Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with ZeroAccess rootkit


  • This topic is locked This topic is locked
43 replies to this topic

#1 clevi21

clevi21

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 October 2013 - 07:18 AM

Hi,

I currently have Windows Vista and its running extremely slow. Playing videos become a headache, they play very slow as if there are other programs running  in the the backround. Also my laptop takes longer to startup than usual. i was in a different forum room earlier and after running all the test they selected for me, i was told that i am infected with a ZeroAccess Rootkit. This is the link to the previous forum i was on.

 

http://www.bleepingcomputer.com/forums/t/511936/hidden-virus-problems-slowing-down-laptop/

 

i was then informed to run DSS and post the contents of its logs. The first log is the DSS.txt log and the second is the Attach.txt

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by Chris at 22:33:26 on 2013-10-26
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla FireFox\firefox.exe
C:\Program Files\Mozilla FireFox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Users\Chris\Downloads\jxpiinstall.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [Del3436249] cmd.exe /Q /D /c del "c:\windows\temp\0.del"
dRunOnce: [Del89822505] cmd.exe /Q /D /c del "c:\windows\temp\0.del"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\chris\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8B5F9D1E-1032-4988-86B5-AB6604EFBDF4} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D6558B3A-B5B3-4321-8520-5090EE2F7872} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\w6s5nr6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={57557313-1017-442E-9FBE-8D19BAFBC3BE}&mid=bef209706add47d08a41d16a1cf3e47f-2ff279aaf7494942ec8b4edc7103e382962b3ade&lang=en&ds=dl011&coid=avgtbdisdl&pr=sa&d=2013-10-15 17:22:52&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-06-25 16:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? FNF5SVC;Fn+F5 Service
R? HOSTS Anti-PUPs;HOSTS Anti-PUPs
R? mbamchameleon;mbamchameleon
R? pneteth;PdaNet Broadband
R? RoxLiveShare10;LiveShare P2P Server 10
R? SessionLauncher;SessionLauncher
R? TPHKSVC;On Screen Display
R? TVT_UpdateMonitor;TVT Windows Update Monitor
R? tvtumon;tvtumon
R? vm331avs;Lenovo EasyCamera
R? vToolbarUpdater17.0.12;vToolbarUpdater17.0.12
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Avgdiskx;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? JMCR;JMCR
S? lenovo.smi;Lenovo System Interface Driver
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? TVT Backup Protection Service;TVT Backup Protection Service
S? TVTI2C;Lenovo SM bus driver
.
=============== Created Last 30 ================
.
2013-10-27 02:35:11    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-26 23:31:54    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-26 12:41:52    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-10-26 03:16:16    --------    d-----w-    C:\ComboFix
2013-10-25 21:53:05    98816    ----a-w-    c:\windows\sed.exe
2013-10-25 21:53:05    256000    ----a-w-    c:\windows\PEV.exe
2013-10-25 21:53:05    184320    ----a-w-    c:\windows\MBR.exe
2013-10-25 07:20:04    7796464    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{14631a69-67fd-4be1-8c09-eac976b35530}\mpengine.dll
2013-10-25 01:36:48    --------    d-----w-    C:\721282c629bd38a1a4e38c
2013-10-21 17:40:05    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-21 17:40:03    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-10-21 17:40:02    149656    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-10-21 17:40:00    768512    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-10-21 16:43:08    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-10-21 16:42:53    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-10-21 16:42:52    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-10-21 16:42:51    16896    ----a-w-    c:\windows\system32\winusb.dll
2013-10-21 16:42:48    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-10-21 16:42:47    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-10-21 16:42:43    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-10-21 16:42:33    34944    ----a-w-    c:\windows\system32\drivers\winusb.sys
2013-10-21 16:42:30    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-10-21 16:42:27    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-10-21 16:42:25    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-10-21 16:39:01    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-10-21 16:38:58    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-10-21 16:38:57    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-10-21 16:38:57    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-10-21 16:38:57    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-10-21 16:38:55    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-10-21 16:38:52    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-10-21 16:38:48    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-10-21 16:38:43    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-10-21 16:38:24    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-21 16:38:22    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-10-21 16:38:05    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-10-21 16:38:04    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-10-21 16:27:32    224640    ----a-w-    c:\windows\system32\drivers\volsnap.sys
2013-10-21 16:27:17    376320    ----a-w-    c:\windows\system32\dpnet.dll
2013-10-21 16:27:16    23040    ----a-w-    c:\windows\system32\dpnsvr.exe
2013-10-21 15:50:25    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 15:48:33    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-10-21 15:48:12    914880    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-10-21 15:48:07    31232    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-10-21 15:43:01    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-10-20 22:36:06    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-10-20 22:24:36    204288    ----a-w-    c:\windows\system32\ncrypt.dll
2013-10-20 21:47:00    73344    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-10-20 21:46:27    1082232    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-10-20 21:19:19    197632    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-10-20 21:19:17    73216    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-10-20 21:19:17    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-10-20 21:19:14    226304    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-10-20 21:19:13    39936    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-10-20 21:19:13    23552    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-10-20 21:18:55    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-10-20 21:18:15    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-10-20 21:17:42    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-10-20 20:13:10    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-20 19:43:43    1314816    ----a-w-    c:\windows\system32\quartz.dll
2013-10-20 19:43:34    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-10-20 19:43:34    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-10-20 19:43:24    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-10-20 16:20:43    --------    d-----w-    c:\users\chris\appdata\roaming\AVAST Software
2013-10-20 16:15:57    403440    ----a-w-    c:\windows\system32\drivers\xkufxvce.sys
2013-10-20 16:15:49    --------    d-----w-    c:\programdata\AVAST Software
2013-10-20 16:00:39    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-10-20 13:18:55    --------    d-----w-    C:\226451db6a120e78851ddc
2013-10-20 13:13:30    2067968    ----a-w-    c:\windows\system32\mstscax.dll
2013-10-20 13:13:24    1400832    ----a-w-    c:\windows\system32\msxml6.dll
2013-10-20 13:13:17    376320    ----a-w-    c:\windows\system32\winsrv.dll
2013-10-20 12:59:32    --------    d-----w-    C:\ff7597dbe8e3d8813ad72d124c39a8cd
2013-10-20 12:11:25    --------    d-----w-    C:\A
2013-10-20 02:04:53    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-10-20 02:04:51    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-10-20 02:04:48    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-10-20 02:04:47    64000    ----a-w-    c:\windows\system32\smss.exe
2013-10-20 02:04:47    49152    ----a-w-    c:\windows\system32\csrsrv.dll
2013-10-20 02:04:36    615936    ----a-w-    c:\windows\system32\themeui.dll
2013-10-20 02:04:28    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-10-20 02:04:28    293376    ----a-w-    c:\windows\system32\atmfd.dll
2013-10-20 02:04:12    532480    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-20 02:03:57    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-10-20 02:03:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-10-20 02:00:11    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-10-20 01:59:53    25472    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-10-20 01:32:42    936960    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2013-10-20 01:08:17    --------    d-----w-    c:\program files\Hosts_Anti_Adwares_PUPs
2013-10-20 00:48:41    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-20 00:48:33    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-10-20 00:48:29    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-10-20 00:48:24    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-10-19 23:43:16    --------    d-----w-    c:\users\chris\appdata\local\Macromedia
2013-10-19 23:18:34    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-10-19 23:17:24    271256    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-10-19 23:17:18    871608    ----a-w-    c:\program files\mozilla firefox\uninstall\helper.exe
2013-10-19 23:17:12    21527448    ----a-w-    c:\program files\mozilla firefox\xul.dll
2013-10-19 23:17:11    170232    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-10-19 23:17:11    107416    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2013-10-19 23:17:10    273304    ----a-w-    c:\program files\mozilla firefox\updater.exe
2013-10-19 23:17:09    152984    ----a-w-    c:\program files\mozilla firefox\softokn3.dll
2013-10-19 23:17:08    27544    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-10-19 23:17:08    17816    ----a-w-    c:\program files\mozilla firefox\plugin-container.exe
2013-10-19 20:15:49    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-19 14:07:03    --------    d-----w-    C:\AdwCleaner
2013-10-19 13:52:52    --------    d-----w-    c:\windows\pss
2013-10-19 13:47:03    --------    d-----w-    c:\users\chris\appdata\local\{AE01DF37-FD75-4853-809E-2846CB3DF5E7}
2013-10-19 09:14:24    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-10-19 09:14:03    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-19 09:14:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-19 02:31:11    119808    ----a-r-    c:\users\chris\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
2013-10-19 02:31:05    --------    d-----w-    c:\users\chris\appdata\local\Apps
2013-10-18 23:40:12    --------    d-----w-    c:\users\chris\appdata\local\{FB6094D5-31E6-465C-9953-7410DE559F9E}
2013-10-18 11:37:21    --------    d-----w-    c:\users\chris\appdata\local\{E582BC6C-F7DE-4816-B39D-E512F65EC55A}
2013-10-17 02:18:57    --------    d-----w-    c:\users\chris\appdata\local\{9ADE7593-ACBF-4818-B0B2-5C2BFC9254C1}
2013-10-16 00:15:45    --------    d-----w-    c:\users\chris\appdata\roaming\PowerISO
2013-10-16 00:13:51    --------    d-----w-    c:\program files\PowerISO
2013-10-16 00:07:42    --------    d-----w-    c:\users\chris\appdata\local\AVG SafeGuard toolbar
2013-10-16 00:07:32    --------    d-----w-    c:\users\chris\appdata\local\{6A4C3AC4-3117-4D66-8730-E25C458C517C}
2013-10-15 21:24:24    --------    d-----w-    c:\users\chris\appdata\roaming\AVG2014
2013-10-15 21:23:09    --------    d-----w-    c:\users\chris\appdata\roaming\TuneUp Software
2013-10-15 21:22:47    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-15 21:22:41    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-10-15 21:21:13    --------    d-----w-    c:\programdata\AVG2014
2013-10-15 21:21:13    --------    d-----w-    C:\$AVG
2013-10-15 21:20:28    --------    d-----w-    c:\program files\AVG
2013-10-15 21:13:33    --------    d-----w-    c:\users\chris\appdata\local\Avg2014
2013-10-15 21:07:19    --------    d-----w-    c:\users\chris\appdata\local\MFAData
2013-10-15 21:07:19    --------    d-----w-    c:\users\chris\appdata\local\Avg2013
2013-10-15 21:07:19    --------    d-----w-    c:\programdata\MFAData
2013-10-15 21:04:28    --------    d-----w-    c:\users\chris\appdata\local\{0297FB4B-93C3-4500-AB06-4D90ED074A99}
.
==================== Find3M  ====================
.
2013-10-19 23:53:52    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 23:53:52    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-26 00:57:14    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-22 10:22:59    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 10:14:39    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 10:08:41    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-11 02:11:44    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 02:12:16    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 18:35:12    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-02 14:39:32    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 14:28:06    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 14:28:04    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 14:28:00    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-01 20:08:52    193848    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2012-09-26 19:41:22    4096000    ----a-w-    c:\program files\GUTB5D7.tmp
.
============= FINISH: 23:42:40.10 ===============
 

 

 

Attached File  Attach 1.txt   9.04KB   2 downloads

 

 

 

 

 

 

 

 

 

 

 

Also i dont know if this is related with my current problems but i keep getting a notification for a Windows Security Alert, which is something ive never installed, and in my Change and Remove Programs folder. I have a program called QuickShare by Linkury that will not allow me to Unistall it.

 

Thank You



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 12:56 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Are you aware that there are settings on your system that allows your computer to connect to a proxy server?  Do you use the computer to connect to work/school from home?
 
--------------------
 

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
 
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
 
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
 
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.   :)
----------
 

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 03:04 PM

Hey, Thanks for replying and helping me out with my problem!! I have a couple of questions to ask before i download combofix. First, i dont know anything about proxy servers and I only use this laptop at home. If you have any idea on how i can change those settings to better help the speed of my laptop online, i will apreciate it. Second, I would love to just reinstall my operating system on this laptop, but i dont have the CD to boot it from. If you know any other way of formatting and reinstalling the OS i rather do that.



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 03:59 PM

Hi,
 
If you don't know anything about the proxy settings than that was more than likely done by malware and we can remove those.  As for reinstalling your operating system, that is just one option.  We should be able to clean your system if you like.  The only difference is that with a format and reinstall of your operating system, that absolutely guarantees that the infection is gone.....if we clean your system there is always a chance that some type of a backdoor capability was left behind so you would be wise to monitor your bank and email accounts more often.  If you would like to continue with cleaning you can just run ComboFix and post the log created.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 04:05 PM

hi,

 

If formatting and reinstalling my OS guaratees the infection to be gone. I rather do that, Instead of cleaning the system. How do we go about that?



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 04:13 PM

The only other way that we can format and reinstall the system (besides with the disk that you said you don't have) is possibly with a Recovery Partition.  What type of computer do you have....Dell, Acer, HP????
 
 
Please download  Listparts
 
Run the tool, click Scan and post the log (Result.txt) it makes.
------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 04:18 PM

i have a Lenovo laptop

 

ListParts by Farbar Version: 20-10-2013
Ran by Chris (administrator) on 28-10-2013 at 17:16:13
Windows Vista (X86)
Running From: C:\Users\Chris\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 78%
Total physical RAM: 983.83 MB
Available physical RAM: 210.47 MB
Total Pagefile: 2231.98 MB
Available Pagefile: 991.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.87 MB

======================= Partitions =========================

1 Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:97.48 GB) NTFS
3 Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:4.39 GB) NTFS
4 Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       149 GB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1499 MB  1024 KB
  Partition 2    Primary            138 GB  1500 MB
  Partition 3    Primary             10 GB   139 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     S   SERVICEV003  NTFS   Partition   1499 MB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   SW_Preload   NTFS   Partition    138 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     Q   Lenovo       NTFS   Partition     10 GB  Healthy            

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 7918D480
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)


Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=S:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {3657ebe2-d4e6-11dc-88f0-ec9c0d1f1864}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 1
resume                  No
customactions           0x10000ba000001
                        0x54000001
custom:54000001         {572bcd55-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {672bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
testsigning             No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {3657ebe2-d4e6-11dc-88f0-ec9c0d1f1864}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\tvtos\winpe.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             WinPE
osdevice                ramdisk=[boot]\tvtos\winpe.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {672bcd55-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[S:]\winre.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[S:]\winre.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {3657ebe2-d4e6-11dc-88f0-ec9c0d1f1864}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=S:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=S:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        partition=S:
ramdisksdipath          \boot\boot.sdi


****** End Of Log ******



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 04:35 PM

Ok let's try this......first reboot your system.

 

We need to determine if you have the Product Recover Program on your system....

 

 Make backup copies of configuration files and any files you created. Then remove any diskettes, CDs, or DVDs in the drives.

  1. Shut down and turn off your computer.
  2. Wait 15 seconds.
  3. Turn on your monitor and computer and carefully observe the display.
    1. Look for the logo screen. At any time, while the logo screen is onscreen, press F11. Go to "Using the Product Recovery program on the hard drive".
    2. On NetVista systems, look for the following prompt: "To start the Product Recovery program, press F11"

      When the F11 prompt appears, press the F11 key immediately. Your PC has the Product Recovery program on the hard drive. Go to "Using the Product Recovery program on the hard drive".

      If the F11 prompt does not appear, one of two situations exist:

 

 

 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 04:58 PM

OK, i tried the instructions given and it didn't work. Pressing F11 did nothing on my laptop. I guess we're better off cleaning up my system.



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 05:05 PM

Ok no problem....  :)

 

Go ahead and run the instructions that I gave you for ComboFix earlier.  Post the log when it is created.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 07:13 PM

ComboFix 13-10-28.01 - Chris 10/28/2013  19:19:40.8.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.984.376 [GMT -4:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
c:\windows\system32\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
--------
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-29  )))))))))))))))))))))))))))))))
.
.
2013-10-29 00:01 . 2013-10-29 00:01    --------    d-----w-    c:\users\Chris\AppData\Local\temp
2013-10-29 00:01 . 2013-10-29 00:01    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-10-29 00:01 . 2013-10-29 00:01    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-10-29 00:01 . 2013-10-29 00:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-27 02:38 . 2013-10-27 02:38    --------    d-----w-    c:\programdata\Oracle
2013-10-27 02:35 . 2013-10-27 02:34    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-27 02:26 . 2013-10-27 02:26    --------    d-----w-    c:\programdata\McAfee
2013-10-26 23:31 . 2013-10-26 23:31    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-26 02:05 . 2013-10-26 02:05    --------    d-----w-    c:\users\Chris\AppData\Roaming\InstallShield
2013-10-25 07:20 . 2013-10-16 05:20    7796464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{14631A69-67FD-4BE1-8C09-EAC976B35530}\mpengine.dll
2013-10-25 01:36 . 2013-10-25 01:36    --------    d-----w-    C:\721282c629bd38a1a4e38c
2013-10-21 17:40 . 2013-09-22 10:03    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-21 17:40 . 2013-09-22 10:06    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-10-21 17:40 . 2013-09-22 10:59    149656    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-10-21 17:40 . 2013-09-22 10:10    768512    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-10-21 16:43 . 2012-07-26 02:46    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-10-21 16:42 . 2012-07-26 02:32    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-10-21 16:42 . 2012-07-26 02:33    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-10-21 16:42 . 2009-07-14 12:12    16896    ----a-w-    c:\windows\system32\winusb.dll
2013-10-21 16:42 . 2012-07-26 03:20    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-10-21 16:42 . 2012-07-26 03:20    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-10-21 16:42 . 2012-07-26 03:39    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-10-21 16:42 . 2009-07-13 23:51    34944    ----a-w-    c:\windows\system32\drivers\winusb.sys
2013-10-21 16:42 . 2012-07-26 03:20    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-10-21 16:42 . 2012-07-26 03:21    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-10-21 16:42 . 2012-07-26 03:20    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-10-21 16:39 . 2013-08-27 01:52    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-10-21 16:38 . 2013-08-27 01:50    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-10-21 16:38 . 2013-08-27 02:47    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-10-21 16:38 . 2013-08-27 02:47    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-10-21 16:38 . 2013-08-27 02:47    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-10-21 16:38 . 2013-08-27 02:47    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-10-21 16:38 . 2013-08-27 01:32    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-10-21 16:38 . 2013-08-27 01:28    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-10-21 16:38 . 2013-08-27 01:28    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-10-21 16:38 . 2013-08-01 03:16    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-21 16:38 . 2013-08-01 02:49    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-10-21 16:38 . 2013-06-15 11:23    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-10-21 16:38 . 2013-06-15 13:22    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-10-21 16:27 . 2012-08-21 11:47    224640    ----a-w-    c:\windows\system32\drivers\volsnap.sys
2013-10-21 16:27 . 2012-11-02 10:18    376320    ----a-w-    c:\windows\system32\dpnet.dll
2013-10-21 16:27 . 2012-11-02 08:26    23040    ----a-w-    c:\windows\system32\dpnsvr.exe
2013-10-21 15:50 . 2013-07-20 10:44    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 15:48 . 2013-08-29 07:36    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-10-21 15:48 . 2013-07-05 03:20    914880    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-10-21 15:48 . 2013-07-05 01:43    31232    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-10-21 15:43 . 2013-07-17 19:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-10-20 22:36 . 2013-07-10 09:47    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-10-20 22:24 . 2012-11-20 04:22    204288    ----a-w-    c:\windows\system32\ncrypt.dll
2013-10-20 21:47 . 2013-07-12 09:04    73344    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-10-20 21:46 . 2013-03-03 19:07    1082232    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-10-20 21:19 . 2013-06-29 02:07    197632    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-10-20 21:19 . 2013-06-29 02:07    73216    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-10-20 21:19 . 2013-06-29 02:06    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-10-20 21:19 . 2013-06-29 02:07    226304    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-10-20 21:19 . 2011-05-05 13:54    39936    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-10-20 21:19 . 2011-05-05 13:54    23552    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-10-20 21:18 . 2013-06-26 23:01    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-10-20 21:18 . 2013-04-24 01:46    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-10-20 21:17 . 2013-04-24 04:00    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-10-20 20:13 . 2013-10-27 00:18    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-20 19:43 . 2012-11-08 03:48    1314816    ----a-w-    c:\windows\system32\quartz.dll
2013-10-20 19:43 . 2013-05-02 04:04    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-10-20 19:43 . 2013-05-02 04:03    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-10-20 19:43 . 2013-08-02 04:09    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-10-20 16:20 . 2013-10-20 16:20    --------    d-----w-    c:\users\Chris\AppData\Roaming\AVAST Software
2013-10-20 16:18 . 2013-10-20 16:18    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-10-20 16:15 . 2013-10-20 16:15    403440    ----a-w-    c:\windows\system32\drivers\xkufxvce.sys
2013-10-20 16:15 . 2013-10-26 02:13    --------    d-----w-    c:\programdata\AVAST Software
2013-10-20 16:00 . 2013-10-20 16:00    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-10-20 13:18 . 2013-10-20 13:18    --------    d-----w-    C:\226451db6a120e78851ddc
2013-10-20 13:13 . 2013-03-08 03:52    2067968    ----a-w-    c:\windows\system32\mstscax.dll
2013-10-20 13:13 . 2012-11-02 10:19    1400832    ----a-w-    c:\windows\system32\msxml6.dll
2013-10-20 13:13 . 2013-03-08 03:53    376320    ----a-w-    c:\windows\system32\winsrv.dll
2013-10-20 12:59 . 2013-10-20 12:59    --------    d-----w-    C:\ff7597dbe8e3d8813ad72d124c39a8cd
2013-10-20 12:11 . 2013-10-20 12:11    --------    d-----w-    C:\A
2013-10-20 02:04 . 2013-07-08 04:55    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-10-20 02:04 . 2013-07-08 04:55    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-10-20 02:04 . 2013-07-09 12:10    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-10-20 02:04 . 2013-03-09 03:45    49152    ----a-w-    c:\windows\system32\csrsrv.dll
2013-10-20 02:04 . 2013-03-09 01:28    64000    ----a-w-    c:\windows\system32\smss.exe
2013-10-20 02:04 . 2013-07-16 04:35    615936    ----a-w-    c:\windows\system32\themeui.dll
2013-10-20 02:04 . 2013-06-04 04:16    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-10-20 02:04 . 2013-06-04 01:49    293376    ----a-w-    c:\windows\system32\atmfd.dll
2013-10-20 02:04 . 2013-07-04 04:21    532480    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-20 02:03 . 2013-06-01 04:06    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-10-20 02:03 . 2013-04-17 12:30    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-10-20 02:00 . 2013-02-12 01:57    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-10-20 01:59 . 2013-07-03 02:10    25472    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-10-20 01:32 . 2013-04-09 03:51    936960    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-20 01:08 . 2013-10-20 01:08    --------    d-----w-    c:\program files\Hosts_Anti_Adwares_PUPs
2013-10-20 00:48 . 2013-07-08 04:16    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-20 00:48 . 2013-07-08 04:16    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-10-20 00:48 . 2013-07-08 04:16    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-10-20 00:48 . 2013-07-08 04:20    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-10-19 23:43 . 2013-10-19 23:43    --------    d-----w-    c:\users\Chris\AppData\Local\Macromedia
2013-10-19 23:18 . 2013-10-19 23:18    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-10-19 23:17 . 2013-09-11 02:28    271256    ----a-w-    c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-10-19 23:17 . 2013-09-11 02:28    871608    ----a-w-    c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-10-19 23:17 . 2013-09-11 02:28    21527448    ----a-w-    c:\program files\Mozilla Firefox\xul.dll
2013-10-19 23:17 . 2013-09-11 02:27    107416    ----a-w-    c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-10-19 23:17 . 2013-09-11 02:27    170232    ----a-w-    c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-10-19 23:17 . 2013-09-11 02:27    273304    ----a-w-    c:\program files\Mozilla Firefox\updater.exe
2013-10-19 23:17 . 2013-09-11 02:27    152984    ----a-w-    c:\program files\Mozilla Firefox\softokn3.dll
2013-10-19 23:17 . 2013-09-11 02:27    27544    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-10-19 23:17 . 2013-09-11 02:27    17816    ----a-w-    c:\program files\Mozilla Firefox\plugin-container.exe
2013-10-19 20:15 . 2013-10-19 20:15    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-19 09:14 . 2013-10-26 02:59    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-10-19 09:14 . 2013-10-21 15:01    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-19 09:14 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-19 04:45 . 2013-10-25 09:17    --------    d-----w-    c:\program files\7-Zip
2013-10-19 02:31 . 2013-10-19 02:31    119808    ----a-r-    c:\users\Chris\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-10-19 02:31 . 2013-10-19 02:31    --------    d-----w-    c:\users\Chris\AppData\Local\Apps
2013-10-16 00:15 . 2013-10-16 00:15    --------    d-----w-    c:\users\Chris\AppData\Roaming\PowerISO
2013-10-16 00:13 . 2013-10-19 03:08    --------    d-----w-    c:\program files\PowerISO
2013-10-16 00:07 . 2013-10-20 16:11    --------    d-----w-    c:\users\Chris\AppData\Local\AVG SafeGuard toolbar
2013-10-15 21:24 . 2013-10-15 21:24    --------    d-----w-    c:\users\Chris\AppData\Roaming\AVG2014
2013-10-15 21:23 . 2013-10-15 21:23    --------    d-----w-    c:\users\Chris\AppData\Roaming\TuneUp Software
2013-10-15 21:22 . 2013-10-20 16:00    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-15 21:22 . 2013-10-20 16:01    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-10-15 21:21 . 2013-10-15 21:24    --------    d-----w-    c:\programdata\AVG2014
2013-10-15 21:21 . 2013-10-15 21:21    --------    d-----w-    C:\$AVG
2013-10-15 21:20 . 2013-10-15 21:26    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-10-15 21:20 . 2013-10-15 21:20    --------    d-----w-    c:\program files\AVG
2013-10-15 21:13 . 2013-10-15 21:29    --------    d-----w-    c:\users\Chris\AppData\Local\Avg2014
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-19 23:53 . 2012-10-08 01:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 23:53 . 2012-10-08 01:54    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-16 00:05 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-26 00:57 . 2013-09-26 00:57    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-11 02:11 . 2013-09-11 02:11    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 02:12 . 2013-09-09 02:12    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 18:35 . 2009-10-19 21:01    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-02 14:39 . 2013-09-02 14:39    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 14:28 . 2013-09-02 14:28    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 14:28 . 2013-09-02 14:28    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 14:28 . 2013-09-02 14:28    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-21 02:54 . 2013-08-21 02:54    102200    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-08-01 20:08 . 2013-08-01 20:08    193848    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2012-09-26 19:41 . 2012-09-26 19:41    4096000    ----a-w-    c:\program files\GUTB5D7.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Del3436249"="del" [X]
"Del89822505"="del" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2008-08-07 20:23    431392    ----a-w-    c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWlIcon]
2008-08-07 20:23    148768    ----a-w-    c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2008-12-20 08:55    449088    ----a-w-    c:\program files\ThinkVantage\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-03-26 12:58    163840    ----a-w-    c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2013-10-07 23:54    4908592    ----a-w-    c:\program files\AVG\AVG2014\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]
2008-10-07 19:29    16384    ----a-w-    c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 01:45    171032    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 01:45    136216    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10    120368    ----a-w-    c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 07:54    4240760    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 01:45    170520    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
2008-09-23 18:56    83240    ----a-w-    c:\progra~1\Lenovo\PMDriver\PMHandler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2013-07-22 02:19    337432    ----a-w-    c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2007-03-13 17:05    1116920    ----a-w-    c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-06-05 11:38    468408    ------w-    c:\windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28    1233920    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2008-07-21 03:19    2701880    ----a-w-    c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 12:27    144784    ----a-w-    c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2008-07-30 19:00    60192    ----a-w-    c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
2008-03-11 04:33    54560    ----a-w-    c:\program files\Lenovo\HOTKEY\TpWAudAp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-05-25 00:49    487424    ----a-w-    c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-10-20 16:00    2404376    ----a-w-    c:\program files\AVG SafeGuard toolbar\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 23:53]
.
2013-05-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{06E4B101-3DFA-4CE7-AA75-DDF749384775}.job
- c:\windows\system32\msfeedssync.exe [2012-10-06 08:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w6s5nr6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={57557313-1017-442E-9FBE-8D19BAFBC3BE}&mid=bef209706add47d08a41d16a1cf3e47f-2ff279aaf7494942ec8b4edc7103e382962b3ade&lang=en&ds=dl011&coid=avgtbdisdl&pr=sa&d=2013-10-15 17:22&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-06-25 16:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Browser Infrastructure Helper - c:\users\Chris\AppData\Local\Smartbar\Application\QuickShare.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-HOSTS Anti-Adware_PUPs - c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-28 20:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
   02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d0,c0,05,16,79,c9,cd,01
.
[HKEY_USERS\S-1-5-21-2503659629-3770857195-862142806-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,e1,b7,cc,43,d5,cb,79,12,3e,e9,55,97,e5,89,88,38,4a,71,f7,e3,
   ac,11,95,59,2f,e2,09,31,2f,3d,f8,55,bc,32,aa,f7,37,41,f2,5a,69,5e,52,0e,d0,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-10-28  20:08:35
ComboFix-quarantined-files.txt  2011-02-04 22:10
ComboFix2.txt  2011-02-04 22:10
ComboFix3.txt  2011-02-03 22:13
ComboFix4.txt  2011-02-03 13:09
ComboFix5.txt  2013-10-25 21:53
.
Pre-Run: 104,787,271,680 bytes free
Post-Run: 104,964,980,736 bytes free
.
- - End Of File - - 057F51700DA012841069E434EFD447CD
A9484C56B496ACF7FCA848ED5E96E8C9
 



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 07:46 PM

Could you go to C:\ComboFix5.txt and post this log as well please?   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 08:12 PM

it gave me an error message when trying to send this log. it said it was to long. So i am sending it as an Attachment

Attached Files



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:47 PM

Posted 28 October 2013 - 08:23 PM

Hi,
 
Thank you for that.   :)
 
N4qAiMQ.jpgFRST
 
Download the 32 bit version for your system of FRST and save it to a flash drive. 
 
Plug the flashdrive into the infected PC.
 
Enter System Recovery Options
 
To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter 
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 clevi21

clevi21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 October 2013 - 08:56 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MINWINPC on 28-10-2013 21:47:49
Running from G:\
Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [] -
HKU\Default\...\RunOnce: [Lenovoautosdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [] -
HKU\Default User\...\RunOnce: [Lenovoautosdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
BootExecute: autocheck autochk * sdnclean.exe

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S4 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-13] (Lenovo.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 PMSveH; C:\Program Files\Lenovo\PMDriver\PMSveH.exe [57344 2006-05-24] (Lenovo)
S4 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [28672 2008-11-04] (Lenovo Group Limited)
S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] ()
S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]
S4 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [x]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
S2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-20] (AVG Technologies)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-08-20] (COMPAL ELECTRONIC INC.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75992 2013-10-19] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
S1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113336 2013-07-21] (Power Software Ltd)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [974336 2008-06-30] (Vimicro Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Chris\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 21:47 - 2013-10-28 21:47 - 00000000 ____D C:\FRST
2013-10-28 17:23 - 2013-10-28 17:25 - 00145096 _____ C:\Windows\Minidump\Mini102813-02.dmp
2013-10-28 17:11 - 2013-10-28 17:11 - 00161929 _____ C:\Users\Chris\Desktop\ComboFix5.txt
2013-10-28 16:08 - 2013-10-28 16:08 - 00025177 _____ C:\ComboFix.txt
2013-10-28 14:51 - 2013-10-28 14:51 - 05137071 ____R (Swearware) C:\Users\Chris\Downloads\ComboFix.exe
2013-10-28 13:16 - 2013-10-28 13:16 - 00007218 _____ C:\Users\Chris\Downloads\Result.txt
2013-10-28 13:15 - 2013-10-28 13:15 - 00360587 _____ (Farbar) C:\Users\Chris\Downloads\ListParts(1).exe
2013-10-28 13:14 - 2013-10-28 13:15 - 00360587 _____ (Farbar) C:\Users\Chris\Downloads\ListParts.exe
2013-10-28 11:32 - 2013-10-28 17:23 - 127858366 _____ C:\Windows\MEMORY.DMP
2013-10-28 11:32 - 2013-10-28 11:33 - 00145096 _____ C:\Windows\Minidump\Mini102813-01.dmp
2013-10-27 03:54 - 2013-10-27 03:54 - 00020756 _____ C:\Users\Chris\Desktop\dds 1.txt
2013-10-27 03:54 - 2013-10-27 03:54 - 00009253 _____ C:\Users\Chris\Desktop\Attach 1.txt
2013-10-26 19:43 - 2013-10-27 03:53 - 00020756 _____ C:\Users\Chris\Desktop\dds.txt
2013-10-26 19:43 - 2013-10-26 19:43 - 00009253 _____ C:\Users\Chris\Desktop\attach.txt
2013-10-26 18:38 - 2013-10-26 18:38 - 00000000 ____D C:\ProgramData\Oracle
2013-10-26 18:37 - 2013-10-26 18:37 - 00000000 ____D C:\ProgramData\Sun
2013-10-26 18:37 - 2013-10-26 18:34 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-26 18:35 - 2013-10-26 18:34 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-26 18:35 - 2013-10-26 18:34 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-26 18:35 - 2013-10-26 18:34 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-26 18:29 - 2013-10-26 18:29 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2013-10-26 18:26 - 2013-10-26 18:26 - 00000000 ____D C:\ProgramData\McAfee
2013-10-26 18:20 - 2013-10-26 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall.exe
2013-10-26 16:38 - 2013-10-26 16:38 - 00002254 _____ C:\Users\Chris\Desktop\Rkill1.txt
2013-10-26 15:31 - 2013-10-26 15:31 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-10-26 12:03 - 2013-10-26 12:03 - 00028661 _____ C:\Users\Chris\Desktop\Result minitoolbox.txt
2013-10-26 12:01 - 2013-10-26 12:02 - 00028661 _____ C:\Users\Chris\Desktop\Result.txt
2013-10-26 11:53 - 2013-10-26 11:53 - 00002431 _____ C:\Users\Chris\Desktop\FSS1.txt
2013-10-26 11:51 - 2013-10-26 11:51 - 00002431 _____ C:\Users\Chris\Desktop\FSS.txt
2013-10-26 11:50 - 2013-10-26 11:50 - 00001289 _____ C:\Users\Chris\Desktop\checkup1.txt
2013-10-26 11:49 - 2013-10-26 11:49 - 00001289 _____ C:\Users\Chris\Desktop\checkup.txt
2013-10-26 11:17 - 2013-10-26 11:16 - 00760937 _____ (Farbar) C:\Users\Chris\Desktop\MiniToolBox.exe
2013-10-26 11:15 - 2013-10-26 11:15 - 00359085 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2013-10-26 11:14 - 2013-10-26 11:15 - 00891167 _____ C:\Users\Chris\Desktop\SecurityCheck.exe
2013-10-26 06:58 - 2013-10-26 16:35 - 00002254 _____ C:\Users\Chris\Desktop\Rkill.txt
2013-10-25 18:05 - 2013-10-25 18:05 - 00000000 ____D C:\Users\Chris\AppData\Roaming\InstallShield
2013-10-25 13:53 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-25 13:53 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-25 13:53 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-25 13:53 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-25 13:53 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-25 13:53 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-25 13:53 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-24 17:36 - 2013-10-24 17:36 - 00000000 ____D C:\721282c629bd38a1a4e38c
2013-10-24 16:54 - 2013-10-26 06:20 - 00002792 _____ C:\Windows\setupact.log
2013-10-24 16:54 - 2013-10-24 16:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-21 09:40 - 2013-09-22 02:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-21 09:40 - 2013-09-22 02:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-21 09:40 - 2013-09-22 02:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-21 09:39 - 2013-09-22 02:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-21 09:39 - 2013-09-22 02:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-21 09:39 - 2013-09-22 02:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-21 09:39 - 2013-09-22 02:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-21 09:39 - 2013-09-22 02:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-21 09:39 - 2013-09-22 02:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-21 09:39 - 2013-09-22 02:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-21 09:39 - 2013-09-22 02:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-21 09:39 - 2013-09-22 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-21 09:39 - 2013-09-22 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-21 09:39 - 2013-09-22 02:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-21 09:39 - 2013-09-22 02:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-21 09:39 - 2013-09-22 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-21 08:43 - 2012-07-25 18:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-21 08:43 - 2012-06-02 06:57 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-10-21 08:42 - 2012-07-25 19:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-21 08:42 - 2012-07-25 19:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-10-21 08:42 - 2012-07-25 19:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-10-21 08:42 - 2012-07-25 19:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-10-21 08:42 - 2012-07-25 19:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-10-21 08:42 - 2012-07-25 19:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-10-21 08:42 - 2012-07-25 18:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-10-21 08:42 - 2012-07-25 18:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-10-21 08:42 - 2009-07-14 04:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-10-21 08:42 - 2009-07-13 15:51 - 00034944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2013-10-21 08:39 - 2013-08-26 17:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-21 08:38 - 2013-08-26 18:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-21 08:38 - 2013-08-26 18:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-21 08:38 - 2013-08-26 18:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-21 08:38 - 2013-08-26 18:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-21 08:38 - 2013-08-26 17:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-21 08:38 - 2013-08-26 17:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-21 08:38 - 2013-08-26 17:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-21 08:38 - 2013-08-26 17:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-21 08:38 - 2013-07-31 19:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-21 08:38 - 2013-07-31 18:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-21 08:38 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-10-21 08:38 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-10-21 08:27 - 2012-11-02 02:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-10-21 08:27 - 2012-11-02 00:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-10-21 08:27 - 2012-08-21 03:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-10-21 08:26 - 2012-11-21 19:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-10-21 07:50 - 2013-07-20 02:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 07:48 - 2013-08-28 23:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-21 07:48 - 2013-07-04 19:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-21 07:48 - 2013-07-04 17:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-10-21 07:43 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-10-21 07:00 - 2013-10-21 06:57 - 00001970 ____R C:\Users\Chris\Desktop\Key.txt
2013-10-20 14:36 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-10-20 14:24 - 2012-11-19 20:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-10-20 14:24 - 2012-09-28 08:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-10-20 13:47 - 2013-07-12 01:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-20 13:46 - 2013-03-03 11:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-10-20 13:19 - 2013-06-28 18:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-20 13:19 - 2013-06-28 18:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-20 13:19 - 2013-06-28 18:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-20 13:19 - 2013-06-28 18:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-20 13:19 - 2011-05-05 05:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-20 13:19 - 2011-05-05 05:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-20 13:18 - 2013-06-26 15:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-20 13:18 - 2013-04-23 17:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-10-20 13:17 - 2013-04-23 20:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-10-20 12:13 - 2013-10-26 16:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-20 11:43 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-10-20 11:43 - 2013-05-01 20:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-10-20 11:43 - 2013-05-01 20:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-10-20 11:43 - 2012-11-07 19:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-10-20 11:01 - 2013-10-20 11:06 - 00000258 __RSH C:\Users\Chris\ntuser.pol
2013-10-20 08:20 - 2013-10-20 08:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\AVAST Software
2013-10-20 08:18 - 2013-10-20 08:18 - 00269216 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-10-20 08:15 - 2013-10-25 18:13 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-20 08:15 - 2013-10-20 08:15 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\xkufxvce.sys
2013-10-20 08:15 - 2013-10-20 08:15 - 00101608 _____ C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 08:00 - 2013-10-20 08:01 - 00003746 _____ C:\Program Files\Mozilla FireFoxsafeguard-secure-search.xml
2013-10-20 08:00 - 2013-10-20 08:00 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-10-20 05:18 - 2013-10-20 05:18 - 00000000 ____D C:\226451db6a120e78851ddc
2013-10-20 05:13 - 2013-03-07 19:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-10-20 05:13 - 2013-03-07 19:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-10-20 05:13 - 2012-11-02 02:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-10-20 04:59 - 2013-10-20 04:59 - 00000000 ____D C:\ff7597dbe8e3d8813ad72d124c39a8cd
2013-10-20 04:11 - 2013-10-20 04:11 - 00000000 ____D C:\A
2013-10-19 18:04 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll
2013-10-19 18:04 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-19 18:04 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-10-19 18:04 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-19 18:04 - 2013-07-03 20:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-19 18:04 - 2013-06-03 20:16 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-19 18:04 - 2013-06-03 17:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-19 18:04 - 2013-03-08 19:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-10-19 18:04 - 2013-03-08 17:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-10-19 18:03 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-10-19 18:03 - 2013-04-17 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-10-19 18:00 - 2013-02-11 17:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-10-19 17:59 - 2013-07-02 18:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-19 17:08 - 2013-10-19 17:08 - 00000759 _____ C:\Users\Chris\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-10-19 17:08 - 2013-10-19 17:08 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-10-19 17:04 - 2013-10-28 16:49 - 00315524 _____ C:\Windows\PFRO.log
2013-10-19 16:48 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-10-19 16:48 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-10-19 16:48 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-10-19 16:48 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-10-19 16:28 - 2013-10-19 16:28 - 00000597 _____ C:\Windows\wmsetup.log
2013-10-19 16:24 - 2013-10-19 16:25 - 25740256 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\wmp11-windowsxp-x86-enu.exe
2013-10-19 16:18 - 2013-10-19 16:19 - 01528184 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\GenuineCheck.exe
2013-10-19 15:43 - 2013-10-19 15:43 - 00000000 ____D C:\Users\Chris\AppData\Local\Macromedia
2013-10-19 15:19 - 2013-10-19 15:19 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-19 15:18 - 2013-10-19 15:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-19 15:18 - 2013-10-19 15:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-19 14:01 - 2013-10-26 06:31 - 00374824 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-19 12:38 - 2013-10-19 12:38 - 00000104 _____ C:\Users\Chris\Desktop\Recycle Bin - Shortcut.lnk
2013-10-19 12:36 - 2013-10-28 17:12 - 01539267 _____ C:\Windows\WindowsUpdate.log
2013-10-19 12:15 - 2013-10-26 16:18 - 00000000 ____D C:\Users\Chris\Desktop\mbar
2013-10-19 12:15 - 2013-10-19 12:15 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-10-19 12:12 - 2013-10-19 06:55 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.07.0.1007.exe
2013-10-19 06:07 - 2013-10-26 08:06 - 00000000 ____D C:\AdwCleaner
2013-10-19 05:52 - 2013-10-19 05:52 - 00000000 ____D C:\Windows\pss
2013-10-19 05:47 - 2013-10-19 05:47 - 00000000 ____D C:\Users\Chris\AppData\Local\{AE01DF37-FD75-4853-809E-2846CB3DF5E7}
2013-10-19 01:18 - 2013-10-20 20:57 - 00046304 _____ C:\Users\Chris\Desktop\avgrep.txt
2013-10-19 01:14 - 2013-10-25 18:59 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-19 01:14 - 2013-10-21 07:01 - 00000916 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 01:14 - 2013-10-21 07:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-19 01:14 - 2013-04-04 10:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-10-19 01:13 - 2013-10-19 01:12 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybot-2.2.exe
2013-10-18 20:45 - 2013-10-25 01:17 - 00000000 ____D C:\Program Files\7-Zip
2013-10-18 18:38 - 2013-10-18 18:38 - 00000814 _____ C:\Users\Public\Desktop\PowerISO.lnk
2013-10-18 18:31 - 2013-10-18 18:41 - 00000000 ____D C:\Users\Chris\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-10-18 18:22 - 2013-10-18 18:08 - 3086659584 ____R C:\Win7Ult-SP1-x86-en-US-Jul2013.iso
2013-10-18 18:22 - 2013-10-18 17:09 - 00003692 ____R C:\Users\Chris\Desktop\Win7ULT-Jul2013.txt
2013-10-18 18:22 - 2013-10-18 17:09 - 00000189 ____R C:\Users\Chris\Desktop\Microsoft Windows 7 USB DVD tool.url
2013-10-18 15:40 - 2013-10-18 15:40 - 00000000 ____D C:\Users\Chris\AppData\Local\{FB6094D5-31E6-465C-9953-7410DE559F9E}
2013-10-18 03:37 - 2013-10-18 03:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{E582BC6C-F7DE-4816-B39D-E512F65EC55A}
2013-10-16 18:18 - 2013-10-16 18:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{9ADE7593-ACBF-4818-B0B2-5C2BFC9254C1}
2013-10-15 16:15 - 2013-10-15 16:15 - 00000000 ____D C:\Users\Chris\AppData\Roaming\PowerISO
2013-10-15 16:13 - 2013-10-18 19:08 - 00000000 ____D C:\Program Files\PowerISO
2013-10-15 16:07 - 2013-10-20 08:11 - 00000000 ____D C:\Users\Chris\AppData\Local\AVG SafeGuard toolbar
2013-10-15 16:07 - 2013-10-15 16:08 - 00000000 ____D C:\Users\Chris\AppData\Local\{6A4C3AC4-3117-4D66-8730-E25C458C517C}
2013-10-15 13:24 - 2013-10-15 13:24 - 00000000 ____D C:\Users\Chris\AppData\Roaming\AVG2014
2013-10-15 13:23 - 2013-10-19 06:01 - 00000808 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-15 13:23 - 2013-10-15 13:23 - 00000000 ____D C:\Users\Chris\AppData\Roaming\TuneUp Software
2013-10-15 13:22 - 2013-10-20 08:01 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-15 13:22 - 2013-10-20 08:00 - 00037664 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-10-15 13:21 - 2013-10-15 13:24 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-15 13:21 - 2013-10-15 13:21 - 00000000 ____D C:\$AVG
2013-10-15 13:20 - 2013-10-15 13:20 - 00000000 ____D C:\Program Files\AVG
2013-10-15 13:13 - 2013-10-15 13:29 - 00000000 ____D C:\Users\Chris\AppData\Local\Avg2014
2013-10-15 13:07 - 2013-10-28 13:37 - 00000000 ____D C:\ProgramData\MFAData
2013-10-15 13:07 - 2013-10-15 13:07 - 00000000 ____D C:\Users\Chris\AppData\Local\MFAData
2013-10-15 13:07 - 2013-10-15 13:07 - 00000000 ____D C:\Users\Chris\AppData\Local\Avg2013
2013-10-15 13:07 - 2013-04-19 09:52 - 04446832 _____ (AVG Technologies) C:\Users\Chris\Desktop\avg_isct_stb_all_2013_3272.exe
2013-10-15 13:04 - 2013-10-15 13:04 - 00000000 ____D C:\Users\Chris\AppData\Local\{0297FB4B-93C3-4500-AB06-4D90ED074A99}

==================== One Month Modified Files and Folders =======

2013-10-28 21:47 - 2013-10-28 21:47 - 00000000 ____D C:\FRST
2013-10-28 17:35 - 2013-10-19 12:36 - 01539267 _____ C:\Windows\WindowsUpdate.log
2013-10-28 17:35 - 2006-11-02 04:45 - 00003744 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 17:35 - 2006-11-02 04:45 - 00003744 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 17:25 - 2013-10-28 17:23 - 00145096 _____ C:\Windows\Minidump\Mini102813-02.dmp
2013-10-28 17:23 - 2013-10-28 11:32 - 127858366 _____ C:\Windows\MEMORY.DMP
2013-10-28 17:23 - 2009-07-27 16:17 - 00000000 ____D C:\Windows\Minidump
2013-10-28 17:11 - 2013-10-28 17:11 - 00161929 _____ C:\Users\Chris\Desktop\ComboFix5.txt
2013-10-28 16:49 - 2013-10-19 17:04 - 00315524 _____ C:\Windows\PFRO.log
2013-10-28 16:08 - 2013-10-28 16:08 - 00025177 _____ C:\ComboFix.txt
2013-10-28 16:08 - 2010-08-02 05:27 - 00000000 ____D C:\Qoobox
2013-10-28 16:01 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini
2013-10-28 14:51 - 2013-10-28 14:51 - 05137071 ____R (Swearware) C:\Users\Chris\Downloads\ComboFix.exe
2013-10-28 13:37 - 2013-10-15 13:07 - 00000000 ____D C:\ProgramData\MFAData
2013-10-28 13:16 - 2013-10-28 13:16 - 00007218 _____ C:\Users\Chris\Downloads\Result.txt
2013-10-28 13:15 - 2013-10-28 13:15 - 00360587 _____ (Farbar) C:\Users\Chris\Downloads\ListParts(1).exe
2013-10-28 13:15 - 2013-10-28 13:14 - 00360587 _____ (Farbar) C:\Users\Chris\Downloads\ListParts.exe
2013-10-28 11:33 - 2013-10-28 11:32 - 00145096 _____ C:\Windows\Minidump\Mini102813-01.dmp
2013-10-27 03:54 - 2013-10-27 03:54 - 00020756 _____ C:\Users\Chris\Desktop\dds 1.txt
2013-10-27 03:54 - 2013-10-27 03:54 - 00009253 _____ C:\Users\Chris\Desktop\Attach 1.txt
2013-10-27 03:53 - 2013-10-26 19:43 - 00020756 _____ C:\Users\Chris\Desktop\dds.txt
2013-10-27 00:27 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-26 19:43 - 2013-10-26 19:43 - 00009253 _____ C:\Users\Chris\Desktop\attach.txt
2013-10-26 18:38 - 2013-10-26 18:38 - 00000000 ____D C:\ProgramData\Oracle
2013-10-26 18:37 - 2013-10-26 18:37 - 00000000 ____D C:\ProgramData\Sun
2013-10-26 18:37 - 2009-02-03 11:19 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-26 18:34 - 2013-10-26 18:37 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-26 18:34 - 2013-10-26 18:35 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-26 18:34 - 2013-10-26 18:35 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-26 18:34 - 2013-10-26 18:35 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-26 18:33 - 2009-02-03 11:19 - 00000000 ____D C:\Program Files\Java
2013-10-26 18:29 - 2013-10-26 18:29 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2013-10-26 18:26 - 2013-10-26 18:26 - 00000000 ____D C:\ProgramData\McAfee
2013-10-26 18:20 - 2013-10-26 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall.exe
2013-10-26 16:38 - 2013-10-26 16:38 - 00002254 _____ C:\Users\Chris\Desktop\Rkill1.txt
2013-10-26 16:35 - 2013-10-26 06:58 - 00002254 _____ C:\Users\Chris\Desktop\Rkill.txt
2013-10-26 16:18 - 2013-10-20 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-26 16:18 - 2013-10-19 12:15 - 00000000 ____D C:\Users\Chris\Desktop\mbar
2013-10-26 15:31 - 2013-10-26 15:31 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-10-26 12:03 - 2013-10-26 12:03 - 00028661 _____ C:\Users\Chris\Desktop\Result minitoolbox.txt
2013-10-26 12:02 - 2013-10-26 12:01 - 00028661 _____ C:\Users\Chris\Desktop\Result.txt
2013-10-26 11:53 - 2013-10-26 11:53 - 00002431 _____ C:\Users\Chris\Desktop\FSS1.txt
2013-10-26 11:51 - 2013-10-26 11:51 - 00002431 _____ C:\Users\Chris\Desktop\FSS.txt
2013-10-26 11:50 - 2013-10-26 11:50 - 00001289 _____ C:\Users\Chris\Desktop\checkup1.txt
2013-10-26 11:49 - 2013-10-26 11:49 - 00001289 _____ C:\Users\Chris\Desktop\checkup.txt
2013-10-26 11:16 - 2013-10-26 11:17 - 00760937 _____ (Farbar) C:\Users\Chris\Desktop\MiniToolBox.exe
2013-10-26 11:15 - 2013-10-26 11:15 - 00359085 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2013-10-26 11:15 - 2013-10-26 11:14 - 00891167 _____ C:\Users\Chris\Desktop\SecurityCheck.exe
2013-10-26 08:06 - 2013-10-19 06:07 - 00000000 ____D C:\AdwCleaner
2013-10-26 07:33 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-10-26 07:00 - 2006-11-02 02:33 - 00769026 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-26 06:31 - 2013-10-19 14:01 - 00374824 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-26 06:23 - 2006-11-02 04:35 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-10-26 06:20 - 2013-10-24 16:54 - 00002792 _____ C:\Windows\setupact.log
2013-10-26 06:02 - 2009-02-03 11:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-25 18:59 - 2013-10-19 01:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-25 18:43 - 2009-02-03 11:16 - 00000319 _____ C:\Windows\wininit.ini
2013-10-25 18:39 - 2013-01-04 14:52 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Philipp Winterberg
2013-10-25 18:39 - 2013-01-04 14:51 - 00000000 ____D C:\Program Files\Free RAR Extract Frog
2013-10-25 18:13 - 2013-10-20 08:15 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-25 18:05 - 2013-10-25 18:05 - 00000000 ____D C:\Users\Chris\AppData\Roaming\InstallShield
2013-10-25 18:05 - 2009-02-03 11:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-25 17:58 - 2011-05-16 17:51 - 00000000 ____D C:\Program Files\Showcase 5
2013-10-25 01:17 - 2013-10-18 20:45 - 00000000 ____D C:\Program Files\7-Zip
2013-10-24 17:36 - 2013-10-24 17:36 - 00000000 ____D C:\721282c629bd38a1a4e38c
2013-10-24 16:54 - 2013-10-24 16:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-24 16:43 - 2009-11-09 20:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-21 09:05 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-21 07:01 - 2013-10-19 01:14 - 00000916 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-21 07:01 - 2013-10-19 01:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-21 06:57 - 2013-10-21 07:00 - 00001970 ____R C:\Users\Chris\Desktop\Key.txt
2013-10-20 20:57 - 2013-10-19 01:18 - 00046304 _____ C:\Users\Chris\Desktop\avgrep.txt
2013-10-20 11:06 - 2013-10-20 11:01 - 00000258 __RSH C:\Users\Chris\ntuser.pol
2013-10-20 11:06 - 2009-04-13 22:26 - 00000000 ____D C:\users\Chris
2013-10-20 10:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-20 08:20 - 2013-10-20 08:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\AVAST Software
2013-10-20 08:20 - 2009-06-15 11:51 - 00006648 _____ C:\Users\Chris\AppData\Local\d3d9caps.dat
2013-10-20 08:18 - 2013-10-20 08:18 - 00269216 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-10-20 08:15 - 2013-10-20 08:15 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\xkufxvce.sys
2013-10-20 08:15 - 2013-10-20 08:15 - 00101608 _____ C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 08:11 - 2013-10-15 16:07 - 00000000 ____D C:\Users\Chris\AppData\Local\AVG SafeGuard toolbar
2013-10-20 08:01 - 2013-10-20 08:00 - 00003746 _____ C:\Program Files\Mozilla FireFoxsafeguard-secure-search.xml
2013-10-20 08:01 - 2013-10-15 13:22 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-20 08:01 - 2013-02-03 04:52 - 00000000 ____D C:\Program Files\Mozilla FireFox
2013-10-20 08:00 - 2013-10-20 08:00 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-10-20 08:00 - 2013-10-15 13:22 - 00037664 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-10-20 05:18 - 2013-10-20 05:18 - 00000000 ____D C:\226451db6a120e78851ddc
2013-10-20 04:59 - 2013-10-20 04:59 - 00000000 ____D C:\ff7597dbe8e3d8813ad72d124c39a8cd
2013-10-20 04:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2013-10-20 04:11 - 2013-10-20 04:11 - 00000000 ____D C:\A
2013-10-19 17:49 - 2009-07-10 10:19 - 00000000 ____D C:\Program Files\Google
2013-10-19 17:08 - 2013-10-19 17:08 - 00000759 _____ C:\Users\Chris\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-10-19 17:08 - 2013-10-19 17:08 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-10-19 16:28 - 2013-10-19 16:28 - 00000597 _____ C:\Windows\wmsetup.log
2013-10-19 16:25 - 2013-10-19 16:24 - 25740256 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\wmp11-windowsxp-x86-enu.exe
2013-10-19 16:19 - 2013-10-19 16:18 - 01528184 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\GenuineCheck.exe
2013-10-19 15:54 - 2009-04-13 23:04 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2013-10-19 15:53 - 2012-10-07 17:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-19 15:53 - 2012-10-07 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-19 15:43 - 2013-10-19 15:43 - 00000000 ____D C:\Users\Chris\AppData\Local\Macromedia
2013-10-19 15:19 - 2013-10-19 15:19 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-19 15:18 - 2013-10-19 15:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-19 15:18 - 2013-10-19 15:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-19 14:03 - 2012-09-11 07:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-19 13:42 - 2009-06-08 17:21 - 00000000 ____D C:\Program Files\QuickTime
2013-10-19 13:41 - 2009-05-04 17:51 - 00000000 ___HD C:\ProgramData\Apple Computer
2013-10-19 13:00 - 2009-04-22 15:56 - 00000000 ____D C:\Users\Chris\Tracing
2013-10-19 12:38 - 2013-10-19 12:38 - 00000104 _____ C:\Users\Chris\Desktop\Recycle Bin - Shortcut.lnk
2013-10-19 12:15 - 2013-10-19 12:15 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-10-19 11:16 - 2011-01-30 11:46 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-19 11:08 - 2006-11-02 03:18 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-10-19 10:52 - 2006-11-02 04:40 - 00000000 ____D C:\Windows\WindowsMobile
2013-10-19 06:55 - 2013-10-19 12:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.07.0.1007.exe
2013-10-19 06:09 - 2010-02-24 16:29 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-19 06:01 - 2013-10-15 13:23 - 00000808 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-19 06:01 - 2010-12-25 17:29 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-10-19 05:52 - 2013-10-19 05:52 - 00000000 ____D C:\Windows\pss
2013-10-19 05:47 - 2013-10-19 05:47 - 00000000 ____D C:\Users\Chris\AppData\Local\{AE01DF37-FD75-4853-809E-2846CB3DF5E7}
2013-10-19 05:40 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Registration
2013-10-19 01:12 - 2013-10-19 01:13 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybot-2.2.exe
2013-10-18 19:08 - 2013-10-15 16:13 - 00000000 ____D C:\Program Files\PowerISO
2013-10-18 18:41 - 2013-10-18 18:31 - 00000000 ____D C:\Users\Chris\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-10-18 18:38 - 2013-10-18 18:38 - 00000814 _____ C:\Users\Public\Desktop\PowerISO.lnk
2013-10-18 18:08 - 2013-10-18 18:22 - 3086659584 ____R C:\Win7Ult-SP1-x86-en-US-Jul2013.iso
2013-10-18 17:09 - 2013-10-18 18:22 - 00003692 ____R C:\Users\Chris\Desktop\Win7ULT-Jul2013.txt
2013-10-18 17:09 - 2013-10-18 18:22 - 00000189 ____R C:\Users\Chris\Desktop\Microsoft Windows 7 USB DVD tool.url
2013-10-18 15:41 - 2010-10-26 07:59 - 00000000 ____D C:\Users\Chris\AppData\Local\Windows Live
2013-10-18 15:40 - 2013-10-18 15:40 - 00000000 ____D C:\Users\Chris\AppData\Local\{FB6094D5-31E6-465C-9953-7410DE559F9E}
2013-10-18 03:38 - 2013-10-18 03:37 - 00000000 ____D C:\Users\Chris\AppData\Local\{E582BC6C-F7DE-4816-B39D-E512F65EC55A}
2013-10-16 18:18 - 2013-10-16 18:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{9ADE7593-ACBF-4818-B0B2-5C2BFC9254C1}
2013-10-15 16:48 - 2009-05-27 15:09 - 00000000 ___HD C:\ProgramData\Skype
2013-10-15 16:47 - 2010-08-22 01:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2013-10-15 16:15 - 2013-10-15 16:15 - 00000000 ____D C:\Users\Chris\AppData\Roaming\PowerISO
2013-10-15 16:08 - 2013-10-15 16:07 - 00000000 ____D C:\Users\Chris\AppData\Local\{6A4C3AC4-3117-4D66-8730-E25C458C517C}
2013-10-15 13:29 - 2013-10-15 13:13 - 00000000 ____D C:\Users\Chris\AppData\Local\Avg2014
2013-10-15 13:24 - 2013-10-15 13:24 - 00000000 ____D C:\Users\Chris\AppData\Roaming\AVG2014
2013-10-15 13:24 - 2013-10-15 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-15 13:23 - 2013-10-15 13:23 - 00000000 ____D C:\Users\Chris\AppData\Roaming\TuneUp Software
2013-10-15 13:21 - 2013-10-15 13:21 - 00000000 ____D C:\$AVG
2013-10-15 13:20 - 2013-10-15 13:20 - 00000000 ____D C:\Program Files\AVG
2013-10-15 13:07 - 2013-10-15 13:07 - 00000000 ____D C:\Users\Chris\AppData\Local\MFAData
2013-10-15 13:07 - 2013-10-15 13:07 - 00000000 ____D C:\Users\Chris\AppData\Local\Avg2013
2013-10-15 13:04 - 2013-10-15 13:04 - 00000000 ____D C:\Users\Chris\AppData\Local\{0297FB4B-93C3-4500-AB06-4D90ED074A99}

Files to move or delete:
====================
C:\Users\Chris\AppData\Roaming\desktop.ini


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 983.83 MB
Available physical RAM: 566.88 MB
Total Pagefile: 794.76 MB
Available Pagefile: 635.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.39 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:97.82 GB) NTFS
Drive e: (Lenovo) (Fixed) (Total:9.77 GB) (Free:4.39 GB) NTFS
Drive g: () (Removable) (Total:14.91 GB) (Free:14.71 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 7918D480)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6E697373)
No partition Table on disk 1.


LastRegBack: 2013-10-28 17:37

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users