Solved Infected with Sirefef and Patched.B.gen trojan

Status
Not open for further replies.
A

Adode

Posts: 8   +0
Like many I also have a similar infection with Eset constantly showing pop ups about blocked Sirefef and a scan saying there's a Patched.B.gen trojan.

I've read a few threads and noticed that a Farbar scan is required, so here are the results.

Thank you very much for your help!

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 18-07-2012 11:57:29
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-15] (IDT, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\adode13\...\Run: [Google Update] "C:\Users\adode13\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-28] (Google Inc.)
HKU\adode13\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\adode13\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\adode13\...\Run: [AdobeBridge] [x]
HKU\adode13\...\Run: [cacaoweb] "C:\Users\adode13\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [429056 2012-07-11] ()
HKU\adode13\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\adode13\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Runonce: [SpybotDeletingA4376] command.com /c del "C:\Users\adode13\AppData\Roaming\svchost.exe" [x]
HKLM-x32\...\Runonce: [SpybotDeletingC7167] cmd.exe /c del "C:\Users\adode13\AppData\Roaming\svchost.exe" [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ======

2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2011-01-25] (CyberLink)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2011-01-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2011-01-12] (ESET)
2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)
2 IsaMonitor; C:\Program Files (x86)\Asistente Infinitum\IsaMonitor.exe [185856 2008-07-23] (Fine Point Technologies, Inc.)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-10-09] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2011-04-25] (Citrix Systems, Inc.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-08-28] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [170640 2010-12-21] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [141264 2010-12-21] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [125296 2010-12-21] (ESET)
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 09:44 - 2012-07-18 09:44 - 01437107 ____A (Farbar) C:\Users\adode13\Desktop\FRST64.exe
2012-07-18 08:53 - 2012-07-18 08:53 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-07-18 08:34 - 2012-07-18 08:34 - 00000000 ____D C:\Users\All Users\ESET
2012-07-18 08:34 - 2012-07-18 08:34 - 00000000 ____D C:\Program Files\ESET
2012-07-17 20:44 - 2012-07-17 20:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{7535CF12-162A-4FCA-B9EC-9BF3B78B0BC2}
2012-07-17 09:13 - 2012-07-17 09:26 - 127039024 ____A C:\Users\adode13\Downloads\nanoir.rar
2012-07-17 09:13 - 2012-07-17 09:25 - 35600626 ____A C:\Users\adode13\Downloads\GRETEL_-_Kessei_Kinen_Ongenshuu_(single)_by_kumika.rar
2012-07-17 09:13 - 2012-07-17 09:22 - 64912332 ____A C:\Users\adode13\Downloads\???????.zip
2012-07-17 08:44 - 2012-07-17 08:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{9486025A-74DD-4BAD-B3CA-5398371F2D75}
2012-07-16 20:43 - 2012-07-16 20:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{519C535B-63A0-480C-9619-6C0A6B13C1F7}
2012-07-16 08:43 - 2012-07-17 20:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{FB61B02C-4852-4169-8FD3-C16D98F34B13}
2012-07-16 08:43 - 2012-07-16 08:43 - 00000000 ____D C:\Users\adode13\AppData\Local\{0F52EBD8-F522-41C6-9CE5-6FEC345E528A}
2012-07-15 19:54 - 2012-07-15 19:54 - 00000000 ____D C:\Users\adode13\AppData\Local\{628F4176-E877-4804-9644-00C831439FA9}
2012-07-15 13:48 - 2012-07-15 14:21 - 441375029 ____A C:\Users\adode13\Downloads\[4ls]_katawa_shoujo_[windows][C3798628].exe
2012-07-15 07:54 - 2012-07-15 07:54 - 00000000 ____D C:\Users\adode13\AppData\Local\{409D43F6-0E5D-4A33-BB9F-E75ECD63B8EE}
2012-07-14 19:53 - 2012-07-14 19:54 - 00000000 ____D C:\Users\adode13\AppData\Local\{6BD0808A-70EF-411A-9A47-4277A2C1600E}
2012-07-14 12:17 - 2012-07-18 08:36 - 00000000 ____D C:\Users\adode13\Desktop\Gok
2012-07-14 08:01 - 2012-07-14 08:02 - 27296862 ____A C:\Users\adode13\Downloads\[2012.07.04] BugLug - KILLER×KILLER×KILLER.rar
2012-07-14 07:52 - 2012-07-15 19:54 - 00000000 ____D C:\Users\adode13\AppData\Local\{C33D4F02-2CEA-42A8-80EF-C84C70D98402}
2012-07-14 07:52 - 2012-07-14 07:53 - 00000000 ____D C:\Users\adode13\AppData\Local\{4A2A7961-A2F6-4066-8098-DB39520F5A64}
2012-07-13 12:58 - 2012-07-13 13:00 - 14893793 ____A C:\Users\adode13\Downloads\GnT_Hamada_McDonalds.flv
2012-07-13 12:56 - 2012-07-13 12:59 - 46745288 ____A C:\Users\adode13\Downloads\DT_Manzai_Mounting_Sub.avi
2012-07-13 10:03 - 2012-07-13 10:03 - 00000000 ____D C:\Users\adode13\AppData\Local\{EFBDC62D-9C71-4103-A1FC-8BB58FBFC4A8}
2012-07-13 10:02 - 2012-07-13 10:03 - 00000000 ____D C:\Users\adode13\AppData\Local\{969AEDB5-B639-4875-9F76-34817D55D1A8}
2012-07-12 22:04 - 2012-07-12 22:04 - 00000946 ____A C:\Users\adode13\Desktop\Dolphin.lnk
2012-07-12 21:32 - 2011-06-23 22:25 - 00000000 ___AD C:\Users\adode13\Downloads\dolphin-3.0-win64
2012-07-12 10:36 - 2012-07-12 10:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{AA67E3B1-FC95-427E-B5B8-6E7EF65DDC32}
2012-07-12 10:36 - 2012-07-12 10:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{510FEC62-2A79-480E-AB8F-E3DA2678C088}
2012-07-12 10:24 - 2012-07-12 10:30 - 91139450 ____A C:\Users\adode13\Downloads\Reprise.zip
2012-07-12 09:14 - 2012-07-12 09:14 - 09226440 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-12 01:10 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 01:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 01:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 01:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 01:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 01:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 01:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 01:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 01:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 01:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 01:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 01:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 01:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 01:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 01:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 01:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 01:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 01:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 01:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 01:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 01:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 01:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 01:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 01:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 01:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 01:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 01:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 01:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 01:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 22:36 - 2012-07-11 22:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{72A7231C-394C-4155-98B2-C08304E70063}
2012-07-11 22:36 - 2012-07-11 22:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{02F650BA-E171-46A8-B320-48E3E3B691C0}
2012-07-11 16:19 - 2012-07-11 16:19 - 00248730 ____A C:\Users\adode13\Downloads\individigital.zip
2012-07-11 16:19 - 2012-07-11 16:19 - 00008389 ____A C:\Users\adode13\Downloads\dominik.zip
2012-07-11 14:32 - 2012-07-11 14:34 - 15634214 ____A C:\Users\adode13\Downloads\?????????.zip
2012-07-11 14:32 - 2012-07-11 14:34 - 08955362 ____A C:\Users\adode13\Downloads\03 my ugly gene.m4a
2012-07-11 14:32 - 2012-07-11 14:33 - 09744709 ____A C:\Users\adode13\Downloads\02 Fear Dance.m4a
2012-07-11 14:32 - 2012-07-11 14:33 - 09557049 ____A C:\Users\adode13\Downloads\01 ?-kHz.m4a
2012-07-11 14:30 - 2012-07-11 14:30 - 06222779 ____A C:\Users\adode13\Downloads\lakugaki.mp3.zip
2012-07-11 10:35 - 2012-07-11 10:35 - 00000000 ____D C:\Users\adode13\AppData\Local\{E6C4FC21-2713-4F15-89D3-162D1DC46A9B}
2012-07-11 10:35 - 2012-07-11 10:35 - 00000000 ____D C:\Users\adode13\AppData\Local\{4274FC9B-46F9-4B68-984E-762B46820AD3}
2012-07-11 04:04 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 04:04 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 04:04 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 04:04 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 04:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 04:04 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 04:04 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 04:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 04:04 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 04:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 04:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 04:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 04:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 04:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 04:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 04:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 04:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 04:04 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 04:04 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 22:35 - 2012-07-10 22:35 - 00000000 ____D C:\Users\adode13\AppData\Local\{EE489028-348A-4020-8F01-551B7B289706}
2012-07-10 10:34 - 2012-07-10 10:34 - 00000000 ____D C:\Users\adode13\AppData\Local\{02410FEE-D1EF-4395-A362-C713AFBAFE2C}
2012-07-09 22:33 - 2012-07-09 22:34 - 00000000 ____D C:\Users\adode13\AppData\Local\{898A50E2-8EB4-4218-A623-EA894655D161}
2012-07-09 17:24 - 2012-07-09 17:39 - 123929747 ____A C:\Users\adode13\Downloads\101.rar
2012-07-09 10:33 - 2012-07-10 22:35 - 00000000 ____D C:\Users\adode13\AppData\Local\{7CDA8AF8-65AE-4977-8E3B-3435C4ED9C80}
2012-07-09 10:33 - 2012-07-09 10:33 - 00000000 ____D C:\Users\adode13\AppData\Local\{2A6F18FE-497F-47E1-A1B8-7B9642E901FB}
2012-07-08 22:32 - 2012-07-08 22:32 - 00079819 ____A C:\Users\adode13\Downloads\minecraftia.zip
2012-07-08 22:32 - 2012-07-08 22:32 - 00034009 ____A C:\Users\adode13\Downloads\v5prophit_cell.zip
2012-07-08 22:19 - 2012-07-08 22:19 - 00000000 ____D C:\Users\adode13\AppData\Local\{70E9745B-8A80-4AE9-A275-D6F3829A98C7}
2012-07-08 10:18 - 2012-07-08 22:19 - 00000000 ____D C:\Users\adode13\AppData\Local\{67A35010-2DA5-4661-98F4-17ABDF80CF1B}
2012-07-08 10:18 - 2012-07-08 10:18 - 00000000 ____D C:\Users\adode13\AppData\Local\{0028E128-7AD9-481C-A3BC-BAFDB86844AD}
2012-07-07 22:02 - 2012-07-07 22:02 - 00000000 ____D C:\Users\adode13\AppData\Local\{B5C2C1CA-D0D9-4534-B297-F63A56728580}
2012-07-07 10:01 - 2012-07-07 22:02 - 00000000 ____D C:\Users\adode13\AppData\Local\{CFCD9DE1-8415-4C21-A1FD-ADBA8F3FF04E}
2012-07-07 10:01 - 2012-07-07 10:02 - 00000000 ____D C:\Users\adode13\AppData\Local\{CF5A41A3-71BC-4B11-9853-B6960B15A082}
2012-07-06 23:17 - 2012-07-09 12:55 - 00000000 ____D C:\Users\adode13\Desktop\Ads
2012-07-06 11:28 - 2012-07-06 11:28 - 00000000 ____D C:\Users\adode13\AppData\Local\{42DD3F8D-A46A-47AF-94C9-E0AC3AD34678}
2012-07-06 11:28 - 2012-07-06 11:28 - 00000000 ____D C:\Users\adode13\AppData\Local\{2E820539-7FE6-466D-ACF4-1682D13A74CA}
2012-07-05 19:16 - 2012-07-05 19:20 - 28407468 ____A C:\Users\adode13\Downloads\MSInc SP.rar
2012-07-05 15:22 - 2012-07-05 15:22 - 00027616 ____A C:\Users\adode13\Downloads\stroke.zip
2012-07-05 15:19 - 2012-07-05 15:19 - 00428453 ____A C:\Users\adode13\Downloads\Quicksand.zip
2012-07-05 15:19 - 2012-07-05 15:19 - 00236384 ____A C:\Users\adode13\Downloads\billy-argel_new-garden.zip
2012-07-05 15:19 - 2012-07-05 15:19 - 00159932 ____A C:\Users\adode13\Downloads\TitilliumText.zip
2012-07-05 15:18 - 2012-07-05 15:18 - 00484995 ____A C:\Users\adode13\Downloads\comfortaa___font_by_aajohan-d1qr019.zip
2012-07-05 15:18 - 2012-07-05 15:18 - 00241718 ____A C:\Users\adode13\Downloads\Walkway.zip
2012-07-05 15:17 - 2012-07-05 15:17 - 00064828 ____A C:\Users\adode13\Downloads\CircleD_Font_by_CrazyForMusic.ttf
2012-07-05 15:17 - 2012-07-05 15:17 - 00011850 ____A C:\Users\adode13\Downloads\steiner.zip
2012-07-05 14:54 - 2012-07-05 14:54 - 00075105 ____A C:\Users\adode13\Downloads\Existence-Light.zip
2012-07-05 08:41 - 2012-07-05 08:41 - 00000000 ____D C:\Users\adode13\AppData\Local\{E2C166D2-3A1E-4E08-AF92-1B3A939B753E}
2012-07-05 08:40 - 2012-07-05 08:41 - 00000000 ____D C:\Users\adode13\AppData\Local\{05DD9EA8-2ABE-42C1-BB03-B342EB1A60D0}
2012-07-04 18:19 - 2012-07-04 18:39 - 45035764 ____A C:\Users\adode13\Downloads\[Mini] coldrain - THROUGH CLARITY [2012.07.04].rar
2012-07-04 18:18 - 2012-07-04 18:28 - 52676078 ____A C:\Users\adode13\Downloads\[2012.06.06] NEW BREED - THE PIONEERS OF SENSATION.rar
2012-07-04 18:18 - 2012-07-04 18:25 - 26409419 ____A C:\Users\adode13\Downloads\v-r.rar
2012-07-04 10:49 - 2012-07-04 10:49 - 00000000 ____D C:\Users\adode13\AppData\Local\{922CB157-A5AF-43EC-927D-F57F5CF3E2F0}
2012-07-03 20:39 - 2012-07-03 20:39 - 00000000 ____D C:\Users\adode13\AppData\Local\{492F3854-FE40-47F3-88E3-62198D7B902C}
2012-07-03 20:39 - 2012-07-03 20:39 - 00000000 ____D C:\Users\adode13\AppData\Local\{2420DB70-92C0-4412-9FB7-3769DC54CDD4}
2012-07-03 08:38 - 2012-07-03 08:38 - 00000000 ____D C:\Users\adode13\AppData\Local\{B1F7996B-282C-41B6-B9DF-CEF5F56CD5C0}
2012-07-03 08:38 - 2012-07-03 08:38 - 00000000 ____D C:\Users\adode13\AppData\Local\{08EF80A3-0B7D-4048-86BC-10A574380B1E}
2012-07-02 22:45 - 2012-07-02 22:45 - 00000000 ____D C:\Users\adode13\AppData\Roaming\Opera
2012-07-02 22:45 - 2012-07-02 22:45 - 00000000 ____D C:\Users\adode13\AppData\Local\Opera
2012-07-02 22:45 - 2012-07-02 22:45 - 00000000 ____D C:\Program Files (x86)\Opera
2012-07-02 20:36 - 2012-07-02 20:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{6231A1CE-0458-4590-808A-BB66E144EB78}
2012-07-02 08:36 - 2012-07-02 20:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{286E2FEB-BD4D-47C4-94C8-1CC8C4168C9C}
2012-07-02 08:36 - 2012-07-02 08:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{9884E34A-4ABF-4022-A7DC-D392C3182444}
2012-06-30 21:44 - 2012-06-30 21:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{EB0865DF-14B0-4C91-8235-F3539C73434B}
2012-06-30 09:44 - 2012-06-30 09:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{A0777327-6B78-42A5-ADA6-01A27F8B82D9}
2012-06-30 09:43 - 2012-06-30 21:44 - 00000000 ____D C:\Users\adode13\AppData\Local\{897D7D20-9013-4F2D-B9E9-93A7F793C926}
2012-06-29 21:43 - 2012-06-29 21:43 - 00000000 ____D C:\Users\adode13\AppData\Local\{F3DF2949-2B7E-4B10-A202-6B856E779AD3}
2012-06-29 09:43 - 2012-06-29 09:43 - 00000000 ____D C:\Users\adode13\AppData\Local\{C284CD7C-10F6-4805-A9F8-5F0DC5857801}
2012-06-29 09:42 - 2012-06-29 21:43 - 00000000 ____D C:\Users\adode13\AppData\Local\{6A55338B-F61E-446B-ABD1-274E758A0EA3}
2012-06-28 08:33 - 2012-06-28 08:34 - 00000000 ____D C:\Users\adode13\AppData\Local\{0E3D910A-5B00-44F4-AC5F-E372660AF93E}
2012-06-28 08:33 - 2012-06-28 08:33 - 00000000 ____D C:\Users\adode13\AppData\Local\{7E9356DC-E22C-48B1-8472-09BDD7015426}
2012-06-27 14:36 - 2012-06-27 14:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{4E0BA21F-0E65-43BB-B6FC-0C5CC46E5296}
2012-06-27 14:35 - 2012-06-27 14:36 - 00000000 ____D C:\Users\adode13\AppData\Local\{3A0D4272-CAD4-4E3C-B379-0FC8E00123C9}
2012-06-27 09:03 - 2012-06-27 09:03 - 00000000 ____D C:\Users\adode13\AppData\Local\{F0096238-00A3-4C92-97B7-D48C301BE956}
2012-06-26 09:26 - 2012-06-26 09:26 - 00000000 ____D C:\Users\adode13\AppData\Local\{2DFB6843-EB8C-4D01-8845-C8CA36A04DBD}
2012-06-26 09:25 - 2012-06-26 09:25 - 00000000 ____D C:\Users\adode13\AppData\Local\{DA1FE535-F10F-4CA2-B44D-8615203E9561}
2012-06-25 19:52 - 2012-06-25 19:52 - 00000000 ____D C:\Users\adode13\AppData\Local\{367C03F3-4244-44CB-AC4D-1D4A842CF1AB}
2012-06-25 07:51 - 2012-06-25 19:52 - 00000000 ____D C:\Users\adode13\AppData\Local\{EA7C4460-9BCC-40FF-869B-748F5B2884D9}
2012-06-25 07:51 - 2012-06-25 07:51 - 00000000 ____D C:\Users\adode13\AppData\Local\{887B10BC-6787-41A6-871E-0A73288F4F22}
2012-06-23 10:16 - 2012-06-23 10:16 - 00000000 ____D C:\Users\adode13\AppData\Local\{6322504E-78C3-4269-95F0-F6551087AF18}
2012-06-23 10:15 - 2012-06-23 10:16 - 00000000 ____D C:\Users\adode13\AppData\Local\{735A210E-B474-4C84-9B97-674355253166}
2012-06-23 09:52 - 2012-06-23 09:52 - 00000000 ____D C:\Users\adode13\AppData\Local\{C6287180-79DD-4770-AC6B-A289CFE4D9A0}
2012-06-22 11:00 - 2012-06-22 11:00 - 00000000 ____D C:\Users\adode13\AppData\Local\{B6F198D5-A32E-4ACB-8035-14D1F67C55AF}
2012-06-22 10:59 - 2012-06-22 11:00 - 00000000 ____D C:\Users\adode13\AppData\Local\{57587ACB-B15D-40B4-896A-AFFA9347D118}
2012-06-21 20:03 - 2012-06-21 20:03 - 00000000 ____D C:\Users\adode13\AppData\Local\{289792F2-9C31-47C6-A514-8F4686B1E8ED}
2012-06-21 08:03 - 2012-06-21 08:03 - 00000000 ____D C:\Users\adode13\AppData\Local\{8B55CA86-05B3-4EAC-A2BB-A5CA5064A4CB}
2012-06-21 08:02 - 2012-06-21 20:03 - 00000000 ____D C:\Users\adode13\AppData\Local\{D6E1738D-AAC6-4C69-B784-B3646ED15DCB}
2012-06-20 14:23 - 2012-06-20 14:23 - 00000000 ____D C:\Users\adode13\Downloads\AngleWheels_HMS
2012-06-20 10:27 - 2012-06-20 10:27 - 00000000 ____D C:\Users\adode13\AppData\Local\{E19C8AE8-96B6-4A9A-B37A-6A3CA6F9620D}
2012-06-20 10:27 - 2012-06-20 10:27 - 00000000 ____D C:\Users\adode13\AppData\Local\{C51143C1-B189-436D-9EC2-4FB9E4DB479B}
2012-06-19 21:16 - 2012-06-19 21:16 - 00000000 ____D C:\Users\adode13\AppData\Local\{527C13C7-5BCF-4ECC-9236-252A5CE9A9A3}
2012-06-19 09:16 - 2012-06-19 09:16 - 00000000 ____D C:\Users\adode13\AppData\Local\{28679318-9B3F-445E-8C9E-CD1C115A28AD}
2012-06-19 09:15 - 2012-06-19 21:16 - 00000000 ____D C:\Users\adode13\AppData\Local\{ADD2D68C-8ED0-4CA8-A7C3-966A7395E41F}
2012-06-19 09:15 - 2012-06-19 09:15 - 00000000 ____D C:\Windows\en
2012-06-19 09:12 - 2012-03-08 16:40 - 00048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-06-19 09:09 - 2012-06-19 09:09 - 00000000 ____D C:\Users\adode13\AppData\Local\{40B286B1-7756-4658-BCC4-802584E24B45}
2012-06-19 09:08 - 2012-06-19 09:09 - 00000000 ____D C:\Users\adode13\AppData\Local\{B588838F-2FB5-4D37-B44A-99B8522432FD}
2012-06-19 08:38 - 2012-06-19 08:38 - 00000000 ____D C:\Users\adode13\AppData\Local\{448E661A-2D36-4BC1-8945-675BA2E9C505}
2012-06-19 08:37 - 2012-06-19 08:38 - 00000000 ____D C:\Users\adode13\AppData\Local\{41874DBA-6FD0-480C-B7BF-B0E546CF99EC}
2012-06-18 18:55 - 2012-06-18 18:53 - 02114362 ___RA C:\Users\adode13\Documents\Technologic___Brush_Pack_by_NextViewDesigns.abr
2012-06-18 18:55 - 2012-06-18 18:53 - 00467206 ___RA C:\Users\adode13\Documents\Tech_Brushes_01_by_Jaaaiiro.abr
2012-06-18 17:30 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 17:30 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 17:30 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 17:30 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 17:29 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 17:29 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 17:29 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 17:29 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 17:29 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 07:14 - 2012-06-18 07:14 - 00000000 ____D C:\Users\adode13\AppData\Local\{7B8FCDCA-7290-42F7-95DF-4274942813C3}


============ 3 Months Modified Files ========================

2012-07-18 09:51 - 2009-07-13 21:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 09:47 - 2012-01-24 05:01 - 00000935 ____A C:\Windows\wininit.ini
2012-07-18 09:47 - 2011-08-28 19:06 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933306683-895702514-590770892-1001UA.job
2012-07-18 09:44 - 2012-07-18 09:44 - 01437107 ____A (Farbar) C:\Users\adode13\Desktop\FRST64.exe
2012-07-18 09:14 - 2012-04-04 07:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 09:02 - 2011-08-06 19:14 - 01292748 ____A C:\Windows\WindowsUpdate.log
2012-07-18 09:01 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 09:01 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 08:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 08:54 - 2009-07-13 20:51 - 00098548 ____A C:\Windows\setupact.log
2012-07-18 07:42 - 2012-02-06 12:23 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForadode13.job
2012-07-17 16:47 - 2011-08-28 19:06 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933306683-895702514-590770892-1001Core.job
2012-07-17 09:26 - 2012-07-17 09:13 - 127039024 ____A C:\Users\adode13\Downloads\nanoir.rar
2012-07-17 09:25 - 2012-07-17 09:13 - 35600626 ____A C:\Users\adode13\Downloads\GRETEL_-_Kessei_Kinen_Ongenshuu_(single)_by_kumika.rar
2012-07-17 09:22 - 2012-07-17 09:13 - 64912332 ____A C:\Users\adode13\Downloads\???????.zip
2012-07-16 09:12 - 2011-11-21 13:28 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-16 09:12 - 2011-08-29 19:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-16 08:40 - 2009-07-13 21:08 - 00032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-15 14:21 - 2012-07-15 13:48 - 441375029 ____A C:\Users\adode13\Downloads\[4ls]_katawa_shoujo_[windows][C3798628].exe
2012-07-14 08:02 - 2012-07-14 08:01 - 27296862 ____A C:\Users\adode13\Downloads\[2012.07.04] BugLug - KILLER×KILLER×KILLER.rar
2012-07-13 13:00 - 2012-07-13 12:58 - 14893793 ____A C:\Users\adode13\Downloads\GnT_Hamada_McDonalds.flv
2012-07-13 12:59 - 2012-07-13 12:56 - 46745288 ____A C:\Users\adode13\Downloads\DT_Manzai_Mounting_Sub.avi
2012-07-12 22:04 - 2012-07-12 22:04 - 00000946 ____A C:\Users\adode13\Desktop\Dolphin.lnk
2012-07-12 10:30 - 2012-07-12 10:24 - 91139450 ____A C:\Users\adode13\Downloads\Reprise.zip
2012-07-12 09:14 - 2012-07-12 09:14 - 09226440 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-12 09:14 - 2012-04-04 07:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 09:14 - 2011-08-28 19:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 09:04 - 2009-07-13 20:45 - 05121576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 01:09 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-12 01:03 - 2011-08-28 13:33 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 16:19 - 2012-07-11 16:19 - 00248730 ____A C:\Users\adode13\Downloads\individigital.zip
2012-07-11 16:19 - 2012-07-11 16:19 - 00008389 ____A C:\Users\adode13\Downloads\dominik.zip
2012-07-11 14:34 - 2012-07-11 14:32 - 15634214 ____A C:\Users\adode13\Downloads\?????????.zip
2012-07-11 14:34 - 2012-07-11 14:32 - 08955362 ____A C:\Users\adode13\Downloads\03 my ugly gene.m4a
2012-07-11 14:33 - 2012-07-11 14:32 - 09744709 ____A C:\Users\adode13\Downloads\02 Fear Dance.m4a
2012-07-11 14:33 - 2012-07-11 14:32 - 09557049 ____A C:\Users\adode13\Downloads\01 ?-kHz.m4a
2012-07-11 14:30 - 2012-07-11 14:30 - 06222779 ____A C:\Users\adode13\Downloads\lakugaki.mp3.zip
2012-07-09 17:39 - 2012-07-09 17:24 - 123929747 ____A C:\Users\adode13\Downloads\101.rar
2012-07-08 23:07 - 2011-08-28 18:11 - 00141912 ____A C:\Users\adode13\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-08 22:32 - 2012-07-08 22:32 - 00079819 ____A C:\Users\adode13\Downloads\minecraftia.zip
2012-07-08 22:32 - 2012-07-08 22:32 - 00034009 ____A C:\Users\adode13\Downloads\v5prophit_cell.zip
2012-07-06 23:16 - 2012-04-13 20:45 - 00011595 ____A C:\Users\adode13\Documents\HP POLL1UFA.xlsx
2012-07-06 23:07 - 2012-03-16 18:31 - 00011498 ____A C:\Users\adode13\Documents\HP POLL1.xlsx
2012-07-05 19:20 - 2012-07-05 19:16 - 28407468 ____A C:\Users\adode13\Downloads\MSInc SP.rar
2012-07-05 15:22 - 2012-07-05 15:22 - 00027616 ____A C:\Users\adode13\Downloads\stroke.zip
2012-07-05 15:19 - 2012-07-05 15:19 - 00428453 ____A C:\Users\adode13\Downloads\Quicksand.zip
2012-07-05 15:19 - 2012-07-05 15:19 - 00236384 ____A C:\Users\adode13\Downloads\billy-argel_new-garden.zip
2012-07-05 15:19 - 2012-07-05 15:19 - 00159932 ____A C:\Users\adode13\Downloads\TitilliumText.zip
2012-07-05 15:18 - 2012-07-05 15:18 - 00484995 ____A C:\Users\adode13\Downloads\comfortaa___font_by_aajohan-d1qr019.zip
2012-07-05 15:18 - 2012-07-05 15:18 - 00241718 ____A C:\Users\adode13\Downloads\Walkway.zip
2012-07-05 15:17 - 2012-07-05 15:17 - 00064828 ____A C:\Users\adode13\Downloads\CircleD_Font_by_CrazyForMusic.ttf
2012-07-05 15:17 - 2012-07-05 15:17 - 00011850 ____A C:\Users\adode13\Downloads\steiner.zip
2012-07-05 14:54 - 2012-07-05 14:54 - 00075105 ____A C:\Users\adode13\Downloads\Existence-Light.zip
2012-07-04 18:39 - 2012-07-04 18:19 - 45035764 ____A C:\Users\adode13\Downloads\[Mini] coldrain - THROUGH CLARITY [2012.07.04].rar
2012-07-04 18:28 - 2012-07-04 18:18 - 52676078 ____A C:\Users\adode13\Downloads\[2012.06.06] NEW BREED - THE PIONEERS OF SENSATION.rar
2012-07-04 18:25 - 2012-07-04 18:18 - 26409419 ____A C:\Users\adode13\Downloads\v-r.rar
2012-06-22 08:34 - 2011-09-02 21:11 - 00000132 ____A C:\Users\adode13\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-19 09:11 - 2011-04-28 16:32 - 00027823 ____A C:\Windows\DirectX.log
2012-06-18 18:53 - 2012-06-18 18:55 - 02114362 ___RA C:\Users\adode13\Documents\Technologic___Brush_Pack_by_NextViewDesigns.abr
2012-06-18 18:53 - 2012-06-18 18:55 - 00467206 ___RA C:\Users\adode13\Documents\Tech_Brushes_01_by_Jaaaiiro.abr
2012-06-11 19:08 - 2012-07-12 01:10 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 04:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 04:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 07:05 - 2012-06-07 07:05 - 00011912 ____A C:\Users\adode13\Documents\Original CSS Lightobx Evolution.txt
2012-06-05 22:06 - 2012-07-11 04:04 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 04:04 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 04:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 04:04 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 04:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 04:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00000712 ____A C:\Users\adode13\Documents\Dandy.txt
2012-06-02 14:19 - 2012-06-18 17:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 17:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 17:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 17:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 17:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 17:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 17:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-18 17:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:15 - 2012-06-18 17:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 01:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 01:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 01:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 01:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 01:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 01:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 01:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 01:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 01:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 01:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 01:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 01:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 01:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 01:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 01:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 01:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 01:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 01:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 01:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 01:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 01:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 01:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 01:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 01:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 01:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 01:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 01:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 01:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 04:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 04:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 04:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 04:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 04:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 04:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 04:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 04:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 04:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-19 01:31 - 2012-06-06 01:23 - 1272571834 ____A C:\Users\adode13\Downloads\GakiNoTsukai_Airport_Batsu_2011_subbed.avi
2012-05-12 07:38 - 2010-11-20 19:47 - 00488190 ____A C:\Windows\PFRO.log
2012-05-09 18:58 - 2011-08-29 20:34 - 00443239 ___RA C:\Windows\System32\Drivers\etc\hosts.20120718-113242.backup
2012-05-04 03:06 - 2012-06-13 02:43 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 19:32 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 02:43 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 02:43 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 19:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-13 02:43 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 02:43 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 02:43 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 02:43 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 02:43 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 19:33 - 2012-04-24 15:38 - 00733575 ____A C:\Users\adode13\Documents\Andrews.pptx
2012-04-23 21:37 - 2012-06-13 02:42 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 02:42 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 02:42 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 21:03 - 2012-04-23 21:03 - 03523584 ____A C:\Users\adode13\Documents\Distribution%20and%20Supply%20Chain%20Management.ppt
2012-04-23 21:02 - 2012-04-23 21:02 - 01296896 ____A C:\Users\adode13\Documents\PRICING%20STRATEGIES%20AND%20TACTICS.ppt
2012-04-23 20:36 - 2012-06-13 02:42 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 02:42 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 02:42 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\@
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\n
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\U
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\U\00000001.@
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\U\800000cb.@

ZeroAccess:
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\@
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\n
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 5610.9 MB
Available physical RAM: 4787.34 MB
Total Pagefile: 5609.05 MB
Available Pagefile: 4777.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:581.28 GB) (Free:22.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.59 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.24 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 954 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 581 GB 200 MB
Partition 3 Primary 14 GB 581 GB
Partition 4 Primary 103 MB 596 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 581 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT Removable 953 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 04:40

======================= End Of Log ==========================
 
Here's the service search text too:

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-18 12:34:43
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Any help would be appreciated!
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Thank you for the quick response! The pop ups seem to have stopped.

Here are the results for the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-18 14:25:04 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc} moved successfully.
C:\Users\adode13\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc} moved successfully.

==== End of Fixlog ====
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
ComboFix 12-07-18.04 - adode13 07/18/2012 14:40:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3864 [GMT -6:00]
Running from: c:\users\adode13\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\adode13\AppData\Local\Microsoft\Windows\Temporary Internet Files\{18489081-9506-4D13-B31D-DE5D5D213439}.xps
c:\users\adode13\AppData\Roaming\cacaoweb
c:\users\adode13\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\adode13\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\adode13\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\adode13\AppData\Roaming\cacaoweb\replicating1063002D79875D7789EF3613C7043EDA.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating22803E485370FC227D555E44D95B332C.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating3C90D5657454444CC27EEC6DFE01742B.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating459122E30C6BFB343A77D48479463827.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating4F352AA3E33709D854D39CFC61673E35.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating80A9B4C3D87A755FB86C8C9A408308AE.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating871B2B5E1A89D999AE016F7F863A4B63.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating9352157BD653874E4090589E28C62AAB.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicating9B818AC2ACC9828E1A0680D9120650A6.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicatingA14B253F954C795B2EC12EB8F4856677.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicatingAE96FA74E155BA79E7E88BC4D4C1C0E4.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicatingBC2FED8E3980D98CEB012ED42014CE79.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicatingC6C3F830B6750CA831614F16B06A0D82.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\replicatingD092D2B64468F2F9E2AEE93FA8E83BA7.cacao
c:\users\adode13\AppData\Roaming\cacaoweb\storage.db
c:\users\adode13\AppData\Roaming\system32
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 21:01 . 2012-07-18 21:01--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-18 20:04 . 2012-07-18 20:04--------d-----w-c:\users\adode13\AppData\Roaming\Malwarebytes
2012-07-18 20:04 . 2012-07-18 20:04--------d-----w-c:\programdata\Malwarebytes
2012-07-18 20:04 . 2012-07-18 20:04--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 20:04 . 2012-07-03 19:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-18 19:56 . 2012-07-18 19:57--------d-----w-C:\FRST
2012-07-18 16:53 . 2012-07-18 16:53--------d-----w-c:\program files (x86)\Windows Resource Kits
2012-07-18 16:34 . 2012-07-18 16:34--------d-----w-c:\program files\ESET
2012-07-13 22:40 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B91BBE7-4F8F-4700-9C13-50D26E820795}\mpengine.dll
2012-07-12 17:14 . 2012-07-12 17:149226440----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-12 09:10 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-07-03 06:45 . 2012-07-03 06:45--------d-----w-c:\users\adode13\AppData\Local\Opera
2012-07-03 06:45 . 2012-07-03 06:45--------d-----w-c:\program files (x86)\Opera
2012-06-19 17:15 . 2012-06-19 17:15--------d-----w-c:\windows\en
2012-06-19 17:12 . 2012-03-09 00:4048488----a-w-c:\windows\system32\drivers\fssfltr.sys
2012-06-19 17:09 . 2012-06-19 17:0989944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\55547db41cd4e3e01\DSETUP.dll
2012-06-19 17:09 . 2012-06-19 17:09537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\55547db41cd4e3e01\DXSETUP.exe
2012-06-19 17:09 . 2012-06-19 17:091801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\55547db41cd4e3e01\dsetup32.dll
2012-06-19 17:09 . 2012-06-19 17:0915712----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\55a621561cd4e3e02\MeshBetaRemover.exe
2012-06-19 01:30 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-19 01:30 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-19 01:30 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-19 01:30 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-19 01:29 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-19 01:29 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-19 01:29 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-19 01:29 . 2012-06-02 21:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-19 01:29 . 2012-06-02 21:1536864----a-w-c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:14 . 2012-04-04 15:30426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:14 . 2011-08-29 03:1070344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 09:03 . 2011-08-28 21:3359701280----a-w-c:\windows\system32\MRT.exe
2012-05-04 11:06 . 2012-06-13 10:435559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-14 03:32366592----a-w-c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 10:433968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 10:433913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-14 03:32514560----a-w-c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 10:43209920----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 10:43210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 10:4377312----a-w-c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 10:43149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 10:439216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 10:42184320----a-w-c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 10:42140288----a-w-c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 10:421462272----a-w-c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 10:421158656----a-w-c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 10:42140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 10:42103936----a-w-c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/06 20:37;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-29 270912]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-15 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 IsaMonitor;ISA Monitor Service;c:\program files (x86)\Asistente Infinitum\IsaMonitor.exe [2008-07-24 185856]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-07-19 1492992]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29451872----a-w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:14]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933306683-895702514-590770892-1001Core.job
- c:\users\adode13\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 03:06]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933306683-895702514-590770892-1001UA.job
- c:\users\adode13\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 03:06]
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForadode13.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-15 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\adode13\AppData\Roaming\Mozilla\Firefox\Profiles\sf0j3woh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-cacaoweb - c:\users\adode13\AppData\Roaming\cacaoweb\cacaoweb.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-07-18 16:27:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 22:27
.
Pre-Run: 24,677,531,648 bytes free
Post-Run: 24,643,395,584 bytes free
.
- - End Of File - - AB4FAA90DDA6BA8514F77ED9A999EC9C
 
Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
2.Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
3. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
4. Post the following in your next reply:
  • MBAM log
  • ESET log
And, please tell me how your computer is doing.
 
It seems to be ok now, a pop up did appear that there was a services.exe found by Eset in a quarantined folder but it was deleted:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
adode13 :: ADODE13-HP [administrator]

Protection: Enabled

7/19/2012 12:35:12 PM
mbam-log-2012-07-19 (12-35-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d191b414b01237439d138e7ecd1fc646
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-19 10:55:06
# local_time=2012-07-19 04:55:06 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 425830 94274916 0 0
# compatibility_mode=8199 22379901 100 76 0 47776706 0 0
# scanned=287719
# found=1
# cleaned=1
# scan_time=7040
# nod_component=V3 Build:0x30000000
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dllWin32/OpenCandy application (cleaned by deleting - quarantined)00000000000000000000000000000000C
 
Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Hi, and thank you very much the computer is doing really well so far! Chrome seems to be running at a faster pace, and my overall system is running much better. I ran all of the programs and cleaned the system restore, here is the Security Check log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?
 
Done, thank you very much for your help! No other questions at all, the computer is running better than ever :)
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back