TechSpot

[A] Sirefef removal/no network

Inactive
By snorin
Jun 21, 2012
  1. yesterday avast was continually coming up with pop-ups saying that it was blocking sirefef( dont remember which specifically). I did a bootscan and it said it caught the virus and I chose to delete it. Today when I turned my computer on again I could no longer use the internet. I am sure it is the computer as another computer could connect to our internet. Since then I have scanned with avast and malware and spybot all of which says there is nothing wrong with my computer. However, I can not connect to the internet as I only have " limited connectivity". I've uninstalled the network drivers and reinstalled them still no luck.

    I think these are all the required logs to post ( malware, gmer and dds)


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.21.03
    Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Katz :: KATZ-PC [administrator]
    Protection: Disabled
    6/21/2012 12:09:34 PM
    mbam-log-2012-06-21 (12-09-34).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234320
    Time elapsed: 3 minute(s), 54 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-21 15:15:12
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200BEKT-60V5T1 rev.12.01A12
    Running: gmer.exe; Driver: C:\Users\Katz\AppData\Local\Temp\kxldqpow.sys

    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x926FFD92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Katz at 14:55:13 on 2012-06-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2372 [GMT -7:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AIM\aim.exe
    C:\Users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
    uRun: [Google Update] "c:\users\katz\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\users\katz\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Wyslij &do programu OneNote
    IE: Wyslij &do programu OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: line6.net
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-6-21 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-6-21 196440]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-6-21 112984]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-21 24408]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-21 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-21 337880]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-21 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-21 57688]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-21 44768]
    R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-6-21 134920]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2012-6-19 16400]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-21 654408]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-1 22344]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-18 2348352]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-12 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-6-19 99400]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-4-4 20080]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-10 1343400]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-21 19:48:56 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-06-21 19:48:37 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-06-21 19:48:36 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-06-21 19:48:34 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-06-21 19:48:34 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-06-21 19:48:33 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-06-21 19:48:03 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2012-06-21 19:47:59 41184 ----a-w- c:\windows\avastSS.scr
    2012-06-21 19:13:43 -------- d-----w- c:\users\katz\appdata\local\ElevatedDiagnostics
    2012-06-21 08:42:18 -------- d-----w- c:\program files\PC Tools Security
    2012-06-21 08:34:58 -------- d-----w- c:\users\katz\appdata\roaming\GetRightToGo
    2012-06-21 07:34:47 -------- d-----w- c:\programdata\AVAST Software
    2012-06-21 07:34:47 -------- d-----w- c:\program files\AVAST Software
    2012-06-21 07:02:00 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-06-21 06:58:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-20 02:26:11 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
    2012-06-19 22:03:17 -------- d-----w- c:\users\katz\appdata\roaming\MotioninJoy
    2012-06-19 22:03:12 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2012-06-19 22:03:12 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2012-06-19 22:03:12 255496 ----a-w- c:\windows\system32\MijFrc.dll
    2012-06-19 22:03:12 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-06-19 22:03:12 -------- d-----w- c:\program files\MotioninJoy
    2012-06-10 10:11:23 -------- d-----w- c:\users\katz\appdata\roaming\Line 6
    2012-06-09 00:36:00 -------- d-----w- c:\programdata\Line 6
    2012-06-09 00:35:56 -------- d-----w- c:\program files\Line6
    2012-05-30 18:14:24 -------- d-----w- c:\users\katz\appdata\roaming\LolClient2
    .
    ==================== Find3M ====================
    .
    2012-04-09 21:34:20 3957088 ----a-w- c:\windows\system32\GameMon.des
    2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 14:58:11.43 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/8/2011 7:48:38 PM
    System Uptime: 6/21/2012 2:40:24 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 32.839 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM (CDFS)
    F: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: HTTP
    Device ID: ROOT\LEGACY_HTTP\0000
    Manufacturer:
    Name: HTTP
    PNP Device ID: ROOT\LEGACY_HTTP\0000
    Service: HTTP
    .
    ==== System Restore Points ===================
    .
    RP83: 6/21/2012 12:34:12 AM - avast! Internet Security Setup
    RP84: 6/21/2012 11:22:40 AM - Restore Operation
    RP85: 6/21/2012 12:00:58 PM - avast! Internet Security Setup
    RP86: 6/21/2012 2:39:06 PM - Removed LogMeIn Hamachi
    .
    ==== Installed Programs ======================
    .
    µTorrent
    abgx360 v1.0.6
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Photoshop CS5.1
    Adobe Reader X (10.1.1)
    Adobe Stock Photos 1.0
    AIM 7
    Alien Swarm
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    Audacity 1.2.6
    Audiosurf
    avast! Internet Security
    Avid Pro Tools SE 8.0.3
    Babylon toolbar on IE
    Bonjour
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2 - Multiplayer
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conduit Engine
    Dell Wireless WLAN Card
    Diablo III
    Download Updater (AOL LLC)
    Fingerprint Reader Suite 5.6
    FL Studio 10
    Free DigiRack Plug-Ins 8.0
    Google Chrome
    Guitar Pro 5.2
    IL Download Manager
    ImgBurn
    Interlok driver setup x32
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    JDownloader 0.9
    Laptop Integrated Webcam Driver (1.04.01.1011)
    League of Legends
    Left 4 Dead 2
    Line 6 Uninstaller
    M-Audio FastTrack Driver 6.0.6 (x86)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Marvell Miniport Driver
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Polish) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Polish) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Polish) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (Polish) 2010
    Microsoft Office Language Pack 2010 - English
    Microsoft Office O MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Polish) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Polish) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Polish) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Polish) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Polish) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Polish) 2010
    Microsoft Office ScreenTip Language 2010 - English
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Polish) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Polish) 2010
    Microsoft Office X MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MotioninJoy Gamepad tool 0.7.1001
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Graphics Driver 296.10
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    OEM Logo and Information
    OpenOffice.org 3.3
    Pando Media Booster
    PC SleepTimer 1.0.0
    PDF Settings CS5
    PeerBlock 1.1 (r518)
    PHANTASY STAR ONLINE 2
    Project64 1.6
    Project64 1.7
    QuickTime
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
    Sanctum
    Shutdown Timer
    Skype Toolbars
    Skype™ 5.1
    SpeedFan (remove only)
    Spotify
    Spybot - Search & Destroy
    StarCraft II
    Steam
    System Requirements Lab CYRI
    Team Fortress 2
    Unity Web Player
    Universe Sandbox
    uTorrentBar Toolbar
    VLC media player 1.1.5
    Windows 7 USB/DVD Download Tool
    Windows Media Player Firefox Plugin
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/21/2012 6:53:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi discache PCTSD spldr Wanarpv6
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
    6/21/2012 6:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/21/2012 6:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    6/21/2012 6:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/21/2012 2:55:31 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed.
    6/21/2012 2:55:31 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    6/21/2012 2:43:09 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
    6/21/2012 2:43:06 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:43:06 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
    6/21/2012 2:42:53 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
    6/21/2012 2:42:53 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
    6/21/2012 2:41:42 PM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Tap0901 service terminated with the following error: The specified module could not be found.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Machnm32 service terminated with the following error: The specified module could not be found.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: The specified module could not be found.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Dpti2o service terminated with the following error: The specified module could not be found.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Btaudio service terminated with the following error: The specified module could not be found.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:53 PM, Error: Service Control Manager [7000] - The Digidesign MME Refresh Service service failed to start due to the following error: The system cannot find the file specified.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
    6/21/2012 2:40:52 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
    6/21/2012 2:40:49 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: Afd. This service might not be installed.
    6/21/2012 12:50:55 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 12:50:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi discache spldr Wanarpv6
    6/21/2012 12:48:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/21/2012 12:47:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0x80000003, 0x8f108739, 0x96f87c84, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062112-40607-01.
    6/21/2012 12:44:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/21/2012 12:26:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    6/21/2012 12:08:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/21/2012 12:08:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/21/2012 12:08:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/21/2012 12:08:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    6/21/2012 12:08:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/21/2012 12:08:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 11:37:31 AM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    6/21/2012 11:37:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/21/2012 11:37:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/21/2012 1:46:02 AM, Error: PCTCore [280] -
    6/21/2012 1:43:12 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    6/21/2012 1:11:51 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    6/21/2012 1:11:51 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    6/21/2012 1:10:59 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/20/2012 12:24:16 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    6/20/2012 11:14:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    6/19/2012 7:23:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    6/19/2012 7:23:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. snorin

    snorin TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 21-06-2012 16:40:52
    Running from E:\
    Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet002
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
    HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup [49168 2007-04-16] (UPEK Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [644104 2010-12-07] (Avid Technology, Inc.)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKLM\...\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe [x]
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
    HKU\Katz\...\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL [4321112 2011-01-05] (AOL Inc.)
    HKU\Katz\...\Run: [Google Update] "C:\Users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-10] (Google Inc.)
    HKU\Katz\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-30] ()
    HKU\Katz\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\Katz\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1242448 2011-08-03] (Valve Corporation)
    Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Lsa: [Notification Packages] scecli
    psqlpwd
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Katz\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    ================================ Services (Whitelisted) ==================
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
    2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [134920 2012-03-06] (AVAST Software)
    3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
    3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [30969208 2010-03-25] (Microsoft Corporation)
    4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
    4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    3 npggsvc; C:\Windows\system32\GameMon.des -service [3957088 2012-04-09] (INCA Internet Co., Ltd.)
    2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
    3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
    2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
    3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
    3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)
    2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s [x]
    2 hpdj; C:\Windows\System32\TPECioCtl.dll [x]
    2 minilog; C:\Windows\System32\CTEXFIFX.DLL.dll [x]
    2 pccsmcfd; C:\Windows\System32\roxmediadb.dll [x]
    2 prodrv06; C:\Windows\System32\3c1807pd.dll [x]
    2 USR1806V; C:\Windows\System32\atiavpci.dll [x]
    3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
    ========================== Drivers (Whitelisted) =============
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
    1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [112984 2012-03-06] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-06] (AVAST Software)
    2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)
    0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-03-06] (ALWIL Software)
    0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [196440 2012-03-06] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44376 2012-03-06] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
    2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
    0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
    3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
    3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [158344 2010-12-07] (Avid Technology, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
    3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
    3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [235648 2007-10-10] (Creative Technology Ltd.)
    3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
    3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [20080 2010-11-06] ()
    0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.)
    3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2011-12-07] (Microsoft Corporation)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
    ========================== NetSvcs (Whitelisted) ===========
    NETSVC: LRMINIPORT -> No Registry Path.
    NETSVC: hpdj -> C:\Windows\system32\TPECioCtl.dll ==> No File.
    NETSVC: minilog -> C:\Windows\system32\CTEXFIFX.DLL.dll ==> No File.
    NETSVC: prodrv06 -> C:\Windows\system32\3c1807pd.dll ==> No File.
    NETSVC: pccsmcfd -> C:\Windows\system32\roxmediadb.dll ==> No File.
    NETSVC: psdistributionagent -> No Registry Path.
    NETSVC: USR1806V -> C:\Windows\system32\atiavpci.dll ==> No File.
    ============ One Month Created Files and Folders ==============
    2012-06-21 15:31 - 2012-06-21 15:30 - 00876898 ____A C:\Users\Katz\Desktop\FRST.exe
    2012-06-21 15:31 - 2012-06-21 14:01 - 00294216 ____A C:\Users\Katz\Desktop\gmer-1.zip
    2012-06-21 14:15 - 2012-06-21 14:15 - 00001293 ____A C:\Users\Katz\Desktop\gmer.log
    2012-06-21 14:11 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Katz\Desktop\gmer.exe
    2012-06-21 14:07 - 2012-06-21 14:07 - 00294216 ____A C:\Users\Katz\Desktop\gmer.zip
    2012-06-21 13:58 - 2012-06-21 13:58 - 00019487 ____A C:\Users\Katz\Desktop\Attach.txt
    2012-06-21 13:58 - 2012-06-21 13:58 - 00015650 ____A C:\Users\Katz\Desktop\DDS.txt
    2012-06-21 13:23 - 2012-06-21 13:23 - 00607260 ____R (Swearware) C:\Users\Katz\Desktop\dds.scr
    2012-06-21 11:48 - 2012-06-21 11:48 - 00001994 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-06-21 11:48 - 2012-03-06 16:04 - 00112984 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2012-06-21 11:48 - 2012-03-06 16:03 - 00612184 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-06-21 11:48 - 2012-03-06 16:03 - 00337880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-06-21 11:48 - 2012-03-06 16:03 - 00196440 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2012-06-21 11:48 - 2012-03-06 16:02 - 00044376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-06-21 11:48 - 2012-03-06 16:02 - 00024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2012-06-21 11:48 - 2012-03-06 16:01 - 00057688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-06-21 11:48 - 2012-03-06 16:01 - 00053848 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-06-21 11:48 - 2012-03-06 16:01 - 00020696 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-06-21 11:48 - 2012-03-06 15:44 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
    2012-06-21 11:47 - 2012-03-06 16:15 - 00201352 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-06-21 11:47 - 2012-03-06 16:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-06-21 11:26 - 2012-06-21 11:24 - 00397451 ____A C:\Users\Katz\Desktop\MiniToolBox.exe
    2012-06-21 00:43 - 2012-06-21 00:43 - 00994845 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-06-21 00:42 - 2012-06-21 10:15 - 00000000 ____D C:\Program Files\PC Tools Security
    2012-06-21 00:34 - 2012-06-21 00:41 - 00000000 ____D C:\Users\Katz\AppData\Roaming\GetRightToGo
    2012-06-21 00:14 - 2012-06-21 00:21 - 887057149 ____A C:\Users\Katz\Downloads\Pro Tools LE 8.rar
    2012-06-20 23:46 - 2012-06-20 23:47 - 00160536 ____A C:\Windows\Minidump\062112-40607-01.dmp
    2012-06-20 23:34 - 2012-06-21 11:47 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-06-20 23:34 - 2012-06-21 11:47 - 00000000 ____D C:\Program Files\AVAST Software
    2012-06-20 23:31 - 2012-06-20 23:33 - 98312792 ____A C:\Users\Katz\Downloads\avast_internet_security_setup.exe
    2012-06-20 23:10 - 2012-06-20 23:10 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-20 23:02 - 2012-06-21 00:10 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
    2012-06-20 22:58 - 2012-06-20 22:58 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-20 22:39 - 2012-06-20 22:39 - 00000000 ____D C:\Users\Katz\Downloads\Pro Tools MP 9 Retail
    2012-06-20 22:38 - 2012-06-20 22:38 - 00017499 ____A C:\Users\Katz\Downloads\o-Demonoid.me-o_Pro_Tools_MP_9_Mac_Windows_Retail__7974775.1434.torrent
    2012-06-20 14:03 - 2012-06-20 13:40 - 00000000 ____D C:\Users\Katz\Desktop\Exotic Animal Petting Zoo Tree of Tongues
    2012-06-20 14:03 - 2012-06-20 04:48 - 00000000 ____D C:\Users\Katz\Desktop\The Word Alive - Life Cycles (2012)
    2012-06-20 11:02 - 2012-06-20 11:06 - 96703951 ____A C:\Users\Katz\Downloads\The Word Alive - Life Cycles [2012].rar
    2012-06-20 11:00 - 2012-06-20 11:03 - 67227443 ____A C:\Users\Katz\Downloads\Exotic Animal Petting Zoo Tree of Tongues.rar
    2012-06-19 19:32 - 2008-06-17 21:56 - 00000000 ____D C:\Users\Katz\Desktop\Toontrack Music EZDrummer dfh Drumkit From Hell Pack
    2012-06-19 18:26 - 2008-12-04 02:02 - 00016400 ____A (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\System32\Drivers\diginet.sys
    2012-06-19 17:56 - 2012-06-19 19:22 - 00000000 ____D C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack
    2012-06-19 17:55 - 2012-06-19 17:55 - 00014154 ____A C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack [rockbox] [h33t].torrent
    2012-06-19 17:41 - 2012-06-20 00:30 - 00000000 ____D C:\Users\Katz\Downloads\EZ Drummer [zepa@h33t.com]
    2012-06-19 17:40 - 2012-06-19 17:40 - 00020345 ____A C:\Users\Katz\Downloads\EZdrummer [zepa@h33t.com] [h33t].torrent
    2012-06-19 17:34 - 2012-06-19 17:34 - 00017721 ____A C:\Users\Katz\Downloads\Pro Tools LE 8 (rar) [h33t] [Nugmonster].torrent
    2012-06-19 15:05 - 1996-12-24 22:32 - 33554432 ____N C:\Users\Katz\Desktop\Zelda no Densetsu - Toki no Ocarina (Japan).n64
    2012-06-19 15:03 - 2012-06-19 15:05 - 26999425 ____A C:\Users\Katz\Downloads\Zelda no Densetsu - Toki no Ocarina (Japan).zip
    2012-06-19 15:02 - 2012-06-19 15:02 - 02080797 ____A (Project64 ) C:\Users\Katz\Downloads\setup Project64 1.6.exe
    2012-06-19 14:30 - 2012-06-19 14:30 - 01335858 ____A C:\Users\Katz\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
    2012-06-19 14:10 - 2012-06-19 20:20 - 00000000 ____D C:\Users\Katz\Desktop\snes
    2012-06-19 14:10 - 2012-06-19 14:10 - 02682192 ____A C:\Users\Katz\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
    2012-06-19 14:07 - 2012-06-19 14:07 - 00867785 ____A C:\Users\Katz\Downloads\zsnesw151.zip
    2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
    2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Users\Katz\AppData\Roaming\MotioninJoy
    2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Program Files\MotioninJoy
    2012-06-19 14:03 - 2012-05-12 11:31 - 00099400 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
    2012-06-19 14:03 - 2011-12-07 18:42 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-06-19 14:03 - 2011-12-07 18:42 - 00255496 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
    2012-06-19 14:03 - 2011-12-07 18:42 - 00061984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
    2012-06-19 14:02 - 2012-06-19 14:02 - 04117346 ____A C:\Users\Katz\Downloads\MotioninJoy_071001_signed.zip
    2012-06-19 11:07 - 2012-06-19 14:11 - 00000000 ____D C:\Users\Katz\Desktop\dld rap cover
    2012-06-16 21:44 - 2012-06-16 21:44 - 00081423 ____A C:\Users\Katz\Downloads\September Carrino.torrent
    2012-06-16 16:18 - 2012-06-16 16:18 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin (1).exe
    2012-06-16 16:17 - 2012-06-16 16:17 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin.exe
    2012-06-15 23:36 - 2012-06-15 23:36 - 02394117 ____A C:\Users\Katz\Downloads\IMG_0835.MOV
    2012-06-14 10:12 - 2012-06-14 10:13 - 33727620 ____A C:\Users\Katz\Desktop\wed 13th (good).wav
    2012-06-13 22:44 - 2012-06-14 10:25 - 00000000 ____D C:\Users\Katz\Desktop\Copy of wed june 13 ( not shitty)
    2012-06-12 19:29 - 2012-06-12 19:29 - 00000000 ____D C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face__282012_29__5BMP3%5D_CR_3965953
    2012-06-12 18:17 - 2012-06-12 18:17 - 04434578 ____A C:\Users\Katz\Downloads\[allleaks.tumblr.com] Exotic Animal Petting Zoo - You Make Wonderful Pictures.mp3
    2012-06-12 16:20 - 2012-06-12 16:49 - 162051925 ____A C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face_%282012%29_%5BMP3%5D_CR_3965953.rar
    2012-06-10 02:11 - 2012-06-14 01:13 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Line 6
    2012-06-09 13:06 - 2012-06-09 13:06 - 26659972 ____A C:\Users\Katz\Desktop\**** **** (in progress).wav
    2012-06-09 12:50 - 2012-06-09 12:50 - 33869960 ____A C:\Users\Katz\Desktop\trip hop (in prog).wav
    2012-06-09 00:54 - 2012-06-20 23:46 - 321589879 ____A C:\Windows\MEMORY.DMP
    2012-06-08 17:26 - 2012-06-08 17:26 - 00001981 ____A C:\Users\Katz\Desktop\POD Farm 2.lnk
    2012-06-08 17:23 - 2012-06-08 17:23 - 33869960 ____A C:\Users\Katz\Desktop\beat!@!@!@!@!@.wav
    2012-06-08 16:37 - 2012-06-08 16:43 - 00000000 ____D C:\Users\Katz\Desktop\loops beat 1
    2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\Katz\Documents\Line 6
    2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\All Users\Line 6
    2012-06-08 16:35 - 2012-06-08 16:35 - 00000000 ____D C:\Program Files\Line6
    2012-06-08 16:29 - 2012-06-08 16:30 - 00000000 ____D C:\Users\Katz\Desktop\BEST BEATS EVER
    2012-06-08 15:03 - 2012-06-08 15:03 - 01873948 ____A C:\Users\Katz\Desktop\WHAT WHAT.wav
    2012-06-08 13:36 - 2012-06-08 13:36 - 02723264 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\vcredist_x86.exe
    2012-06-08 01:46 - 2012-06-08 02:05 - 163220303 ____A C:\Users\Katz\Downloads\Lush_Princess_01.rar
    2012-06-06 09:10 - 2012-06-06 09:15 - 124420592 ____A C:\Users\Katz\Downloads\POD Farm v2.51 Installer.exe
    2012-05-30 16:38 - 2012-05-30 16:39 - 06955968 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\Silverlight (1).exe
    2012-05-30 10:14 - 2012-05-30 10:14 - 00000000 ____D C:\Users\Katz\AppData\Roaming\LolClient2
    2012-05-28 11:14 - 2012-05-28 11:20 - 00000000 ____D C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv]
    2012-05-28 11:13 - 2012-05-28 11:13 - 00030677 ____A C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv] [h33t].torrent
    2012-05-25 10:16 - 2012-05-25 10:34 - 113123901 ____A C:\Users\Katz\Downloads\7_Horns_7_Eyes-Throes_Of_Absolution-2012-KzT.rar
    2012-05-22 14:13 - 2012-05-22 15:21 - 00000000 ____D C:\Users\Katz\Downloads\House.S08.Special-Swan.Song.720p.HDTV.x264-BAJSKORV [PublicHD]

    ============ 3 Months Modified Files and Folders ===============
    2012-06-21 16:41 - 2012-06-21 16:39 - 00000000 ____D C:\FRST
    2012-06-21 15:36 - 2012-03-22 19:39 - 00095586 ____A C:\Windows\setupact.log
    2012-06-21 15:31 - 2010-11-20 13:01 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-21 15:30 - 2012-06-21 15:31 - 00876898 ____A C:\Users\Katz\Desktop\FRST.exe
    2012-06-21 14:17 - 2011-08-08 17:43 - 00010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 14:17 - 2011-08-08 17:43 - 00010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 14:15 - 2012-06-21 14:15 - 00001293 ____A C:\Users\Katz\Desktop\gmer.log
    2012-06-21 14:12 - 2011-08-08 18:47 - 01416221 ____A C:\Windows\WindowsUpdate.log
    2012-06-21 14:10 - 2011-07-07 22:49 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-21 14:10 - 2011-03-13 09:20 - 00000000 ____D C:\Program Files\Steam
    2012-06-21 14:10 - 2009-07-13 20:53 - 00027422 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-21 14:10 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-21 14:07 - 2012-06-21 14:07 - 00294216 ____A C:\Users\Katz\Desktop\gmer.zip
    2012-06-21 14:01 - 2012-06-21 15:31 - 00294216 ____A C:\Users\Katz\Desktop\gmer-1.zip
    2012-06-21 13:58 - 2012-06-21 13:58 - 00019487 ____A C:\Users\Katz\Desktop\Attach.txt
    2012-06-21 13:58 - 2012-06-21 13:58 - 00015650 ____A C:\Users\Katz\Desktop\DDS.txt
    2012-06-21 13:47 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-21 13:23 - 2012-06-21 13:23 - 00607260 ____R (Swearware) C:\Users\Katz\Desktop\dds.scr
    2012-06-21 12:40 - 2011-07-11 12:55 - 00000000 ____D C:\Users\Katz\AppData\Local\LogMeIn Hamachi
    2012-06-21 11:51 - 2011-07-30 16:15 - 00000000 ____D C:\Users\Katz\AppData\Local\PMB Files
    2012-06-21 11:48 - 2012-06-21 11:48 - 00001994 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-06-21 11:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
    2012-06-21 11:48 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
    2012-06-21 11:47 - 2012-06-20 23:34 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-06-21 11:47 - 2012-06-20 23:34 - 00000000 ____D C:\Program Files\AVAST Software
    2012-06-21 11:34 - 2011-03-12 02:33 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-06-21 11:24 - 2012-06-21 11:26 - 00397451 ____A C:\Users\Katz\Desktop\MiniToolBox.exe
    2012-06-21 11:02 - 2010-11-20 13:48 - 00045274 ____A C:\Windows\PFRO.log
    2012-06-21 10:15 - 2012-06-21 00:42 - 00000000 ____D C:\Program Files\PC Tools Security
    2012-06-21 00:43 - 2012-06-21 00:43 - 00994845 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-06-21 00:41 - 2012-06-21 00:34 - 00000000 ____D C:\Users\Katz\AppData\Roaming\GetRightToGo
    2012-06-21 00:28 - 2011-04-01 18:24 - 00000000 ____D C:\Users\Katz\AppData\Roaming\uTorrent
    2012-06-21 00:24 - 2011-04-04 20:06 - 00000000 ____D C:\Program Files\PeerBlock
    2012-06-21 00:21 - 2012-06-21 00:14 - 887057149 ____A C:\Users\Katz\Downloads\Pro Tools LE 8.rar
    2012-06-21 00:13 - 2012-05-18 11:25 - 00000000 ____D C:\users\UpdatusUser.Katz-PC
    2012-06-21 00:12 - 2011-03-13 09:21 - 00000000 ____D C:\Program Files\Common Files\Steam
    2012-06-21 00:10 - 2012-06-20 23:02 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
    2012-06-21 00:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Web
    2012-06-20 23:47 - 2012-06-20 23:46 - 00160536 ____A C:\Windows\Minidump\062112-40607-01.dmp
    2012-06-20 23:47 - 2009-07-13 20:33 - 03791400 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-20 23:46 - 2012-06-09 00:54 - 321589879 ____A C:\Windows\MEMORY.DMP
    2012-06-20 23:46 - 2011-08-16 15:35 - 00000000 ____D C:\Windows\Minidump
    2012-06-20 23:46 - 2011-07-01 18:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-06-20 23:33 - 2012-06-20 23:31 - 98312792 ____A C:\Users\Katz\Downloads\avast_internet_security_setup.exe
    2012-06-20 23:10 - 2012-06-20 23:10 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-20 22:58 - 2012-06-20 22:58 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-20 22:55 - 2011-03-10 16:22 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000UA.job
    2012-06-20 22:39 - 2012-06-20 22:39 - 00000000 ____D C:\Users\Katz\Downloads\Pro Tools MP 9 Retail
    2012-06-20 22:38 - 2012-06-20 22:38 - 00017499 ____A C:\Users\Katz\Downloads\o-Demonoid.me-o_Pro_Tools_MP_9_Mac_Windows_Retail__7974775.1434.torrent
    2012-06-20 22:28 - 2011-03-10 16:22 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000Core.job
    2012-06-20 13:40 - 2012-06-20 14:03 - 00000000 ____D C:\Users\Katz\Desktop\Exotic Animal Petting Zoo Tree of Tongues
    2012-06-20 11:06 - 2012-06-20 11:02 - 96703951 ____A C:\Users\Katz\Downloads\The Word Alive - Life Cycles [2012].rar
    2012-06-20 11:03 - 2012-06-20 11:00 - 67227443 ____A C:\Users\Katz\Downloads\Exotic Animal Petting Zoo Tree of Tongues.rar
    2012-06-20 04:48 - 2012-06-20 14:03 - 00000000 ____D C:\Users\Katz\Desktop\The Word Alive - Life Cycles (2012)
    2012-06-20 00:30 - 2012-06-19 17:41 - 00000000 ____D C:\Users\Katz\Downloads\EZ Drummer [zepa@h33t.com]
    2012-06-19 20:20 - 2012-06-19 14:10 - 00000000 ____D C:\Users\Katz\Desktop\snes
    2012-06-19 19:22 - 2012-06-19 17:56 - 00000000 ____D C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack
    2012-06-19 19:15 - 2011-08-08 19:55 - 00115360 ____A C:\Users\Katz\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-19 18:32 - 2011-08-14 20:50 - 00000000 ____D C:\Program Files\Digidesign
    2012-06-19 18:28 - 2011-03-10 11:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2012-06-19 17:55 - 2012-06-19 17:55 - 00014154 ____A C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack [rockbox] [h33t].torrent
    2012-06-19 17:45 - 2011-08-14 20:50 - 00000000 ____D C:\Program Files\Common Files\Digidesign
    2012-06-19 17:40 - 2012-06-19 17:40 - 00020345 ____A C:\Users\Katz\Downloads\EZdrummer [zepa@h33t.com] [h33t].torrent
    2012-06-19 17:34 - 2012-06-19 17:34 - 00017721 ____A C:\Users\Katz\Downloads\Pro Tools LE 8 (rar) [h33t] [Nugmonster].torrent
    2012-06-19 15:05 - 2012-06-19 15:03 - 26999425 ____A C:\Users\Katz\Downloads\Zelda no Densetsu - Toki no Ocarina (Japan).zip
    2012-06-19 15:02 - 2012-06-19 15:02 - 02080797 ____A (Project64 ) C:\Users\Katz\Downloads\setup Project64 1.6.exe
    2012-06-19 14:30 - 2012-06-19 14:30 - 01335858 ____A C:\Users\Katz\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
    2012-06-19 14:11 - 2012-06-19 11:07 - 00000000 ____D C:\Users\Katz\Desktop\dld rap cover
    2012-06-19 14:11 - 2011-08-14 21:28 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Digidesign
    2012-06-19 14:10 - 2012-06-19 14:10 - 02682192 ____A C:\Users\Katz\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
    2012-06-19 14:07 - 2012-06-19 14:07 - 00867785 ____A C:\Users\Katz\Downloads\zsnesw151.zip
    2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
    2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Users\Katz\AppData\Roaming\MotioninJoy
    2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Program Files\MotioninJoy
    2012-06-19 14:02 - 2012-06-19 14:02 - 04117346 ____A C:\Users\Katz\Downloads\MotioninJoy_071001_signed.zip
    2012-06-17 17:24 - 2012-05-18 14:44 - 00000000 ____D C:\Program Files\Diablo III
    2012-06-16 21:44 - 2012-06-16 21:44 - 00081423 ____A C:\Users\Katz\Downloads\September Carrino.torrent
    2012-06-16 18:32 - 2011-04-25 08:03 - 00000000 ____D C:\Users\Katz\Desktop\school
    2012-06-16 16:18 - 2012-06-16 16:18 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin (1).exe
    2012-06-16 16:17 - 2012-06-16 16:17 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin.exe
    2012-06-15 23:36 - 2012-06-15 23:36 - 02394117 ____A C:\Users\Katz\Downloads\IMG_0835.MOV
    2012-06-14 10:25 - 2012-06-13 22:44 - 00000000 ____D C:\Users\Katz\Desktop\Copy of wed june 13 ( not shitty)
    2012-06-14 10:13 - 2012-06-14 10:12 - 33727620 ____A C:\Users\Katz\Desktop\wed 13th (good).wav
    2012-06-14 01:13 - 2012-06-10 02:11 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Line 6
    2012-06-12 23:37 - 2011-08-08 17:45 - 00000000 ____D C:\users\Katz
    2012-06-12 19:29 - 2012-06-12 19:29 - 00000000 ____D C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face__282012_29__5BMP3%5D_CR_3965953
    2012-06-12 18:17 - 2012-06-12 18:17 - 04434578 ____A C:\Users\Katz\Downloads\[allleaks.tumblr.com] Exotic Animal Petting Zoo - You Make Wonderful Pictures.mp3
    2012-06-12 16:49 - 2012-06-12 16:20 - 162051925 ____A C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face_%282012%29_%5BMP3%5D_CR_3965953.rar
    2012-06-12 15:48 - 2011-03-10 16:28 - 00001112 ___AH C:\IPH.PH
    2012-06-12 15:48 - 2011-03-10 16:28 - 00000000 ____D C:\Users\Katz\AppData\Local\AIM
    2012-06-09 13:06 - 2012-06-09 13:06 - 26659972 ____A C:\Users\Katz\Desktop\**** **** (in progress).wav
    2012-06-09 12:50 - 2012-06-09 12:50 - 33869960 ____A C:\Users\Katz\Desktop\trip hop (in prog).wav
    2012-06-09 00:54 - 2011-03-17 10:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-08 17:26 - 2012-06-08 17:26 - 00001981 ____A C:\Users\Katz\Desktop\POD Farm 2.lnk
    2012-06-08 17:23 - 2012-06-08 17:23 - 33869960 ____A C:\Users\Katz\Desktop\beat!@!@!@!@!@.wav
    2012-06-08 16:43 - 2012-06-08 16:37 - 00000000 ____D C:\Users\Katz\Desktop\loops beat 1
    2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\Katz\Documents\Line 6
    2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\All Users\Line 6
    2012-06-08 16:35 - 2012-06-08 16:35 - 00000000 ____D C:\Program Files\Line6
    2012-06-08 16:30 - 2012-06-08 16:29 - 00000000 ____D C:\Users\Katz\Desktop\BEST BEATS EVER
    2012-06-08 15:03 - 2012-06-08 15:03 - 01873948 ____A C:\Users\Katz\Desktop\WHAT WHAT.wav
    2012-06-08 13:36 - 2012-06-08 13:36 - 02723264 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\vcredist_x86.exe
    2012-06-08 13:10 - 2012-01-17 15:33 - 00000000 ____D C:\Users\Katz\Desktop\jan 17 metal
    2012-06-08 02:05 - 2012-06-08 01:46 - 163220303 ____A C:\Users\Katz\Downloads\Lush_Princess_01.rar
    2012-06-07 10:48 - 2011-07-30 16:15 - 00000000 ____D C:\Users\All Users\PMB Files
    2012-06-06 09:15 - 2012-06-06 09:10 - 124420592 ____A C:\Users\Katz\Downloads\POD Farm v2.51 Installer.exe
    2012-05-30 16:39 - 2012-05-30 16:38 - 06955968 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\Silverlight (1).exe
    2012-05-30 10:14 - 2012-05-30 10:14 - 00000000 ____D C:\Users\Katz\AppData\Roaming\LolClient2
    2012-05-28 11:20 - 2012-05-28 11:14 - 00000000 ____D C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv]
    2012-05-28 11:13 - 2012-05-28 11:13 - 00030677 ____A C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv] [h33t].torrent
    2012-05-25 12:16 - 2011-09-04 13:22 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Spotify
    2012-05-25 12:15 - 2011-09-04 13:22 - 00000000 ____D C:\Users\Katz\AppData\Local\Spotify
    2012-05-25 11:57 - 2012-03-19 17:21 - 00000065 ____A C:\Users\Katz\Desktop\u of a pass.txt
    2012-05-25 10:34 - 2012-05-25 10:16 - 113123901 ____A C:\Users\Katz\Downloads\7_Horns_7_Eyes-Throes_Of_Absolution-2012-KzT.rar
    2012-05-22 15:21 - 2012-05-22 14:13 - 00000000 ____D C:\Users\Katz\Downloads\House.S08.Special-Swan.Song.720p.HDTV.x264-BAJSKORV [PublicHD]
    2012-05-18 15:20 - 2012-05-18 15:20 - 00000000 ____D C:\Users\Katz\Documents\Diablo III
    2012-05-18 15:09 - 2012-05-18 14:44 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-18 15:09 - 2011-04-05 14:40 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
    2012-05-18 14:43 - 2012-05-18 14:43 - 00000000 ____D C:\Users\All Users\Battle.net
    2012-05-18 14:42 - 2011-12-30 12:56 - 00000000 ____D C:\Users\Katz\Desktop\sdafsadfsdfs
    2012-05-18 11:25 - 2012-05-18 11:25 - 00000020 ___SH C:\Users\UpdatusUser.Katz-PC\ntuser.ini
    2012-05-18 11:25 - 2011-08-08 17:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-05-18 11:24 - 2011-07-07 22:47 - 00000000 ____D C:\NVIDIA
    2012-05-18 11:18 - 2012-05-18 11:13 - 168914544 ____A (NVIDIA Corporation) C:\Users\Katz\Downloads\296.10-notebook-win7-winvista-32bit-international-whql.exe
    2012-05-17 13:08 - 2012-05-17 13:08 - 00000000 ____D C:\Users\Katz\Downloads\Game.of.Thrones.S02E07.720p.HDTV.x264-IMMERSE [PublicHD]
    2012-05-17 13:07 - 2012-05-17 13:07 - 00007823 ____A C:\Users\Katz\Downloads\Game of Thrones S02E07 720p HDTV x264 IMMERSE [PublicHD] [h33t].torrent
    2012-05-12 11:31 - 2012-06-19 14:03 - 00099400 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
    2012-05-08 21:46 - 2012-05-08 21:44 - 60644399 ____A C:\Users\Katz\Downloads\I_Stopped_Caring_In_96.zip
    2012-05-08 18:49 - 2012-05-08 18:47 - 44800020 ____A C:\Users\Katz\Downloads\Eyes Shut EP.zip
    2012-05-04 10:42 - 2012-05-04 10:42 - 00000000 ____D C:\Users\Katz\Downloads\[www.tnttorrent.info] Grown Ups 2010 [DVDRip.XviD-miguel] [Ekipa TnT]
    2012-05-03 16:37 - 2012-05-03 16:37 - 00000000 ____D C:\Program Files\M-Audio
    2012-05-03 16:35 - 2012-05-03 16:34 - 10652168 ____A (M-Audio, a division of Avid Technology, Inc.) C:\Users\Katz\Downloads\Install M-Audio FastTrack 6_0_6.exe
    2012-05-03 12:46 - 2012-05-03 12:45 - 18283610 ____A C:\Users\Katz\Downloads\Paper Diamond-Wavesight EP (JEFF017).zip
    2012-05-02 16:10 - 2012-03-19 19:02 - 00000000 ____D C:\Users\Katz\AppData\Roaming\abgx360
    2012-04-30 19:36 - 2012-04-30 19:32 - 104857600 ____A C:\Users\Katz\Downloads\ME3.d2.wyccad.part35.rar
    2012-04-29 17:56 - 2012-04-22 09:11 - 00000000 ____D C:\Users\Katz\Desktop\pso2
    2012-04-29 15:19 - 2012-03-18 19:36 - 00000000 ____D C:\Program Files\JDownloader
    2012-04-29 07:57 - 2012-04-29 07:57 - 08513024 ____A C:\Users\Katz\Downloads\Hume on Personal Identity.ppt
    2012-04-29 07:57 - 2012-04-29 07:57 - 00776192 ____A C:\Users\Katz\Downloads\Presentation on Locke on Personal Identity.ppt
    2012-04-28 09:24 - 2012-04-28 09:24 - 00000000 ____D C:\Users\Katz\Downloads\[www.Cpasbien.com] Tenacious D - Rize of the Fenix (2012)
    2012-04-28 09:18 - 2012-04-28 09:17 - 70092365 ____A C:\Users\Katz\Downloads\BTD - RseOfthPhnix.2012.320kbps.VBR.rar
    2012-04-27 15:42 - 2012-04-27 15:42 - 01037072 ____A C:\Users\Katz\Downloads\Downloader.exe
    2012-04-25 17:32 - 2012-04-25 17:32 - 00120834 ____A C:\Users\Katz\Downloads\sine30.zip
    2012-04-24 17:45 - 2012-04-24 17:45 - 04308484 ____A C:\Users\Katz\Desktop\bass beats+orch.wav
    2012-04-22 12:20 - 2012-04-22 12:20 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
    2012-04-22 12:04 - 2012-04-22 12:04 - 00001292 ____A C:\Users\Katz\Desktop\PHANTASY STAR ONLINE 2.lnk
    2012-04-22 11:55 - 2012-04-22 11:55 - 00000000 ____D C:\Users\Katz\Documents\SEGA
    2012-04-22 11:55 - 2012-04-22 11:55 - 00000000 ____D C:\Program Files\SEGA
    2012-04-22 09:12 - 2012-04-22 09:12 - 00000000 ____D C:\Users\Katz\AppData\Roaming\SEGA
    2012-04-17 14:02 - 2012-04-17 14:01 - 06887361 ____A C:\Users\Katz\Downloads\Recipe (Beat).mp3
    2012-04-17 13:51 - 2012-04-17 13:50 - 00000000 ____D C:\Users\Katz\Downloads\50 50
    2012-04-17 13:49 - 2012-04-17 13:49 - 00012806 ____A C:\Users\Katz\Downloads\50_50 [2011] DVD SCREENER MP4 c00kies INF1N1TY [h33t].torrent
    2012-04-17 08:46 - 2012-04-17 08:46 - 00077694 ____A C:\Users\Katz\Downloads\shins_new_slang.gp5
    2012-04-16 17:43 - 2012-04-16 17:43 - 10785434 ____A C:\Users\Katz\Downloads\Zardonic, Mark Instinct, NumberNin6 and Run DMT - Real Steel - Electrokill.info.mp3
    2012-04-16 17:40 - 2012-04-16 17:39 - 08237184 ____A C:\Users\Katz\Downloads\Nightmares On Wax - You Wish.mp3
    2012-04-16 17:39 - 2012-04-16 17:37 - 06718759 ____A C:\Users\Katz\Downloads\Poncho Warwick - Tainted Jazz.mp3
    2012-04-16 14:10 - 2012-04-16 14:10 - 03967718 ____A C:\Users\Katz\Downloads\Dr. Dre & Kendrick Lamar - Coachella 2012 - The Recipe.mp3
    2012-04-16 13:09 - 2011-03-27 10:22 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Skype
    2012-04-16 11:18 - 2011-03-27 10:23 - 00000000 ____D C:\Users\Katz\AppData\Roaming\skypePM
    2012-04-16 10:30 - 2012-04-16 10:29 - 00000000 ____D C:\Users\Katz\Downloads\Eastbound and Down S03E08 HDTV x264-ASAP[ettv]
    2012-04-16 10:15 - 2012-04-16 10:12 - 00000000 ____D C:\Users\Katz\Downloads\Eastbound and Down S03E07 HDTV x264-ASAP[ettv]
    2012-04-13 16:22 - 2012-04-13 16:04 - 48519046 ____A C:\Users\Katz\Downloads\mp3tera.org_Depths_Of_Hatred-Aversionist-2012-UTP.rar
    2012-04-11 13:35 - 2012-04-11 13:35 - 00016270 ____A C:\Users\Katz\Downloads\Job For A Cowboy- Demonocracy- [2012]- NewMp3Club [h33t].torrent
    2012-04-11 11:32 - 2012-04-11 11:29 - 101896811 ____A C:\Users\Katz\Downloads\Shadow Of The Colossus - Shadow Of The Colossus (2010).rar
    2012-04-10 21:12 - 2012-04-10 21:08 - 172813867 ____A C:\Users\Katz\Downloads\V.A. - The Ultimate-Guitar Community Drone Album, One.rar
    2012-04-09 16:21 - 2012-04-09 16:20 - 00000000 ____D C:\Users\Katz\Downloads\Eastbound and Down S03E07 HDTV XviD-FQM[ettv]
    2012-04-09 13:34 - 2012-04-22 12:22 - 03957088 ____A (INCA Internet Co., Ltd.) C:\Windows\System32\GameMon.des
    2012-04-04 18:50 - 2012-04-04 18:49 - 00000000 ____D C:\Users\Katz\Desktop\samples
    2012-04-04 17:08 - 2012-04-04 17:03 - 00000000 ____D C:\Users\Katz\Downloads\The Big Lebowski 1998 720p BRRip x264-HDLiTE
    2012-04-04 17:02 - 2012-04-04 17:02 - 00024583 ____A C:\Users\Katz\Downloads\The Big Lebowski 1998 720p BRRip x264-HDLiTE [h33t].torrent
    2012-04-04 14:56 - 2011-07-01 18:38 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 14:36 - 2012-04-04 14:36 - 01416172 ____A C:\Users\Katz\Downloads\looperman_111346_28025_Thudacious.wav
    2012-04-04 14:31 - 2012-04-04 14:31 - 00088250 ____A C:\Users\Katz\Downloads\looperman_512025_49116_Thunder Crack.wav
    2012-04-04 14:24 - 2011-12-04 17:57 - 02121906 ____A C:\Users\Katz\Downloads\looperman_89446_7141_Rap Bass.wav
    2012-04-04 14:16 - 2012-04-04 14:16 - 02419244 ____A C:\Users\Katz\Downloads\looperman_159051_37335_ (1).wav
    2012-04-04 13:19 - 2012-04-04 13:18 - 19133883 ____A C:\Users\Katz\Downloads\Above & Beyond feat. Zoe Johnston - Love Is Not Enough (Maor Levi & Bluestone Remix) (BacauHouseMafia.Ro).mp3
    2012-04-04 13:14 - 2012-04-04 13:14 - 00000850 ____A C:\Users\Katz\Downloads\Above_and_Beyond_feat_Zoe_Johnston-Love_Is_Not_Enough_(The_Remixes)-ANJ231RD-WEB-2012-TraX.rar
    2012-04-03 16:34 - 2012-04-03 16:33 - 1380274904 ____A C:\Users\Katz\Downloads\Game.of.Thrones.s02e02.720p.WebRip-x264-English Audio.mp4
    2012-04-02 16:16 - 2012-04-02 15:27 - 1410844298 ____A C:\Users\Katz\Downloads\Game.of.Thrones.S02E01.720p.HDTV.RM-IMMERSE.3gp
    2012-03-28 13:03 - 2012-03-28 13:03 - 00000000 ____D C:\Windows\Panther
    2012-03-25 14:15 - 2012-03-25 14:15 - 00030365 ____A C:\Users\Katz\Downloads\Spartacus Vengeance S02E09 Monsters HDTV XviD-xTriLL [h33t].torrent
    2012-03-25 13:43 - 2012-03-25 13:30 - 735442944 ____A C:\Users\Katz\Downloads\Paranormal.Activity.3.2011.UNRATED.DVDRip.XviD-SPARKS.avi
    2012-03-25 13:29 - 2012-03-25 13:29 - 00014783 ____A C:\Users\Katz\Downloads\Paranormal Activity 3 2011 UNRATED DVDRip XviD-SPARKS [h33t].torrent
    ZeroAccess:
    C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}
    C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\@
    C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\L
    C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\U
    C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\U\trz7D1D.tmp
    ZeroAccess:
    C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}
    C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\@
    C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\L
    C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\n
    C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 11%
    Total physical RAM: 4094.06 MB
    Available physical RAM: 3612.75 MB
    Total Pagefile: 4092.35 MB
    Available Pagefile: 3612.67 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.69 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:298.09 GB) (Free:32.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Pro Tools) (CDROM) (Total:7.01 GB) (Free:0 GB) CDFS
    3 Drive e: () (Removable) (Total:0.96 GB) (Free:0.34 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 981 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 1024 KB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 298 GB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 980 MB 16 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E FAT Removable 980 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-17 23:55
    ======================= End Of Log ==========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  5. snorin

    snorin TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-21 16:51:50
    Running from E:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
    === End Of Search ===
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Boot normally and....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  7. snorin

    snorin TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-21 17:19:49 Run:1
    Running from E:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs prodrv06 Deleted successfully.
    C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404} moved successfully.
    C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====

    I still have no internet. Do I download combofix put it onto the flash drive and then transfer it to the other computer?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Yes please.
     
  9. snorin

    snorin TS Rookie Topic Starter

    update on what is currently going on: it is running combofix currently. a popup came up and said I have been infected with rootkit.zeroaccess! and that it would take sometime.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    OK...
     
  11. snorin

    snorin TS Rookie Topic Starter

    so "combofix has detected rootkit activity and needs to restart". when it is back on do I run combofix again?

    EDIT: NEVERMIND, it ran itself
     
     
  12. snorin

    snorin TS Rookie Topic Starter

    ComboFix 12-06-21.02 - Katz 06/21/2012 17:54:49.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2902 [GMT -7:00]
    Running from: c:\users\Katz\Desktop\ComboFix.exe
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB28499$
    c:\windows\$NtUninstallKB28499$\2218932995
    c:\windows\$NtUninstallKB28499$\2594239987\@
    c:\windows\$NtUninstallKB28499$\2594239987\cfg.ini
    c:\windows\$NtUninstallKB28499$\2594239987\Desktop.ini
    c:\windows\$NtUninstallKB28499$\2594239987\L\eaguynoe
    c:\windows\$NtUninstallKB28499$\2594239987\oemid
    c:\windows\$NtUninstallKB28499$\2594239987\U\00000001.@
    c:\windows\$NtUninstallKB28499$\2594239987\U\00000002.@
    c:\windows\$NtUninstallKB28499$\2594239987\U\00000004.@
    c:\windows\$NtUninstallKB28499$\2594239987\U\80000000.@
    c:\windows\$NtUninstallKB28499$\2594239987\U\80000004.@
    c:\windows\$NtUninstallKB28499$\2594239987\U\80000032.@
    c:\windows\$NtUninstallKB28499$\2594239987\version
    c:\windows\system32\dds_trash_log.cmd
    .
    c:\windows\system32\drivers\afd.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 01:13 . 2012-06-22 01:15 -------- d-----w- c:\users\Katz\AppData\Local\temp
    2012-06-22 01:13 . 2012-06-22 01:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-06-22 01:13 . 2012-06-22 01:13 -------- d-----w- c:\users\UpdatusUser.Katz-PC\AppData\Local\temp
    2012-06-21 19:13 . 2012-06-21 19:22 -------- d-----w- c:\users\Katz\AppData\Local\ElevatedDiagnostics
    2012-06-21 08:42 . 2012-06-21 18:15 -------- d-----w- c:\program files\PC Tools Security
    2012-06-21 08:34 . 2012-06-21 08:41 -------- d-----w- c:\users\Katz\AppData\Roaming\GetRightToGo
    2012-06-21 07:34 . 2012-06-22 00:53 -------- d-----w- c:\programdata\AVAST Software
    2012-06-21 07:34 . 2012-06-21 19:47 -------- d-----w- c:\program files\AVAST Software
    2012-06-21 06:58 . 2012-06-21 06:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-20 02:26 . 2008-12-04 10:02 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
    2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\users\Katz\AppData\Roaming\MotioninJoy
    2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\program files\MotioninJoy
    2012-06-19 22:03 . 2012-05-12 19:31 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2012-06-19 22:03 . 2011-12-08 02:42 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2012-06-19 22:03 . 2011-12-08 02:42 255496 ----a-w- c:\windows\system32\MijFrc.dll
    2012-06-19 22:03 . 2011-12-08 02:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-06-10 10:11 . 2012-06-14 09:13 -------- d-----w- c:\users\Katz\AppData\Roaming\Line 6
    2012-06-09 00:36 . 2012-06-09 00:36 -------- d-----w- c:\programdata\Line 6
    2012-06-09 00:35 . 2012-06-09 00:35 -------- d-----w- c:\program files\Line6
    2012-05-30 18:14 . 2012-05-30 18:14 -------- d-----w- c:\users\Katz\AppData\Roaming\LolClient2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-09 21:34 . 2012-04-22 20:22 3957088 ----a-w- c:\windows\system32\GameMon.des
    2012-04-04 22:56 . 2011-07-02 02:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 19:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 19:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-31 3077528]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Katz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-04-09 3957088]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    LRMINIPORT
    hpdj
    minilog
    pccsmcfd
    psdistributionagent
    USR1806V
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000Core.job
    - c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000UA.job
    - c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Wyslij &do programu OneNote
    IE: Wyslij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: line6.net
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
    MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(564)
    c:\windows\system32\psqlpwd.DLL
    c:\program files\Fingerprint Reader Suite\homefus2.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    - - - - - - - > 'Explorer.exe'(3168)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Fingerprint Reader Suite\upeksvr.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\conhost.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-21 18:19:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-22 01:19
    .
    Pre-Run: 35,371,950,080 bytes free
    Post-Run: 34,992,721,920 bytes free
    .
    - - End Of File - - 038BAAFFD92FDE01D83F996EC1418ED4
     
  13. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      afd.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  14. snorin

    snorin TS Rookie Topic Starter

    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:40 on 21/06/2012 by Katz
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "afd.sys"
    No files found.
    -= EOF =-
     
  15. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    That's quite impossible.

    Attached is "afd.zip" file.
    Unzip it and paste "afd.sys" file into c:\windows\system32\drivers folder.
    Disregard any Windows warnings.

    Re-run Combofix and post new log.
     

    Attached Files:

    • afd.zip
      File size:
      163 KB
      Views:
      1
  16. snorin

    snorin TS Rookie Topic Starter

    ComboFix 12-06-21.02 - Katz 06/21/2012 18:54:36.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2359 [GMT -7:00]
    Running from: c:\users\Katz\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 02:00 . 2012-06-22 02:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-06-22 02:00 . 2012-06-22 02:00 -------- d-----w- c:\users\UpdatusUser.Katz-PC\AppData\Local\temp
    2012-06-22 02:00 . 2012-06-22 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-22 01:53 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-06-22 01:13 . 2012-06-22 02:00 -------- d-----w- c:\users\Katz\AppData\Local\temp
    2012-06-22 00:39 . 2012-06-22 00:42 -------- d-----w- C:\FRST
    2012-06-21 19:13 . 2012-06-21 19:22 -------- d-----w- c:\users\Katz\AppData\Local\ElevatedDiagnostics
    2012-06-21 08:42 . 2012-06-21 18:15 -------- d-----w- c:\program files\PC Tools Security
    2012-06-21 08:34 . 2012-06-21 08:41 -------- d-----w- c:\users\Katz\AppData\Roaming\GetRightToGo
    2012-06-21 07:34 . 2012-06-22 00:53 -------- d-----w- c:\programdata\AVAST Software
    2012-06-21 07:34 . 2012-06-21 19:47 -------- d-----w- c:\program files\AVAST Software
    2012-06-21 06:58 . 2012-06-21 06:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-20 02:26 . 2008-12-04 10:02 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
    2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\users\Katz\AppData\Roaming\MotioninJoy
    2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\program files\MotioninJoy
    2012-06-19 22:03 . 2012-05-12 19:31 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2012-06-19 22:03 . 2011-12-08 02:42 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2012-06-19 22:03 . 2011-12-08 02:42 255496 ----a-w- c:\windows\system32\MijFrc.dll
    2012-06-19 22:03 . 2011-12-08 02:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-06-10 10:11 . 2012-06-14 09:13 -------- d-----w- c:\users\Katz\AppData\Roaming\Line 6
    2012-06-09 00:36 . 2012-06-09 00:36 -------- d-----w- c:\programdata\Line 6
    2012-06-09 00:35 . 2012-06-09 00:35 -------- d-----w- c:\program files\Line6
    2012-05-30 18:14 . 2012-05-30 18:14 -------- d-----w- c:\users\Katz\AppData\Roaming\LolClient2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-09 21:34 . 2012-04-22 20:22 3957088 ----a-w- c:\windows\system32\GameMon.des
    2012-04-04 22:56 . 2011-07-02 02:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 19:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 19:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-31 3077528]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Katz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-04-09 3957088]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    LRMINIPORT
    hpdj
    minilog
    pccsmcfd
    psdistributionagent
    USR1806V
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000Core.job
    - c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000UA.job
    - c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Wyslij &do programu OneNote
    IE: Wyslij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: line6.net
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(564)
    c:\windows\system32\psqlpwd.DLL
    c:\program files\Fingerprint Reader Suite\homefus2.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    - - - - - - - > 'Explorer.exe'(1628)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    Completion time: 2012-06-21 19:02:02
    ComboFix-quarantined-files.txt 2012-06-22 02:02
    ComboFix2.txt 2012-06-22 01:19
    .
    Pre-Run: 35,080,077,312 bytes free
    Post-Run: 34,777,706,496 bytes free
    .
    - - End Of File - - 6E225EF9C3B5E1F4F61853E73B9160D5
     
  17. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    How is internet now?
     
  18. snorin

    snorin TS Rookie Topic Starter

    it works now! thank you!
     
  19. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Very good :)

    We'll run couple more tools to make sure all is OK.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.