Jump to content

nickos2250

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. nickos2250
    Does that mean the machine is fixed?
  2. nickos2250
    ComboFix 12-06-12.03 - a 06/13/2012 15:26:33.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6451 [GMT 10:00] Running from: c:\users\a.User-PC\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-13 08:44 . 2012-06-13 08:45 -------- d-----w- C:\FRST 2012-06-13 05:33 . 2012-06-13 05:33 -------- d-----w- c:\users\User\AppData\Local\temp 2012-06-13 05:33 . 2012-06-13 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 05:33 . 2012-06-13 05:33 -------- d-----w- c:\users\a2\AppData\Local\temp 2012-06-13 05:33 . 2012-06-13 05:33 -------- d-----w- c:\users\a\AppData\Local\temp 2012-06-12 14:12 . 2012-05-14 15:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E863FCA-2334-432D-956F-F50A80075F7D}\mpengine.dll 2012-06-11 07:55 . 2012-06-11 07:55 -------- d-----w- C:\AVGTemp 2012-06-10 15:15 . 2012-06-11 03:50 -------- d-----w- c:\users\a.User-PC\AppData\Roaming\Fyfae 2012-06-10 15:15 . 2012-06-10 22:25 -------- d-----w- c:\users\a.User-PC\AppData\Roaming\Paab 2012-06-10 15:15 . 2012-06-10 15:15 -------- d-----w- c:\users\a.User-PC\AppData\Roaming\Awugfy 2012-06-10 09:06 . 2012-06-11 07:53 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-09 15:09 . 2012-06-09 15:09 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-06-09 15:01 . 2012-06-09 15:01 -------- d-----w- c:\programdata\PC Optimizer Pro 2012-06-09 14:56 . 2012-06-09 15:20 -------- d-----w- c:\programdata\Symantec 2012-06-09 14:55 . 2012-06-09 15:20 -------- d-----w- c:\programdata\Norton 2012-06-09 14:55 . 2012-06-09 15:09 -------- d-----w- c:\program files (x86)\7-zip 2012-06-09 14:55 . 2012-06-09 14:55 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2012-06-09 14:40 . 2012-06-11 05:32 -------- d-----w- c:\users\a.User-PC\AppData\Roaming\AVG 2012-06-09 11:01 . 2012-06-09 11:16 -------- d-----w- c:\programdata\AVG2012 2012-06-09 11:00 . 2012-06-09 14:38 -------- d-----w- c:\program files (x86)\AVG 2012-06-09 08:47 . 2012-06-12 14:20 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys 2012-06-08 15:16 . 2012-06-08 15:16 -------- d-----w- c:\users\a.User-PC\AppData\Roaming\EurekaLog 2012-06-08 15:08 . 2012-06-08 15:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-06-07 22:51 . 2012-06-07 22:51 -------- d-----w- c:\users\a.User-PC\AppData\Local\{4EC6292B-B0F3-11E1-8270-B8AC6F996F26} 2012-06-07 15:15 . 2012-06-07 15:15 -------- d-----w- c:\programdata\Hagel Technologies 2012-06-07 15:15 . 2012-06-09 05:23 -------- d-----w- c:\program files (x86)\DU Meter 2012-06-05 13:25 . 2012-06-09 08:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-05 13:25 . 2012-06-09 08:45 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-05 10:54 . 2012-06-09 15:21 -------- d-----w- c:\users\a.User-PC\AppData\Roaming\BitTorrent . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-18 18:50 . 2012-04-18 18:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-04 05:56 . 2011-04-29 06:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-22 14:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-22 14:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-03-22 12:53 . 2012-03-22 12:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-03-22 12:53 . 2012-03-22 12:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-03-18 19:17 . 2012-03-18 19:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-10-30 3278664] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) "DisableStartupSound"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257696] R3 BlackBox;BlackBox SR2; [x] R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-01-27 11888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 wowovups;wowovups;c:\windows\system32\DRIVERS\wowovups.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-22 2321520] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-29 5106744] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 08:45] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 09:19] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 09:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = bigprox.com:42141 IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi TCP: DhcpNameServer = 192.168.0.1 DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://interpub-shepherdsbush.remotemanager.co.uk/common/activex/MJPEGRender.ocx . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-51909174-3337297788-2573128559-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:28,bb,e0,ba,89,6f,a9,db,84,91,ab,12,53,96,e0,1b,e0,03,c8,25,c0,23,6b, 67,f9,c7,58,c9,92,54,61,58,9b,fb,ae,62,eb,0a,3c,88,5f,2b,8c,8c,92,18,e3,99,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-51909174-3337297788-2573128559-1005\Software\SecuROM\License information*] "datasecu"=hex:57,15,f0,fa,15,82,6d,b8,bf,a8,50,c3,9f,af,b9,60,1e,b1,bc,8a,0e, 12,6c,22,c9,51,ae,87,47,b8,cd,1f,a8,7b,f4,44,1c,96,e9,c7,de,88,e1,27,46,ca,\ "rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PortableDevice.PortableDevice] @Denied: (Full) (LocalSystem) @Denied: (Full) (Owner) @Denied: (Full) (LocalSystem) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-06-13 15:40:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-13 05:40 ComboFix2.txt 2012-06-13 05:16 . Pre-Run: 83,465,809,920 bytes free Post-Run: 83,417,714,688 bytes free . - - End Of File - - 024BCAD92ACEA287008309B3AA6E80B5 Thank you!
  3. nickos2250
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-06-2012 Ran by SYSTEM at 2012-06-13 14:46:08 Run:1 Running from G:\ ============================================== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully . HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\\Default value was restored successfully . startSubSystems: [Windows] ==> ZeroAccessHKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\n. ATTENTION! ====> ZeroAccessHKLM\...\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccesswowovups service not found. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully . ==== End of Fixlog ====
  4. nickos2250
    omg thank you for replying! im sorry i couldnt get back to u that quickly i thought the replies would be sent to my email anyway back to business i completed the scan and here is the repot also i thought i might mention i am picking up a couple different viruses now too (PUR.GAMEPlayLab) thats the only one i still have in my quarantine as i deleted the others. Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 Ran by SYSTEM at 13-06-2012 00:44:18 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM-x32\...\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe [3278664 2009-10-29] (Razer USA Ltd) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-03] (Malwarebytes Corporation) HKU\a2\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-28] (Apple Inc.) HKU\a2\...\Run: [Google Update] "C:\Users\a.User-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] HKU\a2\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation) HKU\a2\...\Run: [Facebook Update] "C:\Users\a.User-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x] HKLM-x32\...\Winlogon: [userinit] c:\windows\syswow64\userinit.exe, [x] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\n. ATTENTION! ====> ZeroAccess HKLM\...\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess ==================== Services (Whitelisted) ====== 2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321520 2012-03-22] (AVG Technologies CZ, s.r.o.) 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-29] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.) 2 lxcz_device; C:\Windows\system32\lxczcoms.exe -service [566192 2007-04-18] ( ) 2 lxcz_device; C:\Windows\SysWow64\lxczcoms.exe -service [537520 2007-04-18] ( ) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-03] (Malwarebytes Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2010-12-18] () ========================== Drivers (Whitelisted) ============= 1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.) 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-22] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-22] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-22] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.) 1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.) 3 BlackBox; C:\Windows\SysWow64\Drivers\BlackBox.sys [35712 2012-06-12] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-03] (Malwarebytes Corporation) 3 MSI_MSIBIOS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-09] (Your Corporation) 3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-01] (Nokia) 3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-01] (Nokia) 3 NTIOLib_1_0_8; \??\C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [11888 2011-01-26] (MSI) 3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-01] (Windows ® Codename Longhorn DDK provider) 3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-01] (Windows ® Codename Longhorn DDK provider) 0 wowovups; C:\Windows\System32\Drivers\wowovups.sys [59920 2011-07-15] () 3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [x] 3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x] 3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [x] 3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-13 00:44 - 2012-06-13 00:44 - 00000000 ____D C:\FRST 2012-06-12 06:23 - 2012-06-12 06:23 - 01402045 ____A C:\Users\a.User-PC\Desktop\FRST64.exe 2012-06-12 06:23 - 2012-06-12 06:23 - 00139264 ____A C:\Users\a.User-PC\Desktop\SystemLook.exe 2012-06-12 06:20 - 2012-06-12 06:20 - 00000206 ____A C:\Users\a.User-PC\Desktop\rku_error_log_1487563.txt 2012-06-12 06:20 - 2012-06-12 06:20 - 00000206 ____A C:\Users\a.User-PC\Desktop\rku_error_log_1461167.txt 2012-06-12 06:19 - 2012-06-12 06:19 - 00607260 ____R (Swearware) C:\Users\a.User-PC\Desktop\dds.scr 2012-06-12 06:19 - 2012-06-12 06:19 - 00139264 ____A () C:\Users\a.User-PC\Desktop\RKUnhookerLE.EXE 2012-06-11 00:00 - 2012-06-11 00:00 - 00000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-06-10 23:55 - 2012-06-10 23:55 - 00000000 ____D C:\AVGTemp 2012-06-10 23:54 - 2012-06-10 23:54 - 00392736 ____A C:\Users\a.User-PC\Desktop\reset_access_avg2012_en.exe 2012-06-10 23:49 - 2012-06-10 23:54 - 00399458 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_17.49.59_log.txt 2012-06-10 22:02 - 2012-06-12 06:29 - 00000392 ____A C:\Windows\setupact.log 2012-06-10 22:02 - 2012-06-10 22:02 - 00000000 ____A C:\Windows\setuperr.log 2012-06-10 21:52 - 2012-06-10 23:58 - 03879712 ____A (AVG Technologies) C:\Users\a.User-PC\Downloads\avg_isct_stb_all_2012_2178.exe 2012-06-10 21:21 - 2012-06-10 21:26 - 00259086 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_15.21.19_log.txt 2012-06-10 07:15 - 2012-06-10 19:50 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Fyfae 2012-06-10 07:15 - 2012-06-10 14:25 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Paab 2012-06-10 07:15 - 2012-06-10 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Awugfy 2012-06-10 01:06 - 2012-06-10 23:53 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-06-10 00:59 - 2012-06-10 01:23 - 00828190 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_18.59.15_log.txt 2012-06-09 07:01 - 2012-06-09 07:01 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro 2012-06-09 06:56 - 2012-06-09 07:20 - 00000000 ____D C:\Users\All Users\Symantec 2012-06-09 06:55 - 2012-06-09 07:20 - 00000000 ____D C:\Users\All Users\Norton 2012-06-09 06:55 - 2012-06-09 07:09 - 00000000 ____D C:\Program Files (x86)\7-zip 2012-06-09 06:55 - 2012-06-09 06:55 - 00000000 ____D C:\Users\All Users\NortonInstaller 2012-06-09 06:55 - 2012-06-09 06:55 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com 2012-06-09 06:40 - 2012-06-10 21:32 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\AVG 2012-06-09 06:38 - 2012-06-09 06:38 - 08351256 ____A (AVG ) C:\Users\a.User-PC\Downloads\avg_pct_stf_all_10_27.exe 2012-06-09 06:29 - 2012-06-09 06:29 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\a.User-PC\Downloads\mbam-setup-1.61.0.1400.exe 2012-06-09 06:29 - 2012-06-09 06:29 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-06-09 06:05 - 2012-06-09 06:21 - 00139404 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_00.05.43_log.txt 2012-06-09 03:09 - 2012-06-09 03:09 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\AVG2012 2012-06-09 03:06 - 2012-06-09 03:06 - 00037216 ____A C:\Users\a.User-PC\Documents\cc_20120609_210556.reg 2012-06-09 03:01 - 2012-06-09 03:16 - 00000000 ____D C:\Users\All Users\AVG2012 2012-06-09 03:00 - 2012-06-09 06:38 - 00000000 ____D C:\Program Files (x86)\AVG 2012-06-09 02:58 - 2012-06-09 02:58 - 03879712 ____A (AVG Technologies) C:\Users\a.User-PC\Downloads\avg_avct_stb_all_2012_2178.exe 2012-06-09 00:47 - 2012-06-12 06:20 - 00035712 ____A C:\Windows\SysWOW64\Drivers\BlackBox.sys 2012-06-09 00:22 - 2012-06-11 20:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-09 00:19 - 2012-06-09 00:19 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{3CAAD3E5-5EED-4479-B314-8E69D3503934} 2012-06-08 23:53 - 2012-06-08 23:53 - 00086094 ____A C:\Users\a.User-PC\Downloads\BFE-Repair-Windows-7.reg 2012-06-08 23:47 - 2012-06-08 23:47 - 04055624 ____A (Hagel Technologies Ltd. ) C:\Users\a.User-PC\Downloads\DUMeter-Install (2).exe 2012-06-08 22:38 - 2012-06-08 22:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\a.User-PC\Downloads\unhide.exe 2012-06-08 22:08 - 2012-06-08 22:08 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{58E14454-55F7-49ED-9E16-32894DF30218} 2012-06-08 22:07 - 2012-06-08 22:08 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{8F789636-80BD-4E22-BF01-31E4979DF4D2} 2012-06-08 21:55 - 2012-06-08 21:55 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{9ABAA717-054F-4076-A4DF-AC1549FC6466} 2012-06-08 21:55 - 2012-06-08 21:55 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{56E3BCAD-8226-4464-B999-4DC5F26D3A83} 2012-06-08 21:16 - 2012-06-08 21:22 - 00239404 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.16.52_log.txt 2012-06-08 21:16 - 2012-05-20 22:40 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\a.User-PC\Desktop\TDSSKiller.exe 2012-06-08 21:15 - 2012-06-08 21:16 - 02108959 ____A C:\Users\a.User-PC\Downloads\tdsskiller.zip 2012-06-08 07:18 - 2012-06-08 07:18 - 04055624 ____A (Hagel Technologies Ltd. ) C:\Users\a.User-PC\Downloads\DUMeter-Install (1).exe 2012-06-08 07:16 - 2012-06-08 07:16 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\EurekaLog 2012-06-08 07:15 - 2012-06-08 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{626E7917-B6A7-4DEA-A38B-12D87D78078E} 2012-06-08 07:14 - 2012-06-08 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{B999FD59-9383-470C-B862-849CC947D85A} 2012-06-08 07:08 - 2012-06-08 07:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-06-07 14:51 - 2012-06-07 14:51 - 00320512 ____A (Voyetra Turtle Beach, Inc.) C:\Users\a.User-PC\AppData\Roaming\ogecs.dll 2012-06-07 14:51 - 2012-06-07 14:51 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{4EC6292B-B0F3-11E1-8270-B8AC6F996F26} 2012-06-07 14:50 - 2012-06-07 14:50 - 00118272 ____A (DT Soft Ltd) C:\Users\a.User-PC\AppData\Roaming\wboapi.dll 2012-06-07 07:15 - 2012-06-08 21:23 - 00000000 ____D C:\Program Files (x86)\DU Meter 2012-06-07 07:15 - 2012-06-07 07:15 - 04055624 ____A (Hagel Technologies Ltd. ) C:\Users\a.User-PC\Downloads\DUMeter-Install.exe 2012-06-07 07:15 - 2012-06-07 07:15 - 00000000 ____D C:\Users\All Users\Hagel Technologies 2012-06-07 00:59 - 2012-06-07 01:00 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{EC5B02B5-B3D5-4E99-ADCB-C4AC92D29978} 2012-06-05 05:25 - 2012-06-09 00:45 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-06-05 05:25 - 2012-06-09 00:45 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-06-05 03:08 - 2012-06-11 18:12 - 00000000 ____D C:\Users\a.User-PC\Desktop\btjunkie 2012-06-05 02:54 - 2012-06-09 07:21 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\BitTorrent 2012-06-05 02:53 - 2012-06-05 02:54 - 06380440 ____A (BitTorrent, Inc.) C:\Users\a.User-PC\Downloads\BitTorrent.exe 2012-05-31 08:57 - 2012-05-31 08:57 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{6E2C759D-A73C-4A88-8543-286A4FE2ECE7} 2012-05-29 05:21 - 2012-05-29 05:21 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{4538ED53-9B9D-45CB-A66B-1702BF2067D3} 2012-05-23 09:59 - 2012-05-23 09:59 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{C9428982-1560-4ACE-88C4-4440BCC99D6F} 2012-05-22 03:13 - 2012-05-22 03:13 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{6FFC941D-A3D1-4A4B-B1A3-99A7CD012756} ============ 3 Months Modified Files and Folders ============= 2012-06-13 00:44 - 2012-06-13 00:44 - 00000000 ____D C:\FRST 2012-06-12 06:37 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-12 06:37 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-12 06:34 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-12 06:29 - 2012-06-10 22:02 - 00000392 ____A C:\Windows\setupact.log 2012-06-12 06:29 - 2010-10-14 01:19 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-12 06:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-12 06:23 - 2012-06-12 06:23 - 01402045 ____A C:\Users\a.User-PC\Desktop\FRST64.exe 2012-06-12 06:23 - 2012-06-12 06:23 - 00139264 ____A C:\Users\a.User-PC\Desktop\SystemLook.exe 2012-06-12 06:20 - 2012-06-12 06:20 - 00000206 ____A C:\Users\a.User-PC\Desktop\rku_error_log_1487563.txt 2012-06-12 06:20 - 2012-06-12 06:20 - 00000206 ____A C:\Users\a.User-PC\Desktop\rku_error_log_1461167.txt 2012-06-12 06:20 - 2012-06-09 00:47 - 00035712 ____A C:\Windows\SysWOW64\Drivers\BlackBox.sys 2012-06-12 06:19 - 2012-06-12 06:19 - 00607260 ____R (Swearware) C:\Users\a.User-PC\Desktop\dds.scr 2012-06-12 06:19 - 2012-06-12 06:19 - 00139264 ____A () C:\Users\a.User-PC\Desktop\RKUnhookerLE.EXE 2012-06-12 06:16 - 2011-09-26 09:18 - 01201380 ____A C:\Windows\WindowsUpdate.log 2012-06-12 06:14 - 2010-10-13 20:04 - 00000000 ____D C:\Program Files (x86)\Steam 2012-06-11 20:45 - 2012-06-09 00:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-11 20:42 - 2010-10-14 01:19 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-11 18:12 - 2012-06-05 03:08 - 00000000 ____D C:\Users\a.User-PC\Desktop\btjunkie 2012-06-11 03:21 - 2011-03-21 18:43 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2012-06-11 00:03 - 2011-03-21 18:36 - 00000000 ____D C:\Users\All Users\MFAData 2012-06-11 00:00 - 2012-06-11 00:00 - 00000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-06-10 23:58 - 2012-06-10 21:52 - 03879712 ____A (AVG Technologies) C:\Users\a.User-PC\Downloads\avg_isct_stb_all_2012_2178.exe 2012-06-10 23:55 - 2012-06-10 23:55 - 00000000 ____D C:\AVGTemp 2012-06-10 23:54 - 2012-06-10 23:54 - 00392736 ____A C:\Users\a.User-PC\Desktop\reset_access_avg2012_en.exe 2012-06-10 23:54 - 2012-06-10 23:49 - 00399458 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_17.49.59_log.txt 2012-06-10 23:53 - 2012-06-10 01:06 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-06-10 22:02 - 2012-06-10 22:02 - 00000000 ____A C:\Windows\setuperr.log 2012-06-10 21:57 - 2011-03-21 18:44 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG 2012-06-10 21:56 - 2010-11-07 18:14 - 00000000 ____D C:\Users\a.User-PC\AppData\LocalLow 2012-06-10 21:32 - 2012-06-09 06:40 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\AVG 2012-06-10 21:26 - 2012-06-10 21:21 - 00259086 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_15.21.19_log.txt 2012-06-10 21:19 - 2011-10-24 09:24 - 00000000 ____D C:\Users\a.User-PC\Documents\program file original 2012-06-10 21:19 - 2010-11-22 04:34 - 00000000 ____D C:\Users\a.User-PC\Documents\G.A.M.E.S 2012-06-10 21:12 - 2011-11-10 04:39 - 00000000 ____D C:\Users\a.User-PC\Documents\New folder (4) 2012-06-10 21:11 - 2011-12-09 07:06 - 00000000 ____D C:\Users\a.User-PC\Documents\New folder (6) 2012-06-10 21:11 - 2011-11-10 04:42 - 00000000 ____D C:\Users\a.User-PC\Documents\New folder (5) 2012-06-10 21:11 - 2011-11-09 01:37 - 00000000 ____D C:\Users\a.User-PC\Downloads\The Kinks - The Kinks are the Village Green Preservation Society - 1968 (rhsiv) 2012-06-10 21:11 - 2011-11-09 01:23 - 00000000 ____D C:\Users\a.User-PC\Downloads\The Cure - Greatest Hits 2012-06-10 21:11 - 2011-11-09 01:19 - 00000000 ____D C:\Users\a.User-PC\Downloads\Cold War Kids- The Mulberry Street EP 2012-06-10 21:11 - 2011-11-09 01:14 - 00000000 ____D C:\Users\a.User-PC\Downloads\La Roux - La Roux [CD 2009] [Cov+CD] [bubanee] 2012-06-10 21:11 - 2011-10-31 20:37 - 00000000 ____D C:\Users\a.User-PC\Documents\New folder (3) 2012-06-10 21:11 - 2011-10-16 05:51 - 00000000 ____D C:\Users\a.User-PC\Documents\New folder 2012-06-10 21:10 - 2011-11-09 01:18 - 00000000 ____D C:\Users\a.User-PC\Downloads\Coldplay - Mylo Xyloto [mp3-vbr-2011] 2012-06-10 21:10 - 2011-10-16 05:43 - 00000000 ____D C:\Users\a.User-PC\Downloads\Adele - 21 2012-06-10 21:09 - 2011-10-18 06:21 - 00000000 ____D C:\Users\a.User-PC\Downloads\Bjork - Greatest Hits - 2002 [MP3 @ 320] (oan) 2012-06-10 19:50 - 2012-06-10 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Fyfae 2012-06-10 14:25 - 2012-06-10 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Paab 2012-06-10 07:15 - 2012-06-10 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Awugfy 2012-06-10 01:32 - 2011-09-03 08:26 - 00000000 ____D C:\Users\All Users\TechSmith 2012-06-10 01:26 - 2011-09-03 08:34 - 00000000 ____D C:\Users\a.User-PC\Documents\Camtasia Studio 2012-06-10 01:23 - 2012-06-10 00:59 - 00828190 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_18.59.15_log.txt 2012-06-10 00:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-06-09 08:43 - 2010-10-14 01:19 - 00000000 ____D C:\Program Files (x86)\Google 2012-06-09 08:41 - 2010-10-31 15:47 - 00000470 ____A C:\lxcz.log 2012-06-09 07:21 - 2012-06-05 02:54 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\BitTorrent 2012-06-09 07:21 - 2010-12-22 16:59 - 00000000 ____D C:\Users\a.User-PC\Tracing 2012-06-09 07:21 - 2010-12-01 10:04 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\Skype 2012-06-09 07:20 - 2012-06-09 06:56 - 00000000 ____D C:\Users\All Users\Symantec 2012-06-09 07:20 - 2012-06-09 06:55 - 00000000 ____D C:\Users\All Users\Norton 2012-06-09 07:16 - 2010-11-07 18:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\Google 2012-06-09 07:10 - 2011-12-03 04:09 - 00000000 ____D C:\Users\All Users\eMule 2012-06-09 07:10 - 2011-12-03 04:09 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\eMule 2012-06-09 07:10 - 2011-12-03 04:09 - 00000000 ____D C:\Program Files (x86)\eMule 2012-06-09 07:09 - 2012-06-09 06:55 - 00000000 ____D C:\Program Files (x86)\7-zip 2012-06-09 07:01 - 2012-06-09 07:01 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro 2012-06-09 07:01 - 2011-04-28 23:06 - 00000000 ____D C:\Program Files (x86)\Marvell 2012-06-09 06:55 - 2012-06-09 06:55 - 00000000 ____D C:\Users\All Users\NortonInstaller 2012-06-09 06:55 - 2012-06-09 06:55 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com 2012-06-09 06:44 - 2010-11-13 08:36 - 00000000 ____D C:\Nexon 2012-06-09 06:43 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2012-06-09 06:38 - 2012-06-09 06:38 - 08351256 ____A (AVG ) C:\Users\a.User-PC\Downloads\avg_pct_stf_all_10_27.exe 2012-06-09 06:38 - 2012-06-09 03:00 - 00000000 ____D C:\Program Files (x86)\AVG 2012-06-09 06:30 - 2011-04-28 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-09 06:29 - 2012-06-09 06:29 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\a.User-PC\Downloads\mbam-setup-1.61.0.1400.exe 2012-06-09 06:29 - 2012-06-09 06:29 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-06-09 06:21 - 2012-06-09 06:05 - 00139404 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_00.05.43_log.txt 2012-06-09 03:16 - 2012-06-09 03:01 - 00000000 ____D C:\Users\All Users\AVG2012 2012-06-09 03:09 - 2012-06-09 03:09 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\AVG2012 2012-06-09 03:09 - 2010-10-13 02:11 - 00000000 ____D C:\Windows\Minidump 2012-06-09 03:06 - 2012-06-09 03:06 - 00037216 ____A C:\Users\a.User-PC\Documents\cc_20120609_210556.reg 2012-06-09 03:01 - 2011-03-21 19:10 - 00000000 ___HD C:\$AVG 2012-06-09 02:58 - 2012-06-09 02:58 - 03879712 ____A (AVG Technologies) C:\Users\a.User-PC\Downloads\avg_avct_stb_all_2012_2178.exe 2012-06-09 00:45 - 2012-06-05 05:25 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-06-09 00:45 - 2012-06-05 05:25 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-06-09 00:19 - 2012-06-09 00:19 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{3CAAD3E5-5EED-4479-B314-8E69D3503934} 2012-06-08 23:53 - 2012-06-08 23:53 - 00086094 ____A C:\Users\a.User-PC\Downloads\BFE-Repair-Windows-7.reg 2012-06-08 23:47 - 2012-06-08 23:47 - 04055624 ____A (Hagel Technologies Ltd. ) C:\Users\a.User-PC\Downloads\DUMeter-Install (2).exe 2012-06-08 22:38 - 2012-06-08 22:38 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\a.User-PC\Downloads\unhide.exe 2012-06-08 22:08 - 2012-06-08 22:08 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{58E14454-55F7-49ED-9E16-32894DF30218} 2012-06-08 22:08 - 2012-06-08 22:07 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{8F789636-80BD-4E22-BF01-31E4979DF4D2} 2012-06-08 22:02 - 2009-07-13 20:45 - 00311176 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-08 21:55 - 2012-06-08 21:55 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{9ABAA717-054F-4076-A4DF-AC1549FC6466} 2012-06-08 21:55 - 2012-06-08 21:55 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{56E3BCAD-8226-4464-B999-4DC5F26D3A83} 2012-06-08 21:51 - 2010-10-15 02:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-06-08 21:49 - 2010-10-31 06:24 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-06-08 21:23 - 2012-06-07 07:15 - 00000000 ____D C:\Program Files (x86)\DU Meter 2012-06-08 21:22 - 2012-06-08 21:16 - 00239404 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.16.52_log.txt 2012-06-08 21:16 - 2012-06-08 21:15 - 02108959 ____A C:\Users\a.User-PC\Downloads\tdsskiller.zip 2012-06-08 07:18 - 2012-06-08 07:18 - 04055624 ____A (Hagel Technologies Ltd. ) C:\Users\a.User-PC\Downloads\DUMeter-Install (1).exe 2012-06-08 07:16 - 2012-06-08 07:16 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\EurekaLog 2012-06-08 07:15 - 2012-06-08 07:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{626E7917-B6A7-4DEA-A38B-12D87D78078E} 2012-06-08 07:15 - 2012-06-08 07:14 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{B999FD59-9383-470C-B862-849CC947D85A} 2012-06-08 07:08 - 2012-06-08 07:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-06-07 14:51 - 2012-06-07 14:51 - 00320512 ____A (Voyetra Turtle Beach, Inc.) C:\Users\a.User-PC\AppData\Roaming\ogecs.dll 2012-06-07 14:51 - 2012-06-07 14:51 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{4EC6292B-B0F3-11E1-8270-B8AC6F996F26} 2012-06-07 14:50 - 2012-06-07 14:50 - 00118272 ____A (DT Soft Ltd) C:\Users\a.User-PC\AppData\Roaming\wboapi.dll 2012-06-07 07:15 - 2012-06-07 07:15 - 04055624 ____A (Hagel Technologies Ltd. ) C:\Users\a.User-PC\Downloads\DUMeter-Install.exe 2012-06-07 07:15 - 2012-06-07 07:15 - 00000000 ____D C:\Users\All Users\Hagel Technologies 2012-06-07 01:00 - 2012-06-07 00:59 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{EC5B02B5-B3D5-4E99-ADCB-C4AC92D29978} 2012-06-06 13:13 - 2010-12-03 04:10 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\Windows Live 2012-06-05 03:00 - 2011-11-13 08:30 - 00000000 ____D C:\Users\All Users\AIM 2012-06-05 03:00 - 2011-10-20 00:19 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\Facebook 2012-06-05 02:59 - 2011-12-01 01:49 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\Conduit 2012-06-05 02:54 - 2012-06-05 02:53 - 06380440 ____A (BitTorrent, Inc.) C:\Users\a.User-PC\Downloads\BitTorrent.exe 2012-05-31 08:57 - 2012-05-31 08:57 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{6E2C759D-A73C-4A88-8543-286A4FE2ECE7} 2012-05-29 05:21 - 2012-05-29 05:21 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{4538ED53-9B9D-45CB-A66B-1702BF2067D3} 2012-05-23 09:59 - 2012-05-23 09:59 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{C9428982-1560-4ACE-88C4-4440BCC99D6F} 2012-05-22 03:13 - 2012-05-22 03:13 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{6FFC941D-A3D1-4A4B-B1A3-99A7CD012756} 2012-05-20 22:40 - 2012-06-08 21:16 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\a.User-PC\Desktop\TDSSKiller.exe 2012-05-13 00:03 - 2012-05-13 00:03 - 00002359 ____A C:\Users\a2\Desktop\Ubisoft Product Registration.lnk 2012-05-13 00:03 - 2012-05-13 00:01 - 00000000 ____D C:\Program Files (x86)\UBISOFT 2012-05-13 00:01 - 2010-10-12 20:41 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2012-05-11 20:18 - 2010-11-22 04:51 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\GetRightToGo 2012-05-01 08:26 - 2012-05-01 08:26 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{46206CC8-929F-4E4E-8032-FE9EA52C0E2F} 2012-05-01 08:18 - 2012-05-01 08:18 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{2F18009C-B5F6-4068-8BA6-24328F54A3D1} 2012-05-01 02:41 - 2010-12-09 10:40 - 00013824 ____A C:\Users\a.User-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-04-30 22:15 - 2012-04-30 22:15 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{F2B5DE82-50A0-4D25-9E73-A521A53C6BCA} 2012-04-27 23:45 - 2012-04-27 23:45 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{84CB8BFB-E116-49DB-9A91-49D0BF32E813} 2012-04-26 02:03 - 2010-10-13 17:40 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-04-22 08:25 - 2011-07-31 03:32 - 00000000 ____D C:\Users\a.User-PC\Downloads\[ www.TorrentDay.com ] - Police.Women.of.Broward.County.S06E07.HDTV.XviD-CRiMSON 2012-04-20 00:51 - 2011-04-10 00:13 - 00007667 ____A C:\Users\a.User-PC\AppData\Local\Resmon.ResmonCfg 2012-04-18 10:50 - 2012-04-18 10:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys 2012-04-06 04:34 - 2012-04-06 04:34 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{A0AE2ED8-B909-4229-9BDB-7599DA9EC43B} 2012-04-05 05:19 - 2010-12-03 09:22 - 00000000 ____D C:\Users\a.User-PC\AppData\Roaming\vlc 2012-04-04 03:07 - 2012-04-04 03:07 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{A11121DD-AF6B-44BD-A24A-8DD7F18DD695} 2012-04-03 21:56 - 2011-04-28 22:42 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 03:31 - 2012-04-03 03:31 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{C2AE3864-4AB7-43AB-89A4-E3A32B2BD9D8} 2012-03-31 20:22 - 2012-03-31 20:22 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{558058A8-566B-413C-B352-F7571AB31810} 2012-03-22 09:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-03-22 07:06 - 2012-03-22 07:06 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{ECB36756-8712-4A7E-BFB3-441034F3932C} 2012-03-22 06:59 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2012-03-22 06:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\es-ES 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\da-DK 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\cs-CZ 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\es-ES 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\da-DK 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\cs-CZ 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2012-03-22 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing 2012-03-22 06:53 - 2011-10-16 05:45 - 00000000 ____D C:\Users\a.User-PC\Downloads\Underbelly Soundtrack 192kb - HoWiE 2012-03-22 06:42 - 2010-10-31 06:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2012-03-22 06:42 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll 2012-03-22 06:42 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2012-03-22 06:36 - 2012-03-22 06:36 - 00000000 ____D C:\Windows\System32\SPReview 2012-03-22 06:35 - 2012-03-22 06:35 - 00000000 ____D C:\Windows\System32\EventProviders 2012-03-22 06:09 - 2012-03-22 06:09 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{9657B747-E052-42CD-A64A-1E1CD6C44A5E} 2012-03-22 06:09 - 2012-03-22 06:09 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{7BFE0663-A63B-4CBA-B716-2970845B03A5} 2012-03-22 06:00 - 2012-03-22 06:00 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{6AEC483A-4BDB-4EB4-9E5A-F2A598EB21A9} 2012-03-22 06:00 - 2012-03-22 05:59 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{F57BC21A-F941-432F-924D-F76CB829D64E} 2012-03-22 05:30 - 2012-03-22 05:30 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{488EE663-3CBB-4FE0-B534-4BE2F9BDF398} 2012-03-22 05:30 - 2012-03-22 05:29 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{DFEDC5A6-6318-4AA4-B6A3-CBAEF39A320C} 2012-03-22 05:22 - 2012-03-22 05:21 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{8C8C1836-81BF-43BE-B4E9-657A70DF0B2F} 2012-03-22 05:21 - 2012-03-22 05:21 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{234D1328-5663-4534-BE1A-5A2DD2EEC0C8} 2012-03-22 04:49 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2012-03-21 11:44 - 2012-03-21 11:44 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{96837EDB-DA0F-4F8B-B9F9-BABC89ACBACF} 2012-03-20 08:16 - 2012-03-20 08:16 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{D64B6BF7-2FE8-42CB-B07F-8D1C43650B09} 2012-03-18 11:17 - 2012-03-18 11:17 - 00383808 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys 2012-03-17 07:05 - 2012-03-17 07:05 - 00000000 ____D C:\Users\a.User-PC\AppData\Local\{C6C9A387-6502-4045-A824-2E993FB49179} ZeroAccess: C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472} C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\L C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\n C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\L\00000004.@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\L\1afb2d56 C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\L\201d3dde C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\00000004.@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\00000008.@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\000000cb.@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\80000000.@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\80000032.@ C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\80000064.@ ZeroAccess: C:\Users\a.User-PC\AppData\Local\{4dc3e749-1139-8c27-6465-ebe45b772472} C:\Users\a.User-PC\AppData\Local\{4dc3e749-1139-8c27-6465-ebe45b772472}\@ C:\Users\a.User-PC\AppData\Local\{4dc3e749-1139-8c27-6465-ebe45b772472}\L C:\Users\a.User-PC\AppData\Local\{4dc3e749-1139-8c27-6465-ebe45b772472}\n C:\Users\a.User-PC\AppData\Local\{4dc3e749-1139-8c27-6465-ebe45b772472}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8183.11 MB Available physical RAM: 7380.9 MB Total Pagefile: 8181.26 MB Available Pagefile: 7364.25 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:683.5 GB) (Free:78.26 GB) NTFS 2 Drive e: () (Fixed) (Total:713.67 GB) (Free:437.94 GB) NTFS 3 Drive f: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF 4 Drive g: (Elements) (Fixed) (Total:465.76 GB) (Free:152.05 GB) NTFS 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1397 GB 0 B Disk 1 Online 465 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 683 GB 101 MB Partition 3 Primary 713 GB 683 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 683 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 713 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 465 GB 1024 KB ====================================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G Elements NTFS Partition 465 GB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-07 13:03 ======================= End Of Log ========================== Thanks again!
  5. nickos2250
    Hi guys, I've had this incedribly annoying problem for week now. the symptom is that I hear sound of random ads playing in the background off and on, also my firewall is shut down and windows defender i think this has to do with my (BDE) being overrided I have used malwarebytes your wonderful program and it has detected a virus (Trojan.Dropper.BC.Miner) Files Detected: 1 C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. JUMP TO LOCATION Files relating: 80000064.@ 80000032.@ 80000000.@ 00000008.@ 00000004.@ 000000cb.@ however when i try to remove it and restart it comes right back every single time! i am not sure how to create a new restore point but i have however taken recent files and put them on my flash drive also i already have the replacement "reg files" as follows Firewall-Repair-Windows-7, BFE-Repair-Windows-7, wscsvc and WinDefend, but have had troubles making them work. I have run the DDS as i have seen it requested in another forum i thought it would help to make it easier . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by a at 18:34:05 on 2012-06-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.3764 [GMT 10:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\lxczcoms.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Razer\Mamba\RazerTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\explorer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe C:\Windows\SysWOW64\FlashPlayerApp.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyServer = bigprox.com:42141 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\syswow64\userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File uRun: [Google Update] "C:\Users\a.User-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [DU Meter] "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart uRun: [wboapi] rundll32.exe "C:\Users\a.User-PC\AppData\Roaming\wboapi.dll",SteamGameServer_RunCallbacks uRun: [ogecs] "C:\Windows\System32\rundll32.exe" "C:\Users\a.User-PC\AppData\Roaming\ogecs.dll",LoadPRTBufferFromFileA mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\AED36~1.USE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://interpub-shepherdsbush.remotemanager.co.uk/common/activex/MJPEGRender.ocx DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{07C3CD1F-2CD3-4E99-B915-4C49F8A10906} : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R0 wowovups;wowovups;C:\Windows\system32\DRIVERS\wowovups.sys --> C:\Windows\system32\DRIVERS\wowovups.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257224] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592] S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?] S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?] S3 NTIOLib_1_0_8;NTIOLib_1_0_8;C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-1-27 11888] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-09 08:19:52 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{3CAAD3E5-5EED-4479-B314-8E69D3503934} 2012-06-09 06:08:08 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{58E14454-55F7-49ED-9E16-32894DF30218} 2012-06-09 06:07:56 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{8F789636-80BD-4E22-BF01-31E4979DF4D2} 2012-06-09 05:55:13 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{9ABAA717-054F-4076-A4DF-AC1549FC6466} 2012-06-09 05:55:02 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{56E3BCAD-8226-4464-B999-4DC5F26D3A83} 2012-06-08 15:16:09 -------- d-----w- C:\Users\a.User-PC\AppData\Roaming\EurekaLog 2012-06-08 15:15:12 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{626E7917-B6A7-4DEA-A38B-12D87D78078E} 2012-06-08 15:14:58 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{B999FD59-9383-470C-B862-849CC947D85A} 2012-06-08 15:08:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-07 22:51:29 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{4EC6292B-B0F3-11E1-8270-B8AC6F996F26} 2012-06-07 22:51:25 320512 ----a-w- C:\Users\a.User-PC\AppData\Roaming\ogecs.dll 2012-06-07 22:50:51 118272 ----a-w- C:\Users\a.User-PC\AppData\Roaming\wboapi.dll 2012-06-07 15:15:54 -------- d-----w- C:\ProgramData\Hagel Technologies 2012-06-07 15:15:52 -------- d-----w- C:\Program Files (x86)\DU Meter 2012-06-07 08:59:43 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{EC5B02B5-B3D5-4E99-ADCB-C4AC92D29978} 2012-06-05 13:25:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-05 13:25:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-05 10:55:39 -------- d-----w- C:\Program Files (x86)\BitTorrent 2012-06-05 10:54:09 -------- d-----w- C:\Users\a.User-PC\AppData\Roaming\BitTorrent 2012-05-31 16:57:47 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{6E2C759D-A73C-4A88-8543-286A4FE2ECE7} 2012-05-29 13:21:51 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{4538ED53-9B9D-45CB-A66B-1702BF2067D3} 2012-05-23 17:59:16 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{C9428982-1560-4ACE-88C4-4440BCC99D6F} 2012-05-22 11:13:18 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{6FFC941D-A3D1-4A4B-B1A3-99A7CD012756} 2012-05-13 08:03:27 505104 ----a-r- C:\Windows\SysWow64\msxml.dll 2012-05-13 08:03:26 115016 ----a-r- C:\Windows\SysWow64\MSINET.OCX 2012-05-13 08:03:25 89360 ----a-r- C:\Windows\SysWow64\VB5DB.DLL 2012-05-13 08:03:25 69632 ----a-r- C:\Windows\SysWow64\xmltok.dll 2012-05-13 08:03:25 36864 ----a-r- C:\Windows\SysWow64\xmlparse.dll 2012-05-13 08:03:25 35840 ----a-r- C:\Windows\SysWow64\comdlg32.oca 2012-05-13 08:03:25 29184 ----a-r- C:\Windows\SysWow64\MSINET.oca 2012-05-13 08:03:25 28432 ----a-r- C:\Windows\SysWow64\msxmlr.dll 2012-05-13 08:03:25 26096 ----a-r- C:\Windows\SysWow64\xmlinst.exe 2012-05-13 08:03:25 24576 ----a-r- C:\Windows\SysWow64\msxml3a.dll 2012-05-13 08:03:25 140488 ----a-r- C:\Windows\SysWow64\comdlg32.ocx 2012-05-13 08:00:36 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-05-13 08:00:36 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2012-05-13 08:00:36 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-05-13 08:00:36 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-05-13 08:00:36 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-05-13 08:00:28 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-05-13 08:00:28 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll . ==================== Find3M ==================== . 2012-04-04 05:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-22 14:42:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-03-22 14:42:00 175616 ----a-w- C:\Windows\System32\msclmd.dll . ============= FINISH: 18:34:55.85 =============== Also i have downloaded Rootkit Unhooker Saved it to desktop double clicked and recived following error message Sorry, but unhandled exception has occured program will be treminated exception code : 0xC0000005 Instruction address : 0x00402EAA Attempt to read at address : 0xFFFFFFFF Error log generated, please report to developers I hope we can get this sorted out and i might add i am so gratfull that there is real help out there from such a great orgaization as this. Many many thanks will be attentivly waiting for reply! Nick
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.