 00000000 ____D C:\Users\Karl\AppData\Local\CrashDumps
2013-04-29 20:42 - 2013-04-29 20:42 - 00000000 ____D C:\ProgramData\FLEXnet
2013-04-29 20:36 - 2013-04-29 20:36 - 00002091 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2013-04-29 20:36 - 2013-04-29 20:29 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-04-29 20:35 - 2013-04-29 20:35 - 00000000 ____D C:\Users\Karl\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2013-04-29 20:35 - 2013-04-29 20:29 - 00000000 ____D C:\Program Files\Autodesk
2013-04-29 20:32 - 2013-04-29 20:32 - 00000153 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-04-29 20:32 - 2013-04-29 20:32 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-04-29 20:31 - 2013-04-29 20:31 - 00002120 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2013-04-29 20:28 - 2013-04-29 20:28 - 00000000 ____D C:\Program Files (x86)\Autodesk
2013-04-29 20:26 - 2013-04-29 18:24 - 00010689 ____A C:\Windows\DirectX.log
2013-04-29 20:03 - 2013-04-29 19:42 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-04-29 20:02 - 2013-04-29 19:43 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-04-29 19:46 - 2013-04-29 19:42 - 19622496 ____A (Microsoft Corporation) C:\Users\Karl\Downloads\Windows-KB890830-V4.19.exe
2013-04-29 19:42 - 2013-04-29 19:42 - 00292184 ____A (Microsoft Corporation) C:\Users\Karl\Downloads\dxwebsetup.exe
2013-04-29 17:58 - 2013-04-29 15:43 - 00000000 ____D C:\Users\Karl\Downloads\DSS SolidWorks 2013 SP0 X32 X64 with SN and Activator
2013-04-29 17:56 - 2013-04-29 17:56 - 00000000 ____D C:\Autodesk
2013-04-29 15:12 - 2012-10-31 20:31 - 00000000 ____D C:\Users\Karl\Documents\Bluetooth Folder
2013-04-18 11:45 - 2013-02-12 11:47 - 00000000 ____D C:\Windows\AutoKMS
2013-04-18 11:27 - 2013-04-18 11:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-04-18 11:12 - 2013-04-18 11:12 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Avira
2013-04-18 11:08 - 2013-04-18 11:08 - 00001288 ____A C:\Users\Karl\Desktop\Spybot - Search & Destroy.lnk
2013-04-18 11:08 - 2013-04-18 11:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-04-18 11:07 - 2013-04-18 11:07 - 00002086 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-04-18 11:07 - 2013-04-18 11:07 - 00000000 ____D C:\ProgramData\Avira
2013-04-18 11:07 - 2013-04-18 11:07 - 00000000 ____D C:\Program Files (x86)\Avira
2013-04-18 11:06 - 2013-04-18 11:07 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-04-18 11:06 - 2013-04-18 11:07 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-04-18 11:06 - 2013-04-18 11:07 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-04-18 11:04 - 2013-04-18 10:50 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\Karl\Downloads\spybotsd162.exe
2013-04-18 11:03 - 2012-11-02 16:30 - 00000000 ____D C:\Users\Karl\Desktop\pron
2013-04-18 10:49 - 2013-04-18 10:49 - 02092792 ____A C:\Users\Karl\Downloads\avira_free_antivirus.exe
2013-04-16 19:53 - 2013-04-16 19:52 - 00000000 ____D C:\Windows\LastGood
2013-04-16 19:48 - 2013-04-14 00:38 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-04-16 19:46 - 2013-04-16 19:45 - 03209812 ____A C:\Users\Karl\Downloads\androidfiletransfer.dmg
2013-04-15 00:13 - 2013-04-14 23:31 - 280155388 ____A C:\Users\Karl\Downloads\JellyBean747_ver1_gapps.zip.part
2013-04-14 10:12 - 2013-04-14 10:10 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-04-14 10:09 - 2012-08-28 01:25 - 00000000 ____D C:\Program Files\Samsung
2013-04-14 10:09 - 2012-08-28 01:25 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-04-14 01:01 - 2012-12-24 20:14 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-14 00:38 - 2013-04-14 00:38 - 00001612 ____A C:\Users\Karl\Desktop\Samsung GS3 ToolKit.lnk
2013-04-13 20:25 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
2013-04-13 20:11 - 2013-04-13 19:22 - 119614500 ____A (SkipSoft Ltd, markskippen@gmail.com) C:\Users\Karl\Downloads\Samsung_Galaxy_S3_ToolKit_v7.0.exe
2013-04-13 19:56 - 2012-12-21 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-13 19:52 - 2013-04-13 19:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-04-13 19:40 - 2013-04-13 19:40 - 00000000 ____D C:\Users\Karl\Documents\SelfMV
2013-04-13 19:39 - 2013-04-13 19:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-04-13 19:26 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ToastData
2013-04-13 19:26 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\oobe
2013-04-13 19:20 - 2013-04-13 19:08 - 95799572 ____A (SkipSoft Ltd, markskippen@gmail.com) C:\Users\Karl\Downloads\Samsung_Galaxy_S3_ToolKit_v7.0.exe.part
2013-04-13 19:18 - 2013-04-13 13:52 - 00000000 ____D C:\Users\Karl\Desktop\karl gopro
2013-04-13 14:48 - 2013-04-13 14:39 - 00000000 ____D C:\Users\Karl\Desktop\102NIKON
2013-04-13 10:02 - 2013-04-13 10:00 - 00000000 ____D C:\Users\Karl\Desktop\101_FUJI
2013-04-12 08:20 - 2013-04-12 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 18:25 - 2013-02-12 11:20 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-01 23:16:47
Restore point made on: 2013-05-09 11:03:36
Restore point made on: 2013-05-09 15:43:58
Restore point made on: 2013-05-09 15:44:12
Restore point made on: 2013-05-09 15:44:27
Restore point made on: 2013-05-09 15:44:38
Restore point made on: 2013-05-09 15:44:48
Restore point made on: 2013-05-09 15:44:56
Restore point made on: 2013-05-09 15:45:04
Restore point made on: 2013-05-09 15:45:12
Restore point made on: 2013-05-09 15:45:20
Restore point made on: 2013-05-09 15:45:28
Restore point made on: 2013-05-09 15:45:35
Restore point made on: 2013-05-09 15:45:43
Restore point made on: 2013-05-09 15:45:51
Restore point made on: 2013-05-09 15:45:59

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 7639.07 MB
Available physical RAM: 6768.87 MB
Total Pagefile: 7639.07 MB
Available Pagefile: 6772.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:908.25 GB) (Free:308.12 GB) NTFS (Disk=0 Partition=4)
Drive d: (SAMSUNG_REC2) (Fixed) (Total:21.35 GB) (Free:0.99 GB) NTFS
Drive e: (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.29 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive g: (DISCK Z) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3AD3F720)

Partition: GPT Partition Type
====================================================================
Disk: 1 (MBR Code: Windows XP) (Size: 496 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=495 MB) - (Type=04)


Last Boot: 2013-05-02 01:01

==================== End Of Log ============================

 

 

 

 

 

 

Farbar Recovery Scan Tool (x64) Version: 06-05-2013
Ran by SYSTEM at 2013-05-09 18:03:06
Running from G:\
Boot Mode: Recovery

================== Search: "services,exe" ===================

====== End Of Search ======



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 10 May 2013 - 01:34 AM

That looks good - How are things running at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 13 May 2013 - 03:26 AM

Thanks for the help, everything apears to be fine asside from when I restart my computer, Spybot pops up and says the following

category: browser helper object

change:value detected

entry: {8D10F6C4-0E01-4BD4-8601-11AC1FFDF8126}

 

and rather then giving me the option to allow change OR deny change, allow change is the only option

I have no idea what it is



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 13 May 2013 - 07:41 AM



Hello krazyistkarl

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 14 May 2013 - 02:31 AM

I ran the OTL tool and set it to scan everything in the last 360 days, and it ended up giving me quite a large log that doesn't seem to want to paste to here



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 AM

Posted 14 May 2013 - 02:37 AM

rescan and instead of 360 days set it to 30 days
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users