Trojan horse BackDoor.Generic12.BIXF and all the fixins

View previous topic View next topic Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 2nd September 2012, 7:29 pm

If this is an infection that runs so deep my computer will still be a liability even after reformatting? If I attempt to backup the contents of my computer before reformatting, what is the chance that my external harddrive will then become infected? If I backup everything at this point, after I reformat and transfer all my backedup files to my computer, could the infection resume with the backedup files?
If you do a complete re-format, it should be as good as new. You can save your important data but scan it using at least two up-to-date AV's program before putting them back on your computer.

To wipe the drive clean, [You must be registered and logged in to see this link.] and reinstall the OS.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 2nd September 2012, 9:29 pm

Okay, I think I found a copy of Windows Vista Premium Home Edition Service Pack 2 32-bit startup disc, but I won't be able to get it until I go back to work on Tuesday. I'd like to do all I can to clean this mess up before doing a complete reformat, even though I know I may have to in the end.

Is it alright to resume progress on this on Tuesday? In the meantime, I'm going to leave my computer shut down and start changing all my passwords.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 2nd September 2012, 10:21 pm

Tuesday is ok.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 5th September 2012, 1:06 am

Alright, I have a Windows Vista Home Premium (Service Pack 2) x86 installation disc, and I am ready to give System Recovery Option another go. Aside from the instructions I received before, is there anything particular I should know?

I believe I did boot from the installation disc as I was prompted into Windows Boot Manager, but when I selected the Advanced Options menu by pressing F8, I saw the same options as before. I checked my BIOS settings beforehand that my 1st priority is to boot from internal optical disk drive, so I think this should be the installation disc menu; however, as I stated, the same options are present.


Last edited by timecantkill on 5th September 2012, 1:18 am; edited 2 times in total (Reason for editing : additional information)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 5th September 2012, 10:07 pm

I checked my BIOS settings beforehand that my 1st priority is to boot from internal optical disk drive, so I think this should be the installation disc menu;
Your first option should be to boot from the disk. Then you will be able to do a fresh installation.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 5th September 2012, 10:59 pm

I'm not planning on doing a reformat yet, though. Should I still run an install?


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 6th September 2012, 12:05 am

If I backup everything at this point, after I reformat and transfer all my backedup files to my computer, could the infection resume with the backedup files?
You did mention that you were going to reformat. If you can get the computer to boot from the disk you should be able to run a Repair or a re-install.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 6th September 2012, 12:18 am

Sorry, I wasn't clear. I'm currently backing everything up on the external hard drive I bought today. Once that is finished, I'm going to attempt System Recovery Options again.

After speaking with a few people and doing some research, I believe the reason I was not seeing the "Repair your computer" option yesterday was because I was expecting to see it in the Advance Boot Options menu. Unless I am mistaken, which there is always a chance for that, I should encounter this option while attempting to run an install.

I want to run System Recovery Options and get that FRST log to you before I follow through with a complete reformat. That is my last resort, but I am preparing for it; hence the newly purchased external and current backup I am running.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 6th September 2012, 1:33 am

Don't forget that the computer may not be totally reliable even if we can get rid of the infections.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 9th September 2012, 8:20 pm

I ended up doing a clean install of Windows 7, so the hard drive was reformatted. I am concerned about that state of the files I backed up on my external and would like to be assured there are no infections among them. Could you give me instructions?


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting OTL Log

Post by timecantkill on 10th September 2012, 4:14 am

OTL logfile created on: 9/9/2012 5:55:11 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ragerin\Desktop\Scans
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.30% Memory free
5.74 Gb Paging File | 4.76 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 214.42 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 2794.49 Gb Total Space | 2584.97 Gb Free Space | 92.50% Space Free | Partition Type: NTFS

Computer Name: MELVINMACHII | User Name: Ragerin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 16:17:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ragerin\Desktop\Scans\OTL.com
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012/09/07 14:53:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/09/07 14:49:55 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]






IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 2D BE 42 29 8D CD 01 [binary data]
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ragerin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ragerin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3591541463-939733331-2142369018-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BFC99AC-DA4A-4322-9DE7-6FD781B5A6D5}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 17:48:55 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Malwarebytes
[2012/09/09 17:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/09 17:48:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/09 17:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/09 17:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/09 17:24:00 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\Desktop\Scans
[2012/09/09 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/09 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Google
[2012/09/09 15:47:55 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Apps
[2012/09/09 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Deployment
[2012/09/09 15:42:20 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\ElevatedDiagnostics
[2012/09/07 17:32:09 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/09/07 16:35:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/07 16:33:42 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/09/07 16:32:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/07 14:59:56 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/09/07 14:59:54 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/09/07 14:59:35 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/09/07 14:59:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/09/07 14:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/09/07 14:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/09/07 14:54:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/09/07 14:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/09/07 14:53:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/09/07 14:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/09/07 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Microsoft Help
[2012/09/07 14:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/09/07 14:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/07 14:51:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/09/07 14:51:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/09/07 14:49:55 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/09/07 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\DAEMON Tools Lite
[2012/09/07 14:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/09/07 14:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/09/07 14:34:09 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/09/07 14:33:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/09/07 14:33:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/09/07 14:33:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/09/07 14:15:27 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/07 14:15:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/07 14:15:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/07 14:15:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/07 14:15:27 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/07 14:15:27 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/07 14:15:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/07 14:15:27 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/07 14:15:27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/07 14:15:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/07 14:15:27 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/07 14:15:27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/07 14:15:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/07 14:15:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/07 14:15:27 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/07 14:15:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/07 14:15:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/07 14:15:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/07 14:15:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/07 14:15:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/07 14:15:27 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/07 14:15:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/07 14:15:27 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/07 14:15:27 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/07 14:15:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/07 14:15:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/07 14:15:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/07 14:15:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/07 14:15:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/07 14:15:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/07 14:15:27 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/07 14:15:27 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/07 14:15:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/07 14:15:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/07 14:15:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/07 14:11:34 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/09/07 14:09:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/09/07 14:09:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/09/07 14:09:44 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/09/07 14:09:44 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/09/07 14:09:44 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/09/07 14:09:40 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/09/07 14:09:40 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/09/07 14:09:39 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/09/07 14:09:39 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/09/07 14:09:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/09/07 14:09:33 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/09/07 14:09:33 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/09/07 14:09:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/09/07 14:09:31 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/09/07 14:09:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/09/07 14:09:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/09/07 14:09:28 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/09/07 14:09:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/09/07 14:09:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/09/07 14:09:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/09/07 14:09:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/09/07 14:09:24 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/09/07 14:09:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/09/07 14:09:24 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/09/07 14:09:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/09/07 14:09:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/09/07 14:09:19 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/09/07 14:09:19 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/07 14:09:18 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/09/07 14:09:18 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/09/07 14:09:17 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/09/07 14:09:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/09/07 14:09:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/09/07 14:09:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/09/07 14:09:14 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/09/07 14:09:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/09/07 14:09:08 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/09/07 14:09:08 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/09/07 14:09:08 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/09/07 14:09:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/09/07 14:09:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/09/07 14:09:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/09/07 14:09:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/09/07 14:09:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/09/07 14:09:02 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/09/07 14:09:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/09/07 14:09:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/09/07 14:09:00 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/09/07 14:09:00 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/09/07 14:08:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/09/07 14:08:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/09/07 14:08:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/09/07 14:08:44 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/09/07 14:08:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/09/07 14:08:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/09/07 14:08:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/09/07 14:08:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/09/07 14:08:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/09/07 14:08:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/09/07 14:08:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/09/07 14:08:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/09/07 14:08:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/07 14:08:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/09/07 14:08:29 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/09/07 14:08:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/09/07 14:08:28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/09/07 14:08:27 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/09/07 14:08:27 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/09/07 14:08:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/09/07 14:08:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/09/07 14:08:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/09/07 14:08:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/09/07 14:08:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/09/07 14:08:21 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/09/07 14:08:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/09/07 14:08:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/09/07 14:08:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/09/07 14:08:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/09/07 14:08:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/09/07 14:08:17 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/09/07 14:08:17 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/09/07 14:08:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/09/07 14:08:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/09/07 14:08:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/09/07 14:08:06 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2012/09/07 14:08:06 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/09/07 14:08:05 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/09/07 14:08:02 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/09/07 13:59:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/09/07 13:58:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/09/07 13:58:55 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/09/07 13:58:55 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/09/07 13:58:45 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/09/07 13:58:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/09/07 13:49:17 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/09/07 13:41:32 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/09/07 13:41:32 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/09/07 13:41:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/09/07 13:41:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/09/07 13:41:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/09/07 13:41:20 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/07 13:41:20 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/07 13:41:19 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Searches
[2012/09/07 13:41:19 | 000,000,000 | -H-D | C] -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/07 13:41:12 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/09/07 13:41:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/09/07 13:40:58 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Identities
[2012/09/07 13:40:55 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Contacts
[2012/09/07 13:40:47 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\VirtualStore
[2012/09/07 13:40:44 | 000,000,000 | --SD | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Videos
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Saved Games
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Pictures
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Music
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Links
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Favorites
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Downloads
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Documents
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Desktop
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\AppData\Local\Temporary Internet Files
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Templates
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Start Menu
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\SendTo
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Recent
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\PrintHood
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\NetHood
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Documents\My Videos
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Documents\My Pictures
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Documents\My Music
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\My Documents
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Local Settings
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\AppData\Local\History
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Cookies
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Application Data
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\AppData\Local\Application Data
[2012/09/07 13:40:44 | 000,000,000 | -H-D | C] -- C:\Users\Ragerin\AppData
[2012/09/07 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Temp
[2012/09/07 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Microsoft
[2012/09/07 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Media Center Programs
[2012/09/07 13:40:29 | 000,000,000 | -HSD | C] -- C:\Recovery



I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting OTL Log Pt 2

Post by timecantkill on 10th September 2012, 4:15 am

========== Files - Modified Within 30 Days ==========

[2012/09/09 17:53:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000UA.job
[2012/09/09 17:52:53 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/09 17:52:53 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/09 17:48:10 | 000,001,091 | ---- | M] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/09 17:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 15:53:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000Core.job
[2012/09/09 15:44:46 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:44:46 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:37:20 | 000,407,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/09 15:36:57 | 2312,134,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 16:36:46 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/09/07 14:49:55 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/09/07 14:47:40 | 000,001,407 | ---- | M] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 14:15:27 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/07 14:15:27 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/07 14:15:27 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/07 14:15:27 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/07 14:15:27 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/07 14:15:27 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/07 14:15:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/07 14:15:27 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/07 14:15:27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/07 14:15:27 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/07 14:15:27 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/07 14:15:27 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/07 14:15:27 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/07 14:15:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/07 14:15:27 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/07 14:15:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/07 14:15:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/07 14:15:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/07 14:15:27 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/07 14:15:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/07 14:15:27 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/07 14:15:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/07 14:15:27 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/07 14:15:27 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/07 14:15:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/07 14:15:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/07 14:15:27 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/09/07 14:15:27 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/07 14:15:27 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/07 14:15:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/07 14:15:27 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/07 14:15:27 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/07 14:15:27 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/07 14:15:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/07 14:15:27 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files Created - No Company Name ==========

[2012/09/09 17:48:10 | 000,001,091 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/09 15:48:15 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000UA.job
[2012/09/09 15:48:13 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000Core.job
[2012/09/07 16:36:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/07 16:36:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/07 16:32:54 | 2312,134,656 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/07 14:47:40 | 000,001,407 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 14:15:27 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/09/07 13:41:22 | 000,001,413 | ---- | C] () -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/07 13:40:44 | 000,000,290 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/07 13:40:44 | 000,000,272 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ShowIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\HideIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ReinstallCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\shell\open\command\\: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ShowIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\HideIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ReinstallCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\shell\open\command\\: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/06 15:31:59 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthport.sys
[2012/09/07 14:49:55 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\system32\drivers\dtsoftbus01.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2012/09/07 14:55:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/09/07 14:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/07/14 03:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/09/07 14:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/09 17:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/07 14:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2009/07/14 03:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012/09/07 14:54:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/09/07 14:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/09/07 14:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/09/07 14:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/09/07 14:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 00:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 04:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 22:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 23:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\System32\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 08:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/03 01:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/13 21:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/03 01:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/08/29 22:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\System32\drivers\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\System32\qmgr.dll
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\System32\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 00:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 00:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 08:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/04/25 02:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 00:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 05:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/03/30 06:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\System32\drivers\tdx.sys
[2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
[2010/12/21 01:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\System32\wscsvc.dll
[2010/12/21 01:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
[2010/12/21 01:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

< End of report >


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting Extras Log

Post by timecantkill on 10th September 2012, 4:15 am

OTL Extras logfile created on: 9/9/2012 5:55:11 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ragerin\Desktop\Scans
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.30% Memory free
5.74 Gb Paging File | 4.76 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 214.42 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 2794.49 Gb Total Space | 2584.97 Gb Free Space | 92.50% Space Free | Partition Type: NTFS

Computer Name: MELVINMACHII | User Name: Ragerin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E6CB66-EE7F-47D7-9435-5749B06C43A1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0822FB90-F040-444D-B840-CA7EF61AFC0E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CA84CC4-87A9-4EA7-84E5-482A2C0E601D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D563833-D789-4D18-B0AB-D1356568DE04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F009F61-E49C-4128-9912-69008AD45205}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F699E25-A33D-4EED-9BC5-9CA6A354929E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{35F7F6A8-DCB1-48FB-832B-AE7BA4A7358D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{383D9E6C-55E3-4029-BECF-0F80AD497D04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E67CE4C-31B9-4BB5-A79F-8A10A2D7D7E5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{424508F6-BF14-42A7-B321-4752E0074EC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4563E1B0-C1D4-421E-910C-3AAA8BB9231F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A0D2ED9-86EE-4ADD-9C30-EFBFF2A38810}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E39C7E6-CB93-4131-B720-6D640F92B20A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E58ADCD-75F8-4BE3-A0E1-81962FFDC4BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7179C8C9-0A30-46A1-9948-14E0B40B4DC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{7460EF1B-995B-43BB-A3CF-DA6C90FE8E83}" = lport=139 | protocol=6 | dir=in | app=system |
"{8AE3BCC4-E08D-4D71-88D1-1EE3E56FA7ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DE5AF95-ADFF-4D93-9716-CA4F7E14C47E}" = rport=138 | protocol=17 | dir=out | app=system |
"{9051E32B-EABA-403E-A915-125098D3E281}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{910F394A-AA44-4089-BED9-6EED9DE3F210}" = rport=139 | protocol=6 | dir=out | app=system |
"{9376F93D-712E-40FD-8BB2-7217A7EE13D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AC4EB675-1658-4DFB-9625-7047A0A194FA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEE73B88-C099-4AB3-AD1D-2C415DBC3C1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC15091A-31B9-41E8-A350-425AC0012013}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7782EEB-F5BF-4764-B0E6-31DEADACEB5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBF3E179-8E8D-4EC4-B2E2-1C5EED29F801}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE9BBD2F-DC59-41BF-B118-D962E3E477EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D973B8D6-E197-4640-A2CA-A17871BD2503}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE9CC366-8C4B-40FB-BB6C-FAE3AA477D73}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E3A9004E-D11C-4CE2-BDF2-28AC35D34C51}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F10D667B-5742-4182-8593-94F7568BB0E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F84EA58E-E86F-41CF-8B9F-9F9F8D1E21C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E61D4-C7F0-453C-86BE-7AD55D0E0D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E7EDF69-2273-467A-922A-A650FEEEFF73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{217213D7-ACD4-4715-870F-7D420DF860EC}" = dir=in | app=c:\windows\setup\keygen.exe |
"{5202DFEE-0EA0-4D57-BF7B-1F6746ED48AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68D93E15-480C-48BE-BB87-5627C98864A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6A17F0B8-CEEC-4579-9110-EAFBE711B730}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{757C6288-A0FB-4DA5-B2BF-54A02FBB9004}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7FC652A0-72A5-45EC-8783-DEED1AF952A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{868D6B7A-FDD9-4B13-8F29-A1E8C9F9733B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{946900C3-2861-4F53-AABB-8FAA6B3A060E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96F8E6BA-DC74-4038-9E65-B0C8E2734829}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97D82ED9-9B15-4F1E-817B-7F2EECADD67A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A04E19B4-53E1-4824-879E-E14DEF4B1521}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6DF3C2F-D1D5-4388-A3F6-DC58C2F7E68D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5CC55C4-CF45-4C98-AD81-5FEBE1BB52B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB113252-B033-475F-B816-6F5C8158A827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCC304B7-4367-4367-A544-221A35601908}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C28C4DAA-69C4-489F-8B26-E579A9DF02D8}" = protocol=6 | dir=out | app=system |
"{D86621C3-5604-4001-B264-054BB6FEEE1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DB0891CD-2426-4D8D-959A-7B527A7B453A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B94B7C26-8965-4A20-98D8-876ACC4BE674}" =
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.STANDARD" = Microsoft Office Standard 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

[ System Events ]
Error - 9/7/2012 1:54:57 PM | Computer Name = MelvinMachII | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 9/7/2012 2:42:41 PM | Computer Name = MelvinMachII | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 9/7/2012 2:45:50 PM | Computer Name = MelvinMachII | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 9/7/2012 2:48:13 PM | Computer Name = MelvinMachII | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for
Windows 7 (KB2598845).

Error - 9/7/2012 2:48:13 PM | Computer Name = MelvinMachII | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Windows 7 (KB2703157).

Error - 9/7/2012 2:48:13 PM | Computer Name = MelvinMachII | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 (KB2544521).


< End of report >


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting MBAM Log

Post by timecantkill on 10th September 2012, 4:17 am

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.09.09.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Ragerin :: MELVINMACHII [administrator]

9/9/2012 6:07:54 PM
mbam-log-2012-09-09 (18-07-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410498
Time elapsed: 50 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Windows\Setup\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\assembly\GAC\Desktop.ini.vir (Trojan.0access) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@.vir (Trojan.Small) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 10th September 2012, 10:31 pm

I ended up doing a clean install of Windows 7, so the hard drive was reformatted. I am concerned about that state of the files I backed up on my external and would like to be assured there are no infections among them. Could you give me instructions?
If you did a reformat, those infections which were in quarantine should not have survived. Something didn't go correctly. The files you saved should be scanned with two, good, up-to-date AV's before putting them back on your computer.

To wipe the drive clean, [You must be registered and logged in to see this link.] and reinstall the OS.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 11th September 2012, 1:26 pm

I thought the eight files that were quarantined were from my external. I had my external hooked up via the D:\ drive when I ran OTL and Malwarebytes.

You can wipe a drive clean and reformat through the installation of an OS right? My friend who helped me run the Windows 7 install said he was doing a reformat of my computer through the installation process. Are you sure it didn't actually reformat (all my files were gone and my harddrive was almost completely free space)? If I have to try to reformat again, I'll have to wait a week until my friend with the installations discs gets back in town.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 11th September 2012, 11:40 pm

I thought the eight files that were quarantined were from my external. I had my external hooked up via the D:\ drive when I ran OTL and Malwarebytes.
When you're right, you're right.lol
You can wipe a drive clean and reformat through the installation of an OS right? My friend who helped me run the Windows 7 install said he was doing a reformat of my computer through the installation process. Are you sure it didn't actually reformat (all my files were gone and my harddrive was almost completely free space)? If I have to try to reformat again,
No, you're good to go. I thought those files were still on your C drive. Although, I don't know how those files were placed there.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum