Inactive [A] Sirefef removal/no network

Status
Not open for further replies.
S

snorin

Posts: 10   +0
yesterday avast was continually coming up with pop-ups saying that it was blocking sirefef( dont remember which specifically). I did a bootscan and it said it caught the virus and I chose to delete it. Today when I turned my computer on again I could no longer use the internet. I am sure it is the computer as another computer could connect to our internet. Since then I have scanned with avast and malware and spybot all of which says there is nothing wrong with my computer. However, I can not connect to the internet as I only have " limited connectivity". I've uninstalled the network drivers and reinstalled them still no luck.

I think these are all the required logs to post ( malware, gmer and dds)


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.21.03
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Katz :: KATZ-PC [administrator]
Protection: Disabled
6/21/2012 12:09:34 PM
mbam-log-2012-06-21 (12-09-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234320
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-21 15:15:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200BEKT-60V5T1 rev.12.01A12
Running: gmer.exe; Driver: C:\Users\Katz\AppData\Local\Temp\kxldqpow.sys

---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x926FFD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Katz at 14:55:13 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2372 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AIM\aim.exe
C:\Users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
uRun: [Google Update] "c:\users\katz\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\katz\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Wyslij &do programu OneNote
IE: Wyslij &do programu OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-6-21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-6-21 196440]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-6-21 112984]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-21 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-21 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-21 337880]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-21 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-21 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-21 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-6-21 134920]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2012-6-19 16400]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-21 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-1 22344]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-18 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-12 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-6-19 99400]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-4-4 20080]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-10 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-06-21 19:48:56 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-06-21 19:48:37 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-06-21 19:48:36 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-21 19:48:34 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-21 19:48:34 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-21 19:48:33 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-21 19:48:03 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-21 19:47:59 41184 ----a-w- c:\windows\avastSS.scr
2012-06-21 19:13:43 -------- d-----w- c:\users\katz\appdata\local\ElevatedDiagnostics
2012-06-21 08:42:18 -------- d-----w- c:\program files\PC Tools Security
2012-06-21 08:34:58 -------- d-----w- c:\users\katz\appdata\roaming\GetRightToGo
2012-06-21 07:34:47 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 07:34:47 -------- d-----w- c:\program files\AVAST Software
2012-06-21 07:02:00 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-06-21 06:58:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-20 02:26:11 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
2012-06-19 22:03:17 -------- d-----w- c:\users\katz\appdata\roaming\MotioninJoy
2012-06-19 22:03:12 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-06-19 22:03:12 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-06-19 22:03:12 255496 ----a-w- c:\windows\system32\MijFrc.dll
2012-06-19 22:03:12 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-06-19 22:03:12 -------- d-----w- c:\program files\MotioninJoy
2012-06-10 10:11:23 -------- d-----w- c:\users\katz\appdata\roaming\Line 6
2012-06-09 00:36:00 -------- d-----w- c:\programdata\Line 6
2012-06-09 00:35:56 -------- d-----w- c:\program files\Line6
2012-05-30 18:14:24 -------- d-----w- c:\users\katz\appdata\roaming\LolClient2
.
==================== Find3M ====================
.
2012-04-09 21:34:20 3957088 ----a-w- c:\windows\system32\GameMon.des
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:58:11.43 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2011 7:48:38 PM
System Uptime: 6/21/2012 2:40:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 32.839 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: HTTP
Device ID: ROOT\LEGACY_HTTP\0000
Manufacturer:
Name: HTTP
PNP Device ID: ROOT\LEGACY_HTTP\0000
Service: HTTP
.
==== System Restore Points ===================
.
RP83: 6/21/2012 12:34:12 AM - avast! Internet Security Setup
RP84: 6/21/2012 11:22:40 AM - Restore Operation
RP85: 6/21/2012 12:00:58 PM - avast! Internet Security Setup
RP86: 6/21/2012 2:39:06 PM - Removed LogMeIn Hamachi
.
==== Installed Programs ======================
.
µTorrent
abgx360 v1.0.6
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS5.1
Adobe Reader X (10.1.1)
Adobe Stock Photos 1.0
AIM 7
Alien Swarm
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.2.6
Audiosurf
avast! Internet Security
Avid Pro Tools SE 8.0.3
Babylon toolbar on IE
Bonjour
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2 - Multiplayer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conduit Engine
Dell Wireless WLAN Card
Diablo III
Download Updater (AOL LLC)
Fingerprint Reader Suite 5.6
FL Studio 10
Free DigiRack Plug-Ins 8.0
Google Chrome
Guitar Pro 5.2
IL Download Manager
ImgBurn
Interlok driver setup x32
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JDownloader 0.9
Laptop Integrated Webcam Driver (1.04.01.1011)
League of Legends
Left 4 Dead 2
Line 6 Uninstaller
M-Audio FastTrack Driver 6.0.6 (x86)
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Polish) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Polish) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Polish) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Polish) 2010
Microsoft Office Language Pack 2010 - English
Microsoft Office O MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Polish) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Polish) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Polish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Polish) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Polish) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Polish) 2010
Microsoft Office ScreenTip Language 2010 - English
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Polish) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Polish) 2010
Microsoft Office X MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MotioninJoy Gamepad tool 0.7.1001
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
OEM Logo and Information
OpenOffice.org 3.3
Pando Media Booster
PC SleepTimer 1.0.0
PDF Settings CS5
PeerBlock 1.1 (r518)
PHANTASY STAR ONLINE 2
Project64 1.6
Project64 1.7
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
Sanctum
Shutdown Timer
Skype Toolbars
Skype™ 5.1
SpeedFan (remove only)
Spotify
Spybot - Search & Destroy
StarCraft II
Steam
System Requirements Lab CYRI
Team Fortress 2
Unity Web Player
Universe Sandbox
uTorrentBar Toolbar
VLC media player 1.1.5
Windows 7 USB/DVD Download Tool
Windows Media Player Firefox Plugin
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 6:53:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi discache PCTSD spldr Wanarpv6
6/21/2012 6:50:36 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/21/2012 6:50:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
6/21/2012 6:50:36 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
6/21/2012 6:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/21/2012 6:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/21/2012 6:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 2:55:31 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed.
6/21/2012 2:55:31 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
6/21/2012 2:43:09 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
6/21/2012 2:43:06 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:43:06 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
6/21/2012 2:42:53 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
6/21/2012 2:42:53 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
6/21/2012 2:41:42 PM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Tap0901 service terminated with the following error: The specified module could not be found.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Machnm32 service terminated with the following error: The specified module could not be found.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: The specified module could not be found.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Dpti2o service terminated with the following error: The specified module could not be found.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7023] - The Btaudio service terminated with the following error: The specified module could not be found.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:53 PM, Error: Service Control Manager [7000] - The Digidesign MME Refresh Service service failed to start due to the following error: The system cannot find the file specified.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
6/21/2012 2:40:52 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
6/21/2012 2:40:49 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: Afd. This service might not be installed.
6/21/2012 12:50:55 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 12:50:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi discache spldr Wanarpv6
6/21/2012 12:48:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/21/2012 12:47:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0x80000003, 0x8f108739, 0x96f87c84, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062112-40607-01.
6/21/2012 12:44:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/21/2012 12:26:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
6/21/2012 12:08:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 12:08:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 12:08:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 12:08:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
6/21/2012 12:08:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/21/2012 12:08:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 11:37:31 AM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
6/21/2012 11:37:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/21/2012 11:37:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/21/2012 1:46:02 AM, Error: PCTCore [280] -
6/21/2012 1:43:12 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/21/2012 1:11:51 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/21/2012 1:11:51 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/21/2012 1:10:59 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/20/2012 12:24:16 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/20/2012 11:14:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
6/19/2012 7:23:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
6/19/2012 7:23:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 21-06-2012 16:40:52
Running from E:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup [49168 2007-04-16] (UPEK Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [644104 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe [x]
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Katz\...\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL [4321112 2011-01-05] (AOL Inc.)
HKU\Katz\...\Run: [Google Update] "C:\Users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-10] (Google Inc.)
HKU\Katz\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-30] ()
HKU\Katz\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Katz\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1242448 2011-08-03] (Valve Corporation)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Lsa: [Notification Packages] scecli
psqlpwd
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Katz\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
================================ Services (Whitelisted) ==================
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [134920 2012-03-06] (AVAST Software)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [30969208 2010-03-25] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 npggsvc; C:\Windows\system32\GameMon.des -service [3957088 2012-04-09] (INCA Internet Co., Ltd.)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)
2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s [x]
2 hpdj; C:\Windows\System32\TPECioCtl.dll [x]
2 minilog; C:\Windows\System32\CTEXFIFX.DLL.dll [x]
2 pccsmcfd; C:\Windows\System32\roxmediadb.dll [x]
2 prodrv06; C:\Windows\System32\3c1807pd.dll [x]
2 USR1806V; C:\Windows\System32\atiavpci.dll [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
========================== Drivers (Whitelisted) =============
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [112984 2012-03-06] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-03-06] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [196440 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44376 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [158344 2010-12-07] (Avid Technology, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [235648 2007-10-10] (Creative Technology Ltd.)
3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [20080 2010-11-06] ()
0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2011-12-07] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
========================== NetSvcs (Whitelisted) ===========
NETSVC: LRMINIPORT -> No Registry Path.
NETSVC: hpdj -> C:\Windows\system32\TPECioCtl.dll ==> No File.
NETSVC: minilog -> C:\Windows\system32\CTEXFIFX.DLL.dll ==> No File.
NETSVC: prodrv06 -> C:\Windows\system32\3c1807pd.dll ==> No File.
NETSVC: pccsmcfd -> C:\Windows\system32\roxmediadb.dll ==> No File.
NETSVC: psdistributionagent -> No Registry Path.
NETSVC: USR1806V -> C:\Windows\system32\atiavpci.dll ==> No File.
============ One Month Created Files and Folders ==============
2012-06-21 15:31 - 2012-06-21 15:30 - 00876898 ____A C:\Users\Katz\Desktop\FRST.exe
2012-06-21 15:31 - 2012-06-21 14:01 - 00294216 ____A C:\Users\Katz\Desktop\gmer-1.zip
2012-06-21 14:15 - 2012-06-21 14:15 - 00001293 ____A C:\Users\Katz\Desktop\gmer.log
2012-06-21 14:11 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Katz\Desktop\gmer.exe
2012-06-21 14:07 - 2012-06-21 14:07 - 00294216 ____A C:\Users\Katz\Desktop\gmer.zip
2012-06-21 13:58 - 2012-06-21 13:58 - 00019487 ____A C:\Users\Katz\Desktop\Attach.txt
2012-06-21 13:58 - 2012-06-21 13:58 - 00015650 ____A C:\Users\Katz\Desktop\DDS.txt
2012-06-21 13:23 - 2012-06-21 13:23 - 00607260 ____R (Swearware) C:\Users\Katz\Desktop\dds.scr
2012-06-21 11:48 - 2012-06-21 11:48 - 00001994 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2012-06-21 11:48 - 2012-03-06 16:04 - 00112984 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2012-06-21 11:48 - 2012-03-06 16:03 - 00612184 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-21 11:48 - 2012-03-06 16:03 - 00337880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-21 11:48 - 2012-03-06 16:03 - 00196440 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2012-06-21 11:48 - 2012-03-06 16:02 - 00044376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-21 11:48 - 2012-03-06 16:02 - 00024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2012-06-21 11:48 - 2012-03-06 16:01 - 00057688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-21 11:48 - 2012-03-06 16:01 - 00053848 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-21 11:48 - 2012-03-06 16:01 - 00020696 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-21 11:48 - 2012-03-06 15:44 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2012-06-21 11:47 - 2012-03-06 16:15 - 00201352 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-21 11:47 - 2012-03-06 16:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-21 11:26 - 2012-06-21 11:24 - 00397451 ____A C:\Users\Katz\Desktop\MiniToolBox.exe
2012-06-21 00:43 - 2012-06-21 00:43 - 00994845 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-21 00:42 - 2012-06-21 10:15 - 00000000 ____D C:\Program Files\PC Tools Security
2012-06-21 00:34 - 2012-06-21 00:41 - 00000000 ____D C:\Users\Katz\AppData\Roaming\GetRightToGo
2012-06-21 00:14 - 2012-06-21 00:21 - 887057149 ____A C:\Users\Katz\Downloads\Pro Tools LE 8.rar
2012-06-20 23:46 - 2012-06-20 23:47 - 00160536 ____A C:\Windows\Minidump\062112-40607-01.dmp
2012-06-20 23:34 - 2012-06-21 11:47 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-20 23:34 - 2012-06-21 11:47 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-20 23:31 - 2012-06-20 23:33 - 98312792 ____A C:\Users\Katz\Downloads\avast_internet_security_setup.exe
2012-06-20 23:10 - 2012-06-20 23:10 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-20 23:02 - 2012-06-21 00:10 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-06-20 22:58 - 2012-06-20 22:58 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-20 22:39 - 2012-06-20 22:39 - 00000000 ____D C:\Users\Katz\Downloads\Pro Tools MP 9 Retail
2012-06-20 22:38 - 2012-06-20 22:38 - 00017499 ____A C:\Users\Katz\Downloads\o-Demonoid.me-o_Pro_Tools_MP_9_Mac_Windows_Retail__7974775.1434.torrent
2012-06-20 14:03 - 2012-06-20 13:40 - 00000000 ____D C:\Users\Katz\Desktop\Exotic Animal Petting Zoo Tree of Tongues
2012-06-20 14:03 - 2012-06-20 04:48 - 00000000 ____D C:\Users\Katz\Desktop\The Word Alive - Life Cycles (2012)
2012-06-20 11:02 - 2012-06-20 11:06 - 96703951 ____A C:\Users\Katz\Downloads\The Word Alive - Life Cycles [2012].rar
2012-06-20 11:00 - 2012-06-20 11:03 - 67227443 ____A C:\Users\Katz\Downloads\Exotic Animal Petting Zoo Tree of Tongues.rar
2012-06-19 19:32 - 2008-06-17 21:56 - 00000000 ____D C:\Users\Katz\Desktop\Toontrack Music EZDrummer dfh Drumkit From Hell Pack
2012-06-19 18:26 - 2008-12-04 02:02 - 00016400 ____A (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\System32\Drivers\diginet.sys
2012-06-19 17:56 - 2012-06-19 19:22 - 00000000 ____D C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack
2012-06-19 17:55 - 2012-06-19 17:55 - 00014154 ____A C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack [rockbox] [h33t].torrent
2012-06-19 17:41 - 2012-06-20 00:30 - 00000000 ____D C:\Users\Katz\Downloads\EZ Drummer [zepa@h33t.com]
2012-06-19 17:40 - 2012-06-19 17:40 - 00020345 ____A C:\Users\Katz\Downloads\EZdrummer [zepa@h33t.com] [h33t].torrent
2012-06-19 17:34 - 2012-06-19 17:34 - 00017721 ____A C:\Users\Katz\Downloads\Pro Tools LE 8 (rar) [h33t] [Nugmonster].torrent
2012-06-19 15:05 - 1996-12-24 22:32 - 33554432 ____N C:\Users\Katz\Desktop\Zelda no Densetsu - Toki no Ocarina (Japan).n64
2012-06-19 15:03 - 2012-06-19 15:05 - 26999425 ____A C:\Users\Katz\Downloads\Zelda no Densetsu - Toki no Ocarina (Japan).zip
2012-06-19 15:02 - 2012-06-19 15:02 - 02080797 ____A (Project64 ) C:\Users\Katz\Downloads\setup Project64 1.6.exe
2012-06-19 14:30 - 2012-06-19 14:30 - 01335858 ____A C:\Users\Katz\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
2012-06-19 14:10 - 2012-06-19 20:20 - 00000000 ____D C:\Users\Katz\Desktop\snes
2012-06-19 14:10 - 2012-06-19 14:10 - 02682192 ____A C:\Users\Katz\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
2012-06-19 14:07 - 2012-06-19 14:07 - 00867785 ____A C:\Users\Katz\Downloads\zsnesw151.zip
2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Users\Katz\AppData\Roaming\MotioninJoy
2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Program Files\MotioninJoy
2012-06-19 14:03 - 2012-05-12 11:31 - 00099400 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-06-19 14:03 - 2011-12-07 18:42 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-06-19 14:03 - 2011-12-07 18:42 - 00255496 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
2012-06-19 14:03 - 2011-12-07 18:42 - 00061984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
2012-06-19 14:02 - 2012-06-19 14:02 - 04117346 ____A C:\Users\Katz\Downloads\MotioninJoy_071001_signed.zip
2012-06-19 11:07 - 2012-06-19 14:11 - 00000000 ____D C:\Users\Katz\Desktop\dld rap cover
2012-06-16 21:44 - 2012-06-16 21:44 - 00081423 ____A C:\Users\Katz\Downloads\September Carrino.torrent
2012-06-16 16:18 - 2012-06-16 16:18 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin (1).exe
2012-06-16 16:17 - 2012-06-16 16:17 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin.exe
2012-06-15 23:36 - 2012-06-15 23:36 - 02394117 ____A C:\Users\Katz\Downloads\IMG_0835.MOV
2012-06-14 10:12 - 2012-06-14 10:13 - 33727620 ____A C:\Users\Katz\Desktop\wed 13th (good).wav
2012-06-13 22:44 - 2012-06-14 10:25 - 00000000 ____D C:\Users\Katz\Desktop\Copy of wed june 13 ( not shitty)
2012-06-12 19:29 - 2012-06-12 19:29 - 00000000 ____D C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face__282012_29__5BMP3%5D_CR_3965953
2012-06-12 18:17 - 2012-06-12 18:17 - 04434578 ____A C:\Users\Katz\Downloads\[allleaks.tumblr.com] Exotic Animal Petting Zoo - You Make Wonderful Pictures.mp3
2012-06-12 16:20 - 2012-06-12 16:49 - 162051925 ____A C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face_%282012%29_%5BMP3%5D_CR_3965953.rar
2012-06-10 02:11 - 2012-06-14 01:13 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Line 6
2012-06-09 13:06 - 2012-06-09 13:06 - 26659972 ____A C:\Users\Katz\Desktop\**** **** (in progress).wav
2012-06-09 12:50 - 2012-06-09 12:50 - 33869960 ____A C:\Users\Katz\Desktop\trip hop (in prog).wav
2012-06-09 00:54 - 2012-06-20 23:46 - 321589879 ____A C:\Windows\MEMORY.DMP
2012-06-08 17:26 - 2012-06-08 17:26 - 00001981 ____A C:\Users\Katz\Desktop\POD Farm 2.lnk
2012-06-08 17:23 - 2012-06-08 17:23 - 33869960 ____A C:\Users\Katz\Desktop\beat!@!@!@!@!@.wav
2012-06-08 16:37 - 2012-06-08 16:43 - 00000000 ____D C:\Users\Katz\Desktop\loops beat 1
2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\Katz\Documents\Line 6
2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\All Users\Line 6
2012-06-08 16:35 - 2012-06-08 16:35 - 00000000 ____D C:\Program Files\Line6
2012-06-08 16:29 - 2012-06-08 16:30 - 00000000 ____D C:\Users\Katz\Desktop\BEST BEATS EVER
2012-06-08 15:03 - 2012-06-08 15:03 - 01873948 ____A C:\Users\Katz\Desktop\WHAT WHAT.wav
2012-06-08 13:36 - 2012-06-08 13:36 - 02723264 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\vcredist_x86.exe
2012-06-08 01:46 - 2012-06-08 02:05 - 163220303 ____A C:\Users\Katz\Downloads\Lush_Princess_01.rar
2012-06-06 09:10 - 2012-06-06 09:15 - 124420592 ____A C:\Users\Katz\Downloads\POD Farm v2.51 Installer.exe
2012-05-30 16:38 - 2012-05-30 16:39 - 06955968 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\Silverlight (1).exe
2012-05-30 10:14 - 2012-05-30 10:14 - 00000000 ____D C:\Users\Katz\AppData\Roaming\LolClient2
2012-05-28 11:14 - 2012-05-28 11:20 - 00000000 ____D C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv]
2012-05-28 11:13 - 2012-05-28 11:13 - 00030677 ____A C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv] [h33t].torrent
2012-05-25 10:16 - 2012-05-25 10:34 - 113123901 ____A C:\Users\Katz\Downloads\7_Horns_7_Eyes-Throes_Of_Absolution-2012-KzT.rar
2012-05-22 14:13 - 2012-05-22 15:21 - 00000000 ____D C:\Users\Katz\Downloads\House.S08.Special-Swan.Song.720p.HDTV.x264-BAJSKORV [PublicHD]

============ 3 Months Modified Files and Folders ===============
2012-06-21 16:41 - 2012-06-21 16:39 - 00000000 ____D C:\FRST
2012-06-21 15:36 - 2012-03-22 19:39 - 00095586 ____A C:\Windows\setupact.log
2012-06-21 15:31 - 2010-11-20 13:01 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-21 15:30 - 2012-06-21 15:31 - 00876898 ____A C:\Users\Katz\Desktop\FRST.exe
2012-06-21 14:17 - 2011-08-08 17:43 - 00010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-21 14:17 - 2011-08-08 17:43 - 00010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-21 14:15 - 2012-06-21 14:15 - 00001293 ____A C:\Users\Katz\Desktop\gmer.log
2012-06-21 14:12 - 2011-08-08 18:47 - 01416221 ____A C:\Windows\WindowsUpdate.log
2012-06-21 14:10 - 2011-07-07 22:49 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-21 14:10 - 2011-03-13 09:20 - 00000000 ____D C:\Program Files\Steam
2012-06-21 14:10 - 2009-07-13 20:53 - 00027422 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-21 14:10 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-21 14:07 - 2012-06-21 14:07 - 00294216 ____A C:\Users\Katz\Desktop\gmer.zip
2012-06-21 14:01 - 2012-06-21 15:31 - 00294216 ____A C:\Users\Katz\Desktop\gmer-1.zip
2012-06-21 13:58 - 2012-06-21 13:58 - 00019487 ____A C:\Users\Katz\Desktop\Attach.txt
2012-06-21 13:58 - 2012-06-21 13:58 - 00015650 ____A C:\Users\Katz\Desktop\DDS.txt
2012-06-21 13:47 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-06-21 13:23 - 2012-06-21 13:23 - 00607260 ____R (Swearware) C:\Users\Katz\Desktop\dds.scr
2012-06-21 12:40 - 2011-07-11 12:55 - 00000000 ____D C:\Users\Katz\AppData\Local\LogMeIn Hamachi
2012-06-21 11:51 - 2011-07-30 16:15 - 00000000 ____D C:\Users\Katz\AppData\Local\PMB Files
2012-06-21 11:48 - 2012-06-21 11:48 - 00001994 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2012-06-21 11:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-21 11:48 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-06-21 11:47 - 2012-06-20 23:34 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-21 11:47 - 2012-06-20 23:34 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-21 11:34 - 2011-03-12 02:33 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-21 11:24 - 2012-06-21 11:26 - 00397451 ____A C:\Users\Katz\Desktop\MiniToolBox.exe
2012-06-21 11:02 - 2010-11-20 13:48 - 00045274 ____A C:\Windows\PFRO.log
2012-06-21 10:15 - 2012-06-21 00:42 - 00000000 ____D C:\Program Files\PC Tools Security
2012-06-21 00:43 - 2012-06-21 00:43 - 00994845 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-21 00:41 - 2012-06-21 00:34 - 00000000 ____D C:\Users\Katz\AppData\Roaming\GetRightToGo
2012-06-21 00:28 - 2011-04-01 18:24 - 00000000 ____D C:\Users\Katz\AppData\Roaming\uTorrent
2012-06-21 00:24 - 2011-04-04 20:06 - 00000000 ____D C:\Program Files\PeerBlock
2012-06-21 00:21 - 2012-06-21 00:14 - 887057149 ____A C:\Users\Katz\Downloads\Pro Tools LE 8.rar
2012-06-21 00:13 - 2012-05-18 11:25 - 00000000 ____D C:\users\UpdatusUser.Katz-PC
2012-06-21 00:12 - 2011-03-13 09:21 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-06-21 00:10 - 2012-06-20 23:02 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-06-21 00:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Web
2012-06-20 23:47 - 2012-06-20 23:46 - 00160536 ____A C:\Windows\Minidump\062112-40607-01.dmp
2012-06-20 23:47 - 2009-07-13 20:33 - 03791400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-20 23:46 - 2012-06-09 00:54 - 321589879 ____A C:\Windows\MEMORY.DMP
2012-06-20 23:46 - 2011-08-16 15:35 - 00000000 ____D C:\Windows\Minidump
2012-06-20 23:46 - 2011-07-01 18:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-20 23:33 - 2012-06-20 23:31 - 98312792 ____A C:\Users\Katz\Downloads\avast_internet_security_setup.exe
2012-06-20 23:10 - 2012-06-20 23:10 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-20 22:58 - 2012-06-20 22:58 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-20 22:55 - 2011-03-10 16:22 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000UA.job
2012-06-20 22:39 - 2012-06-20 22:39 - 00000000 ____D C:\Users\Katz\Downloads\Pro Tools MP 9 Retail
2012-06-20 22:38 - 2012-06-20 22:38 - 00017499 ____A C:\Users\Katz\Downloads\o-Demonoid.me-o_Pro_Tools_MP_9_Mac_Windows_Retail__7974775.1434.torrent
2012-06-20 22:28 - 2011-03-10 16:22 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000Core.job
2012-06-20 13:40 - 2012-06-20 14:03 - 00000000 ____D C:\Users\Katz\Desktop\Exotic Animal Petting Zoo Tree of Tongues
2012-06-20 11:06 - 2012-06-20 11:02 - 96703951 ____A C:\Users\Katz\Downloads\The Word Alive - Life Cycles [2012].rar
2012-06-20 11:03 - 2012-06-20 11:00 - 67227443 ____A C:\Users\Katz\Downloads\Exotic Animal Petting Zoo Tree of Tongues.rar
2012-06-20 04:48 - 2012-06-20 14:03 - 00000000 ____D C:\Users\Katz\Desktop\The Word Alive - Life Cycles (2012)
2012-06-20 00:30 - 2012-06-19 17:41 - 00000000 ____D C:\Users\Katz\Downloads\EZ Drummer [zepa@h33t.com]
2012-06-19 20:20 - 2012-06-19 14:10 - 00000000 ____D C:\Users\Katz\Desktop\snes
2012-06-19 19:22 - 2012-06-19 17:56 - 00000000 ____D C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack
2012-06-19 19:15 - 2011-08-08 19:55 - 00115360 ____A C:\Users\Katz\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-19 18:32 - 2011-08-14 20:50 - 00000000 ____D C:\Program Files\Digidesign
2012-06-19 18:28 - 2011-03-10 11:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-06-19 17:55 - 2012-06-19 17:55 - 00014154 ____A C:\Users\Katz\Downloads\Toontrack Music EZDrummer dfh Drumkit From Hell Pack [rockbox] [h33t].torrent
2012-06-19 17:45 - 2011-08-14 20:50 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2012-06-19 17:40 - 2012-06-19 17:40 - 00020345 ____A C:\Users\Katz\Downloads\EZdrummer [zepa@h33t.com] [h33t].torrent
2012-06-19 17:34 - 2012-06-19 17:34 - 00017721 ____A C:\Users\Katz\Downloads\Pro Tools LE 8 (rar) [h33t] [Nugmonster].torrent
2012-06-19 15:05 - 2012-06-19 15:03 - 26999425 ____A C:\Users\Katz\Downloads\Zelda no Densetsu - Toki no Ocarina (Japan).zip
2012-06-19 15:02 - 2012-06-19 15:02 - 02080797 ____A (Project64 ) C:\Users\Katz\Downloads\setup Project64 1.6.exe
2012-06-19 14:30 - 2012-06-19 14:30 - 01335858 ____A C:\Users\Katz\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
2012-06-19 14:11 - 2012-06-19 11:07 - 00000000 ____D C:\Users\Katz\Desktop\dld rap cover
2012-06-19 14:11 - 2011-08-14 21:28 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Digidesign
2012-06-19 14:10 - 2012-06-19 14:10 - 02682192 ____A C:\Users\Katz\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
2012-06-19 14:07 - 2012-06-19 14:07 - 00867785 ____A C:\Users\Katz\Downloads\zsnesw151.zip
2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-06-19 14:05 - 2012-06-19 14:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Users\Katz\AppData\Roaming\MotioninJoy
2012-06-19 14:03 - 2012-06-19 14:03 - 00000000 ____D C:\Program Files\MotioninJoy
2012-06-19 14:02 - 2012-06-19 14:02 - 04117346 ____A C:\Users\Katz\Downloads\MotioninJoy_071001_signed.zip
2012-06-17 17:24 - 2012-05-18 14:44 - 00000000 ____D C:\Program Files\Diablo III
2012-06-16 21:44 - 2012-06-16 21:44 - 00081423 ____A C:\Users\Katz\Downloads\September Carrino.torrent
2012-06-16 18:32 - 2011-04-25 08:03 - 00000000 ____D C:\Users\Katz\Desktop\school
2012-06-16 16:18 - 2012-06-16 16:18 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin (1).exe
2012-06-16 16:17 - 2012-06-16 16:17 - 00318904 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\wmpfirefoxplugin.exe
2012-06-15 23:36 - 2012-06-15 23:36 - 02394117 ____A C:\Users\Katz\Downloads\IMG_0835.MOV
2012-06-14 10:25 - 2012-06-13 22:44 - 00000000 ____D C:\Users\Katz\Desktop\Copy of wed june 13 ( not shitty)
2012-06-14 10:13 - 2012-06-14 10:12 - 33727620 ____A C:\Users\Katz\Desktop\wed 13th (good).wav
2012-06-14 01:13 - 2012-06-10 02:11 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Line 6
2012-06-12 23:37 - 2011-08-08 17:45 - 00000000 ____D C:\users\Katz
2012-06-12 19:29 - 2012-06-12 19:29 - 00000000 ____D C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face__282012_29__5BMP3%5D_CR_3965953
2012-06-12 18:17 - 2012-06-12 18:17 - 04434578 ____A C:\Users\Katz\Downloads\[allleaks.tumblr.com] Exotic Animal Petting Zoo - You Make Wonderful Pictures.mp3
2012-06-12 16:49 - 2012-06-12 16:20 - 162051925 ____A C:\Users\Katz\Downloads\Slice_The_Cake_-_The_Man_With_No_Face_%282012%29_%5BMP3%5D_CR_3965953.rar
2012-06-12 15:48 - 2011-03-10 16:28 - 00001112 ___AH C:\IPH.PH
2012-06-12 15:48 - 2011-03-10 16:28 - 00000000 ____D C:\Users\Katz\AppData\Local\AIM
2012-06-09 13:06 - 2012-06-09 13:06 - 26659972 ____A C:\Users\Katz\Desktop\**** **** (in progress).wav
2012-06-09 12:50 - 2012-06-09 12:50 - 33869960 ____A C:\Users\Katz\Desktop\trip hop (in prog).wav
2012-06-09 00:54 - 2011-03-17 10:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-08 17:26 - 2012-06-08 17:26 - 00001981 ____A C:\Users\Katz\Desktop\POD Farm 2.lnk
2012-06-08 17:23 - 2012-06-08 17:23 - 33869960 ____A C:\Users\Katz\Desktop\beat!@!@!@!@!@.wav
2012-06-08 16:43 - 2012-06-08 16:37 - 00000000 ____D C:\Users\Katz\Desktop\loops beat 1
2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\Katz\Documents\Line 6
2012-06-08 16:36 - 2012-06-08 16:36 - 00000000 ____D C:\Users\All Users\Line 6
2012-06-08 16:35 - 2012-06-08 16:35 - 00000000 ____D C:\Program Files\Line6
2012-06-08 16:30 - 2012-06-08 16:29 - 00000000 ____D C:\Users\Katz\Desktop\BEST BEATS EVER
2012-06-08 15:03 - 2012-06-08 15:03 - 01873948 ____A C:\Users\Katz\Desktop\WHAT WHAT.wav
2012-06-08 13:36 - 2012-06-08 13:36 - 02723264 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\vcredist_x86.exe
2012-06-08 13:10 - 2012-01-17 15:33 - 00000000 ____D C:\Users\Katz\Desktop\jan 17 metal
2012-06-08 02:05 - 2012-06-08 01:46 - 163220303 ____A C:\Users\Katz\Downloads\Lush_Princess_01.rar
2012-06-07 10:48 - 2011-07-30 16:15 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-06 09:15 - 2012-06-06 09:10 - 124420592 ____A C:\Users\Katz\Downloads\POD Farm v2.51 Installer.exe
2012-05-30 16:39 - 2012-05-30 16:38 - 06955968 ____A (Microsoft Corporation) C:\Users\Katz\Downloads\Silverlight (1).exe
2012-05-30 10:14 - 2012-05-30 10:14 - 00000000 ____D C:\Users\Katz\AppData\Roaming\LolClient2
2012-05-28 11:20 - 2012-05-28 11:14 - 00000000 ____D C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv]
2012-05-28 11:13 - 2012-05-28 11:13 - 00030677 ____A C:\Users\Katz\Downloads\Game of Thrones S02E09 HDTV x264-ASAP[ettv] [h33t].torrent
2012-05-25 12:16 - 2011-09-04 13:22 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Spotify
2012-05-25 12:15 - 2011-09-04 13:22 - 00000000 ____D C:\Users\Katz\AppData\Local\Spotify
2012-05-25 11:57 - 2012-03-19 17:21 - 00000065 ____A C:\Users\Katz\Desktop\u of a pass.txt
2012-05-25 10:34 - 2012-05-25 10:16 - 113123901 ____A C:\Users\Katz\Downloads\7_Horns_7_Eyes-Throes_Of_Absolution-2012-KzT.rar
2012-05-22 15:21 - 2012-05-22 14:13 - 00000000 ____D C:\Users\Katz\Downloads\House.S08.Special-Swan.Song.720p.HDTV.x264-BAJSKORV [PublicHD]
2012-05-18 15:20 - 2012-05-18 15:20 - 00000000 ____D C:\Users\Katz\Documents\Diablo III
2012-05-18 15:09 - 2012-05-18 14:44 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-18 15:09 - 2011-04-05 14:40 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2012-05-18 14:43 - 2012-05-18 14:43 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-18 14:42 - 2011-12-30 12:56 - 00000000 ____D C:\Users\Katz\Desktop\sdafsadfsdfs
2012-05-18 11:25 - 2012-05-18 11:25 - 00000020 ___SH C:\Users\UpdatusUser.Katz-PC\ntuser.ini
2012-05-18 11:25 - 2011-08-08 17:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-18 11:24 - 2011-07-07 22:47 - 00000000 ____D C:\NVIDIA
2012-05-18 11:18 - 2012-05-18 11:13 - 168914544 ____A (NVIDIA Corporation) C:\Users\Katz\Downloads\296.10-notebook-win7-winvista-32bit-international-whql.exe
2012-05-17 13:08 - 2012-05-17 13:08 - 00000000 ____D C:\Users\Katz\Downloads\Game.of.Thrones.S02E07.720p.HDTV.x264-IMMERSE [PublicHD]
2012-05-17 13:07 - 2012-05-17 13:07 - 00007823 ____A C:\Users\Katz\Downloads\Game of Thrones S02E07 720p HDTV x264 IMMERSE [PublicHD] [h33t].torrent
2012-05-12 11:31 - 2012-06-19 14:03 - 00099400 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-05-08 21:46 - 2012-05-08 21:44 - 60644399 ____A C:\Users\Katz\Downloads\I_Stopped_Caring_In_96.zip
2012-05-08 18:49 - 2012-05-08 18:47 - 44800020 ____A C:\Users\Katz\Downloads\Eyes Shut EP.zip
2012-05-04 10:42 - 2012-05-04 10:42 - 00000000 ____D C:\Users\Katz\Downloads\[www.tnttorrent.info] Grown Ups 2010 [DVDRip.XviD-miguel] [Ekipa TnT]
2012-05-03 16:37 - 2012-05-03 16:37 - 00000000 ____D C:\Program Files\M-Audio
2012-05-03 16:35 - 2012-05-03 16:34 - 10652168 ____A (M-Audio, a division of Avid Technology, Inc.) C:\Users\Katz\Downloads\Install M-Audio FastTrack 6_0_6.exe
2012-05-03 12:46 - 2012-05-03 12:45 - 18283610 ____A C:\Users\Katz\Downloads\Paper Diamond-Wavesight EP (JEFF017).zip
2012-05-02 16:10 - 2012-03-19 19:02 - 00000000 ____D C:\Users\Katz\AppData\Roaming\abgx360
2012-04-30 19:36 - 2012-04-30 19:32 - 104857600 ____A C:\Users\Katz\Downloads\ME3.d2.wyccad.part35.rar
2012-04-29 17:56 - 2012-04-22 09:11 - 00000000 ____D C:\Users\Katz\Desktop\pso2
2012-04-29 15:19 - 2012-03-18 19:36 - 00000000 ____D C:\Program Files\JDownloader
2012-04-29 07:57 - 2012-04-29 07:57 - 08513024 ____A C:\Users\Katz\Downloads\Hume on Personal Identity.ppt
2012-04-29 07:57 - 2012-04-29 07:57 - 00776192 ____A C:\Users\Katz\Downloads\Presentation on Locke on Personal Identity.ppt
2012-04-28 09:24 - 2012-04-28 09:24 - 00000000 ____D C:\Users\Katz\Downloads\[www.Cpasbien.com] Tenacious D - Rize of the Fenix (2012)
2012-04-28 09:18 - 2012-04-28 09:17 - 70092365 ____A C:\Users\Katz\Downloads\BTD - RseOfthPhnix.2012.320kbps.VBR.rar
2012-04-27 15:42 - 2012-04-27 15:42 - 01037072 ____A C:\Users\Katz\Downloads\Downloader.exe
2012-04-25 17:32 - 2012-04-25 17:32 - 00120834 ____A C:\Users\Katz\Downloads\sine30.zip
2012-04-24 17:45 - 2012-04-24 17:45 - 04308484 ____A C:\Users\Katz\Desktop\bass beats+orch.wav
2012-04-22 12:20 - 2012-04-22 12:20 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-04-22 12:04 - 2012-04-22 12:04 - 00001292 ____A C:\Users\Katz\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-04-22 11:55 - 2012-04-22 11:55 - 00000000 ____D C:\Users\Katz\Documents\SEGA
2012-04-22 11:55 - 2012-04-22 11:55 - 00000000 ____D C:\Program Files\SEGA
2012-04-22 09:12 - 2012-04-22 09:12 - 00000000 ____D C:\Users\Katz\AppData\Roaming\SEGA
2012-04-17 14:02 - 2012-04-17 14:01 - 06887361 ____A C:\Users\Katz\Downloads\Recipe (Beat).mp3
2012-04-17 13:51 - 2012-04-17 13:50 - 00000000 ____D C:\Users\Katz\Downloads\50 50
2012-04-17 13:49 - 2012-04-17 13:49 - 00012806 ____A C:\Users\Katz\Downloads\50_50 [2011] DVD SCREENER MP4 c00kies INF1N1TY [h33t].torrent
2012-04-17 08:46 - 2012-04-17 08:46 - 00077694 ____A C:\Users\Katz\Downloads\shins_new_slang.gp5
2012-04-16 17:43 - 2012-04-16 17:43 - 10785434 ____A C:\Users\Katz\Downloads\Zardonic, Mark Instinct, NumberNin6 and Run DMT - Real Steel - Electrokill.info.mp3
2012-04-16 17:40 - 2012-04-16 17:39 - 08237184 ____A C:\Users\Katz\Downloads\Nightmares On Wax - You Wish.mp3
2012-04-16 17:39 - 2012-04-16 17:37 - 06718759 ____A C:\Users\Katz\Downloads\Poncho Warwick - Tainted Jazz.mp3
2012-04-16 14:10 - 2012-04-16 14:10 - 03967718 ____A C:\Users\Katz\Downloads\Dr. Dre & Kendrick Lamar - Coachella 2012 - The Recipe.mp3
2012-04-16 13:09 - 2011-03-27 10:22 - 00000000 ____D C:\Users\Katz\AppData\Roaming\Skype
2012-04-16 11:18 - 2011-03-27 10:23 - 00000000 ____D C:\Users\Katz\AppData\Roaming\skypePM
2012-04-16 10:30 - 2012-04-16 10:29 - 00000000 ____D C:\Users\Katz\Downloads\Eastbound and Down S03E08 HDTV x264-ASAP[ettv]
2012-04-16 10:15 - 2012-04-16 10:12 - 00000000 ____D C:\Users\Katz\Downloads\Eastbound and Down S03E07 HDTV x264-ASAP[ettv]
2012-04-13 16:22 - 2012-04-13 16:04 - 48519046 ____A C:\Users\Katz\Downloads\mp3tera.org_Depths_Of_Hatred-Aversionist-2012-UTP.rar
2012-04-11 13:35 - 2012-04-11 13:35 - 00016270 ____A C:\Users\Katz\Downloads\Job For A Cowboy- Demonocracy- [2012]- NewMp3Club [h33t].torrent
2012-04-11 11:32 - 2012-04-11 11:29 - 101896811 ____A C:\Users\Katz\Downloads\Shadow Of The Colossus - Shadow Of The Colossus (2010).rar
2012-04-10 21:12 - 2012-04-10 21:08 - 172813867 ____A C:\Users\Katz\Downloads\V.A. - The Ultimate-Guitar Community Drone Album, One.rar
2012-04-09 16:21 - 2012-04-09 16:20 - 00000000 ____D C:\Users\Katz\Downloads\Eastbound and Down S03E07 HDTV XviD-FQM[ettv]
2012-04-09 13:34 - 2012-04-22 12:22 - 03957088 ____A (INCA Internet Co., Ltd.) C:\Windows\System32\GameMon.des
2012-04-04 18:50 - 2012-04-04 18:49 - 00000000 ____D C:\Users\Katz\Desktop\samples
2012-04-04 17:08 - 2012-04-04 17:03 - 00000000 ____D C:\Users\Katz\Downloads\The Big Lebowski 1998 720p BRRip x264-HDLiTE
2012-04-04 17:02 - 2012-04-04 17:02 - 00024583 ____A C:\Users\Katz\Downloads\The Big Lebowski 1998 720p BRRip x264-HDLiTE [h33t].torrent
2012-04-04 14:56 - 2011-07-01 18:38 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 14:36 - 2012-04-04 14:36 - 01416172 ____A C:\Users\Katz\Downloads\looperman_111346_28025_Thudacious.wav
2012-04-04 14:31 - 2012-04-04 14:31 - 00088250 ____A C:\Users\Katz\Downloads\looperman_512025_49116_Thunder Crack.wav
2012-04-04 14:24 - 2011-12-04 17:57 - 02121906 ____A C:\Users\Katz\Downloads\looperman_89446_7141_Rap Bass.wav
2012-04-04 14:16 - 2012-04-04 14:16 - 02419244 ____A C:\Users\Katz\Downloads\looperman_159051_37335_ (1).wav
2012-04-04 13:19 - 2012-04-04 13:18 - 19133883 ____A C:\Users\Katz\Downloads\Above & Beyond feat. Zoe Johnston - Love Is Not Enough (Maor Levi & Bluestone Remix) (BacauHouseMafia.Ro).mp3
2012-04-04 13:14 - 2012-04-04 13:14 - 00000850 ____A C:\Users\Katz\Downloads\Above_and_Beyond_feat_Zoe_Johnston-Love_Is_Not_Enough_(The_Remixes)-ANJ231RD-WEB-2012-TraX.rar
2012-04-03 16:34 - 2012-04-03 16:33 - 1380274904 ____A C:\Users\Katz\Downloads\Game.of.Thrones.s02e02.720p.WebRip-x264-English Audio.mp4
2012-04-02 16:16 - 2012-04-02 15:27 - 1410844298 ____A C:\Users\Katz\Downloads\Game.of.Thrones.S02E01.720p.HDTV.RM-IMMERSE.3gp
2012-03-28 13:03 - 2012-03-28 13:03 - 00000000 ____D C:\Windows\Panther
2012-03-25 14:15 - 2012-03-25 14:15 - 00030365 ____A C:\Users\Katz\Downloads\Spartacus Vengeance S02E09 Monsters HDTV XviD-xTriLL [h33t].torrent
2012-03-25 13:43 - 2012-03-25 13:30 - 735442944 ____A C:\Users\Katz\Downloads\Paranormal.Activity.3.2011.UNRATED.DVDRip.XviD-SPARKS.avi
2012-03-25 13:29 - 2012-03-25 13:29 - 00014783 ____A C:\Users\Katz\Downloads\Paranormal Activity 3 2011 UNRATED DVDRip XviD-SPARKS [h33t].torrent
ZeroAccess:
C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}
C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\@
C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\L
C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\U
C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\U\trz7D1D.tmp
ZeroAccess:
C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}
C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\@
C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\L
C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\n
C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 4094.06 MB
Available physical RAM: 3612.75 MB
Total Pagefile: 4092.35 MB
Available Pagefile: 3612.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.69 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:298.09 GB) (Free:32.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Pro Tools) (CDROM) (Total:7.01 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:0.96 GB) (Free:0.34 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 981 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 298 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 980 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 980 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-17 23:55
======================= End Of Log ==========================
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Farbar Recovery Scan Tool Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-21 16:51:50
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Boot normally and....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    437 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-21 17:19:49 Run:1
Running from E:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs prodrv06 Deleted successfully.
C:\Windows\Installer\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404} moved successfully.
C:\Users\Katz\AppData\Local\{0954ec52-c0cd-4a13-e71b-43dd8bc2a404} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

I still have no internet. Do I download combofix put it onto the flash drive and then transfer it to the other computer?
 
update on what is currently going on: it is running combofix currently. a popup came up and said I have been infected with rootkit.zeroaccess! and that it would take sometime.
 
so "combofix has detected rootkit activity and needs to restart". when it is back on do I run combofix again?

EDIT: NEVERMIND, it ran itself
 
ComboFix 12-06-21.02 - Katz 06/21/2012 17:54:49.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2902 [GMT -7:00]
Running from: c:\users\Katz\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB28499$
c:\windows\$NtUninstallKB28499$\2218932995
c:\windows\$NtUninstallKB28499$\2594239987\@
c:\windows\$NtUninstallKB28499$\2594239987\cfg.ini
c:\windows\$NtUninstallKB28499$\2594239987\Desktop.ini
c:\windows\$NtUninstallKB28499$\2594239987\L\eaguynoe
c:\windows\$NtUninstallKB28499$\2594239987\oemid
c:\windows\$NtUninstallKB28499$\2594239987\U\00000001.@
c:\windows\$NtUninstallKB28499$\2594239987\U\00000002.@
c:\windows\$NtUninstallKB28499$\2594239987\U\00000004.@
c:\windows\$NtUninstallKB28499$\2594239987\U\80000000.@
c:\windows\$NtUninstallKB28499$\2594239987\U\80000004.@
c:\windows\$NtUninstallKB28499$\2594239987\U\80000032.@
c:\windows\$NtUninstallKB28499$\2594239987\version
c:\windows\system32\dds_trash_log.cmd
.
c:\windows\system32\drivers\afd.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 01:13 . 2012-06-22 01:15 -------- d-----w- c:\users\Katz\AppData\Local\temp
2012-06-22 01:13 . 2012-06-22 01:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-22 01:13 . 2012-06-22 01:13 -------- d-----w- c:\users\UpdatusUser.Katz-PC\AppData\Local\temp
2012-06-21 19:13 . 2012-06-21 19:22 -------- d-----w- c:\users\Katz\AppData\Local\ElevatedDiagnostics
2012-06-21 08:42 . 2012-06-21 18:15 -------- d-----w- c:\program files\PC Tools Security
2012-06-21 08:34 . 2012-06-21 08:41 -------- d-----w- c:\users\Katz\AppData\Roaming\GetRightToGo
2012-06-21 07:34 . 2012-06-22 00:53 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 07:34 . 2012-06-21 19:47 -------- d-----w- c:\program files\AVAST Software
2012-06-21 06:58 . 2012-06-21 06:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-20 02:26 . 2008-12-04 10:02 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\users\Katz\AppData\Roaming\MotioninJoy
2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\program files\MotioninJoy
2012-06-19 22:03 . 2012-05-12 19:31 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-06-19 22:03 . 2011-12-08 02:42 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-06-19 22:03 . 2011-12-08 02:42 255496 ----a-w- c:\windows\system32\MijFrc.dll
2012-06-19 22:03 . 2011-12-08 02:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-06-10 10:11 . 2012-06-14 09:13 -------- d-----w- c:\users\Katz\AppData\Roaming\Line 6
2012-06-09 00:36 . 2012-06-09 00:36 -------- d-----w- c:\programdata\Line 6
2012-06-09 00:35 . 2012-06-09 00:35 -------- d-----w- c:\program files\Line6
2012-05-30 18:14 . 2012-05-30 18:14 -------- d-----w- c:\users\Katz\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 21:34 . 2012-04-22 20:22 3957088 ----a-w- c:\windows\system32\GameMon.des
2012-04-04 22:56 . 2011-07-02 02:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-31 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Katz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-04-09 3957088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LRMINIPORT
hpdj
minilog
pccsmcfd
psdistributionagent
USR1806V
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000Core.job
- c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000UA.job
- c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Wyslij &do programu OneNote
IE: Wyslij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: line6.net
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\psqlpwd.DLL
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(3168)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-21 18:19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 01:19
.
Pre-Run: 35,371,950,080 bytes free
Post-Run: 34,992,721,920 bytes free
.
- - End Of File - - 038BAAFFD92FDE01D83F996EC1418ED4
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
afd.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 18:40 on 21/06/2012 by Katz
Administrator - Elevation successful
========== filefind ==========
Searching for "afd.sys"
No files found.
-= EOF =-
 
That's quite impossible.

Attached is "afd.zip" file.
Unzip it and paste "afd.sys" file into c:\windows\system32\drivers folder.
Disregard any Windows warnings.

Re-run Combofix and post new log.
 

Attachments

  • afd.zip
    163 KB · Views: 1
ComboFix 12-06-21.02 - Katz 06/21/2012 18:54:36.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2359 [GMT -7:00]
Running from: c:\users\Katz\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 02:00 . 2012-06-22 02:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-22 02:00 . 2012-06-22 02:00 -------- d-----w- c:\users\UpdatusUser.Katz-PC\AppData\Local\temp
2012-06-22 02:00 . 2012-06-22 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 01:53 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-22 01:13 . 2012-06-22 02:00 -------- d-----w- c:\users\Katz\AppData\Local\temp
2012-06-22 00:39 . 2012-06-22 00:42 -------- d-----w- C:\FRST
2012-06-21 19:13 . 2012-06-21 19:22 -------- d-----w- c:\users\Katz\AppData\Local\ElevatedDiagnostics
2012-06-21 08:42 . 2012-06-21 18:15 -------- d-----w- c:\program files\PC Tools Security
2012-06-21 08:34 . 2012-06-21 08:41 -------- d-----w- c:\users\Katz\AppData\Roaming\GetRightToGo
2012-06-21 07:34 . 2012-06-22 00:53 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 07:34 . 2012-06-21 19:47 -------- d-----w- c:\program files\AVAST Software
2012-06-21 06:58 . 2012-06-21 06:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-20 02:26 . 2008-12-04 10:02 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\users\Katz\AppData\Roaming\MotioninJoy
2012-06-19 22:03 . 2012-06-19 22:03 -------- d-----w- c:\program files\MotioninJoy
2012-06-19 22:03 . 2012-05-12 19:31 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-06-19 22:03 . 2011-12-08 02:42 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-06-19 22:03 . 2011-12-08 02:42 255496 ----a-w- c:\windows\system32\MijFrc.dll
2012-06-19 22:03 . 2011-12-08 02:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-06-10 10:11 . 2012-06-14 09:13 -------- d-----w- c:\users\Katz\AppData\Roaming\Line 6
2012-06-09 00:36 . 2012-06-09 00:36 -------- d-----w- c:\programdata\Line 6
2012-06-09 00:35 . 2012-06-09 00:35 -------- d-----w- c:\program files\Line6
2012-05-30 18:14 . 2012-05-30 18:14 -------- d-----w- c:\users\Katz\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 21:34 . 2012-04-22 20:22 3957088 ----a-w- c:\windows\system32\GameMon.des
2012-04-04 22:56 . 2011-07-02 02:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-31 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Katz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-04-09 3957088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LRMINIPORT
hpdj
minilog
pccsmcfd
psdistributionagent
USR1806V
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000Core.job
- c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200271565-912711694-3251406831-1000UA.job
- c:\users\Katz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 00:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Wyslij &do programu OneNote
IE: Wyslij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: line6.net
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\psqlpwd.DLL
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(1628)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2012-06-21 19:02:02
ComboFix-quarantined-files.txt 2012-06-22 02:02
ComboFix2.txt 2012-06-22 01:19
.
Pre-Run: 35,080,077,312 bytes free
Post-Run: 34,777,706,496 bytes free
.
- - End Of File - - 6E225EF9C3B5E1F4F61853E73B9160D5
 
Very good :)

We'll run couple more tools to make sure all is OK.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
775
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back