Need help with new ZeroAccess trojan located in desktop.ini!

ScrewYouZeroAccess · July 17, 2012

Okay so basically mcaffee found a trojan but couldnt erase or quarantine it, and the trojan (zeroaccess) keeps knocking down my firewall constantly, and, to make things much worse, i cant get any intermet connection on my laptop anymore (idk if its the trojan or if its just my laptop, cuz sometimes it doesnt agree with my router), anyway, i havta copy all my logs to my phone, andhave to post everything through my phone, so i might be slow. Also, it wont let me attach text files, so ill just paste the raw text at the bottom.

This seems very similar to the topic here:

http://forums.malwarebytes.org/index.php?showtopic=112607

however i wanted to make my own cuz everyone is doffernnt and it says to make a new topic.

I did a MB scan, here are the results (DDS.txt):

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Conor at 15:32:22 on 2012-07-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2464 [GMT -4:00]

.

AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\mfevtps.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\rundll32.exe

C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Conor\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\windows\system32\igfxsrvc.exe

C:\Users\Conor\AppData\Roaming\Spotify\spotify.exe

C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\taskeng.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://samsung.msn.com

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RivalGaming Games: {26d675ac-d925-4bbf-a720-62c2aa4a81eb} - C:\Users\Conor\AppData\Local\RivalGaming\RivalGaming.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624170454.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [googletalk] C:\Users\Conor\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [Cracked Steam Service] "C:\Program Files (x86)\Cracked Steam\Cracked Steam.exe" /SERVICE

uRun: [Google Update] "C:\Users\Conor\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spotify] "C:\Users\Conor\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [chromium] C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Conor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Rainmeter\Rainmeter.exe

StartupFolder: C:\Users\Conor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKYPE-~1.LNK - C:\Program Files (x86)\Skype\Phone\Skype.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: Interfaces\{184BBEA8-1C89-43C6-9249-CEA96AC9FFA2}\2656C6B696E6E2236663 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{184BBEA8-1C89-43C6-9249-CEA96AC9FFA2}\44C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{184BBEA8-1C89-43C6-9249-CEA96AC9FFA2}\73A4736344 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{184BBEA8-1C89-43C6-9249-CEA96AC9FFA2}\8416E64637F5F46666 : DhcpNameServer = 192.168.2.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RivalGaming Games: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\Conor\AppData\Local\RivalGaming\RivalGaming.dll

BHO-X64: RivalGaming Games - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624170454.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO-X64: W2PBrowser Browser Helper - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-27 791488]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-23 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-23 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]

R2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-7 848184]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-12 1431888]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\windows\system32\DRIVERS\hcwhdpvr.sys --> C:\windows\system32\DRIVERS\hcwhdpvr.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-23 225216]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-16 22:42:11 -------- d-----w- C:\Users\Conor\AppData\Roaming\Malwarebytes

2012-07-16 22:41:14 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-16 22:41:13 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-07-16 22:41:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-16 14:37:44 131072 ----a-w- C:\windows\goog.exe

2012-07-16 14:23:35 31616 ----a-w- C:\windows\System32\FoolishEventLogMsgHelper.dll

2012-07-13 19:21:25 -------- d-----w- C:\Users\Conor\AppData\Roaming\Just Cause 2

2012-07-13 19:09:08 -------- d-----w- C:\ProgramData\REVOLT

2012-07-13 18:46:31 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys

2012-07-13 18:46:12 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-07-13 01:10:55 -------- d-----w- C:\Users\Conor\AppData\Roaming\DAEMON Tools Lite

2012-07-13 01:09:33 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2012-07-13 01:08:11 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2012-07-13 00:35:42 -------- d-----w- C:\Program Files (x86)\LucasArts

2012-07-13 00:27:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-07-13 00:27:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-07-13 00:27:13 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-07-13 00:27:13 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-07-13 00:27:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-07-13 00:27:13 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-07-13 00:27:06 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-07-13 00:27:05 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-07-03 14:17:24 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-07-03 14:17:23 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-07-03 14:17:23 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-07-01 03:26:54 -------- d-----w- C:\Users\Conor\AppData\Local\CRE

2012-07-01 03:26:41 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-01 03:26:12 -------- d-----w- C:\Users\Conor\AppData\Local\Conduit

2012-07-01 03:26:06 -------- d-----w- C:\Program Files (x86)\uTorrentControl2

2012-07-01 03:21:38 -------- d-----w- C:\Users\Conor\AppData\Roaming\uTorrent

2012-06-28 16:06:12 -------- d-----w- C:\Users\Conor\AppData\Local\Apple Computer

2012-06-28 16:05:40 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2012-06-28 16:05:40 126312 ----a-w- C:\windows\System32\GEARAspi64.dll

2012-06-28 16:05:40 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll

2012-06-28 16:02:42 -------- d-----w- C:\Program Files\iPod

2012-06-28 16:02:40 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-06-28 16:02:40 -------- d-----w- C:\Program Files\iTunes

2012-06-28 16:02:40 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-28 15:51:37 -------- d-----w- C:\Users\Conor\AppData\Local\Apple

2012-06-28 15:49:39 -------- d-----w- C:\Program Files\Bonjour

2012-06-28 15:49:39 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-06-28 00:53:08 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2012-06-28 00:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-06-27 14:25:22 -------- d-----w- C:\.jagex_cache_32

2012-06-22 21:49:33 2870272 ----a-w- C:\windows\explorer_edit_w7sbc.exe

2012-06-22 21:49:33 2870272 ----a-w- C:\windows\explorer_backup_w7sbc.exe

2012-06-22 21:49:33 2387456 ----a-w- C:\windows\explorer.exe

2012-06-22 21:49:33 -------- d-----w- C:\windows\W7SBC

2012-06-22 21:03:14 -------- d-----w- C:\ICONS

2012-06-22 20:29:51 -------- d-----w- C:\Users\Conor\gaia 10

2012-06-22 06:48:30 332288 ----a-w- C:\windows\System32\uxtheme.dll.backup

2012-06-22 06:48:26 2851328 ----a-w- C:\windows\System32\themeui.dll.backup

2012-06-22 06:48:23 44544 ----a-w- C:\windows\System32\themeservice.dll.backup

2012-06-22 01:00:17 -------- d-----w- C:\Rainmeter

2012-06-21 22:00:11 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-06-20 01:24:08 -------- d-----w- C:\Users\Conor\AppData\Local\RivalGaming

.

==================== Find3M ====================

.

2012-07-12 17:37:12 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 17:37:12 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-06-22 06:48:30 332288 ----a-w- C:\windows\System32\uxtheme.dll

2012-06-22 06:48:27 2851328 ----a-w- C:\windows\System32\themeui.dll

2012-06-22 06:48:23 44544 ----a-w- C:\windows\System32\themeservice.dll

2012-05-04 23:29:22 772504 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2012-05-04 23:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-05-03 02:55:52 42392 ----a-w- C:\windows\SysWow64\xfcodec.dll

2012-05-03 02:55:52 28056 ----a-w- C:\windows\System32\xfcodec64.dll

2012-04-25 22:43:48 245760 ----a-w- C:\windows\SysWow64\uxtheme.dll

2012-04-25 22:43:45 2755072 ----a-w- C:\windows\SysWow64\themeui.dll

2012-04-25 16:11:36 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys

2012-04-25 16:11:36 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll

.

============= FINISH: 15:43:28.20 ===========

ScrewYouZeroAccess · July 17, 2012

Sorry, thats not the result of the mb scan, the mb scan came up with no problems or trojans. Thats the result if the dds.com file. Let me know if you need the attach.txt (i cant zip it and send it, i havta send it as plain text -.-

MrCharlie · July 17, 2012

Can you post the attach.txt and also read this:

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

MrC

ScrewYouZeroAccess · July 17, 2012

Heres the attach.txt from the same dds.com run:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/1/2011 4:36:26 AM

System Uptime: 7/17/2012 9:28:06 AM (6 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 113 GiB total, 10.727 GiB free.

D: is FIXED (NTFS) - 167 GiB total, 80.204 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C309a series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C309a series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID:

Description: Android Phone

Device ID: USB\VID_0BB4&PID_0CBA&MI_01\6&6668BA1&0&0001

Manufacturer:

Name: Android Phone

PNP Device ID: USB\VID_0BB4&PID_0CBA&MI_01\6&6668BA1&0&0001

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C309a series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C309a series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP110: 7/12/2012 9:11:07 PM - Device Driver Package Install: DT Soft Ltd System devices

RP111: 7/13/2012 2:46:35 PM - Device Driver Package Install: DT Soft Ltd System devices

RP112: 7/13/2012 3:21:29 PM - Installed DirectX

RP113: 7/15/2012 10:06:06 PM - Restore Operation

.

==== Installed Programs ======================

.

???? ??? Windows Live

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?????????? Windows Live

?????????? Windows Live

??????????? ?? Windows Live

1ClickDownloader

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 7.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.3)

Agatha Christie - Death on the Nile

Apple Application Support

Apple Software Update

ArcSoft TotalMedia Extreme

Assassin's Creed Revelations

Atheros Client Installation Program

Audacity 1.2.6

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Low Resolution Image Library 2012

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live fotogalerija

BatteryLifeExtender

Bejeweled 2 Deluxe

Bing Bar

Blockland

Build-a-lot

Call of Duty

Call of Duty: Modern Warfare 3 - Multiplayer

Call of Duty: United Offensive

Camtasia Studio 7

Chuzzle Deluxe

Combat Arms

CyberLink YouCam

D3DX10

DAEMON Tools Lite

Dead Island

Dead Island GOTY Edition

Diner Dash 2 Restaurant Rescue

Dungeon Defenders

Dungeon Defenders Demo

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

Facebook Video Calling 1.2.0.159

Fallout: New Vegas

Farm Frenzy

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Game Booster 3

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Hauppauge HDPVR Scheduler

Hauppauge WinTV IR Blaster

Hauppauge WinTV Scheduler

Heroes of Newerth

IHA_MessageCenter

Insaniquarium Deluxe

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 32

Java 7 Update 5

Java SE Development Kit 7 Update 2

JavaFX 2.0.2 SDK

JavaFX 2.1.1

John Deere Drive Green

Junk Mail filter update

Just Cause 2

League of Legends

LogMeIn Hamachi

LOLReplay

Malwarebytes Anti-Malware version 1.62.0.1300

MapleStory

Marvell Miniport Driver

Mesh Runtime

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 Express - ENU

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nexon Game Manager

Norton Online Backup

Pando Media Booster

Peggle

Penguins!

PhotoshopdotcomInspirationBrowser

Plants vs. Zombies

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Polar Golfer

Pota Windows Live

PS_AIO_05_C309_Software_Min

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

RivalGaming

S?????? f?t???af??? t?? Windows Live

Samsung AnyWeb Print

Samsung Recovery Solution 5

Samsung Support Center

Samsung Universal Print Driver

Samsung Update Plus

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype 5.8

Sniper: Ghost Warrior

Soft32 Updater

Spotify

Star Wars Battlefront II

StarCraft II

Steam

System Requirements Lab for Intel

Team Fortress 2

The Elder Scrolls V: Skyrim

Toolbox

TrackMania 2 - Canyon

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

User Guide

uTorrentControl2 Toolbar

UVMapper Professional Demo 3.6c

VBA (2627.01)

Vegas Pro 11.0

Verizon Internet Security Suite

VLC media player 2.0.1

WildTangent Games

WildTangent ORB Game Console

Windows Live

Windows Live ??

Windows Live ?? ???

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Foto-galerija

Windows Live fotoattelu galerija

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Pota

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Xfire (remove only)

YouTube Downloader 3.5

YouTube Downloader Toolbar v6.0

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

7/17/2012 9:29:05 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

7/17/2012 9:29:02 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/17/2012 12:23:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

7/17/2012 12:23:01 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/15/2012 11:21:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/15/2012 11:21:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/15/2012 11:21:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/15/2012 10:59:12 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

7/13/2012 9:44:17 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

7/13/2012 9:44:17 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

7/13/2012 9:44:17 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

.

==== End Of File ==========================

MrCharlie · July 17, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

ScrewYouZeroAccess · July 18, 2012

Okay, ill try to do it with my phone, but i doubt itll work. If it doesnt, i dont have access to a flash drive until friday. Just wondering: what are the consequences? Will this recovery scan alter any ofmyfiles? (I know its hard to tell, but any info would defimetly help, thanks )

MrCharlie · July 18, 2012

Just wondering: what are the consequences? Will this recovery scan alter any ofmyfiles? (I know its hard to tell, but any info would defimetly help, thanks

No it will just clear out the infection, we can try another method if you would like.

MrC

ScrewYouZeroAccess · July 18, 2012

No, no, this seems fine, but it doesnt work from my phone, its fine though,ill just wait till friday, the trojan cant do too much damage considering i dont have internet on it..... I hope.... Lol, anyway, thanks for the help, i really appreciate it! But yah, expect something from me late friday or early saturday! Thanks!

MrCharlie · July 18, 2012

OK...No problem, MrC

ScrewYouZeroAccess · July 18, 2012

Copy of FRST.txt (it actually worked on my phone suprisingly enough):

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02

Ran by SYSTEM at 18-07-2012 16:12:12

Running from H:\download

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-20] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11895400 2011-08-24] (Realtek Semiconductor)

HKLM\...\Run: [igfxTray] C:\windows\system32\igfxtray.exe [165912 2009-11-13] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [387608 2009-11-13] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [365592 2009-11-13] (Intel Corporation)

HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1090440 2012-06-27] (Spigot, Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Conor\...\Run: [googletalk] C:\Users\Conor\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)

HKU\Conor\...\Run: [Cracked Steam Service] "C:\Program Files (x86)\Cracked Steam\Cracked Steam.exe" /SERVICE [x]

HKU\Conor\...\Run: [Google Update] "C:\Users\Conor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-01] (Google Inc.)

HKU\Conor\...\Run: [spotify] "C:\Users\Conor\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [7609560 2012-07-04] (Spotify Ltd)

HKU\Conor\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-03-24] (Valve Corporation)

HKU\Conor\...\Run: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-04] ()

HKU\Conor\...\Run: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)

HKU\Conor\...\Run: [chromium] C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1250328 2012-07-09] (Google Inc.)

HKU\Conor\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk

ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)

Startup: C:\Users\Conor\Start Menu\Programs\Startup\Rainmeter - Shortcut.lnk

ShortcutTarget: Rainmeter - Shortcut.lnk -> C:\Rainmeter\Rainmeter.exe ()

Startup: C:\Users\Conor\Start Menu\Programs\Startup\Skype - Shortcut.lnk

ShortcutTarget: Skype - Shortcut.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)

2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [791488 2012-06-27] (Spigot, Inc.)

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)

2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 mitsijm2012; "C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe" [848184 2010-12-07] (Autodesk, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation)

3 Samsung UPD Service; "C:\windows\System32\SUPDSvc.exe" [166704 2010-08-09] (Samsung Electronics CO., LTD.)

========================== Drivers (Whitelisted) =============

1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [161792 2009-02-06] ()

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-13] (DT Soft Ltd)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

3 hcwhdpvr; C:\Windows\System32\Drivers\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-10-21] (Windows ® 2003 DDK 3790 provider)

1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2009-05-27] (SAMSUNG ELECTRONICS)

3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-17 10:16 - 2012-07-17 10:13 - 00607260 ____R (Swearware) C:\Users\Conor\Desktop\dds.com

2012-07-16 14:42 - 2012-07-16 14:42 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Malwarebytes

2012-07-16 14:41 - 2012-07-16 14:41 - 00001105 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-16 14:41 - 2012-07-16 14:41 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-16 14:41 - 2012-07-16 14:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-16 14:41 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-16 13:37 - 2012-07-16 13:38 - 00000171 ____A C:\Users\Conor\Desktop\D7.ini

2012-07-16 13:37 - 2012-07-16 13:37 - 01077336 ____A (Microsoft Corporation) C:\Users\Conor\Desktop\MSCOMCTL.OCX

2012-07-16 13:37 - 2012-07-16 13:37 - 00290304 ____A (Microsoft Corporation) C:\Users\Conor\Desktop\SUBINACL.EXE

2012-07-16 13:37 - 2012-07-16 13:37 - 00000000 ____D C:\Users\Conor\Desktop\Reports

2012-07-16 07:16 - 2012-07-15 15:45 - 09014200 ____N (Foolish IT) C:\Users\Conor\Desktop\D7.exe

2012-07-16 06:51 - 2012-07-16 06:50 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Conor\Documents\tdsskiller.exe

2012-07-16 06:37 - 2012-07-16 06:37 - 00131072 ____A (FoolishIT.com) C:\Windows\goog.exe

2012-07-16 06:23 - 2012-07-16 06:23 - 00031616 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll

2012-07-16 06:21 - 2012-07-16 06:17 - 06042924 ____A C:\Users\Conor\Documents\D7.zip

2012-07-15 15:11 - 2012-07-15 15:11 - 00029442 ____A C:\Users\Conor\Downloads\[]Demonoid.me[]-Pulp_Fiction_1994_DVDriP_DivX_P4DGE_12062392.9264.torrent

2012-07-13 17:19 - 2012-07-13 17:19 - 00056293 ____A C:\Users\Conor\Downloads\Civilization_IV_Full___1DVD___Crack__WEBSEED-[www.Demonoid.me].torrent

2012-07-13 11:21 - 2012-07-13 11:21 - 00000805 ____A C:\Users\Conor\Desktop\Just Cause 2.lnk

2012-07-13 11:21 - 2012-07-13 11:21 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Just Cause 2

2012-07-13 11:09 - 2012-07-13 11:09 - 00000000 ____D C:\Users\All Users\REVOLT

2012-07-13 10:46 - 2012-07-13 10:46 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys

2012-07-13 10:46 - 2012-07-13 10:46 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite

2012-07-13 08:23 - 2012-07-13 08:23 - 00015701 ____A C:\Users\Conor\Downloads\Just_Cause_2_All_10_DLC_[RePack]_[R_G_Shift]-[[Demonoid.me]]_12062392.9264.torrent

2012-07-13 07:51 - 2012-07-13 07:51 - 00018459 ____A C:\Users\Conor\Downloads\Grand_Theft_Auto_3_O-Demonoid.me-O_12062392.9264.torrent

2012-07-13 07:45 - 2012-07-13 07:45 - 00071317 ____A C:\Users\Conor\Downloads\Grand_Theft_Auto_IV_FULL_PC_VERSION_(Not_Fake)-(Demonoid.me)_12062392.9264.torrent

2012-07-13 07:44 - 2012-07-13 07:44 - 00037771 ____A C:\Users\Conor\Downloads\Grand_Theft_Auto_4-(Demonoid.me)_12062392.9264.torrent

2012-07-13 07:05 - 2012-07-13 07:05 - 00013462 ____A C:\Users\Conor\Downloads\_=Demonoid.me=_-Dead_Island_GOTY_Edition_(2_56GB)_12062392.9264.torrent

2012-07-13 06:47 - 2012-07-13 06:47 - 00016028 ____A C:\Users\Conor\Downloads\++Demonoid.me++-Man_on_the_ledge_2012_12062392.9264.torrent

2012-07-13 06:44 - 2012-07-13 06:44 - 00024117 ____A C:\Users\Conor\Downloads\Man_on_a_Ledge_(2012)_PAL_DVDR_DD5_1_NL_Subs-[Demonoid.me]_12062392.9264.torrent

2012-07-13 06:40 - 2012-07-13 06:40 - 00027346 ____A C:\Users\Conor\Downloads\((Demonoid.me))-Ghost_Rider_Spirit_Of_Vengeance_(2011)_720p_BRrip_x264_scOrp_12062392.9264.torrent

2012-07-13 06:39 - 2012-07-13 06:39 - 00279424 ____A C:\Users\Conor\Downloads\Ghost_Rider-_Spirit_Of_Vengeance_(2011)_720p_BRrip_x264_scOr.exe

2012-07-12 18:18 - 2012-07-12 18:18 - 00016107 ____A C:\Users\Conor\Downloads\((Demonoid.me))-Final_Destination_5_(2011)_DVDRip_XviD_MAX_12062392.9264.torrent

2012-07-12 18:17 - 2012-07-12 18:17 - 00005716 ____A C:\Users\Conor\Downloads\The_Amazing_Spiderman_2012_HD_CAM_XViD_26k_-Demonoid.me-__12062392.9264.torrent

2012-07-12 18:16 - 2012-07-12 18:16 - 00004972 ____A C:\Users\Conor\Downloads\Ice_Age_Continental_Drift_2012_CAM_NEW_XVID_AC3_26K-++Demonoid.me++_12062392.9264.torrent

2012-07-12 17:15 - 2012-07-12 17:16 - 29843738 ____A (LucasArts) C:\Users\Conor\Downloads\BFIIUpdateInt1_1.exe

2012-07-12 17:10 - 2012-07-12 17:13 - 00000000 ____D C:\Users\Conor\AppData\Roaming\DAEMON Tools Lite

2012-07-12 17:09 - 2012-07-15 23:08 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite

2012-07-12 17:09 - 2012-07-12 17:09 - 14229744 ____A (DT Soft Ltd) C:\Users\Conor\Downloads\DTLite4454-0315.exe

2012-07-12 17:08 - 2012-07-12 17:08 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro

2012-07-12 17:07 - 2012-07-12 17:07 - 19302416 ____A (DT Soft Ltd) C:\Users\Conor\Downloads\DAEMONToolsPro510-0333.exe

2012-07-12 16:35 - 2012-07-12 16:35 - 00000000 ____D C:\Program Files (x86)\LucasArts

2012-07-12 16:32 - 2012-07-12 16:32 - 00009913 ____A C:\Users\Conor\Downloads\rld-swbf2kg.rar

2012-07-11 12:13 - 2012-07-11 12:13 - 00728101 ____A C:\Users\Conor\Downloads\RSBot.jar

2012-07-06 11:31 - 2012-07-06 11:31 - 03878112 ____A C:\Users\Conor\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe

2012-07-03 06:17 - 2012-07-03 06:17 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar

2012-07-03 06:17 - 2012-07-03 06:17 - 00000000 ____D C:\Program Files (x86)\Application Updater

2012-06-30 19:31 - 2012-06-30 19:31 - 00016589 ____A C:\Users\Conor\Downloads\D905B0DCFFF3FC9E2A26A9F9EC82105C0678F03D.torrent

2012-06-30 19:28 - 2012-06-30 19:28 - 01022352 ____A (BitTorrent, Inc.) C:\Users\Conor\Downloads\uTorrent (1).exe

2012-06-30 19:26 - 2012-06-30 19:26 - 00000000 ____D C:\Users\Conor\AppData\Local\CRE

2012-06-30 19:26 - 2012-06-30 19:26 - 00000000 ____D C:\Users\Conor\AppData\Local\Conduit

2012-06-30 19:26 - 2012-06-30 19:26 - 00000000 ____D C:\Program Files (x86)\uTorrentControl2

2012-06-30 19:26 - 2012-06-30 19:26 - 00000000 ____D C:\Program Files (x86)\Conduit

2012-06-30 19:21 - 2012-07-17 11:30 - 00000000 ____D C:\Users\Conor\AppData\Roaming\uTorrent

2012-06-30 19:20 - 2012-06-30 19:21 - 01022352 ____A (BitTorrent, Inc.) C:\Users\Conor\Downloads\uTorrent.exe

2012-06-28 10:29 - 2012-06-28 10:29 - 04570608 ____A C:\Users\Conor\Downloads\Spirit.exe

2012-06-28 08:06 - 2012-06-28 08:25 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Apple Computer

2012-06-28 08:06 - 2012-06-28 08:06 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-28 08:06 - 2012-06-28 08:06 - 00000000 ____D C:\Users\Conor\AppData\Local\Apple Computer

2012-06-28 08:05 - 2009-05-18 09:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-06-28 08:05 - 2008-04-17 08:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2012-06-28 08:05 - 2008-04-17 08:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2012-06-28 08:02 - 2012-06-28 08:05 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-06-28 08:02 - 2012-06-28 08:05 - 00000000 ____D C:\Program Files\iTunes

2012-06-28 08:02 - 2012-06-28 08:05 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-06-28 08:02 - 2012-06-28 08:02 - 00000000 ____D C:\Users\All Users\Apple Computer

2012-06-28 08:02 - 2012-06-28 08:02 - 00000000 ____D C:\Program Files\iPod

2012-06-28 07:51 - 2012-06-28 07:51 - 00000000 ____D C:\Users\Conor\AppData\Local\Apple

2012-06-28 07:51 - 2012-06-28 07:51 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2012-06-28 07:50 - 2012-06-28 07:50 - 00000000 ____D C:\Program Files\Common Files\Apple

2012-06-28 07:49 - 2012-06-28 07:51 - 00000000 ____D C:\Users\All Users\Apple

2012-06-28 07:49 - 2012-06-28 07:49 - 00000000 ____D C:\Program Files\Bonjour

2012-06-28 07:49 - 2012-06-28 07:49 - 00000000 ____D C:\Program Files (x86)\Bonjour

2012-06-28 07:18 - 2012-06-28 07:19 - 79225752 ____A (Apple Inc.) C:\Users\Conor\Downloads\iTunes64Setup.exe

2012-06-28 07:17 - 2012-06-28 07:17 - 00000000 ____D C:\Users\Conor\Desktop\iTouch Jailbreak

2012-06-28 07:08 - 2012-06-28 07:14 - 294641806 ____A C:\Users\Conor\Downloads\Whited00r_520_iPodTouch2G.zip

2012-06-27 16:53 - 2012-06-27 18:24 - 00000000 ____D C:\Users\Conor\Documents\StarCraft II

2012-06-27 16:53 - 2012-06-27 18:24 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment

2012-06-27 16:53 - 2012-06-27 17:06 - 00000732 ____A C:\Users\Public\Desktop\StarCraft II.lnk

2012-06-27 07:03 - 2012-06-27 07:03 - 03216375 ____A (Blizzard Entertainment) C:\Users\Conor\Downloads\StarCraft_2_NA_en-US.exe

2012-06-27 06:25 - 2012-06-27 06:25 - 00000000 ____D C:\.jagex_cache_32

2012-06-27 06:19 - 2012-06-27 06:19 - 00725696 ____A C:\Users\Conor\Downloads\RSBot-4018 (1).jar

2012-06-26 07:37 - 2012-07-08 15:06 - 00000049 ____A C:\Users\Conor\jagex_cl_runescape_LIVE_BETA.dat

2012-06-24 11:07 - 2012-05-04 15:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-06-24 11:06 - 2012-05-15 15:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-06-24 11:06 - 2012-05-15 15:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-06-24 11:05 - 2012-06-24 11:06 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log

2012-06-23 12:49 - 2012-07-11 12:15 - 00000770 ____A C:\Users\Conor\Downloads\RSBot.lnk

2012-06-23 12:49 - 2012-06-23 12:49 - 00725696 ____A C:\Users\Conor\Downloads\RSBot-4018.jar

2012-06-22 15:43 - 2012-06-22 15:43 - 00104674 ____A C:\Users\Conor\Downloads\decibel.zip

2012-06-22 15:34 - 2012-06-22 15:34 - 00224374 ____A C:\Users\Conor\Downloads\lt_oksana.zip

2012-06-22 15:32 - 2012-06-22 15:32 - 00012147 ____A C:\Users\Conor\Downloads\electrorocket.zip

2012-06-22 15:23 - 2012-06-22 15:23 - 00384422 ____A C:\Users\Conor\Downloads\simplistic_clock_by_pixeltoast-d471p83.zip

2012-06-22 15:23 - 2011-08-18 22:40 - 00078171 ____A C:\Users\Conor\Downloads\Simplistic Clock.rmskin

2012-06-22 15:16 - 2012-06-22 15:16 - 00278173 ____A C:\Users\Conor\Downloads\Nathan.zip

2012-06-22 14:05 - 2012-06-22 14:05 - 00046215 ____A C:\Users\Conor\Downloads\metro_orb_by_thehaso-d4epmw5.rar

2012-06-22 13:49 - 2012-06-22 13:50 - 00000000 ____D C:\Windows\W7SBC

2012-06-22 13:49 - 2011-02-25 22:23 - 02870272 ____A (Microsoft Corporation) C:\Windows\explorer_edit_w7sbc.exe

2012-06-22 13:49 - 2011-02-25 22:23 - 02870272 ____A (Microsoft Corporation) C:\Windows\explorer_backup_w7sbc.exe

2012-06-22 13:49 - 2011-02-25 22:23 - 02387456 ____A (Microsoft Corporation) C:\Windows\explorer.exe

2012-06-22 13:44 - 2012-06-22 14:06 - 00000000 ____D C:\Users\Conor\Desktop\W7SBC

2012-06-22 13:42 - 2012-06-22 13:42 - 00613947 ____A C:\Users\Conor\Downloads\W7SBC.zip

2012-06-22 13:33 - 2012-06-22 13:33 - 02506292 ____A C:\Users\Conor\Downloads\ecqlipse_2____ico___by_chrfb.zip

2012-06-22 13:29 - 2012-06-22 13:29 - 04710565 ____A C:\Users\Conor\Downloads\__ecqlipse_2___PNG_by_chrfb.zip

2012-06-22 13:25 - 2012-06-22 14:01 - 00000000 ____D C:\Users\Conor\Desktop\icons

2012-06-22 13:19 - 2012-06-22 13:19 - 00276928 ____A C:\Windows\Minidump\062212-22635-01.dmp

2012-06-22 13:03 - 2012-06-22 13:03 - 00000000 ____D C:\ICONS

2012-06-22 13:01 - 2012-06-22 13:01 - 00888810 ____A C:\Users\Conor\Downloads\Token___File_Types_by_brsev.zip

2012-06-22 12:29 - 2012-06-22 12:30 - 00000000 ____D C:\Users\Conor\gaia 10

2012-06-22 12:26 - 2012-06-22 12:26 - 06821640 ____A C:\Users\Conor\Downloads\gaia10_by_neiio-d2yobo6.zip

2012-06-22 08:33 - 2012-06-19 11:08 - 00725279 ____A C:\Users\Conor\Downloads\RSBot-4017 - Copy.jar

2012-06-21 23:22 - 2012-06-21 23:22 - 00000731 ____A C:\Users\Conor\Downloads\RSBot-4017 - Shortcut.lnk

2012-06-21 22:48 - 2009-07-13 17:41 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll.backup

2012-06-21 22:48 - 2009-07-13 17:41 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll.backup

2012-06-21 22:48 - 2009-07-13 17:41 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll.backup

2012-06-21 22:45 - 2012-06-21 22:45 - 00000000 ____D C:\Users\Conor\Documents\slave

2012-06-21 22:44 - 2012-06-21 22:44 - 00000000 ____D C:\Users\Public\Documents\New Folder

2012-06-21 22:42 - 2012-06-21 22:42 - 00000000 ____D C:\Users\Conor\Downloads\themess

2012-06-21 22:39 - 2012-06-21 22:39 - 00000000 ____D C:\Users\Conor\Downloads\slave_for_windows_seven_by_guillendesign-d3kxzgb (1)

2012-06-21 22:28 - 2012-06-21 22:28 - 18068420 ____A C:\Users\Conor\Downloads\slave_for_windows_seven_by_guillendesign-d3kxzgb.zip

2012-06-21 22:28 - 2012-06-21 22:28 - 18068420 ____A C:\Users\Conor\Downloads\slave_for_windows_seven_by_guillendesign-d3kxzgb (1).zip

2012-06-21 21:48 - 2012-06-21 21:48 - 00124566 ____A C:\Users\Conor\Downloads\rainmeter___elegance_1_0_by_lilshizzy-d3jpo7v.rmskin

2012-06-21 21:06 - 2012-07-06 09:22 - 00000132 ____A C:\Users\Conor\AppData\Roaming\Adobe PNG Format CS5 Prefs

2012-06-21 20:03 - 2012-06-21 20:06 - 176062918 ____A C:\Users\Conor\Downloads\Terminal Ducky.rar

2012-06-21 19:48 - 2012-06-21 19:49 - 00000000 ____D C:\Users\Conor\Documents\Wallpaper

2012-06-21 19:05 - 2012-06-21 19:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-06-21 19:03 - 2012-06-21 19:03 - 03066102 ____A C:\Users\Conor\Downloads\rainmeter___elegance_2_by_lilshizzy-d41hrge.rmskin

2012-06-21 18:55 - 2012-06-21 18:55 - 00000000 ____D C:\Users\Conor\Documents\Rainmeter

2012-06-21 18:54 - 2012-06-21 18:54 - 00613532 ____A C:\Users\Conor\Downloads\sherlock_desktop_by_xiphos71-d53ykjy (1).rmskin

2012-06-21 18:47 - 2012-06-21 18:47 - 00613532 ____A C:\Users\Conor\Downloads\sherlock_desktop_by_xiphos71-d53ykjy.rmskin

2012-06-21 18:43 - 2012-06-21 18:43 - 00000000 ____D C:\Users\Conor\Downloads\SUPERCOLOSSAL

2012-06-21 18:41 - 2012-06-21 18:41 - 00216417 ____A C:\Users\Conor\Downloads\SUPERCOLOSSAL.zip

2012-06-21 18:19 - 2012-06-21 18:19 - 01835947 ____A C:\Users\Conor\Downloads\enigma_by_kaelri-d1ptasn (1).rmskin

2012-06-21 18:04 - 2012-06-21 18:05 - 06917289 ____A C:\Users\Conor\Downloads\ABP1.2.rmskin

2012-06-21 17:30 - 2012-06-21 17:30 - 01835947 ____A C:\Users\Conor\Downloads\enigma_by_kaelri-d1ptasn.rmskin

2012-06-21 17:00 - 2012-07-15 23:08 - 00000000 ____D C:\Rainmeter

2012-06-21 16:59 - 2012-06-21 16:59 - 01392000 ____A C:\Users\Conor\Downloads\Rainmeter-2.2.exe

2012-06-21 14:02 - 2012-07-13 10:34 - 00000000 ____D C:\Users\Conor\AppData\Roaming\vlc

2012-06-21 14:00 - 2012-06-21 14:00 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2012-06-21 13:58 - 2012-06-21 13:58 - 22259528 ____A C:\Users\Conor\Downloads\vlc-2.0.1-win32.exe

2012-06-21 07:05 - 2012-06-21 07:05 - 00301617 ___AT C:\Users\Conor\Documents\HP_169.254.52.167_MY9A6H91F2058R

2012-06-21 07:04 - 2012-06-21 07:04 - 00006498 ____A C:\Users\Public\Documents\honorsprecal.txt

2012-06-19 18:25 - 2012-06-21 23:21 - 00001066 ____A C:\Users\Conor\Desktop\RSBot-4017 - Shortcut.lnk

2012-06-19 17:24 - 2012-07-18 04:00 - 00000260 ____A C:\Windows\Tasks\RGames Updater.job

2012-06-19 17:24 - 2012-06-19 17:24 - 00000000 ____D C:\Users\Conor\Documents\EpicBot

2012-06-19 17:24 - 2012-06-19 17:24 - 00000000 ____D C:\Users\Conor\AppData\Local\RivalGaming

2012-06-19 17:22 - 2012-06-19 17:22 - 01536704 ____A (W3i, LLC) C:\Users\Conor\Downloads\epicbot_520.exe

2012-06-19 11:08 - 2012-06-19 11:08 - 00725279 ____A C:\Users\Conor\Downloads\RSBot-4017.jar

============ 3 Months Modified Files ========================

2012-07-18 12:08 - 2011-04-18 15:11 - 01503297 ____A C:\Windows\WindowsUpdate.log

2012-07-18 12:08 - 2009-07-13 20:45 - 00020032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-18 12:08 - 2009-07-13 20:45 - 00020032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-18 12:05 - 2011-12-01 13:45 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1001UA.job

2012-07-18 12:02 - 2011-12-02 13:54 - 00256892 ____A C:\Windows\PFRO.log

2012-07-18 12:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-18 12:02 - 2009-07-13 20:51 - 00079860 ____A C:\Windows\setupact.log

2012-07-18 04:37 - 2012-03-29 11:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-18 04:05 - 2011-12-01 13:45 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1001Core.job

2012-07-18 04:00 - 2012-06-19 17:24 - 00000260 ____A C:\Windows\Tasks\RGames Updater.job

2012-07-18 02:57 - 2012-05-29 20:45 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1001UA.job

2012-07-17 19:31 - 2009-07-13 21:13 - 00779764 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-17 14:58 - 2012-05-29 20:45 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1001Core.job

2012-07-17 10:13 - 2012-07-17 10:16 - 00607260 ____R (Swearware) C:\Users\Conor\Desktop\dds.com

2012-07-16 14:41 - 2012-07-16 14:41 - 00001105 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-16 13:38 - 2012-07-16 13:37 - 00000171 ____A C:\Users\Conor\Desktop\D7.ini

2012-07-16 13:37 - 2012-07-16 13:37 - 01077336 ____A (Microsoft Corporation) C:\Users\Conor\Desktop\MSCOMCTL.OCX

2012-07-16 13:37 - 2012-07-16 13:37 - 00290304 ____A (Microsoft Corporation) C:\Users\Conor\Desktop\SUBINACL.EXE

2012-07-16 06:50 - 2012-07-16 06:51 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Conor\Documents\tdsskiller.exe

2012-07-16 06:37 - 2012-07-16 06:37 - 00131072 ____A (FoolishIT.com) C:\Windows\goog.exe

2012-07-16 06:23 - 2012-07-16 06:23 - 00031616 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll

2012-07-16 06:17 - 2012-07-16 06:21 - 06042924 ____A C:\Users\Conor\Documents\D7.zip

2012-07-15 15:45 - 2012-07-16 07:16 - 09014200 ____N (Foolish IT) C:\Users\Conor\Desktop\D7.exe

2012-07-15 15:11 - 2012-07-15 15:11 - 00029442 ____A C:\Users\Conor\Downloads\[]Demonoid.me[]-Pulp_Fiction_1994_DVDriP_DivX_P4DGE_12062392.9264.torrent

2012-07-15 10:22 - 2012-04-07 18:24 - 00000045 ____A C:\Users\Conor\jagex_cl_runescape_LIVE1.dat

2012-07-15 10:22 - 2011-12-01 14:44 - 00000044 ____A C:\Users\Conor\jagex_cl_runescape_LIVE.dat

2012-07-15 08:06 - 2012-06-16 06:34 - 00000045 ____A C:\Users\Conor\jagex_cl_runescape_LIVE3.dat

2012-07-15 08:06 - 2012-06-15 18:13 - 00000045 ____A C:\Users\Conor\jagex_cl_runescape_LIVE2.dat