Solved Windows Update nonoperable/ Trojan.Dropper.BCMiner

Status
Not open for further replies.
A

Alexvdl

Posts: 14   +0
First indication of system issue was when opening Facebook spawned an ad. Further indications when I used Google, clicked on al ink and it redirected me to a Get Hot Results or btscour websites. Did some more google searches, attempted to download and install AVG, but AVG told me that my Windows Update wasn't working, and when I searched my control panel and clicked that link it had a link for "Find out about more free software from (null)."

Halfway through GMER scan, computer froze, pixel snow crash, blue screen. Restarted computer, ran GMER. When reconnected to the internet, still inundated with trash tabs.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
von der Linden :: VONDERLINDENPC [administrator]

8/13/2012 8:58:47 PM
mbam-log-2012-08-13 (20-58-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198536
Time elapsed: 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

GMR

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-13 21:34:55
Windows 6.1.7601 Service Pack 1
Running: jw51p6sl.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400135
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400135 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\von der Linden\AppData\Local\Mozilla\Firefox\Profiles\to0qjij1.default\Cache.Trash26991 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498D3KE0\dnserrordiagoff_webOC[1] 6766 bytes

---- EOF - GMER 1.0.15 ----



DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by von der Linden at 21:35:43 on 2012-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5802 [GMT -10:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nmd.msn.com
uDefault_Page_URL = hxxp://nmd.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
uRun: [LMADEmon] "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{51EA9CE5-9380-4E59-84D0-C7E1F2858771} : DhcpNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\von der Linden\AppData\Roaming\Mozilla\Firefox\Profiles\to0qjij1.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1363eb9cd424bda7|http://us.mg4.mail.yahoo.com/neo/la...w.kongregate.com/games/jmtb02/kongregate-chat
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\von der Linden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\von der Linden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-3-7 68136]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192cu;RNX-MiniN1 Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-3-7 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-14 07:17:25 20480 ----a-w- C:\Windows\svchost.exe
2012-08-14 06:54:15 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\Malwarebytes
2012-08-14 06:54:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-14 06:54:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-14 06:54:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-14 06:08:04 -------- d--h--w- C:\ProgramData\Common Files
2012-08-14 06:08:04 -------- d-----w- C:\ProgramData\MFAData
2012-08-14 04:29:58 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
2012-08-14 04:29:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-14 04:29:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-12 19:33:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-12 04:53:01 -------- d-----w- C:\Users\von der Linden\AppData\Local\Navnet_Solutions
2012-08-12 04:43:41 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\NavNet Solutions
2012-08-12 04:43:41 -------- d-----w- C:\Program Files (x86)\NavNetApp
2012-08-12 04:42:40 -------- d-----w- C:\Program Files (x86)\TubEmAll Pro
2012-08-05 08:39:23 -------- d-----w- C:\Users\von der Linden\AppData\Local\Programs
2012-08-03 06:54:37 -------- d-----w- C:\Users\von der Linden\AppData\Local\MDG
2012-08-03 06:35:58 -------- d-----w- C:\Users\von der Linden\AppData\Local\Samsung
2012-08-03 06:35:55 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\Samsung
2012-08-03 06:17:08 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-08-03 06:17:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-08-03 06:17:08 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-08-03 06:16:23 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-08-03 06:16:17 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-08-03 06:16:17 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-08-03 06:16:08 -------- d-----w- C:\ProgramData\Samsung
2012-08-03 06:16:08 -------- d-----w- C:\Program Files (x86)\Samsung
2012-07-20 13:40:56 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1645.tmp
2012-07-20 13:40:56 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1644.tmp
.
==================== Find3M ====================
.
2012-08-14 07:23:58 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-29 06:48:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 06:48:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-11 23:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 23:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 23:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 23:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 23:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 23:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 23:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-03 01:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-03 01:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:36:08.51 ===============

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2012 10:20:00 PM
System Uptime: 8/13/2012 9:23:40 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3
Processor: AMD FX(tm)-8150 Eight-Core Processor | Socket M2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 14.648 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is FIXED (NTFS) - 1863 GiB total, 1462.324 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon MP3 Downloader 1.0.15
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Borderlands
Breath of Death VII
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Cthulhu Saves the World
D3DX10
EasySaver B9.1214.1
Etron USB3.0 Host Controller
Facebook Messenger 2.1.4570.0
Facebook Video Calling 1.2.0.159
Foxit Reader
FoxyTunes for Firefox
From Dust
Google Chrome
Google Earth Plug-in
Google Update Helper
Host OpenAL
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
IBM Lotus Forms Viewer 3.5.1
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
K-Lite Codec Pack 8.4.0 (Standard)
Kingdoms of Amalur: Reckoning
Magic: The Gathering - Duels of the Planeswalkers 2013
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Might & Magic ® Heroes ® VI
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Music Manager
NavNet
NVIDIA PhysX
ON_OFF Charge B11.0110.1
Origin
Penny Arcade's On the Rain-Slick Precipice of Darkness 3
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
SoulSeek 157 NS 13e
Spybot - Search & Destroy
Star Wars: The Force Unleashed II
Steam
Swords and Soldiers HD
The Elder Scrolls V: Skyrim
TubEmAll Pro 1.4c
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
VLC media player 2.0.1
Warlock - Master of the Arcane
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wolfenstein 3D
Yawcam 0.3.8
.
==== Event Viewer Messages From Past Week ========
.
8/8/2012 9:18:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
8/8/2012 9:18:32 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{65c3a356-6875-11e1-a930-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BF1DB9BC-682E-40DF-B597-FE363439A607}' was corrupted and it has been recovered. Some data might have been lost.
8/7/2012 8:38:09 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user vonderLindenPC\von der Linden SID (S-1-5-21-3109839055-431102336-2772829462-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/7/2012 8:38:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user vonderLindenPC\von der Linden SID (S-1-5-21-3109839055-431102336-2772829462-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/7/2012 6:09:57 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
8/6/2012 8:22:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
8/6/2012 8:22:22 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/13/2012 9:33:36 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/13/2012 9:33:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/13/2012 9:33:19 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-21-6A-00-39-BE. Network operations on this system may be disrupted as a result.
8/13/2012 9:23:59 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/13/2012 9:23:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/13/2012 9:23:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/13/2012 9:23:58 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
8/13/2012 9:23:57 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
8/13/2012 8:37:38 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/13/2012 8:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/13/2012 8:08:47 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:07:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:07:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/13/2012 8:07:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/13/2012 8:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/13/2012 8:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/13/2012 8:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/13/2012 8:07:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2012 8:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/13/2012 8:06:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 5:54:57 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.
8/13/2012 5:42:45 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0xc0000017. The internal error state is 10003.
8/13/2012 5:42:43 PM, Error: Schannel [36888] - The following fatal alert was generated: 80. The internal error state is 301.
8/13/2012 5:42:43 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0xc002001b. The internal error state is 10003.
8/12/2012 3:01:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
8/12/2012 3:01:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
8/12/2012 12:59:30 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{65c3a356-6875-11e1-a930-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D3780C80-B9DB-412C-9F7D-3EB498C5E731}' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
Thank you for your quick reply.

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 13-08-2012 22:32:28
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2011-05-02] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [489512 2011-05-02] (ActivIdentity)
HKLM-x32\...\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-21] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKU\von der Linden\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-03] (Valve Corporation)
HKU\von der Linden\...\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe [644160 2011-11-09] ()
HKU\von der Linden\...\Run: [LMADEmon] "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe" [948360 2011-11-23] ()
HKU\von der Linden\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-11] (BitTorrent, Inc.)
HKU\von der Linden\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-16] (Samsung)
HKU\von der Linden\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\von der Linden\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
HKU\von der Linden\...\Run: [Google Update] "C:\Users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-05] (Google Inc.)
HKU\von der Linden\...\Run: [MusicManager] "C:\Users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
HKU\von der Linden\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\von der Linden\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()

========================== Drivers (Whitelisted) =============

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-08-13] (Windows (R) Server 2003 DDK provider)
3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 23:34 - 2012-08-13 23:34 - 00000867 ____A C:\Users\von der Linden\Desktop\gmer.log
2012-08-13 23:20 - 2012-08-13 23:20 - 00607260 ____R (Swearware) C:\Users\von der Linden\Downloads\dds.com
2012-08-13 23:17 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-13 23:11 - 2012-08-13 23:11 - 00302592 ____A C:\Users\von der Linden\Downloads\jw51p6sl.exe
2012-08-13 23:02 - 2012-08-13 23:02 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\von der Linden\Downloads\rkill.exe
2012-08-13 23:01 - 2012-08-13 23:01 - 00044607 ____A C:\Users\von der Linden\Downloads\bootkit_remover.zip
2012-08-13 22:54 - 2012-08-13 22:54 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-13 22:54 - 2012-08-13 22:54 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\Malwarebytes
2012-08-13 22:54 - 2012-08-13 22:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-13 22:54 - 2012-08-13 22:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-13 22:54 - 2012-07-03 15:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-13 22:53 - 2012-08-13 22:54 - 04731392 ____A (AVAST Software) C:\Users\von der Linden\Downloads\aswMBR.exe
2012-08-13 22:32 - 2012-08-13 22:32 - 00000000 ____D C:\FRST
2012-08-13 22:29 - 2012-08-13 22:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\von der Linden\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-13 22:08 - 2012-08-13 22:47 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-13 20:29 - 2012-08-13 20:29 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-13 20:29 - 2012-08-13 20:29 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
2012-08-13 20:29 - 2012-08-13 20:29 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-08-13 20:29 - 2012-08-13 20:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-13 20:28 - 2012-08-13 20:28 - 03879800 ____A (AVG Technologies) C:\Users\von der Linden\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-13 20:26 - 2012-08-13 20:28 - 19140240 ____A (SUPERAntiSpyware.com) C:\Users\von der Linden\Downloads\SUPERAntiSpyware.exe
2012-08-12 11:33 - 2012-08-12 11:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-11 20:53 - 2012-08-11 20:53 - 00000000 ____D C:\Users\von der Linden\AppData\Local\Navnet_Solutions
2012-08-11 20:43 - 2012-08-11 20:43 - 03550047 ____A (NavNet Solutions ) C:\Users\von der Linden\Downloads\NavNetSetupB443.exe
2012-08-11 20:43 - 2012-08-11 20:43 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\NavNet Solutions
2012-08-11 20:43 - 2012-08-11 20:43 - 00000000 ____D C:\Program Files (x86)\NavNetApp
2012-08-11 20:42 - 2012-08-11 20:43 - 00000000 ____D C:\Program Files (x86)\TubEmAll Pro
2012-08-11 20:42 - 2012-08-11 20:42 - 00001042 ____A C:\Users\von der Linden\Desktop\TubEmAll Pro.lnk
2012-08-11 20:41 - 2012-08-11 20:41 - 03001283 ____A C:\Users\von der Linden\Downloads\TubEmAllPro_Setup.exe
2012-08-07 08:59 - 2012-08-07 08:59 - 00403496 ____A C:\Users\von der Linden\Desktop\PDHRA.xps
2012-08-05 00:39 - 2012-08-14 00:02 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
2012-08-05 00:39 - 2012-08-13 01:02 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller.exe
2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller(1).exe
2012-08-02 22:54 - 2012-08-02 22:54 - 00000000 ____D C:\Users\von der Linden\AppData\Local\MDG
2012-08-02 22:35 - 2012-08-02 22:35 - 00000000 ____D C:\Users\von der Linden\Documents\samsung
2012-08-02 22:35 - 2012-08-02 22:35 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\Samsung
2012-08-02 22:35 - 2012-08-02 22:35 - 00000000 ____D C:\Users\von der Linden\AppData\Local\Samsung
2012-08-02 22:18 - 2012-08-02 22:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-08-02 22:17 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-08-02 22:17 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-08-02 22:17 - 2010-12-20 21:55 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2012-08-02 22:16 - 2012-08-02 22:16 - 00000000 ____D C:\Users\All Users\Samsung
2012-08-02 22:16 - 2012-08-02 22:16 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-08-02 22:16 - 2012-08-02 22:16 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-08-02 22:16 - 2012-06-26 18:03 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-08-02 22:16 - 2012-06-26 18:02 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-08-02 22:06 - 2012-08-02 22:11 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\von der Linden\Downloads\Kies_2.3.2.12064_10_1.exe
2012-07-31 09:32 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120731-073255.backup
2012-07-31 09:29 - 2012-08-13 20:30 - 00000133 ____A C:\Windows\wininit.ini
2012-07-31 08:51 - 2012-07-29 12:46 - 00000000 ____D C:\Users\von der Linden\Desktop\Magarena-1.28
2012-07-31 08:45 - 2012-07-31 08:45 - 10250182 ____A C:\Users\von der Linden\Desktop\Magarena-1.28.zip
2012-07-30 14:36 - 2012-07-30 18:58 - 00046855 ____N C:\Users\von der Linden\Desktop\Move to Brigade.xfdl
2012-07-27 13:36 - 2012-07-27 13:36 - 00000000 ____D C:\Users\von der Linden\Documents\My Cheat Tables
2012-07-27 13:36 - 2011-10-13 16:59 - 00002349 ____A C:\Users\von der Linden\Desktop\homm6_plus5_trainer.txt
2012-07-27 13:36 - 2011-10-13 16:45 - 03248640 ____A C:\Users\von der Linden\Desktop\homm6_plus5_trainer.EXE
2012-07-27 13:35 - 2012-07-27 13:35 - 02977216 ____A C:\Users\von der Linden\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.0.31758.GERI.ZIP
2012-07-21 12:12 - 2012-07-21 12:12 - 43543200 ____A (Plex, Inc.) C:\Users\von der Linden\Downloads\Plex-Media-Center-v0.9.5.3-657a503-en-US.exe
2012-07-15 13:00 - 2012-07-15 13:00 - 00001370 ____A C:\Users\von der Linden\Desktop\MMH +6 Trainer - Shortcut.lnk
2012-07-14 10:56 - 2012-07-14 10:56 - 00000000 ____D C:\Users\von der Linden\Documents\LucasArts
2012-07-14 10:56 - 2012-07-14 10:56 - 00000000 ____D C:\Users\von der Linden\AppData\Local\LucasArts


============ 3 Months Modified Files ========================

2012-08-14 00:29 - 2012-03-07 09:47 - 00000282 ____A C:\service.log
2012-08-14 00:27 - 2012-03-07 08:52 - 01221503 ____A C:\Windows\WindowsUpdate.log
2012-08-14 00:23 - 2012-08-14 00:23 - 01442429 ____A (Farbar) C:\Users\von der Linden\Downloads\FRST64.exe
2012-08-14 00:22 - 2012-03-24 05:01 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-14 00:02 - 2012-08-05 00:39 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
2012-08-13 23:34 - 2012-08-13 23:34 - 00000867 ____A C:\Users\von der Linden\Desktop\gmer.log
2012-08-13 23:32 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 23:32 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 23:30 - 2009-07-13 21:13 - 00006032 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 23:24 - 2012-03-24 05:01 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 23:23 - 2012-03-07 09:55 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-13 23:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 23:23 - 2009-07-13 20:51 - 00075049 ____A C:\Windows\setupact.log
2012-08-13 23:20 - 2012-08-13 23:20 - 00607260 ____R (Swearware) C:\Users\von der Linden\Downloads\dds.com
2012-08-13 23:11 - 2012-08-13 23:11 - 00302592 ____A C:\Users\von der Linden\Downloads\jw51p6sl.exe
2012-08-13 23:02 - 2012-08-13 23:02 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\von der Linden\Downloads\rkill.exe
2012-08-13 23:01 - 2012-08-13 23:01 - 00044607 ____A C:\Users\von der Linden\Downloads\bootkit_remover.zip
2012-08-13 22:57 - 2010-11-20 19:47 - 00017800 ____A C:\Windows\PFRO.log
2012-08-13 22:54 - 2012-08-13 22:54 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-13 22:54 - 2012-08-13 22:53 - 04731392 ____A (AVAST Software) C:\Users\von der Linden\Downloads\aswMBR.exe
2012-08-13 22:29 - 2012-08-13 22:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\von der Linden\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-13 22:07 - 2012-07-10 19:54 - 00012800 __ASH C:\Users\von der Linden\Thumbs.db
2012-08-13 21:41 - 2012-03-24 00:43 - 00000964 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
2012-08-13 20:34 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-13 20:30 - 2012-07-31 09:29 - 00000133 ____A C:\Windows\wininit.ini
2012-08-13 20:29 - 2012-08-13 20:29 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-13 20:28 - 2012-08-13 20:28 - 03879800 ____A (AVG Technologies) C:\Users\von der Linden\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-13 20:28 - 2012-08-13 20:26 - 19140240 ____A (SUPERAntiSpyware.com) C:\Users\von der Linden\Downloads\SUPERAntiSpyware.exe
2012-08-13 09:41 - 2012-03-24 00:43 - 00000942 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
2012-08-13 01:02 - 2012-08-05 00:39 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
2012-08-11 20:43 - 2012-08-11 20:43 - 03550047 ____A (NavNet Solutions ) C:\Users\von der Linden\Downloads\NavNetSetupB443.exe
2012-08-11 20:42 - 2012-08-11 20:42 - 00001042 ____A C:\Users\von der Linden\Desktop\TubEmAll Pro.lnk
2012-08-11 20:41 - 2012-08-11 20:41 - 03001283 ____A C:\Users\von der Linden\Downloads\TubEmAllPro_Setup.exe
2012-08-10 13:51 - 2011-11-22 08:42 - 00618377 ____A C:\Windows\DirectX.log
2012-08-07 08:59 - 2012-08-07 08:59 - 00403496 ____A C:\Users\von der Linden\Desktop\PDHRA.xps
2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller.exe
2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller(1).exe
2012-08-02 22:18 - 2012-08-02 22:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-08-02 22:11 - 2012-08-02 22:06 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\von der Linden\Downloads\Kies_2.3.2.12064_10_1.exe
2012-07-31 08:45 - 2012-07-31 08:45 - 10250182 ____A C:\Users\von der Linden\Desktop\Magarena-1.28.zip
2012-07-30 18:58 - 2012-07-30 14:36 - 00046855 ____N C:\Users\von der Linden\Desktop\Move to Brigade.xfdl
2012-07-28 22:48 - 2012-03-31 00:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-28 22:48 - 2012-03-24 00:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-27 13:35 - 2012-07-27 13:35 - 02977216 ____A C:\Users\von der Linden\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.0.31758.GERI.ZIP
2012-07-21 12:12 - 2012-07-21 12:12 - 43543200 ____A (Plex, Inc.) C:\Users\von der Linden\Downloads\Plex-Media-Center-v0.9.5.3-657a503-en-US.exe
2012-07-19 11:57 - 2012-06-19 07:48 - 00001203 ____A C:\Users\All Users\LMADEscan.log
2012-07-15 13:00 - 2012-07-15 13:00 - 00001370 ____A C:\Users\von der Linden\Desktop\MMH +6 Trainer - Shortcut.lnk
2012-07-12 13:21 - 2012-07-12 13:21 - 11068226 ____A C:\Users\von der Linden\Downloads\H5AI_31.zip
2012-07-11 05:00 - 2012-03-31 13:09 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 09:43 - 2012-06-22 03:50 - 00000528 ____A C:\Windows\SysWOW64\debug.log
2012-07-08 17:30 - 2012-07-08 17:30 - 00001870 ____A C:\Users\von der Linden\Desktop\Yawcam.lnk
2012-07-08 17:29 - 2012-07-08 17:29 - 04640781 ____A (Magnus Lundvall ) C:\Users\von der Linden\Downloads\yawcam_install.exe
2012-07-05 23:02 - 2012-07-05 23:02 - 00001056 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-05 22:59 - 2012-07-05 22:58 - 16574016 ____A (Mozilla) C:\Users\von der Linden\Downloads\Firefox Setup 13.0.exe
2012-07-03 15:46 - 2012-08-13 22:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 10:07 - 2012-07-03 10:07 - 00276856 ____A C:\Windows\Minidump\070312-33134-01.dmp
2012-07-01 15:55 - 2012-07-01 15:55 - 01637016 ____A C:\Users\von der Linden\Downloads\AmazonMP3DownloaderInstall.exe
2012-06-26 20:50 - 2012-06-26 20:46 - 183762944 ____A C:\Users\von der Linden\Downloads\LPS-1.3.5_public.iso
2012-06-26 20:46 - 2012-06-26 20:43 - 15587840 ____A C:\Users\von der Linden\Downloads\ActivClient CAC x64 62050(1).msi
2012-06-26 20:37 - 2012-06-26 20:37 - 00341664 ____A C:\Users\von der Linden\Downloads\InstallRoot_v3.15A.exe
2012-06-26 20:34 - 2012-06-26 20:34 - 01135371 ____A C:\Users\von der Linden\Downloads\HashTabv4.0.0Setup.zip
2012-06-26 20:34 - 2012-06-26 20:33 - 05151066 ____A C:\Users\von der Linden\Downloads\AC_6.2.0.119_x64_FIXS1105002.zip
2012-06-26 18:32 - 2009-07-13 20:45 - 00301712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-26 18:03 - 2012-08-02 22:16 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-06-26 18:02 - 2012-08-02 22:16 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-06-26 18:02 - 2012-06-26 18:02 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-06-26 18:02 - 2012-06-26 18:02 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-06-26 18:02 - 2012-06-26 18:02 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-06-26 18:02 - 2012-06-26 18:02 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-06-26 18:02 - 2012-06-26 18:02 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-06-26 18:02 - 2012-06-26 18:02 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-06-26 18:02 - 2012-06-26 18:02 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-06-26 18:02 - 2012-06-26 18:02 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-06-26 18:02 - 2012-06-26 18:02 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
2012-06-26 18:02 - 2012-06-26 18:02 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-06-26 12:51 - 2012-06-26 12:49 - 32390275 ____A C:\Users\von der Linden\Downloads\ActivClient 6_1 for CAC x64 BN39.zip
2012-06-26 12:50 - 2012-06-26 12:49 - 15587840 ____A C:\Users\von der Linden\Downloads\ActivClient CAC x64 62050.msi
2012-06-26 12:38 - 2012-06-26 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2012-06-25 18:03 - 2012-03-24 00:20 - 00064080 ____A C:\Users\von der Linden\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-25 15:37 - 2012-06-25 15:36 - 71935640 ____A (IBM ) C:\Users\von der Linden\Downloads\Viewer_DSig_3.5.1.333.exe
2012-06-25 15:31 - 2012-06-25 15:31 - 00046523 ____A C:\Users\von der Linden\Downloads\A4187.xfdl
2012-06-25 10:47 - 2012-06-19 11:47 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-17 09:36 - 2012-06-17 09:36 - 00493520 ____A (Facebook Inc.) C:\Users\von der Linden\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-06-14 20:03 - 2012-06-14 20:03 - 02375363 ____A C:\Users\von der Linden\Downloads\Youngin' Alex.rar
2012-06-13 14:45 - 2012-06-13 14:45 - 00276856 ____A C:\Windows\Minidump\061312-8283-01.dmp
2012-06-13 14:01 - 2012-06-13 14:01 - 00276856 ____A C:\Windows\Minidump\061312-8158-01.dmp
2012-06-12 06:43 - 2012-06-12 06:43 - 00276856 ____A C:\Windows\Minidump\061212-8221-01.dmp
2012-06-11 23:37 - 2012-06-11 23:37 - 00276912 ____A C:\Windows\Minidump\061112-9313-01.dmp
2012-06-11 15:50 - 2012-06-11 15:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 15:50 - 2012-06-11 15:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 15:50 - 2012-06-11 15:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 15:50 - 2012-06-11 15:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 15:50 - 2012-06-11 15:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 15:50 - 2012-06-11 15:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 15:49 - 2012-06-11 15:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-12-05 19:17 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-12-05 19:16 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2011-12-05 19:06 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-12-05 18:51 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2011-12-05 18:39 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2011-12-05 18:24 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2011-12-05 18:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:25 - 2011-12-05 18:11 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2011-12-05 18:11 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-12-05 18:11 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-08 12:29 - 2012-06-08 12:29 - 00001899 ____A C:\Users\von der Linden\Desktop - Shortcut.lnk
2012-06-07 18:55 - 2012-06-07 18:55 - 00001265 ____A C:\Users\von der Linden\Desktop\Spybot - Search & Destroy.lnk
2012-06-07 18:53 - 2012-06-07 18:52 - 16409960 ____A (Safer Networking Limited ) C:\Users\von der Linden\Downloads\spybotsd162.exe
2012-06-07 08:19 - 2012-06-07 08:17 - 192432486 ____A C:\Users\von der Linden\Downloads\The Dark Clan - The Dark Clan Hogs The Covers.zip
2012-06-03 23:59 - 2012-08-02 22:17 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 23:59 - 2012-08-02 22:17 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-02 17:19 - 2012-06-08 15:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 17:15 - 2012-06-08 15:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 14:19 - 2012-06-08 15:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 15:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 15:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 15:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 15:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-05-17 18:47 - 2012-06-15 05:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-15 05:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-15 05:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-15 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-15 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-15 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-15 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-15 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-15 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-15 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-15 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-15 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-15 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-15 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-15 05:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-15 05:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-15 05:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-15 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-15 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-15 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-15 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-15 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-15 05:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-15 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-15 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-15 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-15 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-15 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

ZeroAccess:
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\00000004.@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\201d3dde
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000004.@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000008.@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\000000cb.@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000000.@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000032.@
C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8173.21 MB
Available physical RAM: 7343.32 MB
Total Pagefile: 8171.41 MB
Available Pagefile: 7337.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:111.69 GB) (Free:14.05 GB) NTFS
2 Drive d: (von der PC Data) (Fixed) (Total:1863.01 GB) (Free:1462.32 GB) NTFS
4 Drive g: (Movies and Comics) (Fixed) (Total:931.48 GB) (Free:314.61 GB) NTFS
5 Drive h: (VON DER SD) (Removable) (Total:7.65 GB) (Free:1.21 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 Online 931 GB 0 B
Disk 3 Online 7858 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 111 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D von der PC NTFS Partition 1863 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Movies and NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7854 MB 4096 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H VON DER SD FAT32 Removable 7854 MB Healthy

==================================================================================

Last Boot: 2012-08-07 02:05

======================= End Of Log ==========================
 
Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

frst2.jpg


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 22:17:32
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Downloaded Combofix, running it as svchost.exe . During first attempt computer blue screened with error (Stop 0x000000ICOxFFFFFFFFC000005, 0xFFFFF8003777CEA, etc.) Restarted, ran program again, had numerous Corrupt warnings, but program continued. At one point something about PVC, continued, restarted, finished running gave me log. At that point nothing would run on computer, so I restarted.


ComboFix 12-08-14.05 - von der Linden 08/14/2012 22:41:32.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6476 [GMT -10:00]
Running from: c:\users\von der Linden\Desktop\ComboFix.exe
Command switches used :: c:\users\von der Linden\Desktop\svchost.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\von der Linden\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\VONDER~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\00000004.@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\201d3dde
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000004.@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000008.@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\000000cb.@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000000.@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000032.@
c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000064.@
c:\windows\svchost.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
G:\install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 08:49 . 2012-08-15 08:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Malwarebytes
2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 06:54 . 2012-07-03 23:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 06:32 . 2012-08-14 06:32 -------- d-----w- C:\FRST
2012-08-14 06:08 . 2012-08-14 06:47 -------- d-----w- c:\programdata\MFAData
2012-08-14 06:08 . 2012-08-14 06:08 -------- d--h--w- c:\programdata\Common Files
2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-12 19:33 . 2012-08-12 19:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-12 04:53 . 2012-08-12 04:53 -------- d-----w- c:\users\von der Linden\AppData\Local\Navnet_Solutions
2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\NavNetApp
2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\users\von der Linden\AppData\Roaming\NavNet Solutions
2012-08-12 04:42 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\TubEmAll Pro
2012-08-05 08:39 . 2012-08-05 08:39 -------- d-----w- c:\users\von der Linden\AppData\Local\Programs
2012-08-03 06:54 . 2012-08-03 06:54 -------- d-----w- c:\users\von der Linden\AppData\Local\MDG
2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Local\Samsung
2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Samsung
2012-08-03 06:17 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-03 06:17 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-08-03 06:17 . 2010-12-21 05:55 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-08-03 06:16 . 2012-06-27 02:03 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\MarkAny
2012-08-03 06:16 . 2012-06-27 02:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\Samsung
2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\programdata\Samsung
2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1645.tmp
2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1644.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 08:51 . 2012-03-07 17:55 25640 ----a-w- c:\windows\gdrv.sys
2012-07-29 06:48 . 2012-03-31 08:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 06:48 . 2012-03-24 08:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:00 . 2012-03-31 21:09 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-27 02:02 . 2012-06-27 02:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-27 02:02 . 2012-06-27 02:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-27 02:02 . 2012-06-27 02:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-27 02:02 . 2012-06-27 02:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-27 02:02 . 2012-06-27 02:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-27 02:02 . 2012-06-27 02:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-27 02:02 . 2012-06-27 02:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-27 02:02 . 2012-06-27 02:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-27 02:02 . 2012-06-27 02:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-27 02:02 . 2012-06-27 02:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-27 02:02 . 2012-06-27 02:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-27 02:02 . 2012-06-27 02:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-27 02:02 . 2012-06-27 02:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-27 02:02 . 2012-06-27 02:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-27 02:02 . 2012-06-27 02:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-27 02:02 . 2012-06-27 02:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-27 02:02 . 2012-06-27 02:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-27 02:02 . 2012-06-27 02:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-27 02:02 . 2012-06-27 02:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-27 02:02 . 2012-06-27 02:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-27 02:02 . 2012-06-27 02:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-27 02:02 . 2012-06-27 02:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-27 02:02 . 2012-06-27 02:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-18 13:12 . 2012-07-13 00:21 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4932917E-1544-46E0-9D09-7D3F4E9CEDFF}\mpengine.dll
2012-06-11 23:50 . 2012-06-11 23:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 23:50 . 2012-06-11 23:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 23:50 . 2012-06-11 23:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 23:50 . 2012-06-11 23:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 23:50 . 2012-06-11 23:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 23:50 . 2012-06-11 23:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 23:49 . 2012-06-11 23:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-12-06 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2011-12-06 02:39 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2011-12-06 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-12-06 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2011-12-06 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-12-06 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-03 01:19 . 2012-06-08 23:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-03 01:15 . 2012-06-08 23:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:19 . 2012-06-08 23:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-18 02:47 . 2012-06-15 13:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-15 13:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-15 13:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-15 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-15 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-15 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-15 13:00 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-15 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"LMab1err"="c:\program files\Lexmark\ErrorApp\lmab1err.exe" [2011-11-09 644160]
"LMADEmon"="c:\program files (x86)\Lexmark S310 Series\LMADEmon.exe" [2011-11-23 948360]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"MusicManager"="c:\users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-02 90448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-12 641704]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-07 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-06 113120]
R3 RTL8192cu;RNX-MiniN1 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 848384]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-06-04 639512]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
- c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
- c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-05-02 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-05-02 489512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nmd.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\von der Linden\AppData\Roaming\Mozilla\Firefox\Profiles\to0qjij1.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1363eb9cd424bda7|http://us.mg4.mail.yahoo.com/neo/la...w.kongregate.com/games/jmtb02/kongregate-chat
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-(Default) - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0941C58F-E461-4E03-BD7D-44C27392ADE1}"=hex:51,66,7a,6c,4c,1d,38,12,e1,c6,52,
0d,53,aa,6d,0b,c2,6b,07,82,76,cc,e9,f5
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,88,93,86,2f,67,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 09:03
.
Pre-Run: 18,441,523,200 bytes free
Post-Run: 21,070,217,216 bytes free
.
- - End Of File - - 817095A71FBBADA8E04AC4F534E8762F
 
Okay. Not a problem, but please stick with me here...

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Roger. I apologize, I tend to get ahead of myself.

ComboFix 12-08-14.05 - von der Linden 08/15/2012 6:12.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6330 [GMT -10:00]
Running from: c:\users\von der Linden\Desktop\ComboFix.exe
Command switches used :: c:\users\von der Linden\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\von der Linden\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\VONDER~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 16:16 . 2012-08-15 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Malwarebytes
2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 06:54 . 2012-07-03 23:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 06:32 . 2012-08-14 06:32 -------- d-----w- C:\FRST
2012-08-14 06:08 . 2012-08-14 06:47 -------- d-----w- c:\programdata\MFAData
2012-08-14 06:08 . 2012-08-14 06:08 -------- d--h--w- c:\programdata\Common Files
2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-12 19:33 . 2012-08-12 19:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-12 04:53 . 2012-08-12 04:53 -------- d-----w- c:\users\von der Linden\AppData\Local\Navnet_Solutions
2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\NavNetApp
2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\users\von der Linden\AppData\Roaming\NavNet Solutions
2012-08-12 04:42 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\TubEmAll Pro
2012-08-05 08:39 . 2012-08-05 08:39 -------- d-----w- c:\users\von der Linden\AppData\Local\Programs
2012-08-03 06:54 . 2012-08-03 06:54 -------- d-----w- c:\users\von der Linden\AppData\Local\MDG
2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Local\Samsung
2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Samsung
2012-08-03 06:17 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-03 06:17 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-08-03 06:17 . 2010-12-21 05:55 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-08-03 06:16 . 2012-06-27 02:03 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\MarkAny
2012-08-03 06:16 . 2012-06-27 02:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\Samsung
2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\programdata\Samsung
2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1645.tmp
2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1644.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:17 . 2012-03-07 17:55 25640 ----a-w- c:\windows\gdrv.sys
2012-07-29 06:48 . 2012-03-31 08:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 06:48 . 2012-03-24 08:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:00 . 2012-03-31 21:09 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-27 02:02 . 2012-06-27 02:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-27 02:02 . 2012-06-27 02:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-27 02:02 . 2012-06-27 02:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-27 02:02 . 2012-06-27 02:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-27 02:02 . 2012-06-27 02:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-27 02:02 . 2012-06-27 02:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-27 02:02 . 2012-06-27 02:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-27 02:02 . 2012-06-27 02:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-27 02:02 . 2012-06-27 02:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-27 02:02 . 2012-06-27 02:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-27 02:02 . 2012-06-27 02:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-27 02:02 . 2012-06-27 02:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-27 02:02 . 2012-06-27 02:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-27 02:02 . 2012-06-27 02:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-27 02:02 . 2012-06-27 02:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-27 02:02 . 2012-06-27 02:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-27 02:02 . 2012-06-27 02:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-27 02:02 . 2012-06-27 02:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-27 02:02 . 2012-06-27 02:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-27 02:02 . 2012-06-27 02:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-27 02:02 . 2012-06-27 02:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-27 02:02 . 2012-06-27 02:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-27 02:02 . 2012-06-27 02:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-18 13:12 . 2012-07-13 00:21 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4932917E-1544-46E0-9D09-7D3F4E9CEDFF}\mpengine.dll
2012-06-11 23:50 . 2012-06-11 23:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 23:50 . 2012-06-11 23:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 23:50 . 2012-06-11 23:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 23:50 . 2012-06-11 23:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 23:50 . 2012-06-11 23:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 23:50 . 2012-06-11 23:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 23:49 . 2012-06-11 23:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-12-06 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2011-12-06 02:39 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2011-12-06 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-12-06 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2011-12-06 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-12-06 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-03 01:19 . 2012-06-08 23:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-03 01:15 . 2012-06-08 23:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:19 . 2012-06-08 23:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-18 02:47 . 2012-06-15 13:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-15 13:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-15 13:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-15 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-15 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-15 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-15 13:00 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-15 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_08.51.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-20 13:43 . 2012-08-15 12:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-07-20 13:43 . 2012-08-15 08:36 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-08-15 09:07 43082 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-15 09:07 40026 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-08-12 13:00 . 2012-04-09 19:32 15264 c:\windows\SoftwareDistribution\Download\Install\mpsyschk.exe
+ 2012-03-24 08:37 . 2012-08-15 09:07 3974 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3109839055-431102336-2772829462-1001_UserData.bin
- 2012-08-15 08:51 . 2012-08-15 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 16:17 . 2012-08-15 16:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-20 13:43 . 2012-08-15 16:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-20 13:43 . 2012-08-15 08:40 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-08-15 05:11 . 2012-08-15 08:40 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-15 05:11 . 2012-08-15 16:10 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-08-15 09:11 300994 c:\windows\system32\perfc009.dat
+ 2012-03-07 17:54 . 2012-08-15 16:16 938344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-07 17:54 . 2012-08-15 08:50 938344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-15 08:50 263528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-15 16:16 263528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-08-15 09:11 1180112 c:\windows\system32\perfh009.dat
+ 2009-07-14 04:54 . 2012-08-15 16:10 14434304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 08:40 14434304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 16:10 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 08:40 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-24 14:20 . 2012-08-15 16:16 32005248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3109839055-431102336-2772829462-1001-8192.dat
+ 2012-07-26 20:01 . 2012-08-15 16:16 11152056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-07-26 20:01 . 2012-08-15 08:50 11152056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"LMab1err"="c:\program files\Lexmark\ErrorApp\lmab1err.exe" [2011-11-09 644160]
"LMADEmon"="c:\program files (x86)\Lexmark S310 Series\LMADEmon.exe" [2011-11-23 948360]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"MusicManager"="c:\users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-02 90448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-12 641704]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-07 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-06 113120]
R3 RTL8192cu;RNX-MiniN1 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 848384]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-06-04 639512]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
- c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
- c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-05-02 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-05-02 489512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nmd.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\von der Linden\AppData\Roaming\Mozilla\Firefox\Profiles\to0qjij1.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1363eb9cd424bda7|http://us.mg4.mail.yahoo.com/neo/la...w.kongregate.com/games/jmtb02/kongregate-chat
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0941C58F-E461-4E03-BD7D-44C27392ADE1}"=hex:51,66,7a,6c,4c,1d,38,12,e1,c6,52,
0d,53,aa,6d,0b,c2,6b,07,82,76,cc,e9,f5
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,88,93,86,2f,67,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-08-15 06:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 16:54
ComboFix2.txt 2012-08-15 09:04
.
Pre-Run: 19,520,270,336 bytes free
Post-Run: 20,239,179,776 bytes free
.
- - End Of File - - 3FE0639A411093773FF3E5C4EE0C96DC
 
TDSSKiller

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

aswMBR

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
Okay. Done and done.


TDSS LOG IS ATTACHED

ASW LOG

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 22:47:13
-----------------------------
22:47:13.976 OS Version: Windows x64 6.1.7601 Service Pack 1
22:47:13.976 Number of processors: 8 586 0x102
22:47:13.976 ComputerName: VONDERLINDENPC UserName: von der Linden
22:47:14.210 Initialize success
22:48:14.108 AVAST engine defs: 12081503
22:48:53.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
22:48:53.560 Disk 0 Vendor: ADATA_SS 3.3. Size: 114473MB BusType: 11
22:48:53.576 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
22:48:53.576 Disk 1 Vendor: Hitachi_ MN6O Size: 1907729MB BusType: 11
22:48:53.576 Disk 0 MBR read successfully
22:48:53.592 Disk 0 MBR scan
22:48:53.592 Disk 0 Windows 7 default MBR code
22:48:53.592 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:48:53.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
22:48:53.623 Disk 0 scanning C:\Windows\system32\drivers
22:48:55.869 Service scanning
22:49:01.626 Modules scanning
22:49:01.641 Disk 0 trace - called modules:
22:49:01.641 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
22:49:01.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006e58790]
22:49:01.657 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8006b25040]
22:49:01.672 5 amdxata.sys[fffff880010e87a8] -> nt!IofCallDriver -> [0xfffffa8006b0ae40]
22:49:01.672 7 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006c309c0]
22:49:01.906 AVAST engine scan C:\Windows
22:49:02.608 AVAST engine scan C:\Windows\system32
22:49:58.224 AVAST engine scan C:\Windows\system32\drivers
22:50:01.000 AVAST engine scan C:\Users\von der Linden
22:50:30.484 AVAST engine scan C:\ProgramData
22:50:34.556 Scan finished successfully
22:52:03.195 Disk 0 MBR has been saved successfully to "C:\Users\von der Linden\Desktop\MBR.dat"
22:52:03.211 The log file has been saved successfully to "C:\Users\von der Linden\Desktop\aswMBR.txt"
 

Attachments

  • TDSSKiller.2.8.6.0_15.08.2012_22.41.51_log.txt
    139.2 KB · Views: 1
Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
 
Switching things up? Usually you're on quite a bit later.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
von der Linden :: VONDERLINDENPC [administrator]

8/16/2012 1:19:23 PM
mbam-log-2012-08-16 (13-19-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198453
Time elapsed: 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
New log from ComboFix

I would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop, and double-click on it. Once it finishes running, post the new log.
 
I had a helluva time finishing this ComboFix run. It went through normally, but then when it restarted my computer was going slow as molasses.The combofix window did a cascade across the desktop, and when I tried to restart it wouldn't... I finally restarted into safe mode and it worked there.

And this log was too big so it's attached.
 

Attachments

  • ComboFixLog081812.txt
    57.4 KB · Views: 1
And now... I can't start iTunes, trying to start Steam tells me it's already running in another Windows session. My computer is running much, much slower than it ever has, trying to restart the computer takes twenty minutes...
 
Sorry to hear you had trouble with that.

Please click Start > Run, type in CMD and hit Enter.

Run the following command exactly:

takeown /f "C:\Program Files (x86)\iTunes" /r /d y

and hit Enter.

After that, exit Command Prompt if successful and test iTunes.
 
So I tried that, but it told me ERROR: The current logged on user does not have ownership privileges on the file (or folder) "C:\Program Files (x86)\iTunes".

But that's sort of irrelevant because when I woke up iTunes was open. And I could open/close it at will? Wow this is frustrating. And now I can restart/shut down/run all of my programs at normal speed. WTF?
 
That's okay. Let's move along...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
So... the first time I ran the ESET scan, it found like 23 malicious files, but the program uninstalled itself after use and I was unable to find a log. So I restarted the computer and reran it...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c6f98c6253b3b64dbf6dfb70aca00054
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 01:08:43
# local_time=2012-08-18 03:08:43 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 96837618 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=267628
# found=0
# cleaned=0
# scan_time=1154
 
Once again do the following:

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
 
I started getting some BSODs that indicated I needed upgrade my BIOS. I did that and then Windows refused to reboot, even if I flashed back to the original BIOS, or used other restore points. So I reinstalled Windows. I didn't format the drive and then reinstall, so if you think I should rescan the system I'm willing to go ahead and continue to follow your lead.

If you think I'm good, well, you're the guy with the knowledge. Either way, I dropped a donation into the pot to thank you for your help.
 
If you don't explaining what I was actually doing, I'd love to hear it, but other than that nope. Thank you VERY much.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back