Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012 Ran by SYSTEM at 06-12-2012 18:22:02 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] () HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [lxbmmon.exe] "C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe" [230056 2009-04-27] (Lexmark International, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-06-11] (Toshiba) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [352248 2012-08-03] (Verizon) 2 lxbm_device; C:\windows\system32\lxbmcoms.exe -service [566192 2007-01-30] ( ) 2 lxbm_device; C:\windows\SysWow64\lxbmcoms.exe -service [537520 2007-01-30] ( ) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) 2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe /s [131512 2012-09-29] (Symantec Corporation) 2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation) ==================== Drivers (Whitelisted) ===================== 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) 2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-06 18:21 - 2012-12-06 18:21 - 00000000 ____D C:\FRST 2012-12-05 18:18 - 2012-09-24 12:23 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-12-05 18:16 - 2012-12-05 18:16 - 00000000 ____A C:\Users\L\Desktop\JavaSetup7u9.exe.p28wcgy.partial 2012-12-05 17:51 - 2012-12-05 17:51 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2012-12-05 17:51 - 2012-12-05 17:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2012-12-05 17:51 - 2012-12-05 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-05 17:51 - 2012-12-05 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-05 17:51 - 2012-12-05 17:51 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-05 17:51 - 2012-12-05 17:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-05 17:51 - 2012-12-05 17:51 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-12-05 17:51 - 2012-12-05 17:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2012-12-05 17:51 - 2012-12-05 17:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2012-12-05 17:51 - 2012-12-05 17:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2012-12-05 17:51 - 2012-12-05 17:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-12-05 17:50 - 2012-12-05 17:52 - 00003397 ____A C:\Windows\IE9_main.log 2012-12-05 17:49 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll 2012-12-05 17:49 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys 2012-12-05 17:49 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys 2012-12-05 17:49 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2012-12-05 17:49 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2012-12-05 17:49 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-12-05 17:49 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-12-05 17:49 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll 2012-12-05 17:49 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll 2012-12-05 17:49 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2012-12-05 17:49 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll 2012-12-05 17:49 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll 2012-12-05 17:49 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2012-12-05 17:49 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe 2012-12-05 17:49 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2012-12-05 17:49 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe 2012-12-05 17:49 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2012-12-05 17:49 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2012-12-05 17:49 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll 2012-12-05 17:49 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2012-12-05 17:49 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe 2012-12-05 17:49 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2012-12-05 17:49 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2012-12-05 17:49 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2012-12-05 17:48 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-12-05 17:48 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-12-05 17:48 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-12-05 17:48 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-12-05 17:48 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2012-12-05 17:48 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-12-05 17:48 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-12-05 17:48 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-12-05 17:48 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-12-05 17:48 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-12-05 17:48 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2012-12-05 15:45 - 2012-12-05 15:45 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-12-05 02:54 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-12-05 02:54 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-12-05 02:54 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-12-05 02:47 - 2012-12-05 18:11 - 00340167 ____A C:\Windows\WindowsUpdate.log 2012-12-05 02:44 - 2012-12-05 18:04 - 00000224 ____A C:\Windows\setupact.log 2012-12-05 02:44 - 2012-12-05 02:44 - 00000000 ____A C:\Windows\setuperr.log 2012-12-05 02:37 - 2012-12-05 02:37 - 00000000 ____D C:\Program Files\CCleaner 2012-12-04 18:52 - 2012-12-04 18:52 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-04 18:52 - 2012-12-04 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-04 18:52 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-04 18:09 - 2012-12-04 18:09 - 00000000 ____D C:\Users\All Users\Norton 2012-12-04 18:02 - 2012-12-04 18:02 - 00015848 ____A C:\ComboFix.txt 2012-12-04 17:51 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-12-04 17:51 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-12-04 17:51 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-12-04 17:51 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-12-04 17:51 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-12-04 17:51 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-12-04 17:51 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-12-04 17:51 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-12-04 17:50 - 2012-12-04 18:02 - 00000000 ____D C:\Qoobox 2012-12-04 17:50 - 2012-12-04 17:50 - 05009321 ____R (Swearware) C:\Users\L\Desktop\ComboFix.exe 2012-12-04 17:37 - 2012-12-04 17:37 - 00000000 ____D C:\found.000 2012-12-04 15:15 - 2012-12-04 15:15 - 00000000 ____D C:\Windows\Microsoft Antimalware 2012-12-04 00:16 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-12-04 00:15 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-12-04 00:15 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-12-04 00:15 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-12-04 00:02 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-12-04 00:02 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-12-04 00:02 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-12-04 00:02 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-12-04 00:02 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-12-04 00:02 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-12-04 00:02 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-12-04 00:02 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-12-03 23:12 - 2012-09-24 12:23 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-12-03 23:12 - 2012-09-24 12:23 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-12-03 23:11 - 2012-12-03 23:12 - 00004454 ____A C:\Windows\SysWOW64\jupdate-1.6.0_37-b06.log 2012-12-03 23:10 - 2012-12-03 23:10 - 00000000 ____D C:\Users\All Users\McAfee 2012-12-03 22:49 - 2012-12-03 22:49 - 00001945 ____A C:\Windows\epplauncher.mif 2012-12-03 22:43 - 2012-12-03 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-12-03 22:43 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-12-03 22:43 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2012-12-03 22:43 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2012-12-03 22:43 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2012-12-03 22:43 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2012-12-03 22:42 - 2012-12-03 22:44 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-12-03 22:42 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-12-03 22:42 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2012-12-03 22:42 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2012-12-03 22:42 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2012-12-03 22:42 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2012-12-03 22:42 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2012-12-03 22:42 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2012-12-03 22:42 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2012-12-03 22:42 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2012-12-03 22:42 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2012-12-03 22:42 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-12-03 22:42 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-12-03 22:42 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-12-03 22:42 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2012-12-03 18:21 - 2012-12-04 17:50 - 00000000 ____D C:\Windows\erdnt 2012-12-03 18:16 - 2012-12-06 07:33 - 00000000 ____D C:\Windows\pss 2012-11-18 17:43 - 2012-11-18 17:43 - 00022456 ____A C:\Users\L\Desktop\Marcus_Rose_HBCU_VIDEO_FOR_ENGLISH.wlmp 2012-11-18 17:27 - 2012-11-18 17:27 - 00000000 ____D C:\Users\L\AppData\Roaming\Malwarebytes ==================== One Month Modified Files and Folders ======= 2012-12-06 18:21 - 2012-12-06 18:21 - 00000000 ____D C:\FRST 2012-12-06 07:33 - 2012-12-03 18:16 - 00000000 ____D C:\Windows\pss 2012-12-06 07:33 - 2011-03-14 04:43 - 00000000 ____D C:\users\L 2012-12-06 07:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-05 18:16 - 2012-12-05 18:16 - 00000000 ____A C:\Users\L\Desktop\JavaSetup7u9.exe.p28wcgy.partial 2012-12-05 18:11 - 2012-12-05 02:47 - 00340167 ____A C:\Windows\WindowsUpdate.log 2012-12-05 18:09 - 2009-07-13 21:13 - 00005156 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-05 18:07 - 2012-04-02 04:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-05 18:07 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-05 18:07 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-05 18:05 - 2010-07-19 13:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-05 18:05 - 2010-07-18 21:29 - 00000000 ____D C:\Windows\Panther 2012-12-05 18:04 - 2012-12-05 02:44 - 00000224 ____A C:\Windows\setupact.log 2012-12-05 18:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-05 18:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2012-12-05 17:52 - 2012-12-05 17:50 - 00003397 ____A C:\Windows\IE9_main.log 2012-12-05 17:51 - 2012-12-05 17:51 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2012-12-05 17:51 - 2012-12-05 17:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2012-12-05 17:51 - 2012-12-05 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-05 17:51 - 2012-12-05 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-05 17:51 - 2012-12-05 17:51 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-05 17:51 - 2012-12-05 17:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-05 17:51 - 2012-12-05 17:51 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-12-05 17:51 - 2012-12-05 17:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2012-12-05 17:51 - 2012-12-05 17:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2012-12-05 17:51 - 2012-12-05 17:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2012-12-05 17:51 - 2012-12-05 17:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2012-12-05 17:51 - 2012-12-05 17:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2012-12-05 17:51 - 2012-12-05 17:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-12-05 17:51 - 2010-07-19 13:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-05 15:45 - 2012-12-05 15:45 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-12-05 02:44 - 2012-12-05 02:44 - 00000000 ____A C:\Windows\setuperr.log 2012-12-05 02:37 - 2012-12-05 02:37 - 00000000 ____D C:\Program Files\CCleaner 2012-12-05 02:37 - 2012-09-25 17:17 - 00000000 ____D C:\Windows\Minidump 2012-12-05 02:37 - 2011-08-17 12:29 - 00000000 ____D C:\Users\L\AppData\Local\CrashDumps 2012-12-04 18:52 - 2012-12-04 18:52 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-04 18:52 - 2012-12-04 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-04 18:09 - 2012-12-04 18:09 - 00000000 ____D C:\Users\All Users\Norton 2012-12-04 18:02 - 2012-12-04 18:02 - 00015848 ____A C:\ComboFix.txt 2012-12-04 18:02 - 2012-12-04 17:50 - 00000000 ____D C:\Qoobox 2012-12-04 17:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-12-04 17:50 - 2012-12-04 17:50 - 05009321 ____R (Swearware) C:\Users\L\Desktop\ComboFix.exe 2012-12-04 17:50 - 2012-12-03 18:21 - 00000000 ____D C:\Windows\erdnt 2012-12-04 17:37 - 2012-12-04 17:37 - 00000000 ____D C:\found.000 2012-12-04 16:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-12-04 15:15 - 2012-12-04 15:15 - 00000000 ____D C:\Windows\Microsoft Antimalware 2012-12-04 00:42 - 2011-03-14 04:45 - 00109296 ____A C:\Users\L\AppData\Local\GDIPFONTCACHEV1.DAT 2012-12-04 00:40 - 2009-07-13 20:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-04 00:05 - 2012-10-14 13:47 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-12-04 00:03 - 2011-06-17 17:03 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-12-04 00:01 - 2011-03-15 22:16 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-12-04 00:01 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-12-03 23:12 - 2012-12-03 23:11 - 00004454 ____A C:\Windows\SysWOW64\jupdate-1.6.0_37-b06.log 2012-12-03 23:12 - 2012-05-21 11:49 - 00000000 ____D C:\Program Files (x86)\Java 2012-12-03 23:10 - 2012-12-03 23:10 - 00000000 ____D C:\Users\All Users\McAfee 2012-12-03 22:49 - 2012-12-03 22:49 - 00001945 ____A C:\Windows\epplauncher.mif 2012-12-03 22:44 - 2012-12-03 22:42 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-12-03 22:43 - 2012-12-03 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-11-18 17:43 - 2012-11-18 17:43 - 00022456 ____A C:\Users\L\Desktop\Marcus_Rose_HBCU_VIDEO_FOR_ENGLISH.wlmp 2012-11-18 17:43 - 2011-06-17 16:53 - 00000000 ____D C:\Users\L\AppData\Local\Windows Live 2012-11-18 17:27 - 2012-11-18 17:27 - 00000000 ____D C:\Users\L\AppData\Roaming\Malwarebytes ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-04 02:48:13 Restore point made on: 2012-12-05 02:54:24 Restore point made on: 2012-12-05 12:16:01 Restore point made on: 2012-12-05 17:04:48 Restore point made on: 2012-12-05 17:37:28 Restore point made on: 2012-12-05 17:39:37 Restore point made on: 2012-12-05 17:48:55 Restore point made on: 2012-12-05 18:11:31 Restore point made on: 2012-12-05 18:18:08 Restore point made on: 2012-12-05 18:26:17 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 2810.9 MB Available physical RAM: 2163.41 MB Total Pagefile: 2809.05 MB Available Pagefile: 2195.93 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (TI105948W0D) (Fixed) (Total:222.25 GB) (Free:172 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection. 5 Drive g: () (Removable) (Total:3.73 GB) (Free:1.73 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 222 GB 1501 MB Partition 3 Primary 9 GB 223 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI105948W0D NTFS Partition 222 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3823 MB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 3823 MB Healthy ========================================================= Last Boot: 2012-12-04 21:39 ==================== End Of Log =============================