Firefox issue

M

Motorcharge

Well-Known Member
\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-07-03 23:39 . 2012-07-03 23:39 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-03-19 13:19 . 2010-03-19 13:19 155136 c:\windows\Installer\a628639.msi
+ 2010-03-19 00:29 . 2010-03-19 00:29 872448 c:\windows\Installer\a5ff4f3.msi
+ 2012-07-08 07:05 . 2012-07-08 07:05 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-08 14:13 . 2012-06-08 14:13 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-07-08 04:15 . 2012-07-08 04:15 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2012-07-04 03:01 . 2012-07-04 03:01 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\d7ba8f0a500f25cbed7daa07e8d748ec\XamlBuildTask.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 462336 c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\c87183cbec623926230118ddb9c93662\WsatConfig.ni.exe
+ 2012-07-04 03:00 . 2012-07-04 03:00 243712 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\6ade3ca0064ec4387fd905877e1d56b8\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\31c9a177e71d9ded2a09252d362bab1d\System.Web.RegularExpressions.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 446464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\39d7c8787069c77987c558d814cac079\System.Web.Entity.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 366592 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\3ff2fa87603d75f313a66cc051b0f5c7\System.Web.Entity.Design.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 970240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\85c01837b7d52831601939d52c0cd04e\System.Web.DynamicData.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 329728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\e6e7ba45676b869bf66bfd909d7e4fd0\System.Web.DataVisualization.Design.ni.dll
+ 2012-07-04 00:54 . 2012-07-04 00:54 578048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\9b43e24c0322e7c075406de9f8c24f37\System.ServiceModel.Activation.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 994304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\9b42e3a6e2cd58e1859d8f503e2f3808\System.Runtime.Remoting.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 308224 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\df3f39d99e99235afbdce9c30b3a9d48\System.Runtime.Caching.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\cfe9bb29ab62c2263c904bc321a26bec\System.Drawing.Design.ni.dll
+ 2012-07-04 00:54 . 2012-07-04 00:54 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\1e723235ab95da7e59d03da7901857d9\System.Data.Services.Design.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 364544 c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\d448d55698c8471a921d17e20c0ac885\MSBuild.ni.exe
+ 2012-07-04 00:53 . 2012-07-04 00:53 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\0e541d178a5797ec61d0b97058e6cc2e\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\60fcea7acc6c048071451efa6d2f5fa6\Microsoft.Build.Framework.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\57a507991f1e7aeb0d3014fa0d3bbd2c\ComSvcConfig.ni.exe
+ 2012-07-04 03:00 . 2012-07-04 03:00 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\09f78ad9517d5d19de8498bac32fc9f8\XamlBuildTask.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\a61f64155e6b58da21013a5e4d6805c2\WsatConfig.ni.exe
+ 2012-07-04 03:00 . 2012-07-04 03:00 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4cf2b2fb097e9f0e86bb6282ae407f38\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\ea0b825a2dd1a056f6171170eb072d4a\System.Web.RegularExpressions.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 861696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\a894d26d652bfc6ac4830fb2f70617a9\System.Web.Extensions.Design.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 333824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\e2af30b84b1578b6f104141c1599dd8a\System.Web.Entity.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 297472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\4470016734a7207843be5ab103e54617\System.Web.Entity.Design.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 709632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c3531459f26b999ebc43cabbcf160f52\System.Web.DynamicData.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 259584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5e61ee5474c0f76a50932fbb5c7c4df3\System.Web.DataVisualization.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 423424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c43f1fd03a4b2e3d5d2f7bc5cab6d4d9\System.ServiceModel.Activation.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 771072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8c5442df8c423c3f53641723ab202576\System.Runtime.Remoting.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\422adb7d24779c5c2e89a02e183f35bb\System.Runtime.Caching.ni.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\02fbf9c53252572c65734e4058139abc\System.Drawing.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\88d1242f0f9f61cdcd171ff51f61005e\System.Data.Services.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\d47740fc85ad70c686adc9fc9dc6e7f5\MSBuild.ni.exe
+ 2012-07-04 02:59 . 2012-07-04 02:59 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\3ad065635e1e0cd413081be61993cd38\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\71a3a98ff5fb128d3abf6ecc3224ba6b\Microsoft.Build.Framework.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\f18a2a149b3e7f9cf74de1263c2ee337\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\d1a54aac4ba266fc0ba95fd2be09098f\ComSvcConfig.ni.exe
+ 2012-07-04 02:59 . 2012-07-04 02:59 846336 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\f92703eb43edd152461756ff2d56ea46\AspNetMMCExt.ni.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 4368720 c:\windows\SysWOW64\mfc100u.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 4342088 c:\windows\SysWOW64\mfc100.dll
+ 2012-06-24 21:45 . 2012-06-24 21:45 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-24 21:45 . 2012-06-24 21:45 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
+ 2009-07-14 04:54 . 2012-06-28 22:33 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 23:55 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-28 22:33 7094272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-06-25 01:13 6366312 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-18 20:47 . 2010-03-18 20:47 1587064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1070960 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1836904 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 5145936 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1697144 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 5078360 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1064816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1327968 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1587064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1070960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 5174608 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1697144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 5078360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1064816 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1327968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 5145936 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-08 04:15 . 2012-07-08 04:15 3809280 c:\windows\Installer\1ff590f6.msi
+ 2012-07-04 03:00 . 2012-07-04 03:00 1601536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\72007285279e0d6357db504999c8e124\System.WorkflowServices.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 2886656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\71539c40fc382c7e30eb5e1717f6fac7\System.Workflow.Runtime.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 5921792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\7bd32fb577201b5240b2558d8d1f9a7e\System.Workflow.ComponentModel.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\ec781c38aff4dff4f53675068f55ced8\System.Workflow.Activities.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 2284544 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\13fa0cee801d37b2238052e053863f24\System.Web.Services.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 2957312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\547a0c7acf453e3c8919568476c6ee60\System.Web.Mobile.ni.dll
+ 2012-07-04 00:54 . 2012-07-04 00:54 3767296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\7b05d9433656ff2319a30220a6787ca6\System.Web.Extensions.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 1096704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\660210d6d0196c39c9feea68e0332ece\System.Web.Extensions.Design.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 5561856 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\32fcfe726e565e6169522c55dacc84e8\System.Web.DataVisualization.ni.dll
+ 2012-07-04 00:54 . 2012-07-04 00:54 1495552 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\adcbcc0533c70ad5fe0b7646932c4228\System.ServiceModel.Web.ni.dll
+ 2012-07-04 00:54 . 2012-07-04 00:54 2701312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\2cd5f29ccbcceb62c1b875ad4cedab00\System.Data.Services.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\9ae2ebd5a18f5e129b09e1691126fce4\System.Data.OracleClient.ni.dll
+ 2012-07-04 00:54 . 2012-07-04 00:54 1733120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\20ec470ecb250aa5c95d14b8793cba5b\System.Data.Entity.Design.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 1891328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\f1a22e22627669cfa6df30d1b4051988\PresentationBuildTasks.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 1828864 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\a1c3a7e4ca00d2ee5f2ce009831d22b9\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 6004736 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\8186ee6e68fbefb30dca7b41ec0386c4\Microsoft.Build.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 3815936 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\fc1a938d40998cf260926846cc958bd6\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 2521088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\d0d3c1cf8ab4b8b5534a1e5a77d34f09\Microsoft.Build.Engine.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 1003520 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\8aec154d31e76cd786ed5de7c1d0fbb3\AspNetMMCExt.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\d999b56c109e96bd8118b2104dca1d82\System.WorkflowServices.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 1971200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\4055aa50edd533ff57682a696cd70b97\System.Workflow.Runtime.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\a8d5bc70ddc43116bb89d96b172f5c3a\System.Workflow.ComponentModel.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 2871296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\a58ab54e96487ccd5744a5c5707e7544\System.Workflow.Activities.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1923584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e79c46b4fc7cff1216f7b2ecdc6ec075\System.Web.Services.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 2329088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\1965fa47442aefcadaa6b45f4811c710\System.Web.Mobile.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 3092480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\32e81dde72f32b62d1f111bbd9959110\System.Web.Extensions.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 4518400 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5c4640a3048142037f9a78371d6598a7\System.Web.DataVisualization.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1075200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a2630d3ac7eca019bdf7cd898983a61\System.ServiceModel.Web.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 2026496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\6878488ae42f08b42ea032b6bb68e75e\System.Data.Services.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\d62b53e7a5528b03ff512c624a1fdb83\System.Data.OracleClient.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1409536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\390d46839913e46c70f45f7a4b9070ba\System.Data.Entity.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1479168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\96e437d1e82e54e63ed96af50e96d03d\PresentationBuildTasks.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1138688 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a35ab055e66ff3e4a163dda05b501086\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 4248064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\5246fa832baabf6e3706fd537fe19062\Microsoft.Build.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 2873856 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\4c844fa0efbb47fd2307109f0ace11dc\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\520f23eeaf6b5241a74a56338e8b89f8\Microsoft.Build.Engine.ni.dll
+ 2012-06-24 21:45 . 2012-06-24 21:45 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
+ 2011-09-19 10:39 . 2012-07-14 01:10 10036408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat
+ 2012-06-24 03:25 . 2012-06-25 01:12 10330864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-07-08 07:04 . 2012-07-08 07:04 19333120 c:\windows\Installer\209123bb.msi
+ 2012-07-04 00:53 . 2012-07-04 00:53 15657984 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\22352c9c1091b0fefc587c26a6b03429\System.Web.ni.dll
+ 2012-07-04 00:53 . 2012-07-04 00:53 13271040 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\62b07636b9cefe089c666cb26bf71597\System.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 11993088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\00171f60d3512845972c1dbbebf36278\System.Web.ni.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 10992128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\0cd11cee6f646aa41fffcf00cf0bc791\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-19 16008]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-09-28 581120]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-09-28 8192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-28 66728]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKLM-Run-picop - c:\users\Bre\AppData\Roaming\picop.dll
HKLM-Run-ianex - c:\users\Bre\AppData\Roaming\ianex.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-07-13 21:16:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 01:16
ComboFix2.txt 2012-06-25 01:30
ComboFix3.txt 2012-06-21 00:13
.
Pre-Run: 140,212,453,376 bytes free
Post-Run: 143,948,693,504 bytes free
.
- - End Of File - - 3D47FEFFCD85DAFB75DD37E0EA6A38C1
 
johnb35

johnb35

Administrator
Staff member
All right, lets see if we can nail this once and for all.

Please do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Dirlook::

c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
M

Motorcharge

Well-Known Member
ComboFix 12-06-28.03 - Bre 07/14/2012 8:24.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2620 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
Command switches used :: c:\users\Bre\Downloads\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 12:29 . 2012-07-14 12:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 06:21 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97D554BF-9C7C-49C2-AF51-E0B1D30B51EF}\mpengine.dll
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\users\Bre\AppData\Roaming\HideIPEasy
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\programdata\HideIPEasy
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\users\Bre\AppData\Local\APN
2012-07-08 04:14 . 2012-07-08 04:16 -------- d-----w- c:\program files (x86)\HideIPEasy
2012-07-06 00:01 . 2012-07-06 00:01 -------- d-----w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
2012-06-24 21:47 . 2012-06-24 21:47 -------- d-----w- c:\users\Bre\AppData\Local\Macromedia
2012-06-24 21:45 . 2012-06-24 21:45 -------- d-----w- c:\programdata\McAfee
2012-06-24 21:45 . 2012-06-24 21:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 21:45 . 2012-06-24 21:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 12:12 . 2012-06-23 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 01:01 . 2012-06-21 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-06-20 23:54 . 2012-06-20 23:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-17 19:36 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-17 19:36 . 2012-06-24 13:47 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 23:51 . 2012-05-17 23:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-26 07:09 . 2012-04-26 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 07:09 . 2012-04-26 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-25 22:44 . 2012-04-25 22:44 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36 . 2012-04-25 22:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 22:36 . 2012-04-25 22:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 22:33 . 2012-04-25 22:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 22:33 . 2012-04-25 22:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-25 22:33 . 2012-04-25 22:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-25 22:32 . 2012-04-25 22:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-25 22:32 . 2012-04-25 22:32 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 22:32 . 2012-04-25 22:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 22:32 . 2012-04-25 22:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-25 22:27 . 2012-04-25 22:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 22:27 . 2012-04-25 22:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 22:26 . 2012-04-25 22:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-25 22:23 . 2012-04-25 22:23 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-25 22:23 . 2012-04-25 22:23 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-25 22:21 . 2012-04-25 22:21 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-25 22:21 . 2012-04-25 22:21 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-04-25 22:21 . 2012-04-25 22:21 395776 ----a-w- c:\windows\system32\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 31232 ----a-w- c:\windows\system32\lsass.exe
2012-04-25 22:21 . 2012-04-25 22:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 28160 ----a-w- c:\windows\system32\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21 . 2012-04-25 22:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-04-25 22:21 . 2012-04-25 22:21 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-04-25 22:20 . 2012-04-25 22:20 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-25 22:20 . 2012-04-25 22:20 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-25 22:16 . 2012-04-25 22:16 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-25 22:16 . 2012-04-25 22:16 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-25 22:07 . 2012-04-25 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-25 22:07 . 2012-04-25 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-25 22:06 . 2012-04-25 22:06 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-25 22:06 . 2012-04-25 22:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} ----
.
2012-06-12 20:48 . 2012-06-12 20:48 23762944 ----a-w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
.
---- Directory of c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26} ----
.
2012-07-06 00:01 . 2012-07-06 00:01 6529 ----a-w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
2012-07-06 00:01 . 2012-07-06 00:01 804 ----a-w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}\install.rdf
2012-07-06 00:01 . 2012-07-06 00:01 129 ----a-w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}\chrome.manifest
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-07-14_01.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-30 05:01 . 2012-07-14 01:13 53532 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-01 23:20 30546 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-14 01:13 30546 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48 . 2012-07-14 01:13 13624 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
- 2011-04-20 19:20 . 2012-07-08 10:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 19:20 . 2012-07-14 03:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 19:20 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-20 19:20 . 2012-07-14 03:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 03:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-14 01:14 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-19 10:39 . 2012-07-14 12:29 3266 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-14 12:29 . 2012-07-14 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-14 12:29 . 2012-07-14 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-07 22:14 660172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-14 01:16 660172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-14 01:16 121100 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-07 22:14 121100 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-14 01:10 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-14 12:29 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-19 10:39 . 2012-07-14 12:29 10326528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-19 16008]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-09-28 581120]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-09-28 8192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-28 66728]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"picop"="c:\users\Bre\AppData\Roaming\picop.dll" [BU]
"ianex"="c:\users\Bre\AppData\Roaming\ianex.dll" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-07-14 08:34:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 12:34
ComboFix2.txt 2012-07-14 01:16
ComboFix3.txt 2012-06-25 01:30
ComboFix4.txt 2012-06-21 00:13
.
Pre-Run: 143,757,914,112 bytes free
Post-Run: 143,700,901,888 bytes free
.
- - End Of File - - 3618AB4EC679BCCBFA2D7FBE69AD9AEA
 
johnb35

johnb35

Administrator
Staff member
I've been trying to go through your log very thoroughly. I think we are getting closer. However, can you please rerun tdsskiller and do a full scan with malwarebytes and post the logs. Also noticed you had a new issue with Services.exe being infected. That wasn't on the previous combofix logs. Have you been doing anything new?
 
M

Motorcharge

Well-Known Member
tds killer, nothing found


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bre :: LEE [administrator]

7/16/2012 4:37:23 PM
mbam-log-2012-07-16 (16-37-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211852
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Running full scan atm, and nope, nothing new at all.
 
M

Motorcharge

Well-Known Member
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bre :: LEE [administrator]

7/16/2012 4:42:16 PM
mbam-log-2012-07-16 (16-42-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402620
Time elapsed: 35 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\pmybgvbos.exe.vir (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Roaming\picop.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
 
johnb35

johnb35

Administrator
Staff member
It seems you are visiting a website that is infecting you with the zero access rootkit. Are you or another member of the family visiting shotty websites?
 
M

Motorcharge

Well-Known Member
I'm the only one that uses this computer and I go to the same sites I've been going to for years.

Here, Jeepforum, facebook, tumblr, my gmail, NAXJA, and Netflix are about it.

Seems like everytime I get rid of something something new pops up in it's place now. I'm getting Google redirects now that are installing this Security Shield shit. Combofix can't seem to do anything better than a very temporary fix.
 
johnb35

johnb35

Administrator
Staff member
Manually delete this folder.

c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

It was created on june 12th. The file inside that folder is considered malware.

{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi

If it won't let you delete it let me know.
 
M

Motorcharge

Well-Known Member
Restarted and booted into safe mode to run malwarbytes.

Results:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.11

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Bre :: LEE [administrator]

7/16/2012 6:15:35 PM
mbam-log-2012-07-16 (18-15-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213836
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Bre\Local Settings\hdyahm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Bre\Local Settings\Application Data\hdyahm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

(end)
 
M

Motorcharge

Well-Known Member
johnb35 said:
Manually delete this folder.

c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

It was created on june 12th. The file inside that folder is considered malware.

{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi

If it won't let you delete it let me know.
Click to expand...

That filepath isn't visible and I have hidden folders viewable.
 
johnb35

johnb35

Administrator
Staff member
It may also help to make sure show protected operating system files is enabled. However, if its still not showing do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Killall::

Folder::

c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
M

Motorcharge

Well-Known Member
ComboFix 12-06-28.03 - Bre 07/16/2012 18:38:06.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2631 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
Command switches used :: c:\users\Bre\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
c:\users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 22:42 . 2012-07-16 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 06:21 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97D554BF-9C7C-49C2-AF51-E0B1D30B51EF}\mpengine.dll
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\users\Bre\AppData\Roaming\HideIPEasy
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\programdata\HideIPEasy
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\users\Bre\AppData\Local\APN
2012-07-08 04:14 . 2012-07-08 04:16 -------- d-----w- c:\program files (x86)\HideIPEasy
2012-07-06 00:01 . 2012-07-06 00:01 -------- d-----w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
2012-06-24 21:47 . 2012-06-24 21:47 -------- d-----w- c:\users\Bre\AppData\Local\Macromedia
2012-06-24 21:45 . 2012-06-24 21:45 -------- d-----w- c:\programdata\McAfee
2012-06-24 21:45 . 2012-06-24 21:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 21:45 . 2012-06-24 21:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 12:12 . 2012-06-23 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 01:01 . 2012-06-21 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-06-20 23:54 . 2012-06-20 23:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-17 19:36 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-17 19:36 . 2012-06-24 13:47 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-04-25 22:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 23:51 . 2012-05-17 23:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-26 07:09 . 2012-04-26 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 07:09 . 2012-04-26 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-25 22:44 . 2012-04-25 22:44 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36 . 2012-04-25 22:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 22:36 . 2012-04-25 22:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 22:33 . 2012-04-25 22:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 22:33 . 2012-04-25 22:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-25 22:33 . 2012-04-25 22:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-25 22:32 . 2012-04-25 22:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-25 22:32 . 2012-04-25 22:32 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 22:32 . 2012-04-25 22:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 22:32 . 2012-04-25 22:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-25 22:27 . 2012-04-25 22:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 22:27 . 2012-04-25 22:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 22:26 . 2012-04-25 22:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-25 22:23 . 2012-04-25 22:23 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-25 22:23 . 2012-04-25 22:23 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-25 22:21 . 2012-04-25 22:21 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-25 22:21 . 2012-04-25 22:21 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-04-25 22:21 . 2012-04-25 22:21 395776 ----a-w- c:\windows\system32\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 31232 ----a-w- c:\windows\system32\lsass.exe
2012-04-25 22:21 . 2012-04-25 22:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 28160 ----a-w- c:\windows\system32\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21 . 2012-04-25 22:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-04-25 22:21 . 2012-04-25 22:21 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-04-25 22:20 . 2012-04-25 22:20 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-25 22:20 . 2012-04-25 22:20 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-25 22:16 . 2012-04-25 22:16 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-25 22:16 . 2012-04-25 22:16 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-25 22:07 . 2012-04-25 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-25 22:07 . 2012-04-25 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-25 22:06 . 2012-04-25 22:06 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-25 22:06 . 2012-04-25 22:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-07-14_01.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-30 05:01 . 2012-07-16 22:19 53792 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-16 22:19 30586 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48 . 2012-07-16 22:19 13672 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
- 2011-04-20 19:20 . 2012-07-08 10:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 19:20 . 2012-07-14 03:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 19:20 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-20 19:20 . 2012-07-14 03:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 03:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-14 01:14 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-19 10:39 . 2012-07-16 22:43 3266 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-16 22:43 . 2012-07-16 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-16 22:43 . 2012-07-16 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-16 22:23 660172 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-07 22:14 660172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-16 22:23 121100 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-07 22:14 121100 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-16 22:43 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-14 01:10 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-15 20:36 . 2012-07-15 20:36 245760 c:\windows\Installer\6e3f34b.msi
+ 2011-09-19 10:39 . 2012-07-16 22:43 10326528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-19 16008]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-09-28 581120]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-09-28 8192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-28 66728]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-07-16 18:48:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 22:48
ComboFix2.txt 2012-07-14 12:34
ComboFix3.txt 2012-07-14 01:16
ComboFix4.txt 2012-06-25 01:30
ComboFix5.txt 2012-07-16 22:36
.
Pre-Run: 139,012,124,672 bytes free
Post-Run: 138,937,561,088 bytes free
.
- - End Of File - - AA37C970046F71850A659722DBED13D6
 
M

Motorcharge

Well-Known Member
It's installed but I only run it when downloading a torrent which I haven't done in weeks. Otherwise everything is removed from it and it's not run.

edit: it doesn't run at start up either
 
Last edited:
M

Motorcharge

Well-Known Member
Security Shield crap came back after a redirect this time. Had to run Combofix in safe mode.

ComboFix 12-06-28.03 - Bre 07/18/2012 16:13:20.7.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3039 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bre\AppData\Local\nkhir.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 20:18 . 2012-07-18 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 06:21 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97D554BF-9C7C-49C2-AF51-E0B1D30B51EF}\mpengine.dll
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\users\Bre\AppData\Roaming\HideIPEasy
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\programdata\HideIPEasy
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\users\Bre\AppData\Local\APN
2012-07-08 04:14 . 2012-07-08 04:16 -------- d-----w- c:\program files (x86)\HideIPEasy
2012-07-06 00:01 . 2012-07-06 00:01 -------- d-----w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
2012-06-24 21:47 . 2012-06-24 21:47 -------- d-----w- c:\users\Bre\AppData\Local\Macromedia
2012-06-24 21:45 . 2012-06-24 21:45 -------- d-----w- c:\programdata\McAfee
2012-06-24 21:45 . 2012-06-24 21:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 21:45 . 2012-06-24 21:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 12:12 . 2012-06-23 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 01:01 . 2012-06-21 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-06-20 23:54 . 2012-06-20 23:54 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-04-25 22:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 23:51 . 2012-05-17 23:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-26 07:09 . 2012-04-26 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 07:09 . 2012-04-26 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-25 22:44 . 2012-04-25 22:44 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36 . 2012-04-25 22:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 22:36 . 2012-04-25 22:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 22:33 . 2012-04-25 22:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 22:33 . 2012-04-25 22:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-25 22:33 . 2012-04-25 22:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-25 22:32 . 2012-04-25 22:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-25 22:32 . 2012-04-25 22:32 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 22:32 . 2012-04-25 22:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 22:32 . 2012-04-25 22:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-25 22:27 . 2012-04-25 22:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 22:27 . 2012-04-25 22:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 22:26 . 2012-04-25 22:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-25 22:23 . 2012-04-25 22:23 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-25 22:23 . 2012-04-25 22:23 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-25 22:21 . 2012-04-25 22:21 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-25 22:21 . 2012-04-25 22:21 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-04-25 22:21 . 2012-04-25 22:21 395776 ----a-w- c:\windows\system32\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 31232 ----a-w- c:\windows\system32\lsass.exe
2012-04-25 22:21 . 2012-04-25 22:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 28160 ----a-w- c:\windows\system32\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21 . 2012-04-25 22:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-04-25 22:21 . 2012-04-25 22:21 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-04-25 22:20 . 2012-04-25 22:20 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-25 22:20 . 2012-04-25 22:20 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-25 22:16 . 2012-04-25 22:16 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-25 22:16 . 2012-04-25 22:16 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-25 22:07 . 2012-04-25 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-25 22:07 . 2012-04-25 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-25 22:06 . 2012-04-25 22:06 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-25 22:06 . 2012-04-25 22:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.20910] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16768] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.20563] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16450] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-07-14_01.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-30 05:01 . 2012-07-18 20:08 54510 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-18 20:08 30730 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48 . 2012-07-18 20:08 14004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
- 2011-04-20 19:20 . 2012-07-08 10:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 19:20 . 2012-07-14 03:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 19:20 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-20 19:20 . 2012-07-14 03:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 03:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-14 01:14 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-19 10:39 . 2012-07-17 03:13 3266 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-18 20:11 . 2012-07-18 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 20:11 . 2012-07-18 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-17 23:36 660172 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-07 22:14 660172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-17 23:36 121100 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-07 22:14 121100 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-18 20:10 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-14 01:10 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-15 20:36 . 2012-07-15 20:36 245760 c:\windows\Installer\6e3f34b.msi
+ 2011-09-19 10:39 . 2012-07-18 20:10 10411486 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-28 66728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-19 16008]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-09-28 581120]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-09-28 8192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-17 283200]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-07-18 16:20:44
ComboFix-quarantined-files.txt 2012-07-18 20:20
ComboFix2.txt 2012-07-16 22:48
ComboFix3.txt 2012-07-14 12:34
ComboFix4.txt 2012-07-14 01:16
ComboFix5.txt 2012-07-18 20:12
.
Pre-Run: 153,532,559,360 bytes free
Post-Run: 153,368,715,264 bytes free
.
- - End Of File - - CA479C9A5915DB64D891DE06A4234F80
 
johnb35

johnb35

Administrator
Staff member
Please download Farbar Recovery Scan Tool and save it to a flash drive.



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.

• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

• Use the arrow keys to select the Repair your computer menu item.

• Select US as the keyboard language settings, and then click Next.

• Select the operating system you want to repair, and then click Next.

• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.

• Restart your computer.

• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

• Click Repair your computer.

• Select US as the keyboard language settings, and then click Next.

• Select the operating system you want to repair, and then click Next.

• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt

• In the command window type in notepad and press Enter.

• The notepad opens. Under File menu select Open.

• Select "Computer" and find your flash drive letter and close the notepad.

• In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.

• The tool will start to run.

• When the tool opens click Yes to disclaimer.

• Press Scan button.

• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply
 
johnb35

johnb35

Administrator
Staff member
Can you access the advanced boot options? I'm not sure if this program will work being saved on windows drive itself. You can try saving the file to your c drive directly.
 
M

Motorcharge

Well-Known Member
That's what I get when I run it.

177mn4.jpg


here is what I got running the scan:

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by Bre at 18-07-2012 19:13:23
Running from C:\Users\Bre\Downloads
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-18 19:10 - 2012-07-18 19:13 - 00000000 ____D C:\FRST
2012-07-18 18:01 - 2012-07-18 18:01 - 01437107 ____A (Farbar) C:\Users\Bre\Downloads\FRST64.exe
2012-07-18 16:51 - 2012-07-18 16:53 - 00000000 ____D C:\Users\Bre\Desktop\Ratrod
2012-07-18 16:36 - 2012-07-18 16:36 - 00028971 ____A C:\Users\Bre\Desktop\lol.txt
2012-07-18 16:20 - 2012-07-18 16:20 - 00028971 ____A C:\ComboFix.txt
2012-07-17 19:20 - 2012-07-17 19:20 - 00003224 ____N C:\bootsqm.dat
2012-07-17 19:11 - 2012-07-17 19:11 - 01368912 ____A C:\Users\Bre\Downloads\F9K1002_WW_1.00.14.bin
2012-07-17 19:10 - 2012-07-17 19:10 - 00993290 ____A C:\Users\Bre\Downloads\F9K1002_WW_2.00.08.bin
2012-07-17 16:03 - 2012-07-17 16:03 - 493940160 ____A C:\Windows\MEMORY.DMP
2012-07-17 16:03 - 2012-07-17 16:03 - 00278016 ____A C:\Windows\Minidump\071712-15506-01.dmp
2012-07-16 18:18 - 2012-07-18 16:37 - 00001176 ____A C:\Windows\setupact.log
2012-07-16 18:18 - 2012-07-18 16:36 - 00002032 ____A C:\Windows\PFRO.log
2012-07-16 18:18 - 2012-07-16 18:18 - 00000000 ____A C:\Windows\setuperr.log
2012-07-15 16:51 - 2012-07-15 16:51 - 00086666 ____A C:\Users\Bre\AppData\Roaming\icarus-dxdiag.xml
2012-07-15 11:02 - 2012-07-16 19:21 - 00000000 ____D C:\Users\Bre\Desktop\Front tube bumper build
2012-07-08 00:16 - 2012-07-08 00:16 - 00000000 ____D C:\Users\Bre\AppData\Roaming\HideIPEasy
2012-07-08 00:16 - 2012-07-08 00:16 - 00000000 ____D C:\Users\All Users\HideIPEasy
2012-07-08 00:15 - 2012-07-08 00:15 - 00000000 ____D C:\Users\Bre\AppData\Local\APN
2012-07-08 00:15 - 2012-07-08 00:15 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-07-08 00:14 - 2012-07-08 00:16 - 00000000 ____D C:\Program Files (x86)\HideIPEasy
2012-07-05 20:01 - 2012-07-05 20:01 - 00000000 ____D C:\Users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
2012-07-03 21:12 - 2012-07-03 21:12 - 10949969 ____A C:\Users\Bre\Downloads\Occult 45 - Grind Funk Railroad (Demo).zip
2012-07-03 19:40 - 2012-07-03 19:40 - 00772398 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-03 19:38 - 2012-07-03 19:38 - 07964033 ____A C:\Users\Bre\Downloads\RemoteControl_for_Winamp_1.00_setup.exe
2012-07-03 16:12 - 2012-07-03 16:12 - 00061552 ____A C:\Users\Bre\Downloads\RemoteDroidServer_v1.5.zip
2012-06-24 21:00 - 2012-06-24 21:00 - 02109806 ____A C:\Users\Bre\Downloads\tdsskiller.zip
2012-06-24 20:54 - 2012-06-24 20:54 - 00071398 ____A (jpshortstuff) C:\Users\Bre\Downloads\GooredFix.exe
2012-06-24 17:47 - 2012-06-24 17:47 - 00000000 ____D C:\Users\Bre\AppData\Local\Macromedia
2012-06-24 17:45 - 2012-06-24 17:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-24 17:45 - 2012-06-24 17:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-24 17:45 - 2012-06-24 17:45 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-24 10:08 - 2012-06-24 10:08 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\Bre\Downloads\uninstall_flash_player.exe
2012-06-23 08:12 - 2012-06-23 08:12 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-23 08:05 - 2012-06-23 08:05 - 05312793 ____A C:\Users\Bre\Downloads\pairing_utility_1.00.009.zip
2012-06-20 22:04 - 2012-06-20 22:04 - 00011045 ____A C:\Users\Bre\Downloads\hijackthis.log
2012-06-20 21:01 - 2012-06-20 21:01 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-20 20:01 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-20 20:01 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-20 20:01 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-20 20:01 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-20 20:01 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-20 20:01 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-20 20:01 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-20 20:01 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-20 19:59 - 2012-06-20 19:59 - 00000490 ____A C:\rkill.log
2012-06-20 19:54 - 2012-06-20 19:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-20 19:33 - 2012-07-18 16:20 - 00000000 ____D C:\Qoobox
2012-06-20 19:33 - 2012-07-13 21:11 - 00000000 ____D C:\Windows\erdnt
2012-06-20 19:32 - 2012-06-28 18:42 - 04566027 ____R (Swearware) C:\Users\Bre\Downloads\ComboFix.exe
2012-06-18 18:44 - 2012-07-07 14:09 - 00000000 ____D C:\Users\Bre\Downloads\New folder3


============ 3 Months Modified Files ========================

2012-07-18 19:10 - 2011-09-18 18:04 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 18:01 - 2012-07-18 18:01 - 01437107 ____A (Farbar) C:\Users\Bre\Downloads\FRST64.exe
2012-07-18 16:44 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 16:44 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 16:43 - 2009-07-14 01:13 - 00779018 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 16:40 - 2011-04-20 15:14 - 01292300 ____A C:\Windows\WindowsUpdate.log
2012-07-18 16:37 - 2012-07-16 18:18 - 00001176 ____A C:\Windows\setupact.log
2012-07-18 16:37 - 2011-09-18 18:04 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-18 16:37 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 16:36 - 2012-07-18 16:36 - 00028971 ____A C:\Users\Bre\Desktop\lol.txt
2012-07-18 16:36 - 2012-07-16 18:18 - 00002032 ____A C:\Windows\PFRO.log
2012-07-18 16:20 - 2012-07-18 16:20 - 00028971 ____A C:\ComboFix.txt
2012-07-18 16:19 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2012-07-17 19:20 - 2012-07-17 19:20 - 00003224 ____N C:\bootsqm.dat
2012-07-17 19:11 - 2012-07-17 19:11 - 01368912 ____A C:\Users\Bre\Downloads\F9K1002_WW_1.00.14.bin
2012-07-17 19:10 - 2012-07-17 19:10 - 00993290 ____A C:\Users\Bre\Downloads\F9K1002_WW_2.00.08.bin
2012-07-17 16:03 - 2012-07-17 16:03 - 493940160 ____A C:\Windows\MEMORY.DMP
2012-07-17 16:03 - 2012-07-17 16:03 - 00278016 ____A C:\Windows\Minidump\071712-15506-01.dmp
2012-07-16 18:18 - 2012-07-16 18:18 - 00000000 ____A C:\Windows\setuperr.log
2012-07-15 16:51 - 2012-07-15 16:51 - 00086666 ____A C:\Users\Bre\AppData\Roaming\icarus-dxdiag.xml
2012-07-07 13:37 - 2011-11-22 22:14 - 00056832 ____A C:\Users\Bre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-03 21:12 - 2012-07-03 21:12 - 10949969 ____A C:\Users\Bre\Downloads\Occult 45 - Grind Funk Railroad (Demo).zip
2012-07-03 19:40 - 2012-07-03 19:40 - 00772398 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-03 19:38 - 2012-07-03 19:38 - 07964033 ____A C:\Users\Bre\Downloads\RemoteControl_for_Winamp_1.00_setup.exe
2012-07-03 16:12 - 2012-07-03 16:12 - 00061552 ____A C:\Users\Bre\Downloads\RemoteDroidServer_v1.5.zip
2012-07-03 13:46 - 2012-04-25 18:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 18:42 - 2012-06-20 19:32 - 04566027 ____R (Swearware) C:\Users\Bre\Downloads\ComboFix.exe
2012-06-24 21:13 - 2011-04-20 18:26 - 00104208 ____A C:\Users\Bre\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-24 21:13 - 2009-07-14 00:45 - 06366312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-24 21:00 - 2012-06-24 21:00 - 02109806 ____A C:\Users\Bre\Downloads\tdsskiller.zip
2012-06-24 20:54 - 2012-06-24 20:54 - 00071398 ____A (jpshortstuff) C:\Users\Bre\Downloads\GooredFix.exe
2012-06-24 17:45 - 2012-06-24 17:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-24 17:45 - 2012-06-24 17:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-24 10:08 - 2012-06-24 10:08 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\Bre\Downloads\uninstall_flash_player.exe
2012-06-23 08:05 - 2012-06-23 08:05 - 05312793 ____A C:\Users\Bre\Downloads\pairing_utility_1.00.009.zip
2012-06-20 22:04 - 2012-06-20 22:04 - 00011045 ____A C:\Users\Bre\Downloads\hijackthis.log
2012-06-20 20:08 - 2009-07-13 22:34 - 67108864 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-20 20:08 - 2009-07-13 22:34 - 22544384 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-20 20:08 - 2009-07-13 22:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-20 20:08 - 2009-07-13 22:34 - 00057344 ____A C:\Windows\System32\config\SAM.bak
2012-06-20 20:08 - 2009-07-13 22:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-20 19:59 - 2012-06-20 19:59 - 00000490 ____A C:\rkill.log
2012-06-17 15:37 - 2012-06-17 15:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-06-17 15:36 - 2012-06-17 15:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-05-26 15:05 - 2012-05-26 15:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2012-05-17 19:51 - 2012-05-17 19:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-17 18:50 - 2012-05-17 18:50 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-05-17 18:50 - 2012-05-17 18:50 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-05-12 03:08 - 2011-04-21 01:20 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-26 03:09 - 2012-04-26 03:09 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-26 03:09 - 2012-04-26 03:09 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-26 03:09 - 2012-04-26 03:09 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-26 03:09 - 2012-04-26 03:09 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-26 03:09 - 2012-04-26 03:09 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-26 03:09 - 2012-04-26 03:09 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-26 03:09 - 2012-04-26 03:09 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-26 03:09 - 2012-04-26 03:09 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-25 18:44 - 2012-04-25 18:44 - 00023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2012-04-25 18:36 - 2012-04-25 18:36 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-25 18:36 - 2012-04-25 18:36 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-25 18:36 - 2012-04-25 18:36 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-25 18:36 - 2012-04-25 18:36 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-25 18:36 - 2012-04-25 18:36 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-25 18:36 - 2012-04-25 18:36 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-25 18:36 - 2012-04-25 18:36 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-25 18:33 - 2012-04-25 18:33 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 18:33 - 2012-04-25 18:33 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 18:33 - 2012-04-25 18:33 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 18:32 - 2012-04-25 18:32 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-25 18:32 - 2012-04-25 18:32 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-25 18:32 - 2012-04-25 18:32 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 18:32 - 2012-04-25 18:32 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-25 18:27 - 2012-04-25 18:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-04-25 18:27 - 2012-04-25 18:27 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-04-25 18:27 - 2012-04-25 18:27 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-04-25 18:27 - 2012-04-25 18:27 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-04-25 18:26 - 2012-04-25 18:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-04-25 18:26 - 2012-04-25 18:26 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-25 18:26 - 2012-04-25 18:26 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-04-25 18:23 - 2012-04-25 18:23 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-25 18:23 - 2012-04-25 18:23 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-04-25 18:21 - 2012-04-25 18:21 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-04-25 18:21 - 2012-04-25 18:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-04-25 18:21 - 2012-04-25 18:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-25 18:21 - 2012-04-25 18:21 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-25 18:21 - 2012-04-25 18:21 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-04-25 18:20 - 2012-04-25 18:20 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-04-25 18:20 - 2012-04-25 18:20 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-04-25 18:16 - 2012-04-25 18:16 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-04-25 18:16 - 2012-04-25 18:16 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-04-25 18:16 - 2012-04-25 18:16 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-04-25 18:16 - 2012-04-25 18:16 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-04-25 18:16 - 2012-04-25 18:16 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-04-25 18:11 - 2009-07-14 01:08 - 00025686 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-25 18:07 - 2012-04-25 18:07 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-25 18:07 - 2012-04-25 18:07 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-25 18:07 - 2012-04-25 18:07 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-25 18:07 - 2012-04-25 18:07 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-25 18:06 - 2012-04-25 18:06 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-25 18:06 - 2012-04-25 18:06 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-25 18:06 - 2012-04-25 18:06 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-25 18:06 - 2012-04-25 18:06 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-09-18 19:12] - [2009-10-31 02:34] - 2387456 ____A (Microsoft Corporation) D5A67267C4C3879E63E9BFBA991D823A

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 4061.18 MB
Available physical RAM: 2526.48 MB
Total Pagefile: 8120.54 MB
Available Pagefile: 6276.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:582.4 GB) (Free:142.78 GB) NTFS
2 Drive d: (Belkin Setup CD) (CDROM) (Total:0.22 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 582 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Gateway NTFS Partition 582 GB Healthy Boot

==================================================================================

==========================================================

Last Boot: 2012-07-08 05:10

======================= End Of Log ==========================
 
You must log in or register to reply here.
Top