Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.agent.cn consistently showing up in svchost.exe


  • This topic is locked This topic is locked
11 replies to this topic

#1 lost1010

lost1010

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 17 November 2013 - 07:17 PM

Hello,

 

I've been attempting for 2 days now to remove this trojan that seems to show back up after each restart. I've tried OTL, combofix, hitmanpro, tdsskiller, mbar, mbam, MSE and a few others but am willing to try every one again at your request.

 

In addition to this trojan (which, as far as I can tell, edited my hosts file to redirect all popular websites to a survey/phishing website [unless that was another virus]), I also seem to have been blessed by a bitcoinminer.

 

Any help would be lovely. I've attached the logs that the preparation guide requests.

 

Thank you.

 

Attached File  attach.txt   10.63KB   2 downloads

 

Attached File  dds.txt   19.84KB   6 downloads



BC AdBot (Login to Remove)

 


#2 lost1010

lost1010
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 18 November 2013 - 12:49 AM

I have attempted to use both TDSSkiller and MBAR in safe mode to no avail.


Edited by lost1010, 18 November 2013 - 06:19 PM.


#3 lost1010

lost1010
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 18 November 2013 - 06:17 PM

Bump



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 21 November 2013 - 05:20 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

PS: I saw the infection:

 

mRun: [Adobe] C:\Users\Moschetti\AppData\Roaming\Microsoft\Windows\Recent.vbe

 

 

Regards,
Georgi


cXfZ4wS.png


#5 lost1010

lost1010
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 21 November 2013 - 08:07 PM

Just editing this one because my problem has been solved. Because this post was left alone for a couple of days, I posted for help somewhere else and someone there helped me. The problem is solved now and I still really appreciate that you attempted to help me. Have a good day :)


Heyo Georgi,

Thanks for coming to try help me out.

Here is the Farbar FRST.txt log:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Moschetti (administrator) on MOSCHETTI-PC on 22-11-2013 12:02:06
Running from C:\Users\Moschetti\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Mikes\Antivirus\SuperAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Valve Corporation) C:\Mikes\Games\Steam\Steam.exe
(Flux Software LLC) C:\Users\Moschetti\AppData\Local\FluxSoftware\Flux\flux.exe
(BitTorrent, Inc.) C:\Mikes\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Moschetti\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Moschetti\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Akamai Technologies, Inc.) C:\Users\Moschetti\AppData\Local\Akamai\netsession_win.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Mikes\Drivers\Graphics Card\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dassault Systemes) C:\Mikes\Catia\Catia\win_b64\code\bin\CATSysDemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Mikes\Antivirus\MBAM\mbamscheduler.exe
(ATI Technologies Inc.) C:\Mikes\Drivers\Graphics Card\ATI.ACE\Core-Static\CCC.exe
(Autodesk, Inc.) C:\Mikes\AutoCAD\Inventor\Inventor 2014\Moldflow\bin\mitsijm.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Mikes\Downloads\Where is Carmen Sandiego games [TheCreeper]\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Mikes\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-09-27] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Steam] - C:\Mikes\Games\Steam\Steam.exe [1820584 2013-10-31] (Valve Corporation)
HKCU\...\Run: [F.lux] - C:\Users\Moschetti\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [uTorrent] - C:\Mikes\uTorrent\uTorrent.exe [399224 2013-02-02] (BitTorrent, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Mikes\DAEMON Tools\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Moschetti\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-05-21] (Spotify Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Moschetti\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Policies\Explorer: [] 
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2013-02-02] (FNet Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Mikes\Drivers\Graphics Card\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C5DF6E7C100CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Mikes\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Mikes\System Tools\Java\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Mikes\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Mikes\System Tools\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Mikes\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: hxxp://www.rmit.edu.au/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Honey) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.5.3_0
CHR Extension: (Adblock Plus) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.1_0
CHR Extension: (Google Mail Checker) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Ghostery) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0
CHR Extension: (Google Wallet) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0
CHR Extension: (Hover Zoom) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.24_0
CHR Extension: (Gmail) - C:\Users\MOSCHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Mikes\Antivirus\SuperAntiSpyware\SASCORE64.EXE [140672 2012-07-12] (SUPERAntiSpyware.com)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 BBDemon; C:\Mikes\Catia\Catia\win_b64\code\bin\CATSysDemon.exe [46592 2008-02-02] (Dassault Systemes)
S3 Hamachi2Svc; C:\Mikes\Hamachi\hamachi-2.exe [2746704 2013-10-01] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Mikes\Antivirus\MBAM\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Mikes\Antivirus\MBAM\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mitsijm2014; C:\Mikes\AutoCAD\Inventor\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-26] (Autodesk, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-09-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-09-27] (Microsoft Corporation)
R2 VMAuthdService; C:\Mikes\Downloads\Where is Carmen Sandiego games [TheCreeper]\vmware-authd.exe [86096 2013-10-18] (VMware, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-02] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2013-02-02] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-02-02] (FNet Co., Ltd.)
R1 LUM; C:\Windows\system32\drivers\LUM.sys [24848 2007-06-06] (IBM)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-20] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Mikes\Antivirus\SuperAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Mikes\Antivirus\SuperAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [116440 2013-11-22] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-22 12:02 - 2013-11-22 12:02 - 00014782 _____ C:\Users\Moschetti\Desktop\FRST.txt
2013-11-22 12:01 - 2013-11-22 12:01 - 00000000 ____D C:\FRST
2013-11-22 12:00 - 2013-11-22 12:01 - 01957964 _____ (Farbar) C:\Users\Moschetti\Desktop\FRST64.exe
2013-11-22 11:14 - 2013-11-22 11:14 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-21 07:19 - 2013-11-22 11:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-21 07:11 - 2013-11-21 07:11 - 00000000 ____D C:\Users\Moschetti\AppData\Local\VMware
2013-11-21 07:10 - 2013-11-21 07:11 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\VMware
2013-11-21 07:09 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2013-11-21 07:09 - 2013-10-18 12:44 - 00032848 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2013-11-21 07:09 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2013-11-21 07:09 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2013-11-21 07:09 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2013-11-21 07:08 - 2013-11-21 07:08 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-11-21 07:08 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2013-11-21 07:08 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2013-11-21 07:08 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2013-11-21 07:08 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2013-11-21 07:08 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2013-11-21 07:07 - 2013-11-22 11:08 - 00000000 ____D C:\ProgramData\VMware
2013-11-21 07:06 - 2013-11-21 07:06 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Moschetti\Desktop\TDSSKiller.exe
2013-11-20 18:51 - 2013-11-20 18:51 - 00002760 _____ C:\Users\Moschetti\Desktop\RKreport[0]_D_11202013_185151.txt
2013-11-20 18:51 - 2013-11-20 18:51 - 00002642 _____ C:\Users\Moschetti\Desktop\RKreport[0]_S_11202013_185127.txt
2013-11-20 18:49 - 2013-11-20 18:51 - 00000000 ____D C:\Users\Moschetti\Desktop\RK_Quarantine
2013-11-20 18:48 - 2013-11-20 18:49 - 04161024 _____ C:\Users\Moschetti\Desktop\RogueKillerX64.exe
2013-11-20 17:29 - 2013-11-20 17:29 - 00019149 _____ C:\Users\Moschetti\Desktop\comboFIX+.txt
2013-11-20 16:25 - 2013-11-20 16:25 - 00019149 _____ C:\ComboFix.txt
2013-11-20 15:16 - 2013-11-20 15:16 - 00026150 _____ C:\Users\Moschetti\Desktop\comboFIX.txt
2013-11-20 15:10 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-20 15:10 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-20 15:10 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-20 15:10 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-20 15:10 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-20 15:10 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-20 15:10 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-20 15:10 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-20 15:09 - 2013-11-20 16:25 - 00000000 ____D C:\Qoobox
2013-11-20 15:05 - 2013-11-20 15:08 - 05146522 ____R (Swearware) C:\Users\Moschetti\Desktop\ComboFix.exe
2013-11-20 14:06 - 2013-11-20 14:06 - 00000625 _____ C:\Users\Moschetti\Desktop\JRT.txt
2013-11-20 14:01 - 2013-11-20 14:01 - 01034531 _____ (Thisisu) C:\Users\Moschetti\Desktop\JRT.exe
2013-11-20 13:58 - 2013-11-20 13:58 - 00000950 _____ C:\Users\Moschetti\Desktop\AdwCleaner[S1].txt
2013-11-20 13:53 - 2013-11-20 13:54 - 01085542 _____ C:\Users\Moschetti\Desktop\AdwCleaner.exe
2013-11-20 10:22 - 2013-11-20 10:22 - 00020318 _____ C:\Users\Moschetti\Desktop\dds.txt
2013-11-20 10:22 - 2013-11-20 10:22 - 00010881 _____ C:\Users\Moschetti\Desktop\attach.txt
2013-11-19 11:02 - 2013-11-19 11:05 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\mIRC
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\Users\Moschetti\AppData\Local\CrashDumps
2013-11-18 11:26 - 2011-09-20 03:02 - 00083968 _____ (Esage Lab) C:\Users\Moschetti\Desktop\boot_cleaner.exe
2013-11-18 11:08 - 2013-11-18 11:10 - 00688992 ____R (Swearware) C:\Users\Moschetti\Desktop\dds.com
2013-11-18 10:42 - 2013-11-20 14:01 - 00000000 ____D C:\AdwCleaner
2013-11-18 10:41 - 2013-11-18 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 23:32 - 2013-11-17 23:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-17 21:54 - 2013-11-20 16:21 - 00000000 ____D C:\Windows\erdnt
2013-11-17 20:47 - 2013-11-20 17:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 20:00 - 2013-11-17 20:00 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-11-17 19:42 - 2013-11-17 19:42 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-17 19:41 - 2013-11-17 20:01 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-17 19:07 - 2013-11-17 19:36 - 10264904 _____ (SurfRight B.V.) C:\Users\Moschetti\Desktop\HitmanPro_x64.exe
2013-11-17 18:01 - 2013-11-17 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 13:24 - 2013-11-17 13:24 - 00000000 ____D C:\Users\Moschetti\Documents\Nexus Mod Manager
2013-11-17 13:24 - 2013-11-17 13:24 - 00000000 ____D C:\Users\Moschetti\AppData\Local\Black_Tree_Gaming
2013-11-15 11:14 - 2013-11-15 11:14 - 00011059 _____ C:\Users\Moschetti\Downloads\ANZ.csv
2013-11-13 16:20 - 2013-10-06 07:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:20 - 2013-10-06 06:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 15:26 - 2013-09-28 12:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 15:26 - 2013-09-25 13:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 15:26 - 2013-09-25 13:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 15:26 - 2013-09-25 13:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 15:26 - 2013-09-25 13:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 15:26 - 2013-09-25 13:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 15:26 - 2013-09-25 13:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 15:26 - 2013-09-25 13:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 15:26 - 2013-09-25 13:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 15:26 - 2013-09-25 12:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 15:26 - 2013-09-25 12:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 15:26 - 2013-09-25 12:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 15:26 - 2013-09-25 12:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 15:26 - 2013-09-25 12:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 15:26 - 2013-07-04 23:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 15:13 - 2013-10-12 13:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:13 - 2013-10-12 13:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 15:13 - 2013-10-12 13:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:13 - 2013-10-12 13:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:13 - 2013-10-12 13:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 15:13 - 2013-10-03 13:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 15:13 - 2013-10-03 13:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 03:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-13 03:03 - 2013-11-13 03:03 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 03:03 - 2013-11-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 03:03 - 2013-11-13 03:03 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 03:03 - 2013-11-13 03:03 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-13 03:03 - 2013-11-13 03:03 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-13 03:03 - 2013-11-13 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 03:03 - 2013-11-13 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 03:03 - 2013-11-13 03:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-13 03:03 - 2013-11-13 03:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 03:03 - 2013-11-13 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-13 03:03 - 2013-11-13 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-13 03:01 - 2013-11-13 03:01 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-13 03:00 - 2013-11-13 03:04 - 00009487 _____ C:\Windows\IE11_main.log
2013-11-12 20:43 - 2013-03-12 17:41 - 00000000 ____D C:\Users\Moschetti\Downloads\Math Circus
2013-11-12 20:35 - 2013-11-12 20:41 - 01858965 _____ (Igor Pavlov) C:\Users\Moschetti\Downloads\Math Circus.exe
2013-11-11 11:12 - 2013-11-11 11:13 - 01663518 _____ C:\Users\Moschetti\Downloads\VirtualDubMod_1_5_10_2_All_inclusive.zip
2013-11-10 18:15 - 2013-11-10 18:15 - 00000000 ____D C:\Users\Moschetti\Documents\FOMM
2013-11-10 18:07 - 2013-11-10 18:07 - 00000000 ____D C:\Users\Moschetti\AppData\Local\FOMM
2013-11-10 18:04 - 2013-11-10 19:00 - 00000000 ____D C:\Users\Moschetti\AppData\Local\FalloutNV
2013-11-10 11:23 - 2013-11-10 11:23 - 00034026 _____ C:\Users\Moschetti\Downloads\Stability-Extra Marks.xlsx
2013-11-02 10:20 - 2013-11-02 10:20 - 00279296 _____ C:\Windows\Minidump\110213-34273-01.dmp
2013-10-30 14:25 - 2013-10-30 14:25 - 00274984 _____ C:\Windows\Minidump\103013-34413-01.dmp
2013-10-30 14:21 - 2013-10-30 14:21 - 00274984 _____ C:\Windows\Minidump\103013-37346-01.dmp
2013-10-30 14:18 - 2013-10-30 14:18 - 00274984 _____ C:\Windows\Minidump\103013-31917-01.dmp
2013-10-30 11:21 - 2013-10-30 11:21 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2013-10-26 15:27 - 2013-10-26 15:27 - 00000000 ____D C:\Users\Moschetti\Documents\WB Games
2013-10-25 20:27 - 2013-11-09 22:20 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-25 20:27 - 2013-10-25 20:27 - 00000000 ____D C:\Users\Moschetti\AppData\Local\LogMeIn
2013-10-25 17:43 - 2013-11-03 21:22 - 00000000 ____D C:\Users\Moschetti\AppData\Local\LogMeIn Hamachi
 
==================== One Month Modified Files and Folders =======
 
2013-11-22 12:02 - 2013-11-22 12:02 - 00014782 _____ C:\Users\Moschetti\Desktop\FRST.txt
2013-11-22 12:01 - 2013-11-22 12:01 - 00000000 ____D C:\FRST
2013-11-22 12:01 - 2013-11-22 12:00 - 01957964 _____ (Farbar) C:\Users\Moschetti\Desktop\FRST64.exe
2013-11-22 11:59 - 2013-02-02 08:25 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\uTorrent
2013-11-22 11:25 - 2013-11-21 07:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-22 11:22 - 2013-02-02 12:48 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-22 11:15 - 2009-07-14 15:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 11:15 - 2009-07-14 15:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 11:14 - 2013-11-22 11:14 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-22 11:12 - 2013-02-02 08:20 - 01936798 _____ C:\Windows\WindowsUpdate.log
2013-11-22 11:08 - 2013-11-21 07:07 - 00000000 ____D C:\ProgramData\VMware
2013-11-22 11:08 - 2013-02-02 12:48 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 11:08 - 2010-11-21 14:47 - 00308058 _____ C:\Windows\PFRO.log
2013-11-22 11:08 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 11:08 - 2009-07-14 15:51 - 00060521 _____ C:\Windows\setupact.log
2013-11-22 09:23 - 2013-06-09 19:01 - 00000000 ____D C:\Users\Moschetti\AppData\Local\Akamai
2013-11-21 07:16 - 2013-02-02 08:19 - 00000000 ____D C:\Users\Moschetti
2013-11-21 07:11 - 2013-11-21 07:11 - 00000000 ____D C:\Users\Moschetti\AppData\Local\VMware
2013-11-21 07:11 - 2013-11-21 07:10 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\VMware
2013-11-21 07:08 - 2013-11-21 07:08 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-11-21 07:08 - 2013-02-02 15:52 - 00791308 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-21 07:06 - 2013-11-21 07:06 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Moschetti\Desktop\TDSSKiller.exe
2013-11-20 18:51 - 2013-11-20 18:51 - 00002760 _____ C:\Users\Moschetti\Desktop\RKreport[0]_D_11202013_185151.txt
2013-11-20 18:51 - 2013-11-20 18:51 - 00002642 _____ C:\Users\Moschetti\Desktop\RKreport[0]_S_11202013_185127.txt
2013-11-20 18:51 - 2013-11-20 18:49 - 00000000 ____D C:\Users\Moschetti\Desktop\RK_Quarantine
2013-11-20 18:49 - 2013-11-20 18:48 - 04161024 _____ C:\Users\Moschetti\Desktop\RogueKillerX64.exe
2013-11-20 17:31 - 2013-11-17 20:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-20 17:29 - 2013-11-20 17:29 - 00019149 _____ C:\Users\Moschetti\Desktop\comboFIX+.txt
2013-11-20 16:25 - 2013-11-20 16:25 - 00019149 _____ C:\ComboFix.txt
2013-11-20 16:25 - 2013-11-20 15:09 - 00000000 ____D C:\Qoobox
2013-11-20 16:22 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2013-11-20 16:21 - 2013-11-17 21:54 - 00000000 ____D C:\Windows\erdnt
2013-11-20 15:16 - 2013-11-20 15:16 - 00026150 _____ C:\Users\Moschetti\Desktop\comboFIX.txt
2013-11-20 15:08 - 2013-11-20 15:05 - 05146522 ____R (Swearware) C:\Users\Moschetti\Desktop\ComboFix.exe
2013-11-20 14:06 - 2013-11-20 14:06 - 00000625 _____ C:\Users\Moschetti\Desktop\JRT.txt
2013-11-20 14:01 - 2013-11-20 14:01 - 01034531 _____ (Thisisu) C:\Users\Moschetti\Desktop\JRT.exe
2013-11-20 14:01 - 2013-11-18 10:42 - 00000000 ____D C:\AdwCleaner
2013-11-20 13:58 - 2013-11-20 13:58 - 00000950 _____ C:\Users\Moschetti\Desktop\AdwCleaner[S1].txt
2013-11-20 13:54 - 2013-11-20 13:53 - 01085542 _____ C:\Users\Moschetti\Desktop\AdwCleaner.exe
2013-11-20 10:22 - 2013-11-20 10:22 - 00020318 _____ C:\Users\Moschetti\Desktop\dds.txt
2013-11-20 10:22 - 2013-11-20 10:22 - 00010881 _____ C:\Users\Moschetti\Desktop\attach.txt
2013-11-19 21:21 - 2010-11-21 14:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 11:05 - 2013-11-19 11:02 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\mIRC
2013-11-19 11:01 - 2013-02-02 12:53 - 00000000 ____D C:\Mikes
2013-11-18 22:18 - 2009-07-14 16:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\Users\Moschetti\AppData\Local\CrashDumps
2013-11-18 11:10 - 2013-11-18 11:08 - 00688992 ____R (Swearware) C:\Users\Moschetti\Desktop\dds.com
2013-11-18 10:41 - 2013-11-18 10:41 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 23:49 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\addins
2013-11-17 23:32 - 2013-11-17 23:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-17 20:01 - 2013-11-17 19:41 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-17 20:00 - 2013-11-17 20:00 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-11-17 19:42 - 2013-11-17 19:42 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-17 19:36 - 2013-11-17 19:07 - 10264904 _____ (SurfRight B.V.) C:\Users\Moschetti\Desktop\HitmanPro_x64.exe
2013-11-17 18:01 - 2013-11-17 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:01 - 2013-02-03 10:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-17 13:24 - 2013-11-17 13:24 - 00000000 ____D C:\Users\Moschetti\Documents\Nexus Mod Manager
2013-11-17 13:24 - 2013-11-17 13:24 - 00000000 ____D C:\Users\Moschetti\AppData\Local\Black_Tree_Gaming
2013-11-17 13:02 - 2009-07-14 14:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-15 11:14 - 2013-11-15 11:14 - 00011059 _____ C:\Users\Moschetti\Downloads\ANZ.csv
2013-11-15 08:23 - 2013-02-02 12:50 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 04:00 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:05 - 2009-07-14 13:34 - 00000478 _____ C:\Windows\win.ini
2013-11-13 03:23 - 2013-02-02 08:19 - 00001413 _____ C:\Users\Moschetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-13 03:20 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 03:04 - 2013-11-13 03:00 - 00009487 _____ C:\Windows\IE11_main.log
2013-11-13 03:03 - 2013-11-13 03:03 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 03:03 - 2013-11-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 03:03 - 2013-11-13 03:03 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 03:03 - 2013-11-13 03:03 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-13 03:03 - 2013-11-13 03:03 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-13 03:03 - 2013-11-13 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 03:03 - 2013-11-13 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 03:03 - 2013-11-13 03:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-13 03:03 - 2013-11-13 03:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 03:03 - 2013-11-13 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-13 03:03 - 2013-11-13 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-13 03:03 - 2013-11-13 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-13 03:03 - 2013-11-13 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-13 03:01 - 2013-11-13 03:01 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-13 03:01 - 2013-11-13 03:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-13 03:01 - 2013-11-13 03:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-12 20:41 - 2013-11-12 20:35 - 01858965 _____ (Igor Pavlov) C:\Users\Moschetti\Downloads\Math Circus.exe
2013-11-11 11:13 - 2013-11-11 11:12 - 01663518 _____ C:\Users\Moschetti\Downloads\VirtualDubMod_1_5_10_2_All_inclusive.zip
2013-11-10 19:01 - 2013-02-02 20:01 - 00151644 _____ C:\Windows\DirectX.log
2013-11-10 19:00 - 2013-11-10 18:04 - 00000000 ____D C:\Users\Moschetti\AppData\Local\FalloutNV
2013-11-10 18:15 - 2013-11-10 18:15 - 00000000 ____D C:\Users\Moschetti\Documents\FOMM
2013-11-10 18:09 - 2013-02-10 11:18 - 00000000 ____D C:\Users\Moschetti\Documents\My Games
2013-11-10 18:07 - 2013-11-10 18:07 - 00000000 ____D C:\Users\Moschetti\AppData\Local\FOMM
2013-11-10 11:23 - 2013-11-10 11:23 - 00034026 _____ C:\Users\Moschetti\Downloads\Stability-Extra Marks.xlsx
2013-11-09 22:20 - 2013-10-25 20:27 - 00000000 ____D C:\ProgramData\LogMeIn
2013-11-06 11:10 - 2013-10-18 17:42 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\TEdit
2013-11-03 21:22 - 2013-10-25 17:43 - 00000000 ____D C:\Users\Moschetti\AppData\Local\LogMeIn Hamachi
2013-11-02 10:20 - 2013-11-02 10:20 - 00279296 _____ C:\Windows\Minidump\110213-34273-01.dmp
2013-11-02 10:20 - 2013-02-02 16:56 - 677286781 _____ C:\Windows\MEMORY.DMP
2013-11-02 10:20 - 2013-02-02 16:56 - 00000000 ____D C:\Windows\Minidump
2013-10-30 14:55 - 2013-02-03 10:44 - 00000000 ____D C:\Users\Moschetti\AppData\Local\cache
2013-10-30 14:25 - 2013-10-30 14:25 - 00274984 _____ C:\Windows\Minidump\103013-34413-01.dmp
2013-10-30 14:21 - 2013-10-30 14:21 - 00274984 _____ C:\Windows\Minidump\103013-37346-01.dmp
2013-10-30 14:18 - 2013-10-30 14:18 - 00274984 _____ C:\Windows\Minidump\103013-31917-01.dmp
2013-10-30 11:21 - 2013-10-30 11:21 - 00000000 ____D C:\Users\Moschetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2013-10-26 15:27 - 2013-10-26 15:27 - 00000000 ____D C:\Users\Moschetti\Documents\WB Games
2013-10-25 20:27 - 2013-10-25 20:27 - 00000000 ____D C:\Users\Moschetti\AppData\Local\LogMeIn
2013-10-25 17:44 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Public\Libraries
 
Some content of TEMP:
====================
C:\Users\Moschetti\AppData\Local\Temp\jna1328559114347518433.dll
C:\Users\Moschetti\AppData\Local\Temp\jna1839292034637589013.dll
C:\Users\Moschetti\AppData\Local\Temp\jna2798729548779647202.dll
C:\Users\Moschetti\AppData\Local\Temp\jna4722582134556971015.dll
C:\Users\Moschetti\AppData\Local\Temp\jna5945452616102545985.dll
C:\Users\Moschetti\AppData\Local\Temp\libcurl-4.dll
C:\Users\Moschetti\AppData\Local\Temp\libeay32.dll
C:\Users\Moschetti\AppData\Local\Temp\libidn-11.dll
C:\Users\Moschetti\AppData\Local\Temp\librtmp.dll
C:\Users\Moschetti\AppData\Local\Temp\libssh2.dll
C:\Users\Moschetti\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Moschetti\AppData\Local\Temp\ssleay32.dll
C:\Users\Moschetti\AppData\Local\Temp\zlib1.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 00:25
 
==================== End Of Log ============================

Attached Files


Edited by lost1010, 22 November 2013 - 12:21 AM.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 23 November 2013 - 09:22 AM

Hello,

 

I am glad to hear that you was able to resolve the issue.

Before I close the topic you can remove a few leftovers if you want.

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also I noticed the following error in your Event Viewer:

 

Microsoft Office Sessions:
=========================
Error: (11/22/2013 11:10:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

You should be able to fix it using the following MS FixIt:

 

http://support.microsoft.com/kb/2545227

 

 

Good luck!

 

 

Regards,

Georgi

 


cXfZ4wS.png


#7 lost1010

lost1010
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 23 November 2013 - 07:36 PM

Hey Georgi,

 

This forum and the Malware Specialists within are superb. Even after I've attempted to solve my problem you still help me out and make sure while suggesting how to fix other problems with my PC. Great work.

 

Things to note after this run are that I now have a folder on my Desktop with the Chinese title '㩃䙜卒屔畑牡湡楴敮Ȁ'. Full of items I don't recognise. Here is a link to a picture to show all of the items within the folder: http://i.imgur.com/6K9nSCl.png .

 

FARBAR RESULTS

------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2013 03
Ran by Moschetti at 2013-11-24 11:20:15 Run:2
Running from C:\Users\Moschetti\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKCU\...\Policies\Explorer: [] 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57710174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57710174.sys => ""="Driver"
C:\Users\Moschetti\AppData\Local\Temp
end
 
 
 
 
 
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
catchme => Service deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\57710174.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\57710174.sys => Key deleted successfully.
 
"C:\Users\Moschetti\AppData\Local\Temp" directory move:
 
C:\Users\Moschetti\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG15FF.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG2833.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG32F1.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG423D.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG52A7.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG552.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG622C.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG79A7.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG8560.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG8FA1.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFG9909.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGA0DB.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGA311.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGA81B.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGB53B.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGB8A4.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGD02F.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGE183.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGF1E8.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\CFGF339.tmp => Moved successfully.
Could not move "C:\Users\Moschetti\AppData\Local\Temp\etilqs_bCiIDA0s2jL7EO5" => Scheduled to move on reboot.
Could not move "C:\Users\Moschetti\AppData\Local\Temp\etilqs_FeoIp4d4R4ErQ5O" => Scheduled to move on reboot.
Could not move "C:\Users\Moschetti\AppData\Local\Temp\etilqs_kq1R4MTIhQBlx3M" => Scheduled to move on reboot.
Could not move "C:\Users\Moschetti\AppData\Local\Temp\etilqs_zh7q8dgXhXqzsIe" => Scheduled to move on reboot.
C:\Users\Moschetti\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSI1bdd2.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSI243c3.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSI76ca7.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSI7c042.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSI832fc.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSI8b21a.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIc2396.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIcaf8f.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIcf1b8.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSId1f48.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSId920c.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIda317.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIe265f.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIe2d8a.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIe9071.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIeaf0e.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIec7ff.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIedb46.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIf5012.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\MSIf5f73.LOG => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\PCW63CA.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\PCW63CA.xml => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\tmpAE70.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\tmpB36E.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\vminst.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\vmsetup.20131123144729.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\vmsetup.20131123144729.{E452E727-86B8-4233-8CC3-41FD817AFAFF}.uninstall.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\VMW6E67.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\_iu14D2N.tmp => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\vmware-Moschetti-1677569652\vmware-vix-6200.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\vmware-Moschetti-1677569652\vmware-vmplayer-5968.log => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6748_23271\crl-set => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6748_23271\manifest.fingerprint => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6748_23271\manifest.json => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6504_22381\crl-set => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6504_22381\manifest.fingerprint => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6504_22381\manifest.json => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6340_4335\crl-set => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6340_4335\manifest.fingerprint => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\6340_4335\manifest.json => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\5864_31952\crl-set => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\5864_31952\manifest.fingerprint => Moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\5864_31952\manifest.json => Moved successfully.
Could not move "C:\Users\Moschetti\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-24 11:23:28)<=
 
C:\Users\Moschetti\AppData\Local\Temp\etilqs_bCiIDA0s2jL7EO5 => Is moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\etilqs_FeoIp4d4R4ErQ5O => Is moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\etilqs_kq1R4MTIhQBlx3M => Is moved successfully.
C:\Users\Moschetti\AppData\Local\Temp\etilqs_zh7q8dgXhXqzsIe => Is moved successfully.
"C:\Users\Moschetti\AppData\Local\Temp" => Directory could not move.
 
==== End of Fixlog ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 24 November 2013 - 06:26 AM

Hi,

 

 

Things to note after this run are that I now have a folder on my Desktop with the Chinese title '㩃䙜卒屔畑牡湡楴敮Ȁ'. Full of items I don't recognise. Here is a link to a picture to show all of the items within the folder: http://i.imgur.com/6K9nSCl.png .

 

Was the folder created by the fixlist or by MS Fixit utility? That's odd because I see the following folder for the first time and I am using the MSFix it and FRST a lot. Are the subfolders empty when you browse them? If so you probably can delete the whole folder.

 

Also can you post the link to your other topic to see what was done so far and what left to be done?

 

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#9 lost1010

lost1010
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 24 November 2013 - 05:14 PM

The folder appeared after I restarted which was prompted by FRST. I'm not sure if FRST of the restart prompted it.

I forgot to mention previously, but all the folders you could see there are empty or contain no more than 2-3 sub-folders (and I have 'see hidden files' on for now).

 

To me it looks like one of the other programs (ComboFix, Hitman Pro, ADWCleaner, etc, etc) quarantine has become visible. Possibly because FRST caused the deletion of some files relevant to it? (I don't actually know if this makes sense, just bouncing ideas around).

 

Anyway, the computer doesn't have any other symptoms at the moment.

 

Thanks :)



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 25 November 2013 - 01:27 AM

Hi,

 

That's odd indeed. Let me ask the developer and will back to you. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 26 November 2013 - 01:35 PM

Hi,

 

 

FRST doesn't make that folder on Desktop. Also I can't see the folder in the FRST log which mean the folder is created a long time ago. But you are right, some of the tools you used at your own might have unhided the files and folders on your computer.

 

You can hide them again this way:

http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html

 

Let me know if you need this topic opened in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 03 December 2013 - 07:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users