Smitfraud Is Ruining My Life [Archive] - Safer-Networking Forums

View Full Version : Smitfraud Is Ruining My Life

Uptothehilt

2012-07-07, 21:56

I installed Spybot a few months ago in order to fix some issues I've been having with my computer, and I thought that it was doing its job. However, I found that Smitfraud C Generic just wouldn't be removed, even when I tried to remove it as an administrator, nothing happened. I've been having so many redirection issues, improper shutdowns, etc, and I need help before my computer goes kaput.

Here's my log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Kittyface at 15:04:28 on 2012-07-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.592 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe
C:\Windows\TEMP\0_2u_l.exe
C:\Windows\TEMP\0_3u_l.exe
C:\Windows\TEMP\azmsjrllndsbpr.exe
C:\Windows\system32\taskeng.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\ProgramData\GmBQcg3q.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\GmBQcg3q.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\TEMP\0_1u_l.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CodecC Class: {523f1dff-2417-4466-8329-91877ff40ef5} - C:\ProgramData\CodecC\bhoclass.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Azkiy] C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe
uRunOnce: [SpybotDeletingB7069] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD9149] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce: [SpybotDeletingA761] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC2679] cmd.exe /c del "C:\Windows\svchost.exe_old"
dRun: [AMService] C:\Windows\TEMP\lzfbotyonkroojyvfr.exe
StartupFolder: C:\Users\KITTYF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\KITTYF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\KITTYF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\L'OPEN~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\dplaysvr.lnk - C:\Users\Kittyface\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\035324430313936303839363 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\63A5949523 : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\649676575696275646F602E45647 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\D4244514F575966496F534162703234383F524F687D2038383 : DhcpNameServer = 192.168.100.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CodecC Class: {523F1DFF-2417-4466-8329-91877FF40EF5} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce-x64: [SpybotDeletingA761] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC2679] cmd.exe /c del "C:\Windows\svchost.exe_old"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kittyface\AppData\Roaming\Mozilla\Firefox\Profiles\498s56h0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111002&q=
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-30 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AMService;AMService;C:\Windows\TEMP\0_2u_l.exe run --> C:\Windows\TEMP\0_2u_l.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy2\SDWinSec.exe [2012-4-20 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-22 257224]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-07 19:04:33 86016 ----a-w- C:\ProgramData\GmBQcg3q.exe
2012-07-07 00:52:53 86016 ----a-w- C:\ProgramData\GmBQcg3q.exe_
2012-07-07 00:52:46 -------- d-----w- C:\Users\Kittyface\AppData\Roaming\Reib
2012-07-07 00:52:46 -------- d-----w- C:\Users\Kittyface\AppData\Roaming\Piuvbe
2012-07-07 00:52:46 -------- d-----w- C:\Users\Kittyface\AppData\Roaming\Izhif
2012-06-29 02:00:28 -------- d-----w- C:\Program Files (x86)\Audacity
2012-06-23 03:10:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-09 15:39:15 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6D85C7-F179-4706-A398-2219386DFF76}\mpengine.dll
.
==================== Find3M ====================
.
2012-06-23 03:10:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 15:07:06.25 ===============

If someone can help me I will have their baby. :thanks:

maxi

2012-07-07, 23:27

Welcome to Safer Networking. I am maxi, and I will be helping you out with your malware problems.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

Note:
As I am currently still in training, everything that I post to you must be first checked by my teacher. This may add a tiny delay between replies so please be patient :)

Could you please post the attach.txt, You may have to run DDS again to get this if you have not saved it.

Regards maxi :)

Uptothehilt

2012-07-08, 02:40

Thanks for posting so quickly.
Here's the .txt file. I happened to save it.

maxi

2012-07-09, 12:35

Hi Uptothehilt :)

I'm sorry to tell you that I have bad news for you. You are infected with a Rootkit called Zeroaccess, this infection can prove difficult to remove. We can attempt to fix it but depending on how much damage has already been done, you may have no other choice other than to reformat.You can read more below.

Rootkit

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia (http://en.wikipedia.org/wiki/Rootkit)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should do a reformat and reinstallation of my OS (http://www.dslreports.com/faq/10063)
How to backup your files in Windows XP (http://support.microsoft.com/kb/308422)
How to backup your files in Windows Vista/Windows 7 (http://www.microsoft.com/athome/setup/backupdata.aspx)

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

Regards maxi

Uptothehilt

2012-07-09, 16:37

Thanks Maxi,
I knew it wasn't going to be good news, but I was hoping for an easier fix than this.
I'm going to back up my files and do everything you suggested in regard to switching passwords.
I'd like to try and clean up the machine first before resorting to more drastic measures. If you could assist me with this I would greatly appreciate it.

maxi

2012-07-10, 10:22

Hi Uptothehilt,

Its 100% that your problems arose from not having an Antivirus program coupled with the fact that you are using P2P programs (Utorrent)

Create a System Restore Point

Right-click on the Computer icon and select Properties.
In the left pane under Tasks ... click on System protection.
If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
Select the System Protection tab ...then choose Create.
In the System Restore dialog box, type a description for the restore point ... click Create, again.
A window will pop up with "The Restore Point was created successfully" confirmation message.
Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Step 1
No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.

avast! 6 Home Edition (http://www.avast.com/index) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) - Free and provides real-time protection for your home PC.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Step 2
Remove P2P Programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=1109&postcount=1) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Click on Start > All programs > Accessories > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Uninstall the programs listed above (in red) and any other P2P you have installed NOW. Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Step 3
Download and Run ComboFix

Please download ComboFix from the following link.

Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please disable any Antivirus and Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click on ComboFix.exe and follow the prompts.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use!
ComboFix SHOULD NOT be used unless requested by a forum helper.

In your next reply please include
The ComboFix logfile.
Note down anything that avast flags and post in your next reply.
Any problems you had with my instructions.

Regards maxi :)

Uptothehilt

2012-07-10, 17:22

Thanks Maxi, I'll try doing that and let you know how it turns out.
I did actually have Avast installed previously, but it didn't seem to be very effective and I believe the virus occured while I had it.
It was most likely the Utorrent that caused the problem. The more pressing issue was that I needed to attend to the viruses and now I know exactly what to do.

Uptothehilt

2012-07-11, 15:47

Update: I tried running Combofix a couple of times but each trial only resulted in being blue screened.

Uptothehilt

2012-07-12, 02:08

I've now had an even more serious problem. All of my programs have disappeared. I backed up my important files so that's not a huge concern, but I can't seem to get the operating system to reset.

maxi

2012-07-12, 10:48

Hi Uptothehilt :)

Ok you need to slow down and not make any changes to your system until I ask you to.

Did you manage to create a Restore Point ?, Install an Antivirus ?, Remove Utorrent ?

Did you receive any errors from ComboFix or from the Bluescreen ? How far did it get ? Was a log produced ? If it was produced it would be located at C:\ComboFix.txt

I've now had an even more serious problem. All of my programs have disappeared. I backed up my important files so that's not a huge concern, but I can't seem to get the operating system to reset.
When did this happen ? What was going on at the time ? Is it the same user account you were using before ? Are the programs missing from the "start menu" or Control Panels installed programs list.

What do you mean by "system to reset" ?

Step 1
Please download Unhide.exe (http://download.bleepingcomputer.com/grinler/unhide.exe) and save it to your Desktop.

Right-click on the Unhide.exe and select " Run as administrator " to run it.
This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Please note that this will unhide files that are purposely hidden.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.

Step 2
Please download and run the following program, install it and run it. Then try to run Combofix straight after its finished.

Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your programs.
Right click on RogueKiller.exe and select " Run as administrator " to run it.
If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.

If Combofix still does not run you can try to run it from Safemode: Here's how

Boot into Safe Mode
Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Then try to run ComboFix again.

In your next reply please include:
The Unhide.exe log.
The Roguekiller log.
The ComboFix log.
The Answer to my questions.
A detailed list of any errors you receive.

Regards maxi :)

Uptothehilt

2012-07-14, 03:56

I did save a restore point and I uninstalled Utorrent, but when it got to the point that the computer needed to restart, it wouldn't complete. It was under my usual login, and the problems started right after the Combofix began installing. After that my programs began to vanish from the start menu and the desktop and now just the recycling bin is still visible. Since I can't access the internet from that computer I'm going to try getting the other programs from another laptop and place them on my flash drive. I think that should answer all of the questions that you asked.

Uptothehilt

2012-07-14, 03:58

Except for this one. What I meant was that I made a desperate attempt to return the laptop back to factory settings, but that failed to execute as well.

maxi

2012-07-14, 19:07

Hi Uptothehilt :) I'm sorry about all the questions but I need the answers to be able to advise you properly.

If you are feeling like this is too much for you, you still have the option of reformatting like we discussed earlier.

Did you manage to install an Anti-virus ?
What errors if any did you recieve when trying to run ComboFix ?
Did Combofix produce a log ?
Did the machine reboot after using ComboFix ?

Can you check to see if your programs are still there. Click Start then Computer then Double click your C drive and look in the Program files folder. Is it empty ?

Please let us know when you have transferred and ran those programs.

Regards maxi :)

Uptothehilt

2012-07-14, 20:51

I couldn't install a new anti-virus, but I just ran Unhide exe. and I'll copy in the log after I finish answering your questions. Combofix didn't produce a log, it didn't even finish installing, and that was when all the trouble began. It also couldn't reboot after that so I had to manually shut it down. The good news is that after running Unhide all of my programs are visible again.

It's no big deal about all the questions, you're just trying to do your job. I'd rather have to give you long answers and have everything squared away than have to keep looking for more solutions.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 07/14/2012 01:37:48 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 401127 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 95 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 707 files processed.

Restoring the Start Menu.
* 270 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyComputer was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/14/2012 02:37:43 PM
Execution time: 0 hours(s), 59 minute(s), and 56 seconds(s)

Going to try and install an anti-virus and if I can't, I'll try the RogueKiller and see what that does for me.

Uptothehilt

2012-07-14, 21:13

Here's the RogueKiller log. I'm working on installing Microsoft Security Essentials Right now and then I'm, going to run Combofix again.

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Kittyface [Admin rights]
Mode: Scan -- Date: 07/14/2012 15:02:25

¤¤¤ Bad processes: 11 ¤¤¤
[WINDOW : Data Recovery] 0fC5FdpVgSTuXu.exe -- C:\ProgramData\0fC5FdpVgSTuXu.exe -> KILLED [TermProc]
[SUSP PATH] svcs.exe -- C:\Windows\svcs.exe -> KILLED [TermProc]
[SUSP PATH] alMYDcntFAxlfok.exe -- C:\ProgramData\alMYDcntFAxlfok.exe -> KILLED [TermProc]
[SUSP PATH] ilaqb.exe -- C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 227 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : alMYDcntFAxlfok.exe (C:\ProgramData\alMYDcntFAxlfok.exe) -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

Uptothehilt

2012-07-15, 01:37

Got the antivirus up and running.

Uptothehilt

2012-07-15, 04:35

Annnnd here's the Combofix log.

ComboFix 12-07-10.01 - Kittyface 07/14/2012 19:46:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1605 [GMT -4:00]
Running from: c:\users\Kittyface\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\5AC7\5FBD.tmp
c:\program files (x86)\LP\5AC7\DD24.tmp
c:\program files (x86)\LP\5AC7\FB23.tmp
c:\programdata\0fC5FdpVgSTuXu
c:\programdata\b880052
c:\users\Kittyface\AppData\Roaming\Akot
c:\users\Kittyface\AppData\Roaming\Allo
c:\users\Kittyface\AppData\Roaming\Allo\epylo.puo
c:\users\Kittyface\AppData\Roaming\ba11af2b
c:\users\Kittyface\AppData\Roaming\Dibyiq
c:\users\Kittyface\AppData\Roaming\Emliru
c:\users\Kittyface\AppData\Roaming\Emliru\xuybe.isu
c:\users\Kittyface\AppData\Roaming\Ikahal
c:\users\Kittyface\AppData\Roaming\Ikahal\ydmei.evq
c:\users\Kittyface\AppData\Roaming\Kaexsa
c:\users\Kittyface\AppData\Roaming\Kaexsa\okgyh.taa
c:\users\Kittyface\AppData\Roaming\Kiykn
c:\users\Kittyface\AppData\Roaming\Onup
c:\users\Kittyface\AppData\Roaming\Onup\ykiry.gya
c:\users\Kittyface\AppData\Roaming\Piuvbe
c:\users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe
c:\users\Kittyface\AppData\Roaming\Sibiiv
c:\users\Kittyface\AppData\Roaming\Sibiiv\tudep.ylh
c:\users\Kittyface\AppData\Roaming\Wasap
c:\users\Kittyface\AppData\Roaming\Wasap\ixuh.erm
c:\users\Kittyface\AppData\Roaming\Woint
c:\users\Kittyface\AppData\Roaming\Xiorfo
c:\users\Kittyface\AppData\Roaming\Xiorfo\atku.mav
c:\users\Kittyface\AppData\Roaming\Ypvew
c:\users\Kittyface\AppData\Roaming\Ypvew\tyik.ecq
c:\users\Kittyface\AppData\Roaming\Zuxiyh
c:\users\Kittyface\AppData\Roaming\Zuxiyh\haobk.syw
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-14 23:56 . 2012-07-14 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 23:17 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44D20BAB-B0D6-4213-B1EA-4DCB2DBF31F3}\mpengine.dll
2012-07-14 22:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-14 22:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-14 22:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-14 22:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-14 22:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-14 22:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-14 22:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-14 22:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-14 22:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-14 22:12 . 2012-07-14 22:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A49E6166-9624-4A45-9CCC-0474147846D3}\gapaengine.dll
2012-07-14 22:12 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-14 21:07 . 2012-07-14 21:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-14 21:06 . 2012-07-14 21:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 21:06 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-11 23:40 . 2012-07-14 23:48 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Qeum
2012-07-10 01:30 . 2012-07-11 22:20 -------- d--h--w- c:\users\Kittyface\AppData\Local\{7A9C7343-CA2E-11E1-8270-B8AC6F996F26}
2012-07-07 18:52 . 2012-07-07 19:57 238080 ----a-w- c:\windows\svcs.exe
2012-07-07 00:52 . 2012-07-14 18:51 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Reib
2012-07-07 00:52 . 2012-07-07 00:52 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Izhif
2012-06-29 11:40 . 2012-07-11 22:20 -------- d--h--w- c:\users\Kittyface\AppData\Roaming\Audacity
2012-06-29 02:00 . 2012-06-29 02:00 -------- d-----w- c:\program files (x86)\Audacity
2012-06-23 03:10 . 2012-06-23 03:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 03:10 . 2012-06-23 12:36 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 03:10 . 2011-10-01 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 05:41 . 2012-06-09 15:39 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6D85C7-F179-4706-A398-2219386DFF76}\mpengine.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{523F1DFF-2417-4466-8329-91877FF40EF5}]
2012-03-25 19:23 141312 ----a-w- c:\programdata\CodecC\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-06-23 686280]
.
c:\users\Kittyface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
L'OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
dplaysvr.lnk - c:\users\Kittyface\AppData\Local\dplaysvr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ojclbfgs;ojclbfgs;c:\windows\system32\drivers\ojclbfgs.sys [x]
R1 otcqmrmj;otcqmrmj;c:\windows\system32\drivers\otcqmrmj.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy2\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 03:10]
.
2012-07-05 c:\windows\Tasks\HPCeeScheduleForKittyface.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF9063.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Kittyface\AppData\Roaming\Mozilla\Firefox\Profiles\498s56h0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111002&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.

maxi

2012-07-15, 10:25

Hi :) You did well- I'll be back later today with further instructions, so leave it as it is for now.

Regards maxi :)

maxi

2012-07-16, 13:31

Hi Uptothehilt :)

The end of both the ComboFix and Roguekiller logs are missing. Could you check to see if the full logs are saved to your computer and post them if they are please.

RKreport[1].txt, Should be on your desktop. If not you may have to run it again to get a log.

ComboFix will be located at C:\comboFix.txt

Regards maxi

Uptothehilt

2012-07-16, 19:50

Here's the RogueKiller:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Kittyface [Admin rights]
Mode: Scan -- Date: 07/14/2012 15:02:25

¤¤¤ Bad processes: 11 ¤¤¤
[WINDOW : Data Recovery] 0fC5FdpVgSTuXu.exe -- C:\ProgramData\0fC5FdpVgSTuXu.exe -> KILLED [TermProc]
[SUSP PATH] svcs.exe -- C:\Windows\svcs.exe -> KILLED [TermProc]
[SUSP PATH] alMYDcntFAxlfok.exe -- C:\ProgramData\alMYDcntFAxlfok.exe -> KILLED [TermProc]
[SUSP PATH] ilaqb.exe -- C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]
[SUSP PATH] GmBQcg3q.exe -- C:\ProgramData\GmBQcg3q.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 227 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\weiplhyp.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Microsoft\esevpji.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : Azkiy (C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : msisc (rundll32.exe "C:\Windows\TEMP\msisc.dll",FIsHTMLFile) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-841216468-2129947070-637777069-1000[...]\Run : sechg ("C:\Windows\System32\rundll32.exe" "C:\Users\Kittyface\AppData\Roaming\sechg.dll",ComputeTangent) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : AMService (C:\Windows\TEMP\lzfbotyonkroojyvfr.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : alMYDcntFAxlfok.exe (C:\ProgramData\alMYDcntFAxlfok.exe) -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At49.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At50.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At51.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At52.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At53.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At54.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At55.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At56.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At57.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At58.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At59.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At60.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At61.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At62.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At63.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At64.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At65.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At66.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At67.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At68.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At69.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At70.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At71.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At72.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At73.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At74.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At75.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At76.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At77.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At78.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At79.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At80.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At81.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At82.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At83.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At84.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At85.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At86.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At87.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At88.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At89.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\GmBQcg3q.exe -> FOUND
[SUSP PATH] At90.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At91.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At92.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At93.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At94.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At95.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[SUSP PATH] At96.job @ : C:\ProgramData\GmBQcg3q.exe_ -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Rogue.FakeHDD|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
94.63.147.17 www.bing.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] 71f7c9ae3e99cc16256e0415ac4cf35d
[BSP] 04f0c28bb4af7a69c1d39e18b3c578f2 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288213 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590669824 | Size: 16728 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bd84027182eb3fed43cf3582a73923a9
[BSP] 9cacbabd776791cd60555b7192e1e299 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69632 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143015936 | Size: 400 Mo

+++++ PhysicalDrive1: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] 0958af1e2f099e3a3792bed98e1dae63
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7628 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

And the Combofix will be along soon. I have to run it again to get the log.

Uptothehilt

2012-07-16, 21:00

ComboFix 12-07-10.01 - Kittyface 07/16/2012 13:54:49.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1725 [GMT -4:00]
Running from: c:\users\Kittyface\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\windows\svchost.exe
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
2012-07-16 18:06 . 2012-07-16 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 18:06 . 2012-07-16 18:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-16 17:49 . 2012-07-16 17:49 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-16 17:49 . 2012-07-16 17:49 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-16 01:47 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-16 01:47 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-16 01:32 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-16 01:32 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-16 00:58 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C11B3AB3-206E-4781-9A83-88138CFDFB8D}\mpengine.dll
2012-07-15 17:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-15 17:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-15 17:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-15 17:08 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-15 17:08 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-15 17:08 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-15 17:08 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-15 16:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-15 16:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-15 16:45 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-15 16:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-14 23:17 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-14 22:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-14 22:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-14 22:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-14 22:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-14 22:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-14 22:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-14 22:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-14 22:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-14 22:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-14 22:12 . 2012-07-14 22:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A49E6166-9624-4A45-9CCC-0474147846D3}\gapaengine.dll
2012-07-14 21:07 . 2012-07-14 21:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-14 21:06 . 2012-07-14 21:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 21:06 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-11 23:40 . 2012-07-14 23:48 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Qeum
2012-07-10 01:30 . 2012-07-11 22:20 -------- d-----w- c:\users\Kittyface\AppData\Local\{7A9C7343-CA2E-11E1-8270-B8AC6F996F26}
2012-07-07 18:52 . 2012-07-07 19:57 238080 ----a-w- c:\windows\svcs.exe
2012-07-07 00:52 . 2012-07-14 18:51 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Reib
2012-07-07 00:52 . 2012-07-07 00:52 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Izhif
2012-06-29 11:40 . 2012-07-11 22:20 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Audacity
2012-06-29 02:00 . 2012-06-29 02:00 -------- d-----w- c:\program files (x86)\Audacity
2012-06-23 03:10 . 2012-06-23 03:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 03:10 . 2012-06-23 12:36 -------- d-----w- c:\windows\system32\Macromed
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-06-23 03:10 . 2011-10-01 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 05:41 . 2012-06-09 15:39 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6D85C7-F179-4706-A398-2219386DFF76}\mpengine.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
((((((((((((((((((((((((((((( SnapShot@2012-07-15_02.03.14 )))))))))))))))))))))))))))))))))))))))))
- 2012-01-21 02:31 . 2012-07-14 17:35 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-21 02:31 . 2012-07-16 17:52 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-16 07:07 . 2012-07-16 18:20 14760 c:\windows\SoftwareDistribution\PostRebootEventCache\{9052DD2C-0698-48D1-B127-50414DEE6C19}.bin
+ 2009-07-14 04:46 . 2012-07-16 00:13 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-15 18:01 . 2011-12-15 18:01 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-21 08:05 . 2012-01-21 08:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-21 08:04 . 2012-01-21 08:04 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f3a9c6e87bfa4bab3689ec1cdb56964f\System.Windows.Presentation.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9b418f37f4594806e1f4b0ed6d083a95\System.Web.ApplicationServices.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-07-16 18:12 . 2012-07-16 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-15 00:59 . 2012-07-15 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-15 00:59 . 2012-07-15 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-16 18:12 . 2012-07-16 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-16 17:14 . 2012-07-16 17:14 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
- 2012-01-10 00:25 . 2012-07-15 02:02 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-10 00:25 . 2012-07-16 18:12 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-09-30 04:20 . 2012-07-15 01:06 114688 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 04:20 . 2012-07-16 17:04 114688 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-30 04:20 . 2012-07-15 01:06 196608 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-30 04:20 . 2012-07-16 17:04 196608 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-07-14 23:58 383040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-16 18:09 383040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-30 05:55 . 2012-07-14 23:58 765800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841216468-2129947070-637777069-1000-8192.dat
+ 2011-09-30 05:55 . 2012-07-16 18:09 765800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841216468-2129947070-637777069-1000-8192.dat
+ 2011-12-15 18:01 . 2011-12-15 18:01 226600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 829280 c:\windows

Uptothehilt

2012-07-16, 21:06

\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-21 08:04 . 2012-01-21 08:04 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-21 08:04 . 2012-01-21 08:04 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\1b5e507.msi
+ 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\1b5e500.msi
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_X86.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 225640 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_AMD64.dll
+ 2012-07-16 17:15 . 2012-07-16 17:15 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\7a9f70fa774076a7ec19bc03e7064d0d\UIAutomationClient.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
+ 2012-07-16 07:39 . 2012-07-16 07:39 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd25ddcfa0417d40e3f1385e30abcd6f\System.Net.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\08397796343d5730a29f42e61c7f6ee7\System.Management.Instrumentation.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ff1250d2409bd16283c423650d6fd3f6\System.IO.Log.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\e60675d3ba7fa94924489dc8466ebff5\System.IdentityModel.Selectors.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a9b1e597aaa263dea2cf8754440bd271\System.Dynamic.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e41e86da56bb60523251e0e08210a77b\System.DirectoryServices.Protocols.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94d45f7f28d81304d7fa83bcea849141\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4c50d8a951546d6dffdc8bcb23f47a7b\System.Device.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\877ef74350e6d374ca8f80b489a8cc8e\System.ComponentModel.Composition.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4330e93f9d0ef85f1a972e11c2ac5156\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0c67d9fc14856eb7d8b4e405aef79960\System.AddIn.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b046f2d5f056b906d7b25b75ca23575\System.Activities.DurableInstancing.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\4847f66153121ec4ed532909f7c152be\SMSvcHost.ni.exe
+ 2012-07-16 17:12 . 2012-07-16 17:12 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
+ 2012-07-16 08:24 . 2012-07-16 08:24 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef6e3eb351fe12a5766be7c956c35d95\PresentationFramework.Classic.ni.dll
+ 2012-07-16 08:24 . 2012-07-16 08:24 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e49a124fdad0f1db135f03a49f18fb48\PresentationFramework.Royale.ni.dll
+ 2012-07-16 08:24 . 2012-07-16 08:24 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
+ 2012-07-16 08:24 . 2012-07-16 08:24 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cb90e8f4f8a6b23eb9f56c7e2e866bcf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\01c5ff7a1ea0463414736df5d449e0a9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
- 2009-07-14 04:45 . 2012-07-14 23:22 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-16 00:13 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:52 . 2012-01-19 17:52 3825952 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1512712 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-07-16 08:28 . 2012-07-16 08:29 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-07-16 08:29 . 2012-07-16 08:29 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-21 08:05 . 2012-01-21 08:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-07-16 08:28 . 2012-07-16 08:28 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-23 02:46 . 2012-04-23 02:46 1187328 c:\windows\Installer\1b5e4f9.msp
+ 2012-03-15 18:26 . 2012-03-15 18:26 4212736 c:\windows\Installer\1b5e4e3.msp
+ 2011-04-16 12:44 . 2011-04-16 12:44 2770944 c:\windows\Installer\1818494.msi
+ 2011-04-16 04:14 . 2011-04-16 04:14 3186176 c:\windows\Installer\1818477.msi
+ 2012-07-16 08:30 . 2012-07-16 08:30 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\24ed0e1df6a605cdb2088f87ae2ab8ff\UIAutomationClientsideProviders.ni.dll
+ 2012-07-16 07:39 . 2012-07-16 07:39 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f368c85283c4e6c9650dd1c8d369dcc5\System.Speech.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
+ 2012-07-16 08:30 . 2012-07-16 08:30 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0fe1e56d17858b6156a3a46330f75f27\System.DirectoryServices.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 2550272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\fdb98c6d783fe167c1dc0022f27b7cd6\System.Data.SqlXml.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b894a1df3e6d58ada8f1aa303465ca23\System.Data.Services.Client.ni.dll
+ 2012-07-16 07:41 . 2012-07-16 07:41 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\82c0c56ff8259e1440cfd0d5727a26d8\System.Data.Linq.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 7069184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\51025a1c89f6fd752a5396a059d608b2\System.Activities.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\66893548d2b2cad29cabf3b3578f356f\System.Activities.Core.Presentation.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-07-16 17:12 . 2012-07-16 17:12 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42a7f127f3fda82fb12c6a6e144d08c1\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\40e4b755f030a61f0b2e729258fc6d2a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-07-16 17:11 . 2012-07-16 17:11 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9a37f4e64ce5b856ac3892fef064c7de\Microsoft.Transactions.Bridge.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\cfcc92c125ddfaabad24abe61cfc0471\Microsoft.JScript.ni.dll
+ 2012-07-16 07:40 . 2012-07-16 07:40 1616896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9912b6d76c1017b5af6ef24730f550ca\Microsoft.CSharp.ni.dll
+ 2012-01-19 18:20 . 2012-01-19 18:20 11997696 c:\windows\Installer\1b5e4f0.msp
+ 2011-12-15 18:54 . 2011-12-15 18:54 39732736 c:\windows\Installer\18184db.msp
+ 2012-07-16 07:25 . 2012-07-16 07:25 53217792 c:\windows\Installer\18184b8.msp
+ 2011-11-22 04:42 . 2011-11-22 04:42 33189888 c:\windows\Installer\18184a9.msp
+ 2012-07-16 07:38 . 2012-07-16 07:38 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\935aea6e7eae16674abdd96a68ec97af\System.ni.dll
+ 2012-07-16 07:37 . 2012-07-16 07:37 19353600 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\6087fce8f76d9af69af496cb10b7d1ee\mscorlib.ni.dll
+ 2012-07-16 08:30 . 2012-07-16 08:30 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
+ 2012-07-16 17:14 . 2012-07-16 17:14 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7aa839fb16503243d6ae454ab334bcf4\System.Data.Entity.ni.dll
+ 2012-07-16 08:30 . 2012-07-16 08:30 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-07-16 08:30 . 2012-07-16 08:30 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-07-16 07:39 . 2012-07-16 07:39 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{523F1DFF-2417-4466-8329-91877FF40EF5}]
2012-03-25 19:23 141312 ----a-w- c:\programdata\CodecC\bhoclass.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-06-23 686280]

c:\users\Kittyface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
L'OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
dplaysvr.lnk - c:\users\Kittyface\AppData\Local\dplaysvr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 ojclbfgs;ojclbfgs;c:\windows\system32\drivers\ojclbfgs.sys [x]
R1 otcqmrmj;otcqmrmj;c:\windows\system32\drivers\otcqmrmj.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-16 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy2\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 03:10]

2012-07-05 c:\windows\Tasks\HPCeeScheduleForKittyface.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

X64 Entries

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

------- Supplementary Scan -------

uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Kittyface\AppData\Roaming\Mozilla\Firefox\Profiles\498s56h0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111002&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,04,6b,5a,c0,ac,64,47,a8,ca,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,04,6b,5a,c0,ac,64,47,a8,ca,4b,\

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\\.\globalroot\systemroot\svchost.exe
c:\progra~2\Java\jre6\bin\jp2launcher.exe
c:\program files (x86)\Java\jre6\bin\java.exe

Completion time: 2012-07-16 14:31:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 18:31
ComboFix2.txt 2012-07-15 02:27

Pre-Run: 231,997,132,800 bytes free
Post-Run: 231,658,516,480 bytes free

- - End Of File - - E7CB7E0BF5ADB3B54F4C17DF6199AC56

Had to submit it in two parts. So far everything seems pretty clean except that I've still been dealing with "invisible" pop-ups that I can hear but can't close out. I haven't had them as frequently, but I'm not sure if they're gone or not.

Also, I figured I'd ask since I have your attention, the corner of the panel near my laptop's charging input is popping up and it looks like there's a small crack. I tried popping it back into place but that didn't seem to work. Any suggestions about what I should do?

Thanks.

maxi

2012-07-16, 22:04

Hi Uptothehilt :)

Re-run Roguekiller like you did before.

Wait for the pre scan to complete.
Then, Click on the Scan Button.
Then, Click on the Registry tab and Uncheck the following lines

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

Then, Click the Delete Button.
Please post the log in your next reply.

Then

I want to to delete your current copy of Combofix and download a fresh one from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).Note: You Must save it to your desktop.

Then Run the program like you did before.

Then

TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) by Kaspersky and save it to your Desktop. <-Important!!!

Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
If you don't see file extensions, please see: How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html).
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

Please select Skip instead of Cure (default).
Then click Continue, then Close and then Close again.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

In your next reply please include:
The rogue killer log.
The fresh ComboFix log.
The TDSSKiller log.
Any errors messages you receive.

Regards maxi :)

Uptothehilt

2012-07-17, 12:34

New RogueKiller:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Kittyface [Admin rights]
Mode: Scan -- Date: 07/17/2012 06:29:48

¤¤¤ Bad processes: 2 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\n --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{02056b53-b5f0-e0d9-1b93-d445b63ec483}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] 71f7c9ae3e99cc16256e0415ac4cf35d
[BSP] 04f0c28bb4af7a69c1d39e18b3c578f2 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288213 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590669824 | Size: 16728 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bd84027182eb3fed43cf3582a73923a9
[BSP] 9cacbabd776791cd60555b7192e1e299 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69632 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143015936 | Size: 400 Mo

+++++ PhysicalDrive1: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] 0958af1e2f099e3a3792bed98e1dae63
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7628 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Svc Host exe. Keeps coming up in scans on multiple programs.

Uptothehilt

2012-07-17, 19:52

ComboFix 12-07-16.01 - Kittyface 07/17/2012 6:42.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1846 [GMT -4:00]
Running from: c:\users\Kittyface\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 10:53 . 2012-07-17 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 10:53 . 2012-07-17 10:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-17 10:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A896754-5502-49BD-86B2-176365DF3800}\mpengine.dll
2012-07-16 21:07 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-16 17:49 . 2012-07-16 17:49 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-16 17:49 . 2012-07-16 17:49 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-16 01:47 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-16 01:47 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-16 01:32 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-16 01:32 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-15 17:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-15 17:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-15 17:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-15 17:08 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-15 17:08 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-15 17:08 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-15 17:08 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-15 16:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-15 16:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-15 16:45 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-15 16:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-14 22:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-14 22:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-14 22:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-14 22:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-14 22:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-14 22:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-14 22:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-14 22:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-14 22:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-14 22:12 . 2012-07-14 22:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A49E6166-9624-4A45-9CCC-0474147846D3}\gapaengine.dll
2012-07-14 21:07 . 2012-07-14 21:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-14 21:06 . 2012-07-14 21:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 21:06 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-11 23:40 . 2012-07-14 23:48 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Qeum
2012-07-10 01:30 . 2012-07-11 22:20 -------- d-----w- c:\users\Kittyface\AppData\Local\{7A9C7343-CA2E-11E1-8270-B8AC6F996F26}
2012-07-07 18:52 . 2012-07-07 19:57 238080 ----a-w- c:\windows\svcs.exe
2012-07-07 00:52 . 2012-07-14 18:51 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Reib
2012-07-07 00:52 . 2012-07-07 00:52 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Izhif
2012-06-29 11:40 . 2012-07-11 22:20 -------- d-----w- c:\users\Kittyface\AppData\Roaming\Audacity
2012-06-29 02:00 . 2012-06-29 02:00 -------- d-----w- c:\program files (x86)\Audacity
2012-06-23 03:10 . 2012-06-23 03:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 03:10 . 2012-06-23 12:36 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 03:10 . 2011-10-01 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 05:41 . 2012-06-09 15:39 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6D85C7-F179-4706-A398-2219386DFF76}\mpengine.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-16_18.13.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:46 . 2012-07-16 00:13 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-07-16 18:32 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-16 23:36 . 2012-07-16 23:36 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll
+ 2012-07-16 23:21 . 2012-07-16 23:21 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll
+ 2012-07-16 23:19 . 2012-07-16 23:19 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe
+ 2012-07-16 23:19 . 2012-07-16 23:19 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll
- 2012-07-16 18:12 . 2012-07-16 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 17:21 . 2012-07-17 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-16 18:12 . 2012-07-16 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-17 17:21 . 2012-07-17 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-10 00:25 . 2012-07-16 18:12 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-10 00:25 . 2012-07-17 17:21 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-09-30 04:20 . 2012-07-17 10:03 114688 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-30 04:20 . 2012-07-16 17:04 114688 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-30 04:20 . 2012-07-16 17:04 196608 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-30 04:20 . 2012-07-17 10:03 196608 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-07-16 18:09 383040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-17 10:54 383040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-30 05:55 . 2012-07-16 18:09 765800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841216468-2129947070-637777069-1000-8192.dat
+ 2011-09-30 05:55 . 2012-07-17 10:54 765800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841216468-2129947070-637777069-1000-8192.dat
+ 2012-07-16 23:36 . 2012-07-16 23:36 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-07-16 23:30 . 2012-07-16 23:30 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\fb43d84bc59b21e8a7f3e36d616eea90\UIAutomationTypes.ni.dll
+ 2012-07-16 23:30 . 2012-07-16 23:30 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\26f12a0a3baed2a227cf30aaeae03913\UIAutomationProvider.ni.dll
+ 2012-07-16 23:36 . 2012-07-16 23:36 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\1c3c298326e9ac14796516ac1da09a16\UIAutomationClient.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\307eea660f877dc40ae90882ce554757\System.Xml.Linq.ni.dll
+ 2012-07-16 23:30 . 2012-07-16 23:30 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\b4afa252d0f0e27b0b5e8fcb2cc5b3a7\System.Windows.Input.Manipulations.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\8c0ee7b970cc4e8c2986c7898af71661\System.Transactions.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\eb4fb369926faaffede7aaf317fd6532\System.ServiceModel.Channels.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e5ab3c37897bb578bdbfe6b7e0558ad8\System.ServiceModel.Routing.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\e48b6a8c491a96d1bc601795532af605\System.Security.ni.dll
+ 2012-07-16 23:24 . 2012-07-16 23:24 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\7590828d50338d512b11a4d3f87d69a2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-07-16 23:24 . 2012-07-16 23:24 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\21d5b44ef01ccfa69e79674a51707de0\System.Runtime.Remoting.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\5f2bfb0585061dc256ee9587d430959f\System.Numerics.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\6996a415485a84fef2d2556b0462336f\System.Net.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\92d266f677605e5475b7f39c063c4a9d\System.Management.Instrumentation.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\07a0e1efc063042be3e8faf62b413a12\System.IO.Log.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\7fd39b9a208214e6e5eba4e9396409f1\System.IdentityModel.Selectors.ni.dll
+ 2012-07-16 23:24 . 2012-07-16 23:24 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\521f5bccf74318a4777597b0c01fda1e\System.Dynamic.ni.dll
+ 2012-07-16 23:33 . 2012-07-16 23:33 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6a8bd7d373c988a585e90bb61c5ec8cc\System.DirectoryServices.Protocols.ni.dll
+ 2012-07-16 23:33 . 2012-07-16 23:33 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\78dd02d104bb15bc3820c06bd2876239\System.Device.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\97d1aaf3733b107ecdbecb9d21050ff4\System.Data.DataSetExtensions.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a4f91f2dfd1656ef2e42917963f6bf50\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 871936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\b1c67ee2e0e6e78c31985069fbc82596\System.AddIn.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c69fb0f955adc7ca80cd5f2fd730edea\System.Activities.DurableInstancing.ni.dll
+ 2012-07-16 23:19 . 2012-07-16 23:19 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\11fc863fa4f5092fca4f2ce25a9ac361\SMSvcHost.ni.exe
+ 2012-07-16 23:23 . 2012-07-16 23:23 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\50e8e826488639e549589ba34666933e\SMDiagnostics.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\722c0236432dd5ccc047481d3ebbd49e\PresentationFramework.Royale.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\6739c3715c9e38dbdfbfd57b424a3094\PresentationFramework.Aero.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3e7359f5f0fb68565314f88f6ec2d67a\PresentationFramework.Luna.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\263748f3d18955b9e467710da1e8546f\PresentationFramework.Classic.ni.dll
+ 2012-07-16 23:21 . 2012-07-16 23:21 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\88618d3ecf29f3fdeb504a7e8128d109\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-07-16 23:21 . 2012-07-16 23:21 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\6480551111832c83ee88bcf756a72533\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-07-16 23:19 . 2012-07-16 23:19 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\0e81a3996f7cbff23fc01bea4185a918\CustomMarshalers.ni.dll
- 2009-07-14 04:45 . 2012-07-16 00:13 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-16 18:25 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-07-16 23:21 . 2012-07-16 23:21 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-07-16 23:36 . 2012-07-16 23:36 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\6ee9d76d9f1e618cd6fb94b13355bcc9\UIAutomationClientsideProviders.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\28ca4f076264ab07f1d00a6c9623dc49\System.Xml.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df013cbfec0defc7e9997cdaa90b89bc\System.Xaml.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bc6df78c506c89659ab7be738179b2ba\System.Web.Services.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\cd7c3aed4408c3554c30a8f0236b90e1\System.Speech.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\94289b88c5b494f572cd7114fa995487\System.ServiceModel.Activities.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\2dbc7aabd92cc0d470acb455c498d919\System.ServiceModel.Discovery.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\affb28e2d9cc3c19de0758e7e8c68e8f\System.Runtime.Serialization.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b37e6f4b1d742031f328504eb99d0f6c\System.Runtime.DurableInstancing.ni.dll
+ 2012-07-16 23:31 . 2012-07-16 23:31 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\b83f2453b4538b2e80fe09cfd94dce00\System.Management.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\60bf6251873ef465abcebeb9a24b7932\System.IdentityModel.ni.dll
+ 2012-07-16 23:24 . 2012-07-16 23:24 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-07-16 23:33 . 2012-07-16 23:33 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\a68116468a194678fd04167067134712\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-07-16 23:24 . 2012-07-16 23:24 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\3a737af86a6a819af97a6d1a04c0e944\System.DirectoryServices.ni.dll
+ 2012-07-16 23:30 . 2012-07-16 23:30 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-07-16 23:30 . 2012-07-16 23:30 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\0ec8effb7b9d03ae69d37922813bc880\System.Data.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\0eb72df497fad5c273ff16f88b0fb950\System.Data.SqlXml.ni.dll
+ 2012-07-16 23:33 . 2012-07-16 23:33 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\536e12016ad3adc78e0708b77e6b9219\System.Data.Services.Client.ni.dll
+ 2012-07-16 23:33 . 2012-07-16 23:33 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\86553c1d7f3e66c17fc3e0274de7a2de\System.Data.Linq.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\6aea67f24827961ce1d48356715389d8\System.Configuration.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\eac19ca5a18a6d08cd247e68b618ba68\System.ComponentModel.Composition.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\3869077874ba987242c791b3a18b2f8b\System.Activities.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-07-16 23:32 . 2012-07-16 23:32 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\96083298999a677341c98fc2bf01b248\System.Activities.Core.Presentation.ni.dll
+ 2012-07-16 23:31 . 2012-07-16 23:31 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-07-16 23:21 . 2012-07-16 23:21 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-07-16 23:21 . 2012-07-16 23:21 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4435d0313c51c0e2d022384e24f7e280\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-07-16 23:21 . 2012-07-16 23:21 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\16425c121db8083cbaa51f619c9e51e7\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\5284682fcf04815a86233bcaf696da66\Microsoft.Transactions.Bridge.ni.dll
+ 2012-07-16 23:34 . 2012-07-16 23:34 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4b1d24a96b3882f9e77445e48a7c59ee\Microsoft.JScript.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1ff62486cdefbfc2dab41b686a9aa4e2\Microsoft.CSharp.ni.dll
+ 2012-07-16 23:31 . 2012-07-16 23:31 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-07-16 23:35 . 2012-07-16 23:35 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\c4cc7eb7733c4221c32caccfd66ae320\System.ServiceModel.ni.dll
+ 2012-07-16 23:33 . 2012-07-16 23:33 18479616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9df4e7ae75baa7bbb1af30c8061a6e9b\System.Data.Entity.ni.dll
+ 2012-07-16 23:20 . 2012-07-16 23:20 10440192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b64f213e823a591607c45fac4997801e\System.Core.ni.dll
+ 2012-07-16 23:23 . 2012-07-16 23:23 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-07-16 23:22 . 2012-07-16 23:22 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{523F1DFF-2417-4466-8329-91877FF40EF5}]
2012-03-25 19:23 141312 ----a-w- c:\programdata\CodecC\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-06-23 686280]
.
c:\users\Kittyface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
L'OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
dplaysvr.lnk - c:\users\Kittyface\AppData\Local\dplaysvr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ojclbfgs;ojclbfgs;c:\windows\system32\drivers\ojclbfgs.sys [x]
R1 otcqmrmj;otcqmrmj;c:\windows\system32\drivers\otcqmrmj.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-16 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy2\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 03:10]
.
2012-07-05 c:\windows\Tasks\HPCeeScheduleForKittyface.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kittyface\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Kittyface\AppData\Roaming\Mozilla\Firefox\Profiles\498s56h0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111002&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,04,6b,5a,c0,ac,64,47,a8,ca,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,04,6b,5a,c0,ac,64,47,a8,ca,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-17 13:37:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 17:37
ComboFix2.txt 2012-07-16 18:31
ComboFix3.txt 2012-07-15 02:27
.
Pre-Run: 230,338,637,824 bytes free
Post-Run: 229,831,974,912 bytes free
.
- - End Of File - - 7002D580419B4E321841D590D9FACE58

maxi

2012-07-18, 15:11

Did you run TDSSKiller ? Have you a log ?

maxi

2012-07-21, 13:09

Are you still with us ?

Uptothehilt

2012-07-21, 21:41

I did run TDSSKiller, but I don't have the log. I accidentally hit Cure instead of skip. There was one item, but it seems to be removed and everything is running well.

Edit
http://forums.spybot.info/showthread.php?t=66509

maxi

2012-07-22, 17:27

Hi Uptothehilt.

This is a quote from my first post to you.

Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.

You were dealing with a very complex Rootkit and I can assure you just because you dont have any symptoms now doesn't mean you are free from Malware.

You can find the TDSSKiller log at the root of your C drive (C:\TDSSKiller)

Then

Re Run ComboFix like you did before.

Please post both logs in your next reply.

Regards maxi :)

Jack&Jill

2012-07-26, 12:09

Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.