Jump to content

Infected With Trojan.Dropper.BCMiner

maanik
 Share

Recommended Posts

maanik

maanik

Posted
Posted

Every time I run a MBAM scan, Trojan.Dropper.BCMiner appears. What it seems to be doing so far is denying me access to https websites and opening random ads on Google Chrome alone, so I'm not exactly sure what's going on. I would really appreciate any help with removing this infection and advice on any further courses of action. Thanks in advance!

Here are my DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Scissors at 3:17:32 on 2012-07-30

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3836.2019 [GMT -6:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Pale Moon\palemoon.exe

C:\Program Files (x86)\Pale Moon\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

uURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgr0.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

mURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgr0.dll

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgr0.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgr0.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Facebook Update] "C:\Users\Scissors\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [AdobeBridge]

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [rtfgdt] "C:\Windows\System32\rundll32.exe" "C:\Users\Scissors\AppData\Roaming\rtfgdt.dll",_strtol

uRun: [Google Update] "C:\Users\Scissors\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Scissors\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\Scissors\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{568D7CEC-27DA-4514-8235-DE16DD983F2E} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{568D7CEC-27DA-4514-8235-DE16DD983F2E}\34245402C41475E4 : DhcpNameServer = 64.81.79.2

TCP: Interfaces\{568D7CEC-27DA-4514-8235-DE16DD983F2E}\A556C64616 : DhcpNameServer = 192.168.43.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO-X64: BitTorrentBar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgr0.dll

BHO-X64: Vgrabber1 - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB-X64: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgr0.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]

R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111212.002\IDSviA64.sys [2011-12-13 488568]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2011-10-13 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-26 655944]

R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-2-14 124832]

R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-15 117648]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-26 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-8 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-30 06:50:03 -------- d-----w- C:\Users\Scissors\AppData\Local\Macromedia

2012-07-29 22:50:15 -------- d-----w- C:\Users\Scissors\AppData\Local\{7B36E591-2336-47D4-8D6A-B3628085F7A5}

2012-07-29 22:49:58 -------- d-----w- C:\Users\Scissors\AppData\Local\{49B62BFB-E58F-4661-995B-547EF86B4C02}

2012-07-29 06:13:34 -------- d-----w- C:\Users\Scissors\AppData\Local\{28685446-351E-4204-99D6-5D660E428BC7}

2012-07-29 06:13:10 -------- d-----w- C:\Users\Scissors\AppData\Local\{36760C55-E7F0-4088-8C66-1925AF6AA4AC}

2012-07-28 18:12:43 -------- d-----w- C:\Users\Scissors\AppData\Local\{5FE35FC4-1275-43AF-85DF-8FD89E5DEE35}

2012-07-28 18:12:31 -------- d-----w- C:\Users\Scissors\AppData\Local\{4D0CAF7C-EC9F-40E5-A6BD-71C56FF408BC}

2012-07-28 06:40:00 -------- d-----w- C:\Archivos de programa

2012-07-28 05:24:43 -------- d-----w- C:\Users\Scissors\AppData\Local\{B0EC4FF3-62BA-4C36-832B-0912DC6009BD}

2012-07-28 05:24:19 -------- d-----w- C:\Users\Scissors\AppData\Local\{824D8964-AC6C-4A1D-9125-AA936226D2E3}

2012-07-27 17:23:39 -------- d-----w- C:\Users\Scissors\AppData\Local\{965D8FB5-A794-4C2F-8FCD-E82AFF678D22}

2012-07-27 17:23:13 -------- d-----w- C:\Users\Scissors\AppData\Local\{2699B32A-979E-4D90-90E6-82942232F2D4}

2012-07-27 05:19:56 -------- d-----w- C:\Users\Scissors\AppData\Local\{C15A7FAA-AEE3-42FA-A5CD-2F65EE2911F4}

2012-07-27 05:19:33 -------- d-----w- C:\Users\Scissors\AppData\Local\{17574A14-732D-4DEA-AB8B-FE5EE85ECD56}

2012-07-26 17:19:10 -------- d-----w- C:\Users\Scissors\AppData\Local\{74F2874F-9211-4CAB-A4F0-316192EF9E44}

2012-07-26 17:18:56 -------- d-----w- C:\Users\Scissors\AppData\Local\{8686777E-B560-4738-863B-E7C01BE3F939}

2012-07-26 08:54:26 -------- d-----w- C:\Users\Scissors\AppData\Roaming\Malwarebytes

2012-07-26 08:54:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-26 08:54:18 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-26 08:54:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-26 06:06:52 -------- d-----w- C:\Users\Scissors\AppData\Local\{164386FC-D6CC-11E1-8270-B8AC6F996F26}

2012-07-26 02:51:44 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-26 02:46:22 478208 ----a-w- C:\Users\Scissors\AppData\Roaming\rtfgdt.dll

2012-07-26 02:45:23 -------- d-----w- C:\Users\Scissors\AppData\Roaming\xsecva

2012-07-25 23:00:18 -------- d-----w- C:\Users\Scissors\AppData\Local\{7F086711-DF9C-4983-B664-EA7EC197EEF5}

2012-07-25 23:00:08 -------- d-----w- C:\Users\Scissors\AppData\Local\{DA6BCE21-6A8E-484A-8C4B-355CDC53825C}

2012-07-25 22:59:58 -------- d-----w- C:\Users\Scissors\AppData\Local\{C2E73333-23B3-4B97-8A9C-EF3F4E1ADBA0}

2012-07-25 22:59:37 -------- d-----w- C:\Users\Scissors\AppData\Local\{63D5A6E4-506E-4443-B2AD-11E5ECC8C469}

2012-07-25 10:59:12 -------- d-----w- C:\Users\Scissors\AppData\Local\{5446B3AB-2211-4F20-9C5C-ADF614BE31AF}

2012-07-25 10:59:02 -------- d-----w- C:\Users\Scissors\AppData\Local\{7C689B1C-C74D-4892-B628-2F2A8CF68FEE}

2012-07-25 10:58:52 -------- d-----w- C:\Users\Scissors\AppData\Local\{90CBE8D3-8D11-4FD1-83CE-1D203F01D512}

2012-07-25 10:58:30 -------- d-----w- C:\Users\Scissors\AppData\Local\{1D585CDF-E73E-496B-98B3-793FE7AB4CBB}

2012-07-25 04:34:26 -------- d-----w- C:\Users\Scissors\AppData\Roaming\Windows Live Writer

2012-07-25 04:34:26 -------- d-----w- C:\Users\Scissors\AppData\Local\Windows Live Writer

2012-07-24 22:58:03 -------- d-----w- C:\Users\Scissors\AppData\Local\{FF947FA0-4844-484D-80BA-7C2636E4D6EF}

2012-07-24 22:57:52 -------- d-----w- C:\Users\Scissors\AppData\Local\{EA6C13F2-545E-4719-A5E8-20E99F85F5BB}

2012-07-24 09:01:36 -------- d-----w- C:\Users\Scissors\AppData\Local\{6E0A9100-BC88-4AF4-9458-1992E69D1579}

2012-07-24 09:01:14 -------- d-----w- C:\Users\Scissors\AppData\Local\{37F0CB95-01B0-4214-AEA2-011C63707A1D}

2012-07-24 08:15:46 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDA0F5E0-AEF6-4AFD-9376-50FEBCCD1C58}\mpengine.dll

2012-07-23 21:00:59 -------- d-----w- C:\Users\Scissors\AppData\Local\{7F2892C5-8FED-40A7-8AAF-1B616B168EFE}

2012-07-23 21:00:48 -------- d-----w- C:\Users\Scissors\AppData\Local\{9AFF7CA4-6F71-4EF9-A254-F5C5BB11E162}

2012-07-22 23:26:48 -------- d-----w- C:\Users\Scissors\AppData\Local\{59DBA4BE-4B9A-43C1-93BE-E1145901B5BA}

2012-07-22 23:26:25 -------- d-----w- C:\Users\Scissors\AppData\Local\{7DB13D93-C65A-45D6-9C34-49D2B3762BAC}

2012-07-22 11:25:52 -------- d-----w- C:\Users\Scissors\AppData\Local\{22D6E433-4478-45D6-BEF3-73C998229055}

2012-07-22 11:25:29 -------- d-----w- C:\Users\Scissors\AppData\Local\{828E96B9-2429-4656-A3D2-367AE7828B6D}

2012-07-21 23:25:00 -------- d-----w- C:\Users\Scissors\AppData\Local\{844B75F5-8CBE-4098-B081-76D6E4AD0D2A}

2012-07-21 23:24:38 -------- d-----w- C:\Users\Scissors\AppData\Local\{4D41F766-340A-460B-8272-E495A4FD32DC}

2012-07-21 11:24:07 -------- d-----w- C:\Users\Scissors\AppData\Local\{78C0D863-E4EB-4B28-A499-EF269A30D016}

2012-07-21 11:23:56 -------- d-----w- C:\Users\Scissors\AppData\Local\{BBFE3456-1E21-46B9-BC9D-E0825378AAF4}

2012-07-21 02:16:49 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2012-07-20 23:23:40 -------- d-----w- C:\Users\Scissors\AppData\Local\{8B5297E0-844A-4BB4-BA5C-D2556E7318E7}

2012-07-20 23:23:13 -------- d-----w- C:\Users\Scissors\AppData\Local\{939741D4-38EC-410F-8D51-1058CB5EC199}

2012-07-20 08:27:08 -------- d-----w- C:\Users\Scissors\AppData\Local\{9D74B094-A4E8-4450-82E1-B45B5C3267BD}

2012-07-20 08:26:44 -------- d-----w- C:\Users\Scissors\AppData\Local\{A96F9315-3EE9-4575-8F79-0B4D8FFBD4A0}

2012-07-19 20:26:26 -------- d-----w- C:\Users\Scissors\AppData\Local\{52ED046C-FBEA-4C47-999D-39A52CDF9D4A}

2012-07-19 20:26:03 -------- d-----w- C:\Users\Scissors\AppData\Local\{08719A40-08D6-4452-BDEA-44C5F6500866}

2012-07-19 08:25:37 -------- d-----w- C:\Users\Scissors\AppData\Local\{DD1B5F85-AA6E-44B0-9C3A-521D58DA9A5B}

2012-07-19 08:25:15 -------- d-----w- C:\Users\Scissors\AppData\Local\{B0E1BD7B-B664-470A-B149-DF7BF0140971}

2012-07-18 20:25:00 -------- d-----w- C:\Users\Scissors\AppData\Local\{932FD4F0-DD4C-4218-88F0-20656D926CDC}

2012-07-18 20:24:32 -------- d-----w- C:\Users\Scissors\AppData\Local\{0D6AEDA0-D923-478A-8301-6DE8EEE91895}

2012-07-17 22:35:48 -------- d-----w- C:\Users\Scissors\AppData\Local\{B2251730-9F69-4ACD-9B03-91F9C5570662}

2012-07-17 22:35:27 -------- d-----w- C:\Users\Scissors\AppData\Local\{F5771183-8863-4E20-8DAF-45974F1451E7}

2012-07-17 10:34:59 -------- d-----w- C:\Users\Scissors\AppData\Local\{0BFE3726-2694-4861-839F-209FA0689EA7}

2012-07-17 10:34:37 -------- d-----w- C:\Users\Scissors\AppData\Local\{FE29AD8C-2C94-4A00-B43C-C8D5AB630810}

2012-07-16 22:34:22 -------- d-----w- C:\Users\Scissors\AppData\Local\{036C5EC7-E0F9-4E6C-BE8E-D71494678540}

2012-07-16 22:33:56 -------- d-----w- C:\Users\Scissors\AppData\Local\{DA7245A6-8BDE-45EA-81A9-CCD705C4A374}

2012-07-16 03:19:56 -------- d-----w- C:\Users\Scissors\AppData\Local\{1F587CE8-F985-41C7-BDE9-F67D1BE9AF1B}

2012-07-16 03:19:33 -------- d-----w- C:\Users\Scissors\AppData\Local\{051A8D07-EA9F-4671-9481-4B57FFEF000C}

2012-07-14 22:50:13 -------- d-----w- C:\Users\Scissors\AppData\Local\{D67D90AC-6C02-4983-9534-9AB61801F0FE}

2012-07-14 22:49:57 -------- d-----w- C:\Users\Scissors\AppData\Local\{A10C7BB7-1C21-4CF9-B624-53DDF87E51D0}

2012-07-14 08:52:37 -------- d-----w- C:\Users\Scissors\AppData\Local\Dreambelievers

2012-07-14 04:38:01 -------- d-----w- C:\Users\Scissors\AppData\Local\{365423AC-6EFA-4796-BAEF-B94566A1B697}

2012-07-14 04:37:39 -------- d-----w- C:\Users\Scissors\AppData\Local\{D48288A3-77C5-4A7B-B3E6-F75EE7A595CC}

2012-07-13 16:37:09 -------- d-----w- C:\Users\Scissors\AppData\Local\{11D9A122-02C8-4A97-BA22-BD9D3C129EEE}

2012-07-13 16:36:51 -------- d-----w- C:\Users\Scissors\AppData\Local\{ACFC3F7A-9B72-4318-9FCD-52644E9ECC99}

2012-07-12 23:50:43 -------- d-----w- C:\Users\Scissors\AppData\Local\{848AD478-0839-4610-AC8E-A4703644A59D}

2012-07-12 23:50:26 -------- d-----w- C:\Users\Scissors\AppData\Local\{FD47DD64-2D5D-469E-942B-2E932A4E17C5}

2012-07-12 10:11:32 -------- d-----w- C:\Users\Scissors\AppData\Local\{625C48C8-2F0D-45DA-A26E-114F4CB7DC0B}

2012-07-12 10:11:10 -------- d-----w- C:\Users\Scissors\AppData\Local\{6BC1E76E-740D-4AC5-93FF-BF4B0E1345B2}

2012-07-11 22:10:43 -------- d-----w- C:\Users\Scissors\AppData\Local\{68EFB05A-2B7A-4A52-BB59-9068A41DB958}

2012-07-11 22:10:22 -------- d-----w- C:\Users\Scissors\AppData\Local\{6CEF8995-1359-4666-860A-2754941D9803}

2012-07-11 10:10:07 -------- d-----w- C:\Users\Scissors\AppData\Local\{61B2271F-EAA9-41B3-93B2-DF8ABFB09306}

2012-07-11 10:09:45 -------- d-----w- C:\Users\Scissors\AppData\Local\{7D3DEA26-E31F-4346-B68D-3BA5B5D5D422}

2012-07-11 09:05:27 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:02:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-11 09:02:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-07-10 22:09:18 -------- d-----w- C:\Users\Scissors\AppData\Local\{EC0D05E9-B4DF-475D-A52F-453286610F87}

2012-07-10 22:08:56 -------- d-----w- C:\Users\Scissors\AppData\Local\{22400FA4-558B-4210-9468-47656914E8BB}

2012-07-10 21:05:54 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-10 21:05:51 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-10 10:08:29 -------- d-----w- C:\Users\Scissors\AppData\Local\{15C18A1A-51E6-4680-8DAA-41682A22E8AF}

2012-07-10 10:08:07 -------- d-----w- C:\Users\Scissors\AppData\Local\{DA13D240-C1FB-4114-B729-70B429CC5CFF}

2012-07-09 22:07:37 -------- d-----w- C:\Users\Scissors\AppData\Local\{63C3FB91-7AAA-4503-95E3-857B50F23B00}

2012-07-09 22:07:14 -------- d-----w- C:\Users\Scissors\AppData\Local\{9DC3E780-1E95-4BDC-AA36-207710E440F3}

2012-07-09 08:08:40 -------- d-----w- C:\Users\Scissors\AppData\Local\{151F2405-F065-43B7-BA91-FB636D2A8A94}

2012-07-09 08:08:18 -------- d-----w- C:\Users\Scissors\AppData\Local\{B26DAB8E-CA3F-4338-BC32-2062543C302B}

2012-07-08 20:07:50 -------- d-----w- C:\Users\Scissors\AppData\Local\{BC21906C-609D-4A0F-B3AE-00957D5F3321}

2012-07-08 20:07:39 -------- d-----w- C:\Users\Scissors\AppData\Local\{8A60C3AC-6928-4675-9547-75577D780306}

2012-07-07 23:19:40 -------- d-----w- C:\Users\Scissors\AppData\Local\{3B7D3480-4C7A-4CD7-BA87-21B4105E7B0D}

2012-07-07 23:19:23 -------- d-----w- C:\Users\Scissors\AppData\Local\{0C62FD44-AFEE-4194-8D53-B018524EA110}

2012-07-07 06:00:39 -------- d-----w- C:\Users\Scissors\AppData\Local\{E60E68A0-F4DB-4963-BBAC-611B8D236E95}

2012-07-07 06:00:17 -------- d-----w- C:\Users\Scissors\AppData\Local\{BD106EE8-4F86-44AC-8D93-C8195476A804}

2012-07-06 18:00:05 -------- d-----w- C:\Users\Scissors\AppData\Local\{A7602FB1-2681-4C05-BE6A-1EC32ACA7C41}

2012-07-06 17:59:45 -------- d-----w- C:\Users\Scissors\AppData\Local\{72C98697-9D85-4ECE-A955-370483B1AE5D}

2012-07-06 05:03:28 -------- d-----w- C:\Users\Scissors\AppData\Local\{BCA6B403-B18A-49BB-A656-2B4825FA1362}

2012-07-06 05:03:09 -------- d-----w- C:\Users\Scissors\AppData\Local\{39511744-F99E-43B9-B0DB-C01B7C68BFA6}

2012-07-04 22:35:54 -------- d-----w- C:\Users\Scissors\AppData\Local\{A19B9E77-884C-423E-8160-C3B03ADB42E6}

2012-07-04 22:35:29 -------- d-----w- C:\Users\Scissors\AppData\Local\{9E75EF02-2697-444A-BED3-681D0E5308F3}

2012-07-04 06:22:07 -------- d-----w- C:\Users\Scissors\AppData\Local\{DA96C772-C5EC-46DE-9E2B-2F5F336CE734}

2012-07-04 06:21:45 -------- d-----w- C:\Users\Scissors\AppData\Local\{8CC581D9-C76B-4DB3-B9C9-02F2EC7BB0D1}

2012-07-03 18:21:14 -------- d-----w- C:\Users\Scissors\AppData\Local\{6725EDC1-9A27-4CB8-B5EF-9C424BCAD6E8}

2012-07-03 18:20:58 -------- d-----w- C:\Users\Scissors\AppData\Local\{BCC43A3C-62F9-4696-9BCA-721CCFFF038D}

2012-07-03 00:18:07 -------- d-----w- C:\Users\Scissors\AppData\Local\{94014006-24E6-408A-8089-FEE254632E88}

2012-07-03 00:17:49 -------- d-----w- C:\Users\Scissors\AppData\Local\{4383E6B9-2B5A-4272-BA2C-F390B161D8CF}

2012-07-02 09:56:10 -------- d-----w- C:\Users\Scissors\AppData\Local\{860D48CE-88D0-4707-BCA5-F00D645FDF1C}

2012-07-02 09:55:48 -------- d-----w- C:\Users\Scissors\AppData\Local\{8B68E634-2AFA-44E6-A3D7-9F646D8ACD7E}

2012-07-01 21:55:27 -------- d-----w- C:\Users\Scissors\AppData\Local\{5B489052-85FE-477D-AEAC-8C96FC4A2C93}

2012-07-01 21:55:14 -------- d-----w- C:\Users\Scissors\AppData\Local\{9C22CEE1-F543-4DE3-AE91-7F4C5DD92F11}

2012-06-30 23:54:45 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-06-30 23:49:05 -------- d-----w- C:\Users\Scissors\AppData\Local\{46187C25-3E4B-490A-B3F6-60AED18D22D1}

2012-06-30 23:48:42 -------- d-----w- C:\Users\Scissors\AppData\Local\{FF513C75-8C4B-454A-840C-71FF7E787547}

.

==================== Find3M ====================

.

2012-07-30 07:03:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-30 07:03:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-12 23:13:40 405144 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll

2012-06-24 09:39:14 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

.

============= FINISH: 3:18:38.86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 13/10/2011 10:06:05 PM

System Uptime: 30/07/2012 2:17:12 AM (1 hours ago)

.

Motherboard: Quanta | | 3635

Processor: AMD Turion™ II Dual-Core Mobile M500 | Socket S1G3 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 167.795 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 2.245 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP126: 17/07/2012 3:37:12 PM - Windows Update

RP127: 24/07/2012 2:14:41 AM - Windows Update

RP128: 26/07/2012 12:55:56 AM - Installed Microsoft Fix it 50267

RP129: 26/07/2012 3:08:37 AM - HPSF Applying updates

.

==== Installed Programs ======================

.

Acrobat.com

Action Replay DSi Code Manager

Activate Norton Online Backup

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS4

Adobe Photoshop CS5.1

Adobe Reader X (10.1.3)

AMD USB Filter Driver

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

µTorrent

Audacity 1.3.14 (Unicode)

BitTorrent

BitTorrentBar Toolbar

CamStudio OSS Desktop Recorder

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Combined Community Codec Pack 2011-11-11

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

D3DX10

DAEMON Tools Pro

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DVDFab 8.1.7.3 (01/04/2012) Qt

Facebook Video Calling 1.2.0.159

Free MP4 Video Converter version 5.0.15.706

Free Studio version 5.5.0

Free Video Dub version 2.0.12.706

Free YouTube Download version 3.1.31.706

Free YouTube to MP3 Converter version 3.11.26.706

Google Chrome

High-Logic FontCreator 6.0

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Live TV

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart Software Notebook Demo

HP MediaSmart Webcam

HP Quick Launch Buttons

HP Setup

HP Smart Web Printing

HP Support Assistant

HP Update

HP User Guides 0154

HP Wireless Assistant

HPAsset component for HP Active Support Library

IDT Audio

Java Auto Updater

Java™ 6 Update 29

Java™ 7 Update 4

JavaFX 2.1.0

Junk Mail filter update

Katawa Shoujo

LabelPrint

Lightning Warrior Raidy

LightScribe System Software

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.62.0.1300

Messenger Plus! 5

Messenger Plus! for Skype

Microsoft Live Search Toolbar

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Norton Internet Security

Pale Moon 9.1 (x86 en-US)

PcCloneEX

PDF Settings CS5

PhotoFrame 4.6.3 Free

PhotoTools 2.6.3 Free

Pokemon Online 2.0.02a

Power2Go

PowerDirector

PowerISO

PowerRecover

QLBCASL

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.8

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Vgrabber1 Toolbar

VLC

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

30/07/2012 2:18:33 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

30/07/2012 2:18:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

30/07/2012 2:17:48 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

30/07/2012 2:17:45 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

30/07/2012 2:17:42 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

28/07/2012 12:07:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

28/07/2012 12:07:35 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/07/2012 12:07:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

27/07/2012 11:59:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

27/07/2012 11:59:36 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

27/07/2012 11:58:56 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

26/07/2012 11:48:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

26/07/2012 11:48:23 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
maanik

maanik

Posted
  • Author
Posted

Ran Roguekiller, here's the log:

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Scissors [Admin rights]

Mode: Scan -- Date: 07/30/2012 16:52:58

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[bLACKLIST DLL] HKCU\[...]\Run : rtfgdt ("C:\Windows\System32\rundll32.exe" "C:\Users\Scissors\AppData\Roaming\rtfgdt.dll",_strtol) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-3979415225-1970963929-1640854459-1000[...]\Run : rtfgdt ("C:\Windows\System32\rundll32.exe" "C:\Users\Scissors\AppData\Roaming\rtfgdt.dll",_strtol) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\scissors\appdata\local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\scissors\appdata\local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\scissors\appdata\local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI ATA Device +++++

--- User ---

[MBR] a81871919e764077aadb9cc12bd49bec

[bSP] e02566a3671f324e8ddcdbb69c43ec9e : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462813 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948250624 | Size: 13823 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites
maanik

maanik

Posted
  • Author
Posted

Here are the logs. Would you recommend a reinstall of the OS following clean up to be safe?

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 30-07-2012 18:14:46

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2011-12-24] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)

HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-25] (Sun Microsystems, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)

HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)

HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default\...\Policies\system: [WallpaperStyle] 2

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default User\...\Policies\system: [WallpaperStyle] 2

HKU\Scissors\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-07-15] (Hewlett-Packard)

HKU\Scissors\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)

HKU\Scissors\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Scissors\...\Run: [Facebook Update] "C:\Users\Scissors\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)

HKU\Scissors\...\Run: [AdobeBridge] [x]

HKU\Scissors\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd)

HKU\Scissors\...\Run: [rtfgdt] "C:\Windows\System32\rundll32.exe" "C:\Users\Scissors\AppData\Roaming\rtfgdt.dll",_strtol [478208 2012-07-25] (C-Media Electronics Inc.)

HKU\Scissors\...\Run: [Google Update] "C:\Users\Scissors\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-26] (Google Inc.)

HKU\Scissors\...\Policies\system: [WallpaperStyle] 2

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)

2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll" /prefetch:1 [135024 2011-10-15] (Symantec Corporation)

2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)

1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-15] (Symantec Corporation)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-24] (DT Soft Ltd)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-08] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-08] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20111212.002\IDSvia64.sys [488568 2011-10-13] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111213.020\ENG64.SYS [117880 2011-10-13] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111213.020\EX64.SYS [2048632 2011-10-13] (Symantec Corporation)

3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-25] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-25] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-10-13] (Symantec Corporation)

3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-25] (Symantec Corporation)

3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)

1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)

3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2011-05-03] (Thesycon GmbH, Germany)

3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]

3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-30 18:13 - 2012-07-30 18:14 - 00000000 ____D C:\FRST

2012-07-30 14:52 - 2012-07-30 14:52 - 00003964 ____A C:\Users\Scissors\Desktop\RKreport[1].txt

2012-07-30 14:52 - 2012-07-30 14:52 - 00000000 ____D C:\Users\Scissors\Desktop\RK_Quarantine

2012-07-30 14:52 - 2012-07-30 14:52 - 00000000 ____D C:\Users\Scissors\AppData\Local\{87F4F71A-0440-4304-8426-5A25AA650AD6}

2012-07-30 14:51 - 2012-07-30 14:52 - 00000000 ____D C:\Users\Scissors\AppData\Local\{9502B05A-CBED-4EC6-8922-2FDA3F03B75F}

2012-07-30 14:51 - 2012-07-30 14:51 - 01552384 ____A C:\Users\Scissors\Desktop\RogueKiller.exe

2012-07-30 02:51 - 2012-07-30 02:51 - 00000000 ____D C:\Users\Scissors\AppData\Local\{FFC8C296-38C2-4269-A8E1-CB1B353742CF}

2012-07-30 02:51 - 2012-07-30 02:51 - 00000000 ____D C:\Users\Scissors\AppData\Local\{BC81C325-DF77-43D4-9BBB-C7596DABA42A}

2012-07-30 01:17 - 2012-07-30 01:17 - 00607260 ____R (Swearware) C:\Users\Scissors\Desktop\dds.scr

2012-07-29 22:50 - 2012-07-29 22:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\Macromedia

2012-07-29 22:48 - 2012-07-30 16:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-29 14:50 - 2012-07-29 14:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\{7B36E591-2336-47D4-8D6A-B3628085F7A5}

2012-07-29 14:49 - 2012-07-29 14:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\{49B62BFB-E58F-4661-995B-547EF86B4C02}

2012-07-28 22:13 - 2012-07-28 22:13 - 00000000 ____D C:\Users\Scissors\AppData\Local\{36760C55-E7F0-4088-8C66-1925AF6AA4AC}

2012-07-28 22:13 - 2012-07-28 22:13 - 00000000 ____D C:\Users\Scissors\AppData\Local\{28685446-351E-4204-99D6-5D660E428BC7}

2012-07-28 10:12 - 2012-07-28 10:12 - 00000000 ____D C:\Users\Scissors\AppData\Local\{5FE35FC4-1275-43AF-85DF-8FD89E5DEE35}

2012-07-28 10:12 - 2012-07-28 10:12 - 00000000 ____D C:\Users\Scissors\AppData\Local\{4D0CAF7C-EC9F-40E5-A6BD-71C56FF408BC}

2012-07-27 22:53 - 2012-07-27 22:53 - 00001722 ____A C:\Users\Scissors\Desktop\Photoshop CS5.lnk

2012-07-27 22:40 - 2012-07-27 22:40 - 00000000 ____D C:\Archivos de programa

2012-07-27 22:18 - 2012-07-27 22:21 - 00000000 ____D C:\Program Files\Common Files\Adobe

2012-07-27 21:24 - 2012-07-27 21:24 - 00000000 ____D C:\Users\Scissors\AppData\Local\{B0EC4FF3-62BA-4C36-832B-0912DC6009BD}

2012-07-27 21:24 - 2012-07-27 21:24 - 00000000 ____D C:\Users\Scissors\AppData\Local\{824D8964-AC6C-4A1D-9125-AA936226D2E3}

2012-07-27 14:58 - 2012-07-27 14:58 - 00012578 ____A C:\Users\Scissors\Downloads\[subDESU] Seikon no Qwaser II (BD 1280x720 x264 AC-3).torrent

2012-07-27 14:42 - 2012-07-27 14:42 - 00012828 ____A C:\Users\Scissors\Downloads\[subDESU] Hagure Yuusha no Estetica - 04 (1280x720 x264 AAC) [736CD402].mkv.torrent

2012-07-27 09:23 - 2012-07-27 09:23 - 00000000 ____D C:\Users\Scissors\AppData\Local\{965D8FB5-A794-4C2F-8FCD-E82AFF678D22}

2012-07-27 09:23 - 2012-07-27 09:23 - 00000000 ____D C:\Users\Scissors\AppData\Local\{2699B32A-979E-4D90-90E6-82942232F2D4}

2012-07-26 21:19 - 2012-07-26 21:20 - 00000000 ____D C:\Users\Scissors\AppData\Local\{C15A7FAA-AEE3-42FA-A5CD-2F65EE2911F4}

2012-07-26 21:19 - 2012-07-26 21:19 - 00000000 ____D C:\Users\Scissors\AppData\Local\{17574A14-732D-4DEA-AB8B-FE5EE85ECD56}

2012-07-26 09:19 - 2012-07-26 09:19 - 00000000 ____D C:\Users\Scissors\AppData\Local\{74F2874F-9211-4CAB-A4F0-316192EF9E44}

2012-07-26 09:18 - 2012-07-26 09:19 - 00000000 ____D C:\Users\Scissors\AppData\Local\{8686777E-B560-4738-863B-E7C01BE3F939}

2012-07-26 01:08 - 2012-07-26 21:47 - 00000346 ____A C:\Windows\Tasks\HPCeeScheduleForScissors.job

2012-07-26 00:54 - 2012-07-26 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-26 00:54 - 2012-07-26 00:54 - 00000000 ____D C:\Users\Scissors\AppData\Roaming\Malwarebytes

2012-07-26 00:54 - 2012-07-26 00:54 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-26 00:54 - 2012-07-26 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-26 00:54 - 2012-07-03 11:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-26 00:53 - 2012-07-26 00:53 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Scissors\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-26 00:24 - 2012-07-30 15:34 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000UA.job

2012-07-26 00:24 - 2012-07-30 00:34 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000Core.job

2012-07-25 22:55 - 2012-07-25 22:55 - 00980480 ____A C:\Users\Scissors\Downloads\MicrosoftFixit50267.msi

2012-07-25 22:06 - 2012-07-25 22:06 - 00000000 ____D C:\Users\Scissors\AppData\Local\{164386FC-D6CC-11E1-8270-B8AC6F996F26}

2012-07-25 18:51 - 2012-07-25 18:51 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-25 18:46 - 2012-07-25 18:46 - 00478208 ____A (C-Media Electronics Inc.) C:\Users\Scissors\AppData\Roaming\rtfgdt.dll

2012-07-25 18:45 - 2012-07-30 00:17 - 00000000 ____D C:\Users\Scissors\AppData\Roaming\xsecva

2012-07-25 18:45 - 2012-07-25 18:47 - 42687514 ____A C:\Users\Scissors\Downloads\FateZero ED2 Single - Sora wa Takaku Kaze wa Utau.rar

2012-07-25 18:44 - 2012-07-25 18:46 - 35743485 ____A C:\Users\Scissors\Downloads\[shinnoden] Fate Zero OP2 Single - to the beginning.rar

2012-07-25 18:37 - 2012-07-25 18:37 - 00015246 ____A C:\Users\Scissors\Downloads\FateZero Single [PRAYER].torrent

2012-07-25 18:36 - 2012-07-25 19:03 - 110802763 ____A C:\Users\Scissors\Downloads\Fate Zero Original Soundtracks.zip

2012-07-25 18:29 - 2012-07-25 18:32 - 129166270 ____A C:\Users\Scissors\Downloads\Durarara!! OST CD2 - Psychedelic Dreams Vol02.zip

2012-07-25 18:24 - 2012-07-25 18:27 - 140603121 ____A C:\Users\Scissors\Downloads\Durarara!! OST Vol.1.rar

2012-07-25 15:00 - 2012-07-25 15:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{DA6BCE21-6A8E-484A-8C4B-355CDC53825C}

2012-07-25 15:00 - 2012-07-25 15:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{7F086711-DF9C-4983-B664-EA7EC197EEF5}

2012-07-25 14:59 - 2012-07-25 15:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{C2E73333-23B3-4B97-8A9C-EF3F4E1ADBA0}

2012-07-25 14:59 - 2012-07-25 14:59 - 00000000 ____D C:\Users\Scissors\AppData\Local\{63D5A6E4-506E-4443-B2AD-11E5ECC8C469}

2012-07-25 02:59 - 2012-07-25 02:59 - 00000000 ____D C:\Users\Scissors\AppData\Local\{7C689B1C-C74D-4892-B628-2F2A8CF68FEE}

2012-07-25 02:59 - 2012-07-25 02:59 - 00000000 ____D C:\Users\Scissors\AppData\Local\{5446B3AB-2211-4F20-9C5C-ADF614BE31AF}

2012-07-25 02:58 - 2012-07-25 02:59 - 00000000 ____D C:\Users\Scissors\AppData\Local\{90CBE8D3-8D11-4FD1-83CE-1D203F01D512}

2012-07-25 02:58 - 2012-07-25 02:58 - 00000000 ____D C:\Users\Scissors\AppData\Local\{1D585CDF-E73E-496B-98B3-793FE7AB4CBB}

2012-07-24 20:34 - 2012-07-24 20:34 - 00000000 ____D C:\Users\Scissors\AppData\Roaming\Windows Live Writer

2012-07-24 20:34 - 2012-07-24 20:34 - 00000000 ____D C:\Users\Scissors\AppData\Local\Windows Live Writer

2012-07-24 14:58 - 2012-07-24 14:58 - 00000000 ____D C:\Users\Scissors\AppData\Local\{FF947FA0-4844-484D-80BA-7C2636E4D6EF}

2012-07-24 14:57 - 2012-07-24 14:58 - 00000000 ____D C:\Users\Scissors\AppData\Local\{EA6C13F2-545E-4719-A5E8-20E99F85F5BB}

2012-07-24 01:01 - 2012-07-24 01:01 - 00000000 ____D C:\Users\Scissors\AppData\Local\{6E0A9100-BC88-4AF4-9458-1992E69D1579}

2012-07-24 01:01 - 2012-07-24 01:01 - 00000000 ____D C:\Users\Scissors\AppData\Local\{37F0CB95-01B0-4214-AEA2-011C63707A1D}

2012-07-23 13:00 - 2012-07-23 13:01 - 00000000 ____D C:\Users\Scissors\AppData\Local\{7F2892C5-8FED-40A7-8AAF-1B616B168EFE}

2012-07-23 13:00 - 2012-07-23 13:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{9AFF7CA4-6F71-4EF9-A254-F5C5BB11E162}

2012-07-22 15:26 - 2012-07-22 15:26 - 00000000 ____D C:\Users\Scissors\AppData\Local\{7DB13D93-C65A-45D6-9C34-49D2B3762BAC}

2012-07-22 15:26 - 2012-07-22 15:26 - 00000000 ____D C:\Users\Scissors\AppData\Local\{59DBA4BE-4B9A-43C1-93BE-E1145901B5BA}

2012-07-22 03:25 - 2012-07-22 03:26 - 00000000 ____D C:\Users\Scissors\AppData\Local\{22D6E433-4478-45D6-BEF3-73C998229055}

2012-07-22 03:25 - 2012-07-22 03:25 - 00000000 ____D C:\Users\Scissors\AppData\Local\{828E96B9-2429-4656-A3D2-367AE7828B6D}

2012-07-21 15:25 - 2012-07-21 15:25 - 00000000 ____D C:\Users\Scissors\AppData\Local\{844B75F5-8CBE-4098-B081-76D6E4AD0D2A}

2012-07-21 15:24 - 2012-07-21 15:24 - 00000000 ____D C:\Users\Scissors\AppData\Local\{4D41F766-340A-460B-8272-E495A4FD32DC}

2012-07-21 03:24 - 2012-07-21 03:24 - 00000000 ____D C:\Users\Scissors\AppData\Local\{78C0D863-E4EB-4B28-A499-EF269A30D016}

2012-07-21 03:23 - 2012-07-21 03:24 - 00000000 ____D C:\Users\Scissors\AppData\Local\{BBFE3456-1E21-46B9-BC9D-E0825378AAF4}

2012-07-20 18:16 - 2012-07-20 18:16 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack

2012-07-20 18:13 - 2012-07-20 18:14 - 09889896 ____A (CCCP Project ) C:\Users\Scissors\Downloads\Combined-Community-Codec-Pack-2011-11-11 (2).exe

2012-07-20 15:23 - 2012-07-20 15:23 - 00000000 ____D C:\Users\Scissors\AppData\Local\{939741D4-38EC-410F-8D51-1058CB5EC199}

2012-07-20 15:23 - 2012-07-20 15:23 - 00000000 ____D C:\Users\Scissors\AppData\Local\{8B5297E0-844A-4BB4-BA5C-D2556E7318E7}

2012-07-20 02:11 - 2012-07-22 14:25 - 00001003 ____A C:\Users\Scissors\Documents\Top 20 Anime Opening List.txt

2012-07-20 00:27 - 2012-07-20 00:27 - 00000000 ____D C:\Users\Scissors\AppData\Local\{9D74B094-A4E8-4450-82E1-B45B5C3267BD}

2012-07-20 00:26 - 2012-07-20 00:27 - 00000000 ____D C:\Users\Scissors\AppData\Local\{A96F9315-3EE9-4575-8F79-0B4D8FFBD4A0}

2012-07-19 16:58 - 2012-07-19 16:59 - 24865632 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeVideoDub2012.exe

2012-07-19 16:46 - 2012-07-19 16:46 - 06420430 ____A (FreeVideoCutter.com ) C:\Users\Scissors\Downloads\freevideocutter_setup.exe

2012-07-19 15:55 - 2012-07-19 16:04 - 00000000 ____D C:\Users\Scissors\Downloads\[a-S] Fate Stay Night 1080p

2012-07-19 15:54 - 2012-07-19 15:54 - 00072142 ____A C:\Users\Scissors\Downloads\Fate-stay night - TV Series - 2006 (Bluray - MKV - h264) (a-S).torrent

2012-07-19 15:42 - 2012-07-19 15:43 - 27122144 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeMP4VideoConverter.exe

2012-07-19 14:53 - 2012-07-19 15:31 - 00000000 ____D C:\Users\Scissors\Downloads\Koukaku Kidoutai - Stand Alone Complex

2012-07-19 14:50 - 2012-07-19 14:50 - 00097217 ____A C:\Users\Scissors\Downloads\Ghost in the Shell_ S.A.C. 1st GIG - TV Series - 2002 (Bluray - MKV - h264) (OZC).torrent

2012-07-19 14:50 - 2012-07-19 14:50 - 00000000 ____D C:\Users\Scissors\Downloads\[Kira-Fansub]_Ore no Imouto_Includes Extras_(BD 1920x1080 h264 AAC)

2012-07-19 14:47 - 2012-07-19 14:47 - 00070461 ____A C:\Users\Scissors\Downloads\Ore no Imouto ga Konna ni Kawaii Wake ga Nai - TV Series (Bluray - MKV - h264) (Kira-Fansub).torrent

2012-07-19 14:08 - 2012-07-19 14:09 - 25701664 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeYouTubeDownload (1).exe

2012-07-19 14:07 - 2012-07-19 14:08 - 25701664 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeYouTubeDownload.exe

2012-07-19 12:26 - 2012-07-19 12:26 - 00000000 ____D C:\Users\Scissors\AppData\Local\{52ED046C-FBEA-4C47-999D-39A52CDF9D4A}

2012-07-19 12:26 - 2012-07-19 12:26 - 00000000 ____D C:\Users\Scissors\AppData\Local\{08719A40-08D6-4452-BDEA-44C5F6500866}

2012-07-19 00:25 - 2012-07-19 00:25 - 00000000 ____D C:\Users\Scissors\AppData\Local\{DD1B5F85-AA6E-44B0-9C3A-521D58DA9A5B}

2012-07-19 00:25 - 2012-07-19 00:25 - 00000000 ____D C:\Users\Scissors\AppData\Local\{B0E1BD7B-B664-470A-B149-DF7BF0140971}

2012-07-18 12:25 - 2012-07-18 12:25 - 00000000 ____D C:\Users\Scissors\AppData\Local\{932FD4F0-DD4C-4218-88F0-20656D926CDC}

2012-07-18 12:24 - 2012-07-18 12:24 - 00000000 ____D C:\Users\Scissors\AppData\Local\{0D6AEDA0-D923-478A-8301-6DE8EEE91895}

2012-07-17 14:35 - 2012-07-17 14:35 - 00000000 ____D C:\Users\Scissors\AppData\Local\{F5771183-8863-4E20-8DAF-45974F1451E7}

2012-07-17 14:35 - 2012-07-17 14:35 - 00000000 ____D C:\Users\Scissors\AppData\Local\{B2251730-9F69-4ACD-9B03-91F9C5570662}

2012-07-17 02:34 - 2012-07-17 02:35 - 00000000 ____D C:\Users\Scissors\AppData\Local\{0BFE3726-2694-4861-839F-209FA0689EA7}

2012-07-17 02:34 - 2012-07-17 02:34 - 00000000 ____D C:\Users\Scissors\AppData\Local\{FE29AD8C-2C94-4A00-B43C-C8D5AB630810}

2012-07-16 18:02 - 2012-07-16 18:02 - 00000000 ____D C:\Users\Scissors\Downloads\nanujanampatrika1

2012-07-16 17:59 - 2012-07-16 17:59 - 01116763 ____A C:\Users\Scissors\Downloads\nanujanampatrika1.zip

2012-07-16 14:34 - 2012-07-16 14:34 - 00000000 ____D C:\Users\Scissors\AppData\Local\{036C5EC7-E0F9-4E6C-BE8E-D71494678540}

2012-07-16 14:33 - 2012-07-16 14:34 - 00000000 ____D C:\Users\Scissors\AppData\Local\{DA7245A6-8BDE-45EA-81A9-CCD705C4A374}

2012-07-16 00:37 - 2012-07-16 00:37 - 00026064 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Tari Tari - 03 [720p].mkv.torrent

2012-07-16 00:36 - 2012-07-16 00:36 - 00026810 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 03 [720p].mkv.torrent

2012-07-16 00:36 - 2012-07-16 00:36 - 00021655 ____A C:\Users\Scissors\Downloads\[subDESU] Hagure Yuusha no Estetica - 02 (1280x720 x264 AAC) [b38E1F4D].mkv.torrent

2012-07-15 22:47 - 2012-07-15 22:47 - 00021177 ____A C:\Users\Scissors\Downloads\3E6694D0EB620E5D6C90A8C473393F5D01FBB72E.torrent

2012-07-15 19:19 - 2012-07-15 19:20 - 00000000 ____D C:\Users\Scissors\AppData\Local\{1F587CE8-F985-41C7-BDE9-F67D1BE9AF1B}

2012-07-15 19:19 - 2012-07-15 19:19 - 00000000 ____D C:\Users\Scissors\AppData\Local\{051A8D07-EA9F-4671-9481-4B57FFEF000C}

2012-07-14 14:50 - 2012-07-14 14:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\{D67D90AC-6C02-4983-9534-9AB61801F0FE}

2012-07-14 14:49 - 2012-07-14 14:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\{A10C7BB7-1C21-4CF9-B624-53DDF87E51D0}

2012-07-14 00:52 - 2012-07-14 00:52 - 00000000 ____D C:\Users\Scissors\AppData\Local\Dreambelievers

2012-07-14 00:49 - 2012-07-14 00:51 - 28320173 ____A (Dreambelievers ) C:\Users\Scissors\Downloads\Pokemon-Online-v2.0.02a-Setup.exe

2012-07-13 20:38 - 2012-07-13 20:38 - 00000000 ____D C:\Users\Scissors\AppData\Local\{365423AC-6EFA-4796-BAEF-B94566A1B697}

2012-07-13 20:37 - 2012-07-13 20:38 - 00000000 ____D C:\Users\Scissors\AppData\Local\{D48288A3-77C5-4A7B-B3E6-F75EE7A595CC}

2012-07-13 08:37 - 2012-07-13 08:37 - 00000000 ____D C:\Users\Scissors\AppData\Local\{11D9A122-02C8-4A97-BA22-BD9D3C129EEE}

2012-07-13 08:36 - 2012-07-13 08:37 - 00000000 ____D C:\Users\Scissors\AppData\Local\{ACFC3F7A-9B72-4318-9FCD-52644E9ECC99}

2012-07-12 23:59 - 2012-07-13 00:00 - 27578008 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeYouTubeToMP3Converter (1).exe

2012-07-12 23:47 - 2012-07-12 23:47 - 00007404 ____A C:\Users\Scissors\Downloads\Ritsuka - Hello How Are You.mp3.torrent

2012-07-12 15:50 - 2012-07-12 15:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\{FD47DD64-2D5D-469E-942B-2E932A4E17C5}

2012-07-12 15:50 - 2012-07-12 15:50 - 00000000 ____D C:\Users\Scissors\AppData\Local\{848AD478-0839-4610-AC8E-A4703644A59D}

2012-07-12 02:11 - 2012-07-12 02:11 - 00000000 ____D C:\Users\Scissors\AppData\Local\{6BC1E76E-740D-4AC5-93FF-BF4B0E1345B2}

2012-07-12 02:11 - 2012-07-12 02:11 - 00000000 ____D C:\Users\Scissors\AppData\Local\{625C48C8-2F0D-45DA-A26E-114F4CB7DC0B}

2012-07-12 00:38 - 2012-07-12 00:38 - 02027206 ____A C:\Users\Scissors\Downloads\P655 (1).zip

2012-07-11 14:10 - 2012-07-11 14:10 - 00000000 ____D C:\Users\Scissors\AppData\Local\{6CEF8995-1359-4666-860A-2754941D9803}

2012-07-11 14:10 - 2012-07-11 14:10 - 00000000 ____D C:\Users\Scissors\AppData\Local\{68EFB05A-2B7A-4A52-BB59-9068A41DB958}

2012-07-11 02:10 - 2012-07-11 02:10 - 00000000 ____D C:\Users\Scissors\AppData\Local\{61B2271F-EAA9-41B3-93B2-DF8ABFB09306}

2012-07-11 02:09 - 2012-07-11 02:10 - 00000000 ____D C:\Users\Scissors\AppData\Local\{7D3DEA26-E31F-4346-B68D-3BA5B5D5D422}

2012-07-11 01:05 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 01:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 01:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 01:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-11 01:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-11 01:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 01:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 01:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 01:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 01:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 01:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 01:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 01:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 01:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 01:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 01:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 01:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 01:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-11 01:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-11 01:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-11 01:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-11 01:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-11 01:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-11 01:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-11 01:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-11 01:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-11 01:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-11 01:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-11 01:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 14:09 - 2012-07-10 14:09 - 00000000 ____D C:\Users\Scissors\AppData\Local\{EC0D05E9-B4DF-475D-A52F-453286610F87}

2012-07-10 14:08 - 2012-07-10 14:09 - 00000000 ____D C:\Users\Scissors\AppData\Local\{22400FA4-558B-4210-9468-47656914E8BB}

2012-07-10 13:06 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 13:06 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 13:06 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 13:06 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 13:06 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 13:06 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 13:06 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 13:06 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 13:06 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 13:06 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 13:06 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 13:06 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 13:06 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 13:06 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 13:06 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 10:12 - 2012-07-10 10:12 - 00000000 ____D C:\Users\Scissors\Downloads\Mijumaru Letter GHI

2012-07-10 10:11 - 2012-07-10 10:11 - 06397667 ____A C:\Users\Scissors\Downloads\Mijumaru Letter GHI.rar

2012-07-10 02:12 - 2012-07-10 02:12 - 02027206 ____A C:\Users\Scissors\Downloads\P655.zip

2012-07-10 02:12 - 2012-07-10 02:12 - 00000000 ____D C:\Users\Scissors\Downloads\P655

2012-07-10 02:08 - 2012-07-10 02:08 - 00000000 ____D C:\Users\Scissors\AppData\Local\{DA13D240-C1FB-4114-B729-70B429CC5CFF}

2012-07-10 02:08 - 2012-07-10 02:08 - 00000000 ____D C:\Users\Scissors\AppData\Local\{15C18A1A-51E6-4680-8DAA-41682A22E8AF}

2012-07-09 14:07 - 2012-07-09 14:07 - 00000000 ____D C:\Users\Scissors\AppData\Local\{9DC3E780-1E95-4BDC-AA36-207710E440F3}

2012-07-09 14:07 - 2012-07-09 14:07 - 00000000 ____D C:\Users\Scissors\AppData\Local\{63C3FB91-7AAA-4503-95E3-857B50F23B00}

2012-07-09 00:37 - 2012-07-09 00:37 - 00021874 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Uhou_Renka_-_01_(DVD_720x480_x264_8bit_AAC)_[94DA33D8].mkv.torrent

2012-07-09 00:37 - 2012-07-09 00:37 - 00017709 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Kuroinu_Kedakaki_Seijo_wa_Hakudaku_ni_Somaru_-_02_(DVD_720x480_x264_8bit_AAC)_[2F926D0A].mkv.torrent

2012-07-09 00:37 - 2012-07-09 00:37 - 00017191 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Kuroinu_Kedakaki_Seijo_wa_Hakudaku_ni_Somaru_-_01v2_(DVD_720x480_x264_8bit_AAC)_[E7511EB9].mkv.torrent

2012-07-09 00:37 - 2012-07-09 00:37 - 00016112 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Suki_de_Suki_de_Suki_de_The_Animation_-_01_(704x400_x264_AAC)_[8D2A1D81].mkv.torrent

2012-07-09 00:08 - 2012-07-09 00:08 - 00000000 ____D C:\Users\Scissors\AppData\Local\{B26DAB8E-CA3F-4338-BC32-2062543C302B}

2012-07-09 00:08 - 2012-07-09 00:08 - 00000000 ____D C:\Users\Scissors\AppData\Local\{151F2405-F065-43B7-BA91-FB636D2A8A94}

2012-07-08 19:23 - 2012-07-08 19:23 - 00026810 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 02 [720p].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026122 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Jinrui wa Suitai Shimashita - 02 [720p].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026026 ____A C:\Users\Scissors\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 02 [720p].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026004 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Tari Tari - 02 [720p].mkv.torrent

2012-07-08 12:07 - 2012-07-08 12:08 - 00000000 ____D C:\Users\Scissors\AppData\Local\{BC21906C-609D-4A0F-B3AE-00957D5F3321}

2012-07-08 12:07 - 2012-07-08 12:07 - 00000000 ____D C:\Users\Scissors\AppData\Local\{8A60C3AC-6928-4675-9547-75577D780306}

2012-07-07 15:19 - 2012-07-07 15:19 - 00000000 ____D C:\Users\Scissors\AppData\Local\{3B7D3480-4C7A-4CD7-BA87-21B4105E7B0D}

2012-07-07 15:19 - 2012-07-07 15:19 - 00000000 ____D C:\Users\Scissors\AppData\Local\{0C62FD44-AFEE-4194-8D53-B018524EA110}

2012-07-06 22:00 - 2012-07-06 22:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{E60E68A0-F4DB-4963-BBAC-611B8D236E95}

2012-07-06 22:00 - 2012-07-06 22:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{BD106EE8-4F86-44AC-8D93-C8195476A804}

2012-07-06 10:00 - 2012-07-06 10:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{A7602FB1-2681-4C05-BE6A-1EC32ACA7C41}

2012-07-06 09:59 - 2012-07-06 10:00 - 00000000 ____D C:\Users\Scissors\AppData\Local\{72C98697-9D85-4ECE-A955-370483B1AE5D}

2012-07-05 22:06 - 2012-07-05 22:06 - 00013094 ____A C:\Users\Scissors\Downloads\[CR] Natsuyuki Rendezvous - 01 [1280x720].mkv.torrent

2012-07-05 21:03 - 2012-07-05 21:03 - 00000000 ____D C:\Users\Scissors\AppData\Local\{BCA6B403-B18A-49BB-A656-2B4825FA1362}

2012-07-05 21:03 - 2012-07-05 21:03 - 00000000 ____D C:\Users\Scissors\AppData\Local\{39511744-F99E-43B9-B0DB-C01B7C68BFA6}

2012-07-04 14:35 - 2012-07-04 14:36 - 00000000 ____D C:\Users\Scissors\AppData\Local\{A19B9E77-884C-423E-8160-C3B03ADB42E6}

2012-07-04 14:35 - 2012-07-04 14:35 - 00000000 ____D C:\Users\Scissors\AppData\Local\{9E75EF02-2697-444A-BED3-681D0E5308F3}

2012-07-03 22:30 - 2012-07-03 22:30 - 00011712 ____A C:\Users\Scissors\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1920x1080].mkv.torrent

2012-07-03 22:30 - 2012-07-03 22:30 - 00011396 ____A C:\Users\Scissors\Downloads\[CR] Tari Tari - 01 [1920x1080][b746D7C4].mkv.torrent

2012-07-03 22:22 - 2012-07-03 22:22 - 00000000 ____D C:\Users\Scissors\AppData\Local\{DA96C772-C5EC-46DE-9E2B-2F5F336CE734}

2012-07-03 22:21 - 2012-07-03 22:22 - 00000000 ____D C:\Users\Scissors\AppData\Local\{8CC581D9-C76B-4DB3-B9C9-02F2EC7BB0D1}

2012-07-03 22:14 - 2012-07-03 22:14 - 00013889 ____A C:\Users\Scissors\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1280x720].mkv.torrent

2012-07-03 22:12 - 2012-07-03 22:12 - 00013473 ____A C:\Users\Scissors\Downloads\[CR] Tari Tari - 01 [1280x720][4E0A7FAE].mkv.torrent

2012-07-03 22:12 - 2012-07-03 22:12 - 00013473 ____A C:\Users\Scissors\Downloads\[CR] Tari Tari - 01 [1280x720][4E0A7FAE].mkv (1).torrent

2012-07-03 10:21 - 2012-07-03 10:21 - 00000000 ____D C:\Users\Scissors\AppData\Local\{6725EDC1-9A27-4CB8-B5EF-9C424BCAD6E8}

2012-07-03 10:20 - 2012-07-03 10:21 - 00000000 ____D C:\Users\Scissors\AppData\Local\{BCC43A3C-62F9-4696-9BCA-721CCFFF038D}

2012-07-02 21:49 - 2012-07-02 21:49 - 00000000 ____D C:\Users\Scissors\Downloads\PokeGen_full

2012-07-02 21:15 - 2012-07-02 21:15 - 00786639 ____A C:\Users\Scissors\Downloads\PokeGen_full.zip

2012-07-02 16:18 - 2012-07-02 16:18 - 00000000 ____D C:\Users\Scissors\AppData\Local\{94014006-24E6-408A-8089-FEE254632E88}

2012-07-02 16:17 - 2012-07-02 16:18 - 00000000 ____D C:\Users\Scissors\AppData\Local\{4383E6B9-2B5A-4272-BA2C-F390B161D8CF}

2012-07-02 01:56 - 2012-07-02 01:56 - 00000000 ____D C:\Users\Scissors\AppData\Local\{860D48CE-88D0-4707-BCA5-F00D645FDF1C}

2012-07-02 01:55 - 2012-07-02 01:56 - 00000000 ____D C:\Users\Scissors\AppData\Local\{8B68E634-2AFA-44E6-A3D7-9F646D8ACD7E}

2012-07-01 14:18 - 2012-07-01 14:18 - 00043727 ____A C:\Users\Scissors\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [1080p].mkv.torrent

2012-07-01 14:18 - 2012-07-01 14:18 - 00026066 ____A C:\Users\Scissors\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [720p].mkv.torrent

2012-07-01 14:18 - 2012-07-01 14:18 - 00013451 ____A C:\Users\Scissors\Downloads\[CR] Jinrui wa Suitai Shimashita - 01 [1280x720][86F097E2].mkv.torrent

2012-07-01 14:17 - 2012-07-01 14:17 - 00011374 ____A C:\Users\Scissors\Downloads\[CR] Jinrui wa Suitai Shimashita - 01 [1920x1080][b714FD36].mkv.torrent

2012-07-01 13:55 - 2012-07-01 13:55 - 00000000 ____D C:\Users\Scissors\AppData\Local\{9C22CEE1-F543-4DE3-AE91-7F4C5DD92F11}

2012-07-01 13:55 - 2012-07-01 13:55 - 00000000 ____D C:\Users\Scissors\AppData\Local\{5B489052-85FE-477D-AEAC-8C96FC4A2C93}

2012-06-30 15:54 - 2012-07-25 23:44 - 00000000 ____D C:\Program Files (x86)\1ClickDownload

2012-06-30 15:54 - 2012-06-30 15:54 - 00279112 ____A C:\Users\Scissors\Downloads\FINAL_FANTASY_3_v1.0.exe

2012-06-30 15:54 - 2012-06-30 15:54 - 00279024 ____A C:\Users\Scissors\Downloads\FINAL_FANTASY_3_v1.0 (1).exe

2012-06-30 15:49 - 2012-06-30 15:49 - 00000000 ____D C:\Users\Scissors\AppData\Local\{46187C25-3E4B-490A-B3F6-60AED18D22D1}

2012-06-30 15:48 - 2012-06-30 15:49 - 00000000 ____D C:\Users\Scissors\AppData\Local\{FF513C75-8C4B-454A-840C-71FF7E787547}

2012-06-30 00:55 - 2012-06-30 00:55 - 00000000 ____D C:\Users\Scissors\AppData\Local\{C08FEA65-4159-4402-9C86-D148B239F8B4}

2012-06-30 00:55 - 2012-06-30 00:55 - 00000000 ____D C:\Users\Scissors\AppData\Local\{1281B350-59D2-401C-A9AB-D520D2087255}

============ 3 Months Modified Files ========================

2012-07-30 16:03 - 2012-07-29 22:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-30 16:02 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-30 16:01 - 2009-07-13 20:51 - 00350342 ____A C:\Windows\setupact.log

2012-07-30 15:34 - 2012-07-26 00:24 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000UA.job

2012-07-30 14:52 - 2012-07-30 14:52 - 00003964 ____A C:\Users\Scissors\Desktop\RKreport[1].txt

2012-07-30 14:51 - 2012-07-30 14:51 - 01552384 ____A C:\Users\Scissors\Desktop\RogueKiller.exe

2012-07-30 14:44 - 2012-02-26 12:34 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000UA.job

2012-07-30 14:44 - 2012-02-26 12:34 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000Core.job

2012-07-30 14:10 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-30 14:10 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-30 14:03 - 2011-10-13 19:21 - 00041664 ____A C:\Windows\PFRO.log

2012-07-30 14:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-30 01:17 - 2012-07-30 01:17 - 00607260 ____R (Swearware) C:\Users\Scissors\Desktop\dds.scr

2012-07-30 00:34 - 2012-07-26 00:24 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000Core.job

2012-07-29 23:03 - 2012-04-03 15:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-29 23:03 - 2011-12-24 12:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-28 10:10 - 2009-07-13 20:45 - 05025632 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-27 22:53 - 2012-07-27 22:53 - 00001722 ____A C:\Users\Scissors\Desktop\Photoshop CS5.lnk

2012-07-27 22:38 - 2011-10-13 20:07 - 00127904 ____A C:\Users\Scissors\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-27 14:58 - 2012-07-27 14:58 - 00012578 ____A C:\Users\Scissors\Downloads\[subDESU] Seikon no Qwaser II (BD 1280x720 x264 AC-3).torrent

2012-07-27 14:42 - 2012-07-27 14:42 - 00012828 ____A C:\Users\Scissors\Downloads\[subDESU] Hagure Yuusha no Estetica - 04 (1280x720 x264 AAC) [736CD402].mkv.torrent

2012-07-26 21:47 - 2012-07-26 01:08 - 00000346 ____A C:\Windows\Tasks\HPCeeScheduleForScissors.job

2012-07-26 12:00 - 2011-10-20 15:16 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-07-26 00:54 - 2012-07-26 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-26 00:53 - 2012-07-26 00:53 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Scissors\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-25 22:55 - 2012-07-25 22:55 - 00980480 ____A C:\Users\Scissors\Downloads\MicrosoftFixit50267.msi

2012-07-25 19:03 - 2012-07-25 18:36 - 110802763 ____A C:\Users\Scissors\Downloads\Fate Zero Original Soundtracks.zip

2012-07-25 18:47 - 2012-07-25 18:45 - 42687514 ____A C:\Users\Scissors\Downloads\FateZero ED2 Single - Sora wa Takaku Kaze wa Utau.rar

2012-07-25 18:46 - 2012-07-25 18:46 - 00478208 ____A (C-Media Electronics Inc.) C:\Users\Scissors\AppData\Roaming\rtfgdt.dll

2012-07-25 18:46 - 2012-07-25 18:44 - 35743485 ____A C:\Users\Scissors\Downloads\[shinnoden] Fate Zero OP2 Single - to the beginning.rar

2012-07-25 18:46 - 2011-10-13 19:10 - 01884943 ____A C:\Windows\WindowsUpdate.log

2012-07-25 18:37 - 2012-07-25 18:37 - 00015246 ____A C:\Users\Scissors\Downloads\FateZero Single [PRAYER].torrent

2012-07-25 18:32 - 2012-07-25 18:29 - 129166270 ____A C:\Users\Scissors\Downloads\Durarara!! OST CD2 - Psychedelic Dreams Vol02.zip

2012-07-25 18:27 - 2012-07-25 18:24 - 140603121 ____A C:\Users\Scissors\Downloads\Durarara!! OST Vol.1.rar

2012-07-22 14:25 - 2012-07-20 02:11 - 00001003 ____A C:\Users\Scissors\Documents\Top 20 Anime Opening List.txt

2012-07-20 18:14 - 2012-07-20 18:13 - 09889896 ____A (CCCP Project ) C:\Users\Scissors\Downloads\Combined-Community-Codec-Pack-2011-11-11 (2).exe

2012-07-19 16:59 - 2012-07-19 16:58 - 24865632 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeVideoDub2012.exe

2012-07-19 16:46 - 2012-07-19 16:46 - 06420430 ____A (FreeVideoCutter.com ) C:\Users\Scissors\Downloads\freevideocutter_setup.exe

2012-07-19 15:54 - 2012-07-19 15:54 - 00072142 ____A C:\Users\Scissors\Downloads\Fate-stay night - TV Series - 2006 (Bluray - MKV - h264) (a-S).torrent

2012-07-19 15:43 - 2012-07-19 15:42 - 27122144 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeMP4VideoConverter.exe

2012-07-19 14:50 - 2012-07-19 14:50 - 00097217 ____A C:\Users\Scissors\Downloads\Ghost in the Shell_ S.A.C. 1st GIG - TV Series - 2002 (Bluray - MKV - h264) (OZC).torrent

2012-07-19 14:47 - 2012-07-19 14:47 - 00070461 ____A C:\Users\Scissors\Downloads\Ore no Imouto ga Konna ni Kawaii Wake ga Nai - TV Series (Bluray - MKV - h264) (Kira-Fansub).torrent

2012-07-19 14:09 - 2012-07-19 14:08 - 25701664 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeYouTubeDownload (1).exe

2012-07-19 14:08 - 2012-07-19 14:07 - 25701664 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeYouTubeDownload.exe

2012-07-16 17:59 - 2012-07-16 17:59 - 01116763 ____A C:\Users\Scissors\Downloads\nanujanampatrika1.zip

2012-07-16 00:37 - 2012-07-16 00:37 - 00026064 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Tari Tari - 03 [720p].mkv.torrent

2012-07-16 00:36 - 2012-07-16 00:36 - 00026810 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 03 [720p].mkv.torrent

2012-07-16 00:36 - 2012-07-16 00:36 - 00021655 ____A C:\Users\Scissors\Downloads\[subDESU] Hagure Yuusha no Estetica - 02 (1280x720 x264 AAC) [b38E1F4D].mkv.torrent

2012-07-15 22:47 - 2012-07-15 22:47 - 00021177 ____A C:\Users\Scissors\Downloads\3E6694D0EB620E5D6C90A8C473393F5D01FBB72E.torrent

2012-07-14 00:51 - 2012-07-14 00:49 - 28320173 ____A (Dreambelievers ) C:\Users\Scissors\Downloads\Pokemon-Online-v2.0.02a-Setup.exe

2012-07-13 00:00 - 2012-07-12 23:59 - 27578008 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeYouTubeToMP3Converter (1).exe

2012-07-12 23:47 - 2012-07-12 23:47 - 00007404 ____A C:\Users\Scissors\Downloads\Ritsuka - Hello How Are You.mp3.torrent

2012-07-12 15:13 - 2012-05-31 00:53 - 00405144 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll

2012-07-12 00:38 - 2012-07-12 00:38 - 02027206 ____A C:\Users\Scissors\Downloads\P655 (1).zip

2012-07-10 10:11 - 2012-07-10 10:11 - 06397667 ____A C:\Users\Scissors\Downloads\Mijumaru Letter GHI.rar

2012-07-10 02:12 - 2012-07-10 02:12 - 02027206 ____A C:\Users\Scissors\Downloads\P655.zip

2012-07-09 00:37 - 2012-07-09 00:37 - 00021874 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Uhou_Renka_-_01_(DVD_720x480_x264_8bit_AAC)_[94DA33D8].mkv.torrent

2012-07-09 00:37 - 2012-07-09 00:37 - 00017709 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Kuroinu_Kedakaki_Seijo_wa_Hakudaku_ni_Somaru_-_02_(DVD_720x480_x264_8bit_AAC)_[2F926D0A].mkv.torrent

2012-07-09 00:37 - 2012-07-09 00:37 - 00017191 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Kuroinu_Kedakaki_Seijo_wa_Hakudaku_ni_Somaru_-_01v2_(DVD_720x480_x264_8bit_AAC)_[E7511EB9].mkv.torrent

2012-07-09 00:37 - 2012-07-09 00:37 - 00016112 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Suki_de_Suki_de_Suki_de_The_Animation_-_01_(704x400_x264_AAC)_[8D2A1D81].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026810 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 02 [720p].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026122 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Jinrui wa Suitai Shimashita - 02 [720p].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026026 ____A C:\Users\Scissors\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 02 [720p].mkv.torrent

2012-07-08 19:23 - 2012-07-08 19:23 - 00026004 ____A C:\Users\Scissors\Downloads\[HorribleSubs] Tari Tari - 02 [720p].mkv.torrent

2012-07-05 22:06 - 2012-07-05 22:06 - 00013094 ____A C:\Users\Scissors\Downloads\[CR] Natsuyuki Rendezvous - 01 [1280x720].mkv.torrent

2012-07-03 22:30 - 2012-07-03 22:30 - 00011712 ____A C:\Users\Scissors\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1920x1080].mkv.torrent

2012-07-03 22:30 - 2012-07-03 22:30 - 00011396 ____A C:\Users\Scissors\Downloads\[CR] Tari Tari - 01 [1920x1080][b746D7C4].mkv.torrent

2012-07-03 22:14 - 2012-07-03 22:14 - 00013889 ____A C:\Users\Scissors\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1280x720].mkv.torrent

2012-07-03 22:12 - 2012-07-03 22:12 - 00013473 ____A C:\Users\Scissors\Downloads\[CR] Tari Tari - 01 [1280x720][4E0A7FAE].mkv.torrent

2012-07-03 22:12 - 2012-07-03 22:12 - 00013473 ____A C:\Users\Scissors\Downloads\[CR] Tari Tari - 01 [1280x720][4E0A7FAE].mkv (1).torrent

2012-07-03 11:46 - 2012-07-26 00:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-02 21:15 - 2012-07-02 21:15 - 00786639 ____A C:\Users\Scissors\Downloads\PokeGen_full.zip

2012-07-01 14:18 - 2012-07-01 14:18 - 00043727 ____A C:\Users\Scissors\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [1080p].mkv.torrent

2012-07-01 14:18 - 2012-07-01 14:18 - 00026066 ____A C:\Users\Scissors\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [720p].mkv.torrent

2012-07-01 14:18 - 2012-07-01 14:18 - 00013451 ____A C:\Users\Scissors\Downloads\[CR] Jinrui wa Suitai Shimashita - 01 [1280x720][86F097E2].mkv.torrent

2012-07-01 14:17 - 2012-07-01 14:17 - 00011374 ____A C:\Users\Scissors\Downloads\[CR] Jinrui wa Suitai Shimashita - 01 [1920x1080][b714FD36].mkv.torrent

2012-06-30 15:54 - 2012-06-30 15:54 - 00279112 ____A C:\Users\Scissors\Downloads\FINAL_FANTASY_3_v1.0.exe

2012-06-30 15:54 - 2012-06-30 15:54 - 00279024 ____A C:\Users\Scissors\Downloads\FINAL_FANTASY_3_v1.0 (1).exe

2012-06-29 19:30 - 2012-06-29 19:30 - 00367017 ____A C:\Users\Scissors\Downloads\trashco.zip

2012-06-29 19:27 - 2012-06-29 19:27 - 00028124 ____A C:\Users\Scissors\Downloads\jenkinsv.zip

2012-06-26 18:45 - 2012-06-26 18:45 - 00254011 ____A C:\Users\Scissors\Downloads\miama.zip

2012-06-26 18:20 - 2012-06-26 18:20 - 00034869 ____A C:\Users\Scissors\Downloads\metal_gear_solid.zip

2012-06-26 18:19 - 2012-06-26 18:19 - 00100980 ____A C:\Users\Scissors\Downloads\circuit_mage.zip

2012-06-26 18:17 - 2012-06-26 18:17 - 00747675 ____A C:\Users\Scissors\Downloads\northwood_high.zip

2012-06-26 18:15 - 2012-06-26 18:15 - 00020305 ____A C:\Users\Scissors\Downloads\storybook.zip

2012-06-26 17:20 - 2011-10-27 17:38 - 00000132 ____A C:\Users\Scissors\AppData\Roaming\Adobe PNG Format CS5 Prefs

2012-06-26 15:41 - 2012-06-26 15:41 - 27589029 ____A (Dreambelievers ) C:\Users\Scissors\Downloads\Pokemon-Online-Setup (3).exe

2012-06-26 15:37 - 2012-06-26 15:37 - 28102411 ____A (Dreambelievers ) C:\Users\Scissors\Downloads\Pokemon-Online-Setup (2).exe

2012-06-24 01:39 - 2012-06-24 01:37 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys

2012-06-24 01:34 - 2012-06-24 01:33 - 19302416 ____A (DT Soft Ltd) C:\Users\Scissors\Downloads\DAEMONToolsPro510-0333.exe

2012-06-23 21:21 - 2012-06-23 21:21 - 00516610 ____A C:\Users\Scissors\Downloads\2CH Patch.rar

2012-06-23 21:03 - 2012-06-23 21:03 - 04755594 ____A C:\Users\Scissors\Downloads\English Pokemon Black2 & White2 Translation by PokeStation v1.2.zip

2012-06-23 02:48 - 2012-06-23 02:48 - 00010184 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Oshioki_Gakuen_Reijou_Kousei_Keikaku_-_03_(x_x264_AAC)_[932B7FCB].mkv.torrent

2012-06-23 02:29 - 2012-06-23 02:29 - 00011234 ____A C:\Users\Scissors\Downloads\New 2CH patch BW2.rar

2012-06-22 14:28 - 2012-06-22 14:28 - 00024111 ____A C:\Users\Scissors\Downloads\[7142]NitroExplorer_2b.zip

2012-06-22 14:17 - 2012-06-22 14:17 - 04007127 ____A C:\Users\Scissors\Downloads\A0002 translated.rar

2012-06-22 14:11 - 2012-06-22 14:11 - 00045687 ____A C:\Users\Scissors\Downloads\Pokemon.Black.2.EXP.Patch.zip

2012-06-22 13:57 - 2012-06-22 13:54 - 111280100 ____A C:\Users\Scissors\Downloads\Pocket_Monsters_Black_2_JPN_NDS-BAHAMUT.rar

2012-06-22 13:56 - 2012-06-22 13:55 - 01961052 ____A C:\Users\Scissors\Downloads\desmume-0.9.8-win32.zip

2012-06-22 13:54 - 2012-06-22 13:54 - 00045460 ____A C:\Users\Scissors\Downloads\aa.zip

2012-06-20 15:10 - 2012-06-20 15:08 - 141399376 ____A (Microsoft Corporation) C:\Users\Scissors\Downloads\wlsetup-all.exe

2012-06-20 14:49 - 2011-10-13 22:15 - 00041726 ____A C:\Windows\DirectX.log

2012-06-17 03:02 - 2012-06-17 03:02 - 00004593 ____A C:\Users\Scissors\Documents\NFE RNG List.txt

2012-06-16 23:15 - 2012-06-16 23:14 - 28102411 ____A (Dreambelievers ) C:\Users\Scissors\Downloads\Pokemon-Online-Setup (1).exe

2012-06-16 14:49 - 2012-06-16 14:49 - 00021604 ____A C:\Users\Scissors\Downloads\ming_imperial.zip

2012-06-14 16:25 - 2012-06-14 16:25 - 00016504 ____A C:\Users\Scissors\Downloads\[kat.ph]fakku.subs.cafe.junkie.2.caffe.latte.torrent

2012-06-14 00:58 - 2012-06-14 00:58 - 00002272 ____A C:\Users\Scissors\Downloads\[Asenshi] Robotics;Notes - PV [3980FC1A].mkv.torrent

2012-06-12 23:37 - 2012-06-12 22:52 - 81480432 ____A C:\Users\Scissors\Downloads\_z-Sora02.part2.rar

2012-06-12 22:52 - 2012-06-12 21:56 - 100431872 ____A C:\Users\Scissors\Downloads\_z-Sora02.part1.rar

2012-06-12 21:34 - 2012-06-12 20:45 - 87778080 ____A C:\Users\Scissors\Downloads\_z-Sora01.part2.rar

2012-06-12 13:06 - 2012-06-12 12:10 - 100431872 ____A C:\Users\Scissors\Downloads\_z-Sora01.part1.rar

2012-06-11 22:44 - 2012-06-11 22:44 - 00034871 ____A C:\Users\Scissors\Downloads\Metal_Gear_Solid_Soundtracks.4282656.TPB.torrent

2012-06-11 19:02 - 2012-07-11 01:05 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 19:11 - 2012-06-09 19:11 - 03603968 ____A C:\Users\Scissors\Downloads\Diploma Review part one jan 2011.ppt

2012-06-09 19:11 - 2012-06-09 19:11 - 00194560 ____A C:\Users\Scissors\Downloads\Email for students Diploma Review (2).ppt

2012-06-08 21:30 - 2012-07-10 13:06 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:46 - 2012-07-10 13:06 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 13:48 - 2012-06-08 13:48 - 00031062 ____A C:\Users\Scissors\Downloads\[ReinForce] Boku wa Tomodachi ga Sukunai - Vol.5 (BDRip 1920x1080 x264 FLAC).torrent

2012-06-07 16:26 - 2012-06-07 16:26 - 00001599 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Hime-Sama_Gentei!_-_01_(DVD_720x480_x264_10bit_AAC)_[A1C32393].mkv.torrent

2012-06-07 16:24 - 2012-06-07 16:24 - 00017587 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Hishoka_Drop_-_01_(704x396_x264-AAC)_[76644013].mkv.torrent

2012-06-07 16:22 - 2012-06-07 16:22 - 00009611 ____A C:\Users\Scissors\Downloads\[subDESU-H]_Crimson_Girls_OVA_-_01_(704x396_x264-AAC)_[583A9C38].mkv.torrent

2012-06-07 16:17 - 2012-06-07 16:17 - 00008975 ____A C:\Users\Scissors\Downloads\[subDESU]_High_School_DxD_Special_-_03_[10-bit]_(1920x1080_x264-AAC).mkv.torrent

2012-06-07 16:17 - 2012-06-07 16:17 - 00004413 ____A C:\Users\Scissors\Downloads\[subDESU]_High_School_DxD_Special_-_03_[10-bit]_(1280x720_x264-AAC).mkv.torrent

2012-06-05 21:50 - 2012-07-10 13:06 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 21:50 - 2012-07-10 13:06 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 21:09 - 2012-07-10 13:06 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:09 - 2012-07-10 13:06 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 19:40 - 2012-06-05 19:40 - 00318904 ____A (Microsoft Corporation) C:\Users\Scissors\Downloads\wmpfirefoxplugin (3).exe

2012-06-05 19:40 - 2012-06-05 19:40 - 00318904 ____A (Microsoft Corporation) C:\Users\Scissors\Downloads\wmpfirefoxplugin (2).exe

2012-06-02 14:19 - 2012-06-18 16:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-18 16:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-18 16:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-18 16:18 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-18 16:18 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-18 16:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-18 16:18 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 13:19 - 2012-06-18 16:18 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 13:15 - 2012-06-18 16:18 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-11 01:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-11 01:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-11 01:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-11 01:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-11 01:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-11 01:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-11 01:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-11 01:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-11 01:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-11 01:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-11 01:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-11 01:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-11 01:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-11 01:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-11 01:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-11 01:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-11 01:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-11 01:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-11 01:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 01:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-11 01:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-11 01:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-11 01:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 01:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-11 01:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-11 01:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-11 01:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-11 01:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:38 - 2012-07-10 13:06 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:38 - 2012-07-10 13:06 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:37 - 2012-07-10 13:06 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:27 - 2012-07-10 13:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:27 - 2012-07-10 13:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:48 - 2012-07-10 13:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:48 - 2012-07-10 13:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:47 - 2012-07-10 13:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:42 - 2012-07-10 13:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-31 10:25 - 2011-10-13 19:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-31 02:45 - 2012-05-31 02:44 - 09889896 ____A (CCCP Project ) C:\Users\Scissors\Downloads\Combined-Community-Codec-Pack-2011-11-11 (1).exe

2012-05-31 02:14 - 2012-05-31 02:13 - 09889896 ____A (CCCP Project ) C:\Users\Scissors\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe

2012-05-31 00:49 - 2012-05-31 00:42 - 71271448 ____A (DVDVideoSoft Ltd. ) C:\Users\Scissors\Downloads\FreeStudio (1).exe

2012-05-30 20:27 - 2012-05-30 20:24 - 36645250 ____A C:\Users\Scissors\Downloads\[nc1ke4ke4@2000FUN][090701][sECL-786][320K+BK].rar

2012-05-30 20:26 - 2012-05-30 20:26 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-05-30 20:26 - 2012-05-30 20:26 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-05-30 20:23 - 2012-05-30 20:23 - 00892360 ____A (Oracle Corporation) C:\Users\Scissors\Downloads\chromeinstall-7u4.exe

2012-05-30 20:22 - 2012-05-30 20:22 - 00004492 ____A C:\Users\Scissors\Downloads\[isoHunt] [Nipponsei] Sora no Woto OP Single - Hikari no Senritsu [Kalafina].zip.torrent

2012-05-21 14:00 - 2012-05-21 14:00 - 00001053 ____A C:\Users\Scissors\Downloads\presentation (2).ics

2012-05-21 14:00 - 2012-05-21 14:00 - 00001053 ____A C:\Users\Scissors\Downloads\presentation (1).ics

2012-05-21 13:59 - 2012-05-21 13:59 - 00001053 ____A C:\Users\Scissors\Downloads\presentation.ics

2012-05-19 18:38 - 2012-05-19 18:38 - 00092270 ____A C:\Users\Scissors\Downloads\[Coalgirls]_Magical_Girl_Madoka_Magica_(1280x720_Blu-Ray_FLAC) (1).torrent

2012-05-18 19:15 - 2012-05-18 19:14 - 53784984 ____A (Adobe Systems Incorporated) C:\Users\Scissors\Downloads\AdbeRdr1012_en_US.exe

2012-05-16 17:31 - 2012-05-16 17:30 - 00060789 ____A C:\Users\Scissors\Downloads\[subDESU]_High_School_DxD_BD_Volume_02_[8-bit]_(1280x720_x264-AAC).torrent

2012-05-14 14:54 - 2012-05-14 11:03 - 415505877 ____A C:\Users\Scissors\Downloads\PBWost.rar

2012-05-12 23:59 - 2012-05-12 23:59 - 00016689 ____A C:\Users\Scissors\Downloads\[kat.ph]tony.taka.fault.mkv.eps.1.3.up.to.720x480.torrent

2012-05-12 01:29 - 2009-07-13 21:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-10 21:02 - 2012-05-10 21:02 - 00039061 ____A C:\Users\Scissors\Downloads\Super_Smash_Bros._Brawl_Original_Soundtrack_(Game_Rip)_(2008).5580582.TPB.torrent

2012-05-04 02:52 - 2012-06-13 14:14 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:08 - 2012-06-13 14:14 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:08 - 2012-06-13 14:14 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-02 22:21 - 2012-05-02 22:21 - 00248910 ____A C:\Users\Scissors\Downloads\a_gothique_time.zip

2012-05-02 22:21 - 2012-05-02 22:21 - 00212069 ____A C:\Users\Scissors\Downloads\ithornet.zip

2012-05-02 22:21 - 2012-05-02 22:21 - 00192289 ____A C:\Users\Scissors\Downloads\ruritania.zip

2012-05-02 22:21 - 2012-05-02 22:21 - 00038606 ____A C:\Users\Scissors\Downloads\blackflag.zip

ZeroAccess:

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\L

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\L\00000004.@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\L\201d3dde

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U\00000004.@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U\00000008.@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U\000000cb.@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U\80000000.@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U\80000032.@

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U\80000064.@

ZeroAccess:

C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}

C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\@

C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\L

C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%

Total physical RAM: 3836.2 MB

Available physical RAM: 3109.16 MB

Total Pagefile: 3834.35 MB

Available Pagefile: 3106.9 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:451.97 GB) (Free:167.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:13.5 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

5 Drive h: (KINGSTON) (Removable) (Total:1.86 GB) (Free:0.98 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 451 GB 200 MB

Partition 3 Primary 13 GB 452 GB

Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 451 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1906 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H KINGSTON FAT Removable 1906 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 23:41

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 2012-07-30 18:32:20

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

We should be able to clean it up, I just have to inform you about the infecton.

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Make sure "word wrap" under Format is unchecked! Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}
C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites
maanik

maanik

Posted
  • Author
Posted

Alright, here's the log. Things are already looking better!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by SYSTEM at 2012-07-30 19:34:28 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d} moved successfully.

C:\Users\Scissors\AppData\Local\{b6ebd508-41db-86bd-3ab3-f8b3bcb4a30d} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
maanik

maanik

Posted
  • Author
Posted

Ran ComboFix, and it went really smoothly. I didn't lose internet connection and my clock and desktop settings didn't change.

In any case, here's the log:

ComboFix 12-07-30.01 - Scissors 30/07/2012 20:17:34.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3836.2313 [GMT -6:00]

Running from: c:\users\Scissors\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\videos\HP MediaSmart Demo.exe

c:\users\Scissors\AppData\Roaming\rtfgdt.dll

c:\users\Scissors\Documents\~WRL0003.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))

.

.

2012-07-31 02:28 . 2012-07-31 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-31 02:13 . 2012-07-31 02:14 -------- d-----w- C:\FRST

2012-07-30 06:50 . 2012-07-30 06:50 -------- d-----w- c:\users\Scissors\AppData\Local\Macromedia

2012-07-28 06:40 . 2012-07-28 06:40 -------- d-----w- C:\Archivos de programa

2012-07-28 06:18 . 2012-07-28 06:21 -------- d-----w- c:\program files\Common Files\Adobe

2012-07-26 08:54 . 2012-07-26 08:54 -------- d-----w- c:\users\Scissors\AppData\Roaming\Malwarebytes

2012-07-26 08:54 . 2012-07-26 08:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-26 08:54 . 2012-07-26 08:54 -------- d-----w- c:\programdata\Malwarebytes

2012-07-26 08:54 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-26 06:06 . 2012-07-26 06:06 -------- d-----w- c:\users\Scissors\AppData\Local\{164386FC-D6CC-11E1-8270-B8AC6F996F26}

2012-07-26 02:51 . 2012-07-26 02:51 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-26 02:45 . 2012-07-30 08:17 -------- d-----w- c:\users\Scissors\AppData\Roaming\xsecva

2012-07-25 04:34 . 2012-07-25 04:34 -------- d-----w- c:\users\Scissors\AppData\Local\Windows Live Writer

2012-07-25 04:34 . 2012-07-25 04:34 -------- d-----w- c:\users\Scissors\AppData\Roaming\Windows Live Writer

2012-07-24 08:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA0F5E0-AEF6-4AFD-9376-50FEBCCD1C58}\mpengine.dll

2012-07-21 02:16 . 2012-07-21 02:16 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack

2012-07-14 08:52 . 2012-07-14 08:52 -------- d-----w- c:\users\Scissors\AppData\Local\Dreambelievers

2012-07-11 09:05 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 09:02 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-07-11 09:02 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-11 09:02 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-07-10 21:05 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-10 21:05 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-30 07:03 . 2012-04-03 23:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-30 07:03 . 2011-12-24 20:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 23:13 . 2012-05-31 08:53 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll

2012-06-24 09:39 . 2012-06-24 09:37 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-20 22:51 . 2011-03-29 00:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-02 22:19 . 2012-06-19 00:18 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 00:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 00:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 00:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 00:18 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 00:19 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 00:18 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-19 00:18 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-06-19 00:18 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-01 21:21 . 2012-06-01 21:21 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-31 18:25 . 2011-10-14 03:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 10:52 . 2012-06-13 22:14 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-13 22:14 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-13 22:14 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32 . 2012-06-13 22:14 208896 ----a-w- c:\windows\system32\profsvc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]

"{f9bbf004-6e40-4019-8214-c43a37e1d058}"= "c:\program files (x86)\Vgrabber1\prxtbVgr0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{f9bbf004-6e40-4019-8214-c43a37e1d058}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f9bbf004-6e40-4019-8214-c43a37e1d058}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vgrabber1\prxtbVgr0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]

"{f9bbf004-6e40-4019-8214-c43a37e1d058}"= "c:\program files (x86)\Vgrabber1\prxtbVgr0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{f9bbf004-6e40-4019-8214-c43a37e1d058}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"Facebook Update"="c:\users\Scissors\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 250056]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [2011-09-22 56952]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [2009-08-26 402992]

S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [2010-01-20 334384]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [2011-10-15 561800]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-24 283200]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20111212.002\IDSvia64.sys [2011-10-13 488568]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-22 124832]

S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:03]

.

2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000Core.job

- c:\users\Scissors\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-26 22:39]

.

2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000UA.job

- c:\users\Scissors\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-26 22:39]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000Core.job

- c:\users\Scissors\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 08:24]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979415225-1970963929-1640854459-1000UA.job

- c:\users\Scissors\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 08:24]

.

2012-07-27 c:\windows\Tasks\HPCeeScheduleForScissors.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-26 21:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-26 171520]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Scissors\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Scissors\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-rtfgdt - c:\users\Scissors\AppData\Roaming\rtfgdt.dll

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{F9BBF004-6E40-4019-8214-C43A37E1D058} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe

.

**************************************************************************

.

Completion time: 2012-07-30 20:39:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-31 02:39

.

Pre-Run: 182,722,428,928 bytes free

Post-Run: 189,181,382,656 bytes free

.

- - End Of File - - EA1A9DADDFB2B9DB271E0549AB2360D4

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please delete this folder:

c:\users\Scissors\AppData\Roaming\xsecva

You may have to enable hidden files to see it:

http://www.howtogeek...-windows-vista/

------------------------------

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
maanik

maanik

Posted
  • Author
Posted

Okay, folder deleted and I ran the quick scan.

Here's the log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.31.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Scissors :: SCISSORS-PC [administrator]

Protection: Enabled

31/07/2012 10:15:20 AM

mbam-log-2012-07-31 (10-15-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202195

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I didn't get a prompt to check or remove anything though.

MBAM was stalling and not responding at a few points during the quick scan, I'm not sure if this is normal or not or whether it is due to a conflict with Microsoft Security Essentials, but that was all that was strange. Everything else is running the way it used to prior to infection. Chrome is allowing me access to secured websites and the random pop-up ads seem to have stopped. All seems well!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.