Results 1 to 3 of 3

Thread: Malware that's a major pain the butt

  1. 2010-08-26, 01:03 #1
    eraddd
    eraddd is offline
    Junior Member
    Join Date
    Aug 2010
    Posts
    1

    Default Malware that's a major pain the butt

    Hello, I'm here because a malware affected my computer and it simply will not go away. NOD32 has continually blocked its actions (disconnected the connection to malicious sites etc etc), but cannot clean the computer as the processes keep coming back. The files that run it usually appear in the localApps folder in the temp folder, but after I delete, they come back.

    Spybot's website is also being blocked, so I cannot update, nor can I update Adaware. Adaware also crashes whenever I try to run a full scan (a smart scan revealed a trojan which I disposed of already).

    Here is the DDS Log


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Administrator at 15:58:01.49 on 25/08/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3956.1863 [GMT -7:00]

    SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\eBoostr\EBstrSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\runservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Soluto\SolutoService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\UTSCSI.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Soluto\soluto.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
    C:\Users\Administrator\Documents\Core Temp.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\eBoostr\eBoostrCP.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Users\Administrator\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.naver.com
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
    mLocal Page = c:\windows\syswow64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\HssIE.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
    uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TPKMAPMN] c:\program files (x86)\thinkpad\utilities\TpKmapMn.exe
    uRun: [Core Temp] "c:\users\administrator\documents\Core Temp.exe"
    uRun: [XBV6RD5SZF] c:\users\admini~1\appdata\local\temp\Wcd.exe
    uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
    mRun: [TPKMAPHELPER] c:\program files (x86)\thinkpad\utilities\TpKmapAp.exe -helper
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\users\administrator\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 93.188.163.189,93.188.166.189
    TCP: {00AF639A-1B33-4A9B-BAB7-4C2267774A09} = 93.188.163.189,93.188.166.189
    TCP: {751FA41C-8220-4B65-A9DE-EF057D3E49CD} = 93.188.163.189,93.188.166.189
    TCP: {76244BC4-7621-4868-A71E-5B1B04AEFB7A} = 93.188.163.189,93.188.166.189
    TCP: {B13D8113-52BE-449B-85E8-477EA2524ABB} = 93.188.163.189,93.188.166.189
    TCP: {C8E74575-2FB5-4900-AAF7-3EA7418D5DF7} = 93.188.163.189,93.188.166.189
    TCP: {FD1208DA-52BD-4153-A866-2A1114C45748} = 93.188.163.189,93.188.166.189
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
    mRun-x64: [PLFSetI] c:\windows\PLFSetI.exe
    mRun-x64: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "c:\program files\intel\turboboost\RunTBGadgetOnce.vbs"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\
    FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\NPNLiveCast.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2010-2-9 180184]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-25 69152]
    R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-8-4 195016]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2010-2-9 810112]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-11-16 735960]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 123200]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-10 865824]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-3-18 2560]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-30 336728]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2010-5-20 13832]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2009-11-4 2320920]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 7195648]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 265728]
    R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools64.sys [2010-4-25 47160]
    R3 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]
    R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-11-4 56344]
    R3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\hotspot shield\bin\hsswd.exe -product hss --> c:\program files (x86)\hotspot shield\bin\hsswd.exe -product HSS [?]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-10 151936]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-8-6 320040]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
    R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-9-24 62720]
    R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-6-19 31232]
    R3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2010-5-20 134928]
    R3 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-11-4 240160]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\\mwlservice.exe --> c:\program files (x86)\egistec\mywinlocker 3\x86\\MWLService.exe [?]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-25 1153368]
    S3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 203264]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-7-22 40448]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
    S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 108072]
    S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-7-1 525040]
    S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-7-4 252928]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1255736]
    S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
    S4 TunngleService;TunngleService;c:\program files (x86)\tunngle\TnglCtrl.exe [2010-6-19 704760]

    ============== File Associations ===============

    regfile="regedit.exe" "%1"

    =============== Created Last 30 ================

    2010-08-25 22:46:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-25 22:46:13 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2010-08-25 21:34:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-25 21:20:57 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-25 21:20:35 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-08-25 21:20:25 0 d-----w- c:\programdata\Lavasoft
    2010-08-25 21:20:25 0 d-----w- c:\program files (x86)\Lavasoft
    2010-08-24 17:41:34 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-24 17:41:34 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
    2010-08-19 19:36:08 0 d-----w- c:\users\admini~1\appdata\roaming\DiskAid
    2010-08-18 22:06:42 213120 ---ha-w- c:\windows\syswow64\mlfcache.dat
    2010-08-18 20:18:22 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-08-18 20:18:22 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2010-08-18 20:18:22 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
    2010-08-18 20:17:34 0 d-----w- c:\program files\iPod
    2010-08-18 20:17:33 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-08-18 20:17:33 0 d-----w- c:\program files\iTunes
    2010-08-18 20:17:33 0 d-----w- c:\program files (x86)\iTunes
    2010-08-18 20:16:43 0 d-----w- c:\programdata\Apple Computer
    2010-08-18 20:15:37 0 d-----w- c:\program files\common files\Apple
    2010-08-18 20:15:30 0 d-----w- c:\program files\Bonjour
    2010-08-18 20:15:30 0 d-----w- c:\program files (x86)\Bonjour
    2010-08-18 20:02:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2010-08-17 23:22:21 0 d-----w- c:\users\admini~1\appdata\roaming\dBpoweramp
    2010-08-17 22:45:07 0 d-----w- c:\program files (x86)\NeoSmart Technologies
    2010-08-14 13:02:59 0 d-----w- c:\program files (x86)\Vuze_Remote
    2010-08-14 13:02:59 0 d-----w- c:\program files (x86)\Conduit
    2010-08-11 05:40:44 57436 ----a-w- c:\windows\DASShp.dll
    2010-08-11 05:40:44 0 d-----w- c:\program files (x86)\Microsoft Reader
    2010-08-05 05:32:18 0 d-----w- c:\program files\WinPcap
    2010-08-05 05:32:06 0 d-----w- c:\users\admini~1\appdata\roaming\Neoretix
    2010-08-04 14:18:48 195016 ----a-r- c:\windows\system32\drivers\PCGenFAM.sys
    2010-08-04 14:18:46 0 d-----w- c:\program files\Soluto
    2010-08-04 14:18:11 0 d-----w- c:\programdata\Soluto
    2010-08-04 14:06:11 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-08-01 15:18:13 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
    2010-08-01 15:12:01 0 d-----r- c:\program files (x86)\Skype
    2010-08-01 15:11:59 0 d-----w- c:\programdata\Skype
    2010-07-28 16:21:41 0 d-----w- c:\programdata\ATI
    2010-07-28 15:57:57 0 d-----w- c:\program files (x86)\StarCraft II

    ==================== Find3M ====================

    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-19 08:40:36 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
    2010-07-11 11:28:38 45056 ----a-w- c:\windows\syswow64\UTSCSI.EXE
    2010-07-07 02:30:08 7195648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-07-07 02:16:20 20118528 ----a-w- c:\windows\system32\atio6axx.dll
    2010-07-07 01:55:08 15461888 ----a-w- c:\windows\syswow64\atioglxx.dll
    2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-07-07 01:54:08 513024 ----a-w- c:\windows\syswow64\aticfx32.dll
    2010-07-07 01:53:20 594432 ----a-w- c:\windows\system32\aticfx64.dll
    2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-07-07 01:51:26 462336 ----a-w- c:\windows\system32\atieclxx.exe
    2010-07-07 01:50:54 203264 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-07-07 01:49:48 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2010-07-07 01:49:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
    2010-07-07 01:49:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
    2010-07-07 01:49:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
    2010-07-07 01:49:14 12288 ----a-w- c:\windows\system32\atimuixx.dll
    2010-07-07 01:49:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2010-07-07 01:49:06 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
    2010-07-07 01:46:26 3826688 ----a-w- c:\windows\syswow64\atidxx32.dll
    2010-07-07 01:37:36 4463616 ----a-w- c:\windows\system32\atidxx64.dll
    2010-07-07 01:30:12 2785792 ----a-w- c:\windows\system32\atiumd6a.dll
    2010-07-07 01:29:26 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2010-07-07 01:29:24 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
    2010-07-07 01:29:16 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2010-07-07 01:29:14 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
    2010-07-07 01:29:06 5378560 ----a-w- c:\windows\system32\aticaldd64.dll
    2010-07-07 01:28:20 3975680 ----a-w- c:\windows\syswow64\atiumdag.dll
    2010-07-07 01:27:58 4323840 ----a-w- c:\windows\syswow64\aticaldd.dll
    2010-07-07 01:24:34 55296 ----a-w- c:\windows\system32\coinst.dll
    2010-07-07 01:23:14 3058688 ----a-w- c:\windows\syswow64\atiumdva.dll
    2010-07-07 01:22:26 5099008 ----a-w- c:\windows\system32\atiumd64.dll
    2010-07-07 01:16:06 335872 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-07-07 01:16:02 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
    2010-07-07 01:15:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2010-07-07 01:15:50 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
    2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-07-07 01:15:48 18432 ----a-w- c:\windows\system32\atig6txx.dll
    2010-07-07 01:15:46 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
    2010-07-07 01:15:42 265728 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-07-07 01:15:04 39424 ----a-w- c:\windows\system32\atiuxp64.dll
    2010-07-07 01:14:58 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
    2010-07-07 01:14:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
    2010-07-07 01:14:44 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
    2010-07-07 01:14:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\atimpc64.dll
    2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\amdpcom64.dll
    2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
    2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
    2010-07-02 02:08:32 525040 ----a-w- c:\windows\system32\drivers\SRS_HDAL_amd64.sys
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-29 07:55:39 5894 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp CD Writer.dat
    2010-06-29 07:55:01 1850 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
    2010-06-29 07:54:58 2234 ----a-w- c:\windows\syswow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
    2010-06-29 07:54:56 11479 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
    2010-06-29 07:54:46 3014 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
    2010-06-29 07:54:39 3071 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
    2010-06-29 07:54:32 3159 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
    2010-06-29 07:54:25 3113 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
    2010-06-29 07:54:19 2993 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
    2010-06-29 07:54:12 2849 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
    2010-06-29 07:52:44 11030 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    2010-06-29 07:52:37 15613 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
    2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
    2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
    2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
    2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
    2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
    2010-06-15 22:28:58 2857 ----a-w- c:\windows\syswow64\atipblag.dat
    2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
    2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
    2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-02-15 01:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021420100215\index.dat
    2010-02-16 01:38:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021520100216\index.dat
    2010-02-17 01:42:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021620100217\index.dat
    2010-02-18 03:29:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021720100218\index.dat
    2010-02-19 03:52:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021820100219\index.dat
    2010-02-20 04:01:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021920100220\index.dat
    2010-02-21 04:27:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022020100221\index.dat
    2010-02-22 04:28:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022120100222\index.dat
    2010-02-23 04:34:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022220100223\index.dat
    2010-02-24 06:03:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022320100224\index.dat
    2010-02-25 06:21:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022420100225\index.dat
    2010-02-26 06:34:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022520100226\index.dat
    2010-02-27 06:55:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022620100227\index.dat
    2010-02-28 06:57:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022720100228\index.dat
    2010-03-01 00:44:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022820100301\index.dat
    2010-03-02 00:45:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030120100302\index.dat
    2010-03-03 01:12:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030220100303\index.dat
    2010-03-04 01:43:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030320100304\index.dat
    2010-03-05 02:08:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030420100305\index.dat
    2010-03-06 02:36:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030520100306\index.dat
    2010-03-07 03:05:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030620100307\index.dat
    2010-03-08 03:19:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030720100308\index.dat
    2010-03-09 03:45:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030820100309\index.dat
    2010-03-10 03:50:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030920100310\index.dat
    2010-03-11 04:00:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031020100311\index.dat
    2010-03-12 04:04:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031120100312\index.dat
    2010-03-13 04:27:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031220100313\index.dat
    2010-03-14 04:45:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031320100314\index.dat
    2010-03-15 05:14:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031420100315\index.dat
    2010-03-16 05:36:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100316\index.dat
    2010-03-22 07:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100322\index.dat
    2010-03-17 05:49:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031620100317\index.dat
    2010-03-18 05:54:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031720100318\index.dat
    2010-03-19 06:22:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031820100319\index.dat
    2010-03-20 06:47:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031920100320\index.dat
    2010-03-22 07:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032220100323\index.dat
    2010-03-23 07:25:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032320100324\index.dat
    2010-03-24 07:30:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032420100325\index.dat
    2010-03-25 10:50:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032520100326\index.dat
    2010-03-26 18:19:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032620100327\index.dat
    2010-03-27 18:29:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032720100328\index.dat
    2010-03-28 18:41:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032820100329\index.dat
    2010-03-29 18:48:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032920100330\index.dat
    2010-03-30 19:05:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010033020100331\index.dat
    2010-03-31 19:17:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010033120100401\index.dat
    2010-04-01 20:05:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040120100402\index.dat
    2010-04-02 20:29:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040220100403\index.dat
    2010-04-03 20:31:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040320100404\index.dat
    2010-04-04 20:56:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040420100405\index.dat
    2010-04-05 21:10:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040520100406\index.dat
    2010-04-06 21:39:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040620100407\index.dat
    2010-04-07 23:09:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040720100408\index.dat
    2010-04-08 23:33:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040820100409\index.dat
    2010-04-10 00:33:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040920100410\index.dat
    2010-04-12 01:16:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041120100412\index.dat
    2010-04-13 01:42:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100413\index.dat
    2010-04-19 07:43:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100419\index.dat
    2010-04-14 04:30:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat
    2010-04-15 04:44:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041420100415\index.dat
    2010-04-16 06:58:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041520100416\index.dat
    2010-04-17 07:11:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041720100418\index.dat
    2010-04-19 07:43:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041920100420\index.dat
    2010-04-20 08:02:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042020100421\index.dat
    2010-04-21 14:19:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042120100422\index.dat
    2010-04-22 14:25:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042220100423\index.dat
    2010-04-23 14:50:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042320100424\index.dat
    2010-04-24 20:17:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042420100425\index.dat
    2010-04-25 21:24:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042520100426\index.dat
    2010-04-26 21:50:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042620100427\index.dat
    2010-04-27 22:35:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042720100428\index.dat
    2010-04-29 00:20:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042820100429\index.dat
    2010-04-30 04:09:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042920100430\index.dat
    2010-05-01 00:21:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010043020100501\index.dat
    2010-05-02 00:41:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050120100502\index.dat
    2010-05-03 01:05:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050220100503\index.dat
    2010-05-04 01:34:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050320100504\index.dat
    2010-05-05 01:48:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050420100505\index.dat
    2010-05-06 01:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050520100506\index.dat
    2010-05-07 02:07:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050620100507\index.dat
    2010-05-08 02:30:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050720100508\index.dat
    2010-05-09 03:00:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050820100509\index.dat
    2010-05-10 03:03:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050920100510\index.dat
    2010-05-11 03:28:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051020100511\index.dat
    2010-05-12 03:51:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051120100512\index.dat
    2010-05-13 04:22:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051220100513\index.dat
    2010-05-14 04:22:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051320100514\index.dat
    2010-05-15 04:34:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051420100515\index.dat
    2010-05-16 04:58:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051520100516\index.dat
    2010-05-17 05:12:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
    2010-05-18 05:32:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051720100518\index.dat
    2010-05-19 05:49:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051820100519\index.dat
    2010-05-20 05:53:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051920100520\index.dat
    2010-05-21 05:58:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052020100521\index.dat
    2010-05-22 06:17:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052120100522\index.dat
    2010-05-23 06:30:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052220100523\index.dat
    2010-05-24 06:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052320100524\index.dat
    2010-05-27 18:38:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052720100528\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 15:58:54.59 ===============


    And I have attached the attach that came along with it.

    Thank you.
  2. 2010-08-29, 21:00 #2
    Blottedisk
    Blottedisk is offline
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi,

    Welcome to Safer-Networking. My name is Blottedisk and I will be helping you with your log.


    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools menu to the right of your topic title and selecting "Suscribe to this Thread".
    • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    • Please reply to this post so I know you are there.


    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 5 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

    Once I receive a reply then I will return with your first instructions.

  3. 2010-09-13, 23:16 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,965

    Default

    eraddd this thread has been closed due to inactivity.

    If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

    Applies only to the original poster, anyone else with similar problems please start your own topic.

    Thank you Blottedisk.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules