Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista x64 BSOD consvr missing. Endless start up loop


  • This topic is locked This topic is locked
8 replies to this topic

#1 link_0587

link_0587

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 30 December 2011 - 03:17 PM

Yesterday my computer got infected with one of those fake AV programs. I noticed my security essentials icon had turned red, and that the services for the firewall and the antivirus were both stopped. Not new to removing them (as i have in the past for some friends computers and I do have a certification with CompTia), I originally thought it was just an easy fix as it usually is. I luckily had task manager open, found the process that was the root and killed it. Then I went to the Appdata folder (where they usually hide), and found the file, which I subsequently deleted.

The program was gone, but the .exe assiciation was also gone. I ran regedit from a second administrator account and loaded the hive for my account and manually fixed it. logging back in to my account, I ran a malwarebytes full scan. I also reinstalled security essentials, as the program had been corrupted and would not load the service for it. Once it found the infections, it asked to restart the computer, which I did.

When it started loading vista, it gave me a BSOD indicating consvr was missing. I loaded the vista setup disk, and performed an automatic startup fix to no avail. I then tried to do a system restore. Once again, no results. Finally I gave the microsoft Standalone System Sweeper Beta a try. It loaded from my USB drive and ran a Windows defender scan. It found about 6 High Risk infections, which it successfully removed. Restarted, and same problem.

Looking through your forums, I hear that this was associated with the zeroaccess rootkit. I'm not usually one to ask for help, but I'm stomped. I don't want to reinstall, but it appears I'm running out of options. I will try using hiren's boot disc tonight, but could someone get me some insight on how to fix this BSOD? thanks.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:56 AM

Posted 30 December 2011 - 07:04 PM

:welcome:

Lets give it a try. You will need a flasdrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:56 AM

Posted 30 December 2011 - 09:19 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 link_0587

link_0587
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 31 December 2011 - 02:41 PM

Hello! thank you so much for your quick response. After using hiren's boot cd and scanning again, I ran system restore and it worked. I was able to get back into my computer. However, security essentials still recognizes consvr as a severe infection and deleted it, resulting in the same problem. I should also mention that my firewall and security center have been disabled by the infection and I couldn't restart them. Anywho, here is the text from frst64. Thank you very much for your help :)

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-31 11:28:22
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [AudioDrvEmulator] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" [61440 2005-09-19] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM-x32\...\Run: [PWRISOVM.EXE] "E:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [x]
HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [197928 2009-12-18] (Seagate LLC)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot [296056 2011-12-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Edger\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Edger\...\Run: [] [x]
HKU\Edger\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Edger\...\Run: [Google Update] "C:\Users\Edger\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-03-16] (Google Inc.)
HKU\gff\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\gff(82)\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Guest\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [4240760 2010-09-23] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKU\Mcx2\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx2\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Mcx2\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx2\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2008-03-31] (Adobe Systems)
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [157208 2008-02-25] (Creative Technology Ltd)
2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.)
3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [699928 2008-02-25] (Creative Technology Ltd)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd)
3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219160 2008-02-25] (Creative Technology Ltd)
3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321560 2008-02-25] (Creative Technology Ltd)
3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [189976 2008-02-25] (Creative Technology Ltd)
3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363032 2008-02-25] (Creative Technology Ltd)
3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [141848 2008-02-25] (Creative Technology Ltd)
3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [680984 2008-02-25] (Creative Technology Ltd)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2009-11-01] (Acresso Software Inc.)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [726016 2008-09-08] ()
2 FreeAgentGoNext Service; "C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-12-18] (Seagate Technology LLC)
3 getPlus® Helper; C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe [66048 2009-06-04] (NOS Microsystems Ltd.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [69632 2005-11-14] (Macrovision Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-04-30] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-04-30] (Alcatel-Lucent)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [45056 2006-12-14] (Sony Corporation)
3 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [63304 2011-01-07] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
3 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [7520337 2002-12-17] (Microsoft Corporation)
3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [221696 2008-09-08] ()
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [255008 2009-01-06] (NVIDIA)
3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [57344 2006-12-14] ()
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [167936 2005-08-08] ()
3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [630272 2010-10-20] (Nokia)
3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [69632 2006-12-14] (Sony Corporation)
3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [311872 2002-12-17] (Microsoft Corporation)
2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [921600 2010-11-24] ()
2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [169504 2009-01-07] (NVIDIA)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [x]
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [x]
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [x]
3 wampapache; "c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-20] (Microsoft Corporation)
2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1719296 2010-07-27] (Atheros Communications, Inc.)
3 Avc; C:\Windows\System32\DRIVERS\avc.sys [48768 2008-01-20] (Microsoft Corporation)
1 BIOS; \??\C:\Windows\system32\drivers\BIOS64.sys [14136 2006-10-30] (BIOSTAR Group)
1 BS_I2cIo; \??\C:\Windows\system32\drivers\BS_I2cIo.sys [26472 2007-01-01] (BIOSTAR Group)
3 CT20XUT; C:\Windows\System32\drivers\CT20XUT.SYS [202776 2009-06-04] (Creative Technology Ltd.)
3 CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [202776 2009-06-04] (Creative Technology Ltd.)
3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [580632 2009-06-04] (Creative Technology Ltd)
3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [684312 2009-06-04] (Creative Technology Ltd)
3 CTEXFIFX; C:\Windows\System32\drivers\CTEXFIFX.SYS [1417240 2009-06-04] (Creative Technology Ltd.)
3 CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [1417240 2009-06-04] (Creative Technology Ltd.)
3 CTHWIUT; C:\Windows\System32\drivers\CTHWIUT.SYS [94744 2009-06-04] (Creative Technology Ltd.)
3 CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [94744 2009-06-04] (Creative Technology Ltd.)
3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [15896 2009-06-04] (Creative Technology Ltd)
3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [213016 2009-06-04] (Creative Technology Ltd)
3 emupia; C:\Windows\System32\drivers\emupia2k.sys [118296 2009-06-04] (Creative Technology Ltd)
3 ha20x2k; C:\Windows\System32\drivers\ha20x2k.sys [1561112 2009-06-04] (Creative Technology Ltd)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [61568 2008-01-20] (Microsoft Corporation)
1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx64.sys [1498016 2008-08-01] (NVIDIA Corporation)
3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [40480 2009-01-06] (NVIDIA Corp.)
2 NVR0FLASHDev; \??\C:\Windows\nvflsh64.sys [40992 2009-01-07] (NVIDIA Corp.)
3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [29800 2010-03-22] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\DRIVERS\nvstor64.sys [170528 2008-08-18] (NVIDIA Corporation)
3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [179224 2009-06-04] (Creative Technology Ltd.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [25600 2008-08-28] (Nokia)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [160768 2008-02-14] (Realtek Corporation )
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] ()
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2010-02-26] (Unibrain)
2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2010-02-26] (Unibrain)
2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2010-02-26] (Unibrain)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2010-02-26] (Nokia)
3 usbser; C:\Windows\System32\drivers\usbser.sys [32768 2009-04-10] (Microsoft Corporation)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
3 VX3000; C:\Windows\System32\DRIVERS\VX3000.sys [2055168 2009-06-26] (Microsoft Corporation)
3 atillk64; \??\C:\Program Files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys [x]
3 cpuz130; \??\C:\Users\Edger\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 FXDrv32; \??\F:\FXDrv64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 pfc; C:\Windows\System32\drivers\pfc.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-31 11:28 - 2011-12-31 11:28 - 0000000 ____D C:\FRST
2011-12-31 10:30 - 2011-12-31 10:30 - 0143552 ____A C:\Users\gff\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____D C:\Users\gff\AppData\Roaming\Stardock
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____D C:\Users\gff\AppData\Roaming\Real
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____D C:\Users\gff\AppData\Local\NVIDIA Corporation
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____A C:\Windows\setuperr.log
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____A C:\Windows\setupact.log
2011-12-29 22:41 - 2011-12-30 18:58 - 0000000 ____D C:\Windows\Microsoft Antimalware
2011-12-29 22:41 - 2011-12-29 22:41 - 0000000 ____D C:\Windows\Windows Defender Offline
2011-12-29 22:20 - 2011-12-31 10:34 - 0301846 ____A C:\Windows\Minidump\Mini123111-01.dmp
2011-12-29 08:23 - 2011-12-31 10:34 - 0002106 ____A C:\Windows\errord.log
2011-12-29 08:23 - 2011-12-29 08:23 - 0000744 ____A C:\Windows\PFRO.log
2011-12-29 08:21 - 2011-12-31 11:21 - 0000560 ____A C:\Windows\error.log
2011-12-29 01:42 - 2011-12-29 01:42 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-12-29 01:40 - 2011-12-29 01:42 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-12-29 01:21 - 2011-12-29 01:22 - 94997970 ____A C:\Users\Edger\Desktop\fdfd.reg
2011-12-29 01:17 - 2011-12-29 01:17 - 0001874 ____A C:\Users\gff\Desktop\Customize Fences.lnk
2011-12-29 01:16 - 2011-12-29 01:16 - 0000174 __ASH C:\Users\gff\Start Menu\Programs\Startup\desktop.ini
2011-12-29 01:16 - 2011-12-29 01:16 - 0000174 __ASH C:\Users\gff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-29 01:15 - 2011-12-30 18:36 - 0000000 ____D C:\Users\gff\AppData\LocalLow
2011-12-29 00:59 - 2011-12-29 00:56 - 0000610 ____A C:\Users\Edger\Desktop\UnHookExec.inf
2011-12-29 00:50 - 2011-12-30 18:34 - 0000000 ____D C:\Users\gff\AppData\Roaming\Malwarebytes
2011-12-29 00:49 - 2011-12-29 00:41 - 0000880 ____A C:\Users\gff\Desktop\exe.reg
2011-12-29 00:49 - 2011-12-29 00:28 - 0000278 ____A C:\Users\gff\Desktop\exefix_cu.reg
2011-12-29 00:46 - 2011-12-31 10:30 - 0000000 ____D C:\users\gff
2011-12-29 00:46 - 2011-12-30 16:48 - 0000000 ____D C:\users\gff(82)
2011-12-29 00:46 - 2011-12-29 00:46 - 0000020 ___SH C:\Users\gff\ntuser.ini
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Templates
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Start Menu
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\PrintHood
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\NetHood
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\My Documents
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Documents\My Videos
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Documents\My Pictures
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Documents\My Music
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\AppData\Local\Temporary Internet Files
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\AppData\Local\History
2011-12-29 00:42 - 2006-11-02 03:16 - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\regedt32 - Copy.bat
2011-12-29 00:37 - 2011-12-29 01:04 - 0214042 ____A C:\Windows\ntbtlog.txt
2011-12-29 00:33 - 2008-01-20 18:49 - 0161792 ____A (Microsoft Corporation) C:\Windows\regedit.com
2011-12-29 00:08 - 2011-12-29 00:17 - 0003298 __ASH C:\Users\Edger\AppData\Local\h2gupxtuef253afy
2011-12-29 00:08 - 2011-12-29 00:17 - 0003298 __ASH C:\ProgramData\h2gupxtuef253afy
2011-12-29 00:08 - 2011-12-29 00:08 - 0000000 ____D C:\Windows\system64
2011-12-28 08:46 - 2011-11-03 18:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-28 08:46 - 2011-11-03 17:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-28 08:46 - 2011-11-03 17:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-28 08:46 - 2011-11-03 17:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-28 08:46 - 2011-11-03 17:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-28 08:46 - 2011-11-03 17:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-28 08:46 - 2011-11-03 17:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-28 08:46 - 2011-11-03 17:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-28 08:46 - 2011-11-03 17:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-28 08:46 - 2011-11-03 17:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-28 08:46 - 2011-11-03 17:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-28 08:46 - 2011-11-03 17:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-28 08:46 - 2011-11-03 17:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-28 08:46 - 2011-11-03 15:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-28 08:46 - 2011-11-03 14:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-28 08:46 - 2011-11-03 14:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-28 08:46 - 2011-11-03 14:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-28 08:46 - 2011-11-03 14:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-28 08:46 - 2011-11-03 14:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-28 08:46 - 2011-11-03 14:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-28 08:46 - 2011-11-03 14:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-28 08:46 - 2011-11-03 14:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-28 08:46 - 2011-11-03 14:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-28 08:46 - 2011-11-03 14:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-28 08:46 - 2011-11-03 14:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-28 08:46 - 2011-11-03 14:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-26 23:55 - 2011-12-26 23:55 - 0000000 ____D C:\Users\Edger\AppData\Local\{EF64DB64-F0C8-4BFE-97F3-E73B46126C41}
2011-12-26 23:55 - 2011-12-26 23:55 - 0000000 ____D C:\Users\Edger\AppData\Local\{AB7F1BE5-C906-4BF9-99AC-10E18672850E}
2011-12-24 20:00 - 2011-12-24 20:00 - 5346786 ____A C:\Users\Edger\Documents\creation vby me.wav
2011-12-24 20:00 - 2011-12-24 20:00 - 0052294 ____A C:\Users\Edger\Documents\creation vby me.pk
2011-12-24 14:22 - 2011-12-24 14:22 - 0000000 ____D C:\Users\Edger\AppData\Local\{5EEA50E9-F61F-46D2-BFC8-32F6B4106884}
2011-12-24 14:21 - 2011-12-24 14:21 - 0000000 ____D C:\Users\Edger\AppData\Local\{932EF23F-6586-4B7D-8CEC-760BAA0CCDFF}
2011-12-22 18:02 - 2011-12-22 18:02 - 0000000 ____D C:\Users\Edger\AppData\Local\{A76B377E-E8DC-4FF8-A1BB-AAA4112186CE}
2011-12-22 18:02 - 2011-12-22 18:02 - 0000000 ____D C:\Users\Edger\AppData\Local\{87BF5644-32D0-4A87-B574-9BC38AF493A1}
2011-12-22 00:09 - 2011-12-22 00:09 - 0000000 ____D C:\Users\Edger\AppData\Local\{5A605FD6-10E2-4245-8AE6-E6D28C5BBADB}
2011-12-22 00:09 - 2011-12-22 00:09 - 0000000 ____D C:\Users\Edger\AppData\Local\{226DE875-84BA-4CE5-AB5D-52C0CC2B688B}
2011-12-21 01:19 - 2011-12-29 01:24 - 0301902 ____A C:\Windows\Minidump\Mini122911-01.dmp
2011-12-21 01:19 - 2011-12-28 23:55 - 0301902 ____A C:\Windows\Minidump\Mini122811-01.dmp
2011-12-21 01:19 - 2011-12-27 22:05 - 0301902 ____A C:\Windows\Minidump\Mini122711-01.dmp
2011-12-17 16:37 - 2011-12-17 16:37 - 0000000 ____D C:\Users\Edger\AppData\Local\{42C9675F-53AF-4624-99B7-18A9AB7F38C0}
2011-12-17 16:37 - 2011-12-17 16:37 - 0000000 ____D C:\Users\Edger\AppData\Local\{3730DF8C-8B96-4481-81D0-E75B296DBCAA}
2011-12-15 12:31 - 2011-11-23 05:57 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-15 12:31 - 2011-11-08 06:58 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-15 12:31 - 2011-11-08 06:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-15 12:31 - 2011-10-25 08:09 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-15 12:31 - 2011-10-14 09:30 - 0559616 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-15 12:31 - 2011-10-14 08:02 - 0429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-14 08:41 - 2011-12-14 08:41 - 0000000 ____D C:\Users\Edger\AppData\Local\{B0442CFE-CB69-40BD-8EC2-E2BDEAF96A37}
2011-12-14 08:41 - 2011-12-14 08:41 - 0000000 ____D C:\Users\Edger\AppData\Local\{3BB4ED68-ADE9-4D8B-B2DA-4A7C964D6688}
2011-12-12 00:42 - 2011-12-12 22:41 - 0000000 ____D C:\Users\Edger\Desktop\ebay
2011-12-08 22:10 - 2011-12-08 22:10 - 0000000 ____D C:\Users\Edger\AppData\Local\{FB5F377E-AF45-4409-9EBC-3EB50117DE64}
2011-12-08 22:09 - 2011-12-08 22:10 - 0000000 ____D C:\Users\Edger\AppData\Local\{E68598C5-D50C-4A49-8B25-D8945CBA7AEF}
2011-12-08 22:03 - 2011-12-08 22:03 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-08 01:46 - 2011-12-08 01:46 - 0000000 ____D C:\Users\Edger\AppData\Local\{A5722244-272E-4CE9-858C-2184A9DD1428}
2011-12-08 01:46 - 2011-12-08 01:46 - 0000000 ____D C:\Users\Edger\AppData\Local\{32887021-4D2E-431A-A22F-3DD6624E5E11}
2011-12-06 23:21 - 2011-12-06 23:21 - 0000000 ____D C:\Users\Edger\AppData\Local\{C7AAC8E2-E2BB-422F-BBB6-F71AEA3A094D}
2011-12-06 23:21 - 2011-12-06 23:21 - 0000000 ____D C:\Users\Edger\AppData\Local\{02786B79-141C-419D-B130-113D398A3B32}
2011-12-03 13:18 - 2011-12-03 13:18 - 0000000 ____D C:\Users\Edger\AppData\Local\{B0869C1E-8439-415A-97A5-7BD5821D773B}
2011-12-03 13:18 - 2011-12-03 13:18 - 0000000 ____D C:\Users\Edger\AppData\Local\{3D3A760D-EDAC-43F5-B5E6-D8BFE2D413FF}
2011-12-03 10:08 - 2011-12-03 10:08 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-12-03 10:08 - 2011-12-03 10:08 - 0000803 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2011-12-03 10:07 - 2011-12-03 10:07 - 0499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-12-01 22:10 - 2011-12-01 22:10 - 3590740 ____A C:\Users\Edger\Desktop\suit-hand-final.jpg
2011-12-01 21:25 - 2011-12-01 21:26 - 6291476 ____A C:\Users\Edger\Downloads\wnr854t_1_4_19_for_na_only.img
2011-12-01 03:32 - 2011-12-01 03:32 - 2697541 ____A C:\Users\Edger\Desktop\jacket2.jpg
2011-12-01 03:12 - 2011-12-01 03:12 - 2361916 ____A C:\Users\Edger\Desktop\suit-3.jpg
2011-12-01 03:01 - 2011-12-24 19:25 - 1973834 ____A C:\Users\Edger\Desktop\suit smile.jpg
2011-12-01 02:57 - 2011-12-01 02:57 - 4558598 ____A C:\Users\Edger\Desktop\suit-2.jpg
2011-12-01 01:31 - 2011-12-01 01:31 - 2112391 ____A C:\Users\Edger\Desktop\me-in-suit.jpg
2011-12-01 01:21 - 2011-12-01 01:32 - 232647600 ____A C:\Users\Edger\Desktop\IMG_8104.psd


============ 3 Months Modified Files and Folders =============

2011-12-31 11:28 - 2011-12-31 11:28 - 0000000 ____D C:\FRST
2011-12-31 11:21 - 2011-12-29 08:21 - 0000560 ____A C:\Windows\error.log
2011-12-31 11:21 - 2011-06-12 13:57 - 1461418 ____A C:\Windows\WindowsUpdate.log
2011-12-31 11:21 - 2009-11-22 15:25 - 0061736 ____A C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
2011-12-31 11:21 - 2009-11-22 15:25 - 0061736 ____A C:\Windows\System32\BMXState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
2011-12-31 11:21 - 2009-11-22 15:25 - 0000788 ____A C:\Windows\System32\DVCState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
2011-12-31 11:21 - 2006-11-02 07:42 - 0032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-31 11:21 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-31 11:21 - 2006-11-02 07:22 - 0004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-31 11:21 - 2006-11-02 07:22 - 0004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-31 10:42 - 2006-11-02 04:46 - 0807466 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-31 10:36 - 2011-10-26 00:58 - 0034901 ____A C:\ProgramData\nvModes.dat
2011-12-31 10:36 - 2011-10-26 00:58 - 0034901 ____A C:\ProgramData\nvModes.001
2011-12-31 10:35 - 2008-03-31 19:58 - 0000000 ____D C:\ProgramData\NVIDIA
2011-12-31 10:34 - 2011-12-29 22:20 - 0301846 ____A C:\Windows\Minidump\Mini123111-01.dmp
2011-12-31 10:34 - 2011-12-29 08:23 - 0002106 ____A C:\Windows\errord.log
2011-12-31 10:34 - 2008-04-29 17:54 - 0000000 ____D C:\Windows\Minidump
2011-12-31 10:30 - 2011-12-31 10:30 - 0143552 ____A C:\Users\gff\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____D C:\Users\gff\AppData\Roaming\Stardock
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____D C:\Users\gff\AppData\Roaming\Real
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____D C:\Users\gff\AppData\Local\NVIDIA Corporation
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____A C:\Windows\setuperr.log
2011-12-31 10:30 - 2011-12-31 10:30 - 0000000 ____A C:\Windows\setupact.log
2011-12-31 10:30 - 2011-12-29 00:46 - 0000000 ____D C:\users\gff
2011-12-31 10:29 - 2010-03-16 13:28 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811709968-3376817306-1099000252-1000UA.job
2011-12-31 10:19 - 2011-02-21 02:32 - 0000000 ____D C:\Users\Edger\Documents\Vuze Downloads
2011-12-31 10:14 - 2011-07-25 01:25 - 0000000 ____D C:\users\UpdatusUser
2011-12-31 10:11 - 2008-03-31 17:59 - 0000000 ____D C:\users\Edger
2011-12-31 10:10 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2011-12-30 18:58 - 2011-12-29 22:41 - 0000000 ____D C:\Windows\Microsoft Antimalware
2011-12-30 18:36 - 2011-12-29 01:15 - 0000000 ____D C:\Users\gff\AppData\LocalLow
2011-12-30 18:36 - 2011-10-20 23:49 - 0000000 ____D C:\users\Guest
2011-12-30 18:36 - 2011-02-21 02:26 - 0000000 ____D C:\Users\Edger\AppData\Roaming\Azureus
2011-12-30 18:36 - 2010-12-21 23:34 - 0000000 ____D C:\users\Mcx2
2011-12-30 18:36 - 2009-03-01 13:12 - 0000000 ____D C:\users\Mcx1
2011-12-30 18:36 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2011-12-30 18:36 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2011-12-30 18:36 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-12-30 18:36 - 2006-11-02 04:33 - 42467328 ____A C:\Windows\System32\config\system_previous
2011-12-30 18:36 - 2006-11-02 04:33 - 125042688 ____A C:\Windows\System32\config\software_previous
2011-12-30 18:35 - 2009-11-18 16:55 - 0000000 ____D C:\ProgramData\Real
2011-12-30 18:35 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2011-12-30 18:34 - 2011-12-29 00:50 - 0000000 ____D C:\Users\gff\AppData\Roaming\Malwarebytes
2011-12-30 18:27 - 2006-11-02 04:33 - 56360960 ____A C:\Windows\System32\config\components_previous
2011-12-30 18:27 - 2006-11-02 04:33 - 4718592 ____A C:\Windows\System32\config\default_previous
2011-12-30 18:27 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2011-12-30 18:25 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2011-12-30 16:48 - 2011-12-29 00:46 - 0000000 ____D C:\users\gff(82)
2011-12-29 22:41 - 2011-12-29 22:41 - 0000000 ____D C:\Windows\Windows Defender Offline
2011-12-29 08:23 - 2011-12-29 08:23 - 0000744 ____A C:\Windows\PFRO.log
2011-12-29 03:08 - 2008-03-31 19:44 - 0000000 ____D C:\Users\Edger\AppData\Roaming\Winamp
2011-12-29 03:02 - 2011-02-21 02:25 - 0000000 ____D C:\Program Files (x86)\Vuze
2011-12-29 01:43 - 2011-01-28 18:22 - 0001945 ____A C:\Windows\epplauncher.mif
2011-12-29 01:42 - 2011-12-29 01:42 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-12-29 01:42 - 2011-12-29 01:40 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-12-29 01:42 - 2008-07-10 01:41 - 0822314 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-12-29 01:29 - 2011-10-08 00:28 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811709968-3376817306-1099000252-1000Core1cc85944f42f158.job
2011-12-29 01:24 - 2011-12-21 01:19 - 0301902 ____A C:\Windows\Minidump\Mini122911-01.dmp
2011-12-29 01:17 - 2011-12-29 01:17 - 0001874 ____A C:\Users\gff\Desktop\Customize Fences.lnk
2011-12-29 01:16 - 2011-12-29 01:16 - 0000174 __ASH C:\Users\gff\Start Menu\Programs\Startup\desktop.ini
2011-12-29 01:16 - 2011-12-29 01:16 - 0000174 __ASH C:\Users\gff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-29 01:04 - 2011-12-29 00:37 - 0214042 ____A C:\Windows\ntbtlog.txt
2011-12-29 00:56 - 2011-12-29 00:59 - 0000610 ____A C:\Users\Edger\Desktop\UnHookExec.inf
2011-12-29 00:51 - 2010-03-24 01:10 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-29 00:46 - 2011-12-29 00:46 - 0000020 ___SH C:\Users\gff\ntuser.ini
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Templates
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Start Menu
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\PrintHood
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\NetHood
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\My Documents
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Documents\My Videos
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Documents\My Pictures
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\Documents\My Music
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\AppData\Local\Temporary Internet Files
2011-12-29 00:46 - 2011-12-29 00:46 - 0000000 __SHD C:\Users\gff\AppData\Local\History
2011-12-29 00:46 - 2006-11-02 05:32 - 0000000 __SHD C:\$Recycle.Bin
2011-12-29 00:41 - 2011-12-29 00:49 - 0000880 ____A C:\Users\gff\Desktop\exe.reg
2011-12-29 00:28 - 2011-12-29 00:49 - 0000278 ____A C:\Users\gff\Desktop\exefix_cu.reg
2011-12-29 00:17 - 2011-12-29 00:08 - 0003298 __ASH C:\Users\Edger\AppData\Local\h2gupxtuef253afy
2011-12-29 00:17 - 2011-12-29 00:08 - 0003298 __ASH C:\ProgramData\h2gupxtuef253afy
2011-12-29 00:15 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-12-29 00:08 - 2011-12-29 00:08 - 0000000 ____D C:\Windows\system64
2011-12-29 00:08 - 2008-06-25 11:54 - 0002032 ____A C:\Users\Edger\AppData\Local\d3d9caps.dat
2011-12-28 23:57 - 2006-11-02 07:21 - 3082696 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-28 23:55 - 2011-12-21 01:19 - 0301902 ____A C:\Windows\Minidump\Mini122811-01.dmp
2011-12-28 09:03 - 2008-03-31 20:43 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-28 08:53 - 2006-11-02 04:35 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-12-27 22:05 - 2011-12-21 01:19 - 0301902 ____A C:\Windows\Minidump\Mini122711-01.dmp
2011-12-27 01:02 - 2009-04-05 10:14 - 0000000 ____D C:\Program Files\Windows Live
2011-12-27 01:02 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-27 01:01 - 2008-05-01 21:57 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-12-26 23:55 - 2011-12-26 23:55 - 0000000 ____D C:\Users\Edger\AppData\Local\{EF64DB64-F0C8-4BFE-97F3-E73B46126C41}
2011-12-26 23:55 - 2011-12-26 23:55 - 0000000 ____D C:\Users\Edger\AppData\Local\{AB7F1BE5-C906-4BF9-99AC-10E18672850E}
2011-12-25 02:51 - 2011-12-25 02:51 - 3395653 ____A C:\Users\Edger\Desktop\mimi-and-me.jpg
2011-12-25 02:28 - 2011-12-25 02:28 - 4201070 ____A C:\Users\Edger\Desktop\mimi and me.JPG
2011-12-25 02:20 - 2011-02-03 15:09 - 0000000 ____D C:\Users\Edger\Desktop\Desktop Crap
2011-12-24 20:00 - 2011-12-24 20:00 - 5346786 ____A C:\Users\Edger\Documents\creation vby me.wav
2011-12-24 20:00 - 2011-12-24 20:00 - 0052294 ____A C:\Users\Edger\Documents\creation vby me.pk
2011-12-24 19:25 - 2011-12-01 03:01 - 1973834 ____A C:\Users\Edger\Desktop\suit smile.jpg
2011-12-24 14:22 - 2011-12-24 14:22 - 0000000 ____D C:\Users\Edger\AppData\Local\{5EEA50E9-F61F-46D2-BFC8-32F6B4106884}
2011-12-24 14:21 - 2011-12-24 14:21 - 0000000 ____D C:\Users\Edger\AppData\Local\{932EF23F-6586-4B7D-8CEC-760BAA0CCDFF}
2011-12-23 22:14 - 2008-03-31 18:20 - 0035328 ____A C:\Users\Edger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-22 18:02 - 2011-12-22 18:02 - 0000000 ____D C:\Users\Edger\AppData\Local\{A76B377E-E8DC-4FF8-A1BB-AAA4112186CE}
2011-12-22 18:02 - 2011-12-22 18:02 - 0000000 ____D C:\Users\Edger\AppData\Local\{87BF5644-32D0-4A87-B574-9BC38AF493A1}
2011-12-22 00:54 - 2011-11-29 01:55 - 0002845 ____A C:\Users\Edger\Desktop\arte.css
2011-12-22 00:09 - 2011-12-22 00:09 - 0000000 ____D C:\Users\Edger\AppData\Local\{5A605FD6-10E2-4245-8AE6-E6D28C5BBADB}
2011-12-22 00:09 - 2011-12-22 00:09 - 0000000 ____D C:\Users\Edger\AppData\Local\{226DE875-84BA-4CE5-AB5D-52C0CC2B688B}
2011-12-21 15:12 - 2006-11-02 07:07 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-12-21 13:24 - 2011-06-28 09:18 - 0000815 ____A C:\Users\Edger\Desktop\japanese lessons.txt
2011-12-17 16:37 - 2011-12-17 16:37 - 0000000 ____D C:\Users\Edger\AppData\Local\{42C9675F-53AF-4624-99B7-18A9AB7F38C0}
2011-12-17 16:37 - 2011-12-17 16:37 - 0000000 ____D C:\Users\Edger\AppData\Local\{3730DF8C-8B96-4481-81D0-E75B296DBCAA}
2011-12-16 01:39 - 2006-11-02 05:33 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-12-16 01:37 - 2010-06-13 22:06 - 0000000 ____D C:\ProgramData\DivX
2011-12-16 01:37 - 2008-08-01 02:08 - 0000000 ____D C:\Program Files (x86)\DivX
2011-12-16 01:35 - 2010-06-13 22:10 - 0000000 ____D C:\Program Files\DivX
2011-12-16 01:32 - 2011-04-07 01:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-12-15 23:41 - 2011-10-26 01:36 - 0001948 ____A C:\Users\Public\Desktop\Lightroom 3.5 64-bit.lnk
2011-12-14 08:41 - 2011-12-14 08:41 - 0000000 ____D C:\Users\Edger\AppData\Local\{B0442CFE-CB69-40BD-8EC2-E2BDEAF96A37}
2011-12-14 08:41 - 2011-12-14 08:41 - 0000000 ____D C:\Users\Edger\AppData\Local\{3BB4ED68-ADE9-4D8B-B2DA-4A7C964D6688}
2011-12-12 22:41 - 2011-12-12 00:42 - 0000000 ____D C:\Users\Edger\Desktop\ebay
2011-12-10 15:24 - 2010-03-24 01:10 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 22:10 - 2011-12-08 22:10 - 0000000 ____D C:\Users\Edger\AppData\Local\{FB5F377E-AF45-4409-9EBC-3EB50117DE64}
2011-12-08 22:10 - 2011-12-08 22:09 - 0000000 ____D C:\Users\Edger\AppData\Local\{E68598C5-D50C-4A49-8B25-D8945CBA7AEF}
2011-12-08 22:03 - 2011-12-08 22:03 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-08 22:03 - 2011-05-19 23:42 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-08 01:46 - 2011-12-08 01:46 - 0000000 ____D C:\Users\Edger\AppData\Local\{A5722244-272E-4CE9-858C-2184A9DD1428}
2011-12-08 01:46 - 2011-12-08 01:46 - 0000000 ____D C:\Users\Edger\AppData\Local\{32887021-4D2E-431A-A22F-3DD6624E5E11}
2011-12-06 23:21 - 2011-12-06 23:21 - 0000000 ____D C:\Users\Edger\AppData\Local\{C7AAC8E2-E2BB-422F-BBB6-F71AEA3A094D}
2011-12-06 23:21 - 2011-12-06 23:21 - 0000000 ____D C:\Users\Edger\AppData\Local\{02786B79-141C-419D-B130-113D398A3B32}
2011-12-03 13:18 - 2011-12-03 13:18 - 0000000 ____D C:\Users\Edger\AppData\Local\{B0869C1E-8439-415A-97A5-7BD5821D773B}
2011-12-03 13:18 - 2011-12-03 13:18 - 0000000 ____D C:\Users\Edger\AppData\Local\{3D3A760D-EDAC-43F5-B5E6-D8BFE2D413FF}
2011-12-03 10:09 - 2008-10-12 16:17 - 0000000 ____D C:\Users\Edger\AppData\Roaming\Real
2011-12-03 10:08 - 2011-12-03 10:08 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-12-03 10:08 - 2011-12-03 10:08 - 0000803 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2011-12-03 10:07 - 2011-12-03 10:07 - 0499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-12-03 10:07 - 2011-12-03 10:07 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-12-01 22:10 - 2011-12-01 22:10 - 3590740 ____A C:\Users\Edger\Desktop\suit-hand-final.jpg
2011-12-01 21:26 - 2011-12-01 21:25 - 6291476 ____A C:\Users\Edger\Downloads\wnr854t_1_4_19_for_na_only.img
2011-12-01 19:56 - 2008-03-31 18:01 - 0143552 ____A C:\Users\Edger\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-01 03:32 - 2011-12-01 03:32 - 2697541 ____A C:\Users\Edger\Desktop\jacket2.jpg
2011-12-01 03:12 - 2011-12-01 03:12 - 2361916 ____A C:\Users\Edger\Desktop\suit-3.jpg
2011-12-01 02:57 - 2011-12-01 02:57 - 4558598 ____A C:\Users\Edger\Desktop\suit-2.jpg
2011-12-01 01:32 - 2011-12-01 01:21 - 232647600 ____A C:\Users\Edger\Desktop\IMG_8104.psd
2011-12-01 01:31 - 2011-12-01 01:31 - 2112391 ____A C:\Users\Edger\Desktop\me-in-suit.jpg
2011-11-29 01:50 - 2011-11-29 01:50 - 0008675 ____A C:\Users\Edger\Documents\arte fixed code with ccs.txt
2011-11-29 00:20 - 2011-11-29 00:20 - 0168046 ____A C:\Users\Edger\Desktop\arte_americas_membership_form.pdf
2011-11-29 00:12 - 2011-03-21 00:49 - 1899473 ____A C:\Users\Edger\Desktop\galleries.psd
2011-11-28 23:59 - 2011-11-28 23:59 - 0036358 ____A C:\Users\Edger\Desktop\galleries_main.jpg
2011-11-28 22:34 - 2011-11-28 22:34 - 0008316 ____A C:\Users\Edger\Documents\arteamericas_homepage_6tabs_backup2011.html
2011-11-28 22:17 - 2011-11-28 22:17 - 0000000 ____D C:\Users\Edger\AppData\Local\{9AC6C2B4-9877-4D3E-9814-7533A6F2794D}
2011-11-28 22:17 - 2011-11-28 22:17 - 0000000 ____D C:\Users\Edger\AppData\Local\{8599C4BF-4FD0-4922-854F-8789314E035A}
2011-11-27 14:59 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-26 15:29 - 2011-11-26 02:14 - 0000000 ____D C:\Users\Edger\Desktop\16GB card
2011-11-26 03:06 - 2011-11-26 03:06 - 0000000 ____D C:\Windows\Options
2011-11-26 03:06 - 2008-03-31 19:06 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-11-26 03:05 - 2011-11-26 03:05 - 0000000 ____D C:\ProgramData\TP-LINK
2011-11-26 03:04 - 2011-06-14 03:51 - 0000000 ____D C:\Users\Edger\Desktop\New Folder
2011-11-26 01:50 - 2011-11-26 01:42 - 0000000 ____D C:\Users\Edger\.roescache
2011-11-26 01:42 - 2011-11-26 01:42 - 0000000 ____D C:\Users\Edger\.HornPhoto
2011-11-25 21:18 - 2008-03-31 19:38 - 0000000 ____D C:\ProgramData\Roxio
2011-11-23 05:57 - 2011-12-15 12:31 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-15 14:29 - 2009-10-04 16:53 - 0270720 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-11-11 10:24 - 2011-11-11 10:24 - 0219989 ____A C:\Users\Edger\Desktop\pool.jpg
2011-11-09 15:48 - 2010-12-05 15:42 - 0000000 ____D C:\minint
2011-11-08 06:58 - 2011-12-15 12:31 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-08 06:42 - 2011-12-15 12:31 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-06 11:31 - 2011-11-06 11:30 - 4710435 ____A C:\Users\Edger\Desktop\EOS20DIM-EN.pdf
2011-11-04 22:38 - 2011-10-29 17:23 - 0000000 ____D C:\Program Files (x86)\BreezeSys
2011-11-04 00:22 - 2011-11-04 00:22 - 0000000 ____D C:\Users\Edger\AppData\Local\{8984CFBB-DAA5-4706-A054-55F8BE88ED4B}
2011-11-04 00:22 - 2011-11-04 00:22 - 0000000 ____D C:\Users\Edger\AppData\Local\{57A35232-E38C-475B-8FE1-98572FA49611}
2011-11-03 18:38 - 2011-12-28 08:46 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 17:59 - 2011-12-28 08:46 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 17:53 - 2011-12-28 08:46 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 17:46 - 2011-12-28 08:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 17:44 - 2011-12-28 08:46 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 17:44 - 2011-12-28 08:46 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 17:43 - 2011-12-28 08:46 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 17:41 - 2011-12-28 08:46 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 17:39 - 2011-12-28 08:46 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 17:36 - 2011-12-28 08:46 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 17:35 - 2011-12-28 08:46 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 17:34 - 2011-12-28 08:46 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 17:30 - 2011-12-28 08:46 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 15:02 - 2011-12-28 08:46 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 14:47 - 2011-12-28 08:46 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 14:46 - 2011-12-28 08:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 14:40 - 2011-12-28 08:46 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 14:40 - 2011-12-28 08:46 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 14:39 - 2011-12-28 08:46 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 14:38 - 2011-12-28 08:46 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 14:37 - 2011-12-28 08:46 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 14:34 - 2011-12-28 08:46 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 14:32 - 2011-12-28 08:46 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 14:32 - 2011-12-28 08:46 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 14:31 - 2011-12-28 08:46 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 14:28 - 2011-12-28 08:46 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-30 23:59 - 2011-10-30 03:41 - 0000000 ____D C:\Users\Edger\Desktop\halloween 2011 pics
2011-10-30 11:30 - 2011-10-30 11:30 - 3896969 ____A C:\Users\Edger\Desktop\tamron rebate.pdf
2011-10-29 17:27 - 2011-10-29 17:27 - 0000138 ___AH C:\breezebrowser.dat
2011-10-29 16:51 - 2011-10-29 16:51 - 34784568 ____A (CANON INC.) C:\Users\Edger\Downloads\eu261en.exe
2011-10-26 22:55 - 2011-10-26 22:55 - 0000000 ____D C:\Users\Edger\AppData\Local\{D912376D-E043-4402-A1C2-96A9219DF3A6}
2011-10-26 22:55 - 2011-10-26 22:55 - 0000000 ____D C:\Users\Edger\AppData\Local\{80504A81-89F3-48CF-835D-1FE7566833E7}
2011-10-26 01:35 - 2011-07-17 02:32 - 0000000 ____D C:\Program Files\Adobe
2011-10-26 00:32 - 2008-06-29 13:24 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2011-10-26 00:24 - 2008-04-29 18:22 - 0000000 ____D C:\Windows\Panther
2011-10-26 00:22 - 2011-07-11 04:13 - 0000000 ____D C:\Users\Edger\Desktop\Gutierrez family gig
2011-10-26 00:22 - 2008-06-25 11:53 - 0002188 ____A C:\Users\Edger\AppData\Local\d3d9caps64.dat
2011-10-26 00:14 - 2010-01-01 21:55 - 0000000 ____D C:\Program Files (x86)\CCleaner
2011-10-25 08:09 - 2011-12-15 12:31 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-24 20:46 - 2008-10-13 00:02 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-10-23 10:30 - 2011-10-23 10:30 - 0000108 ____A C:\Windows\WFT-E2Utility.INI
2011-10-22 08:33 - 2011-10-22 08:33 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2011-10-22 08:33 - 2011-10-22 08:33 - 0000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2011-10-22 01:12 - 2011-10-21 19:24 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Winamp
2011-10-20 23:53 - 2011-10-20 23:53 - 0143552 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-20 23:53 - 2011-10-20 23:53 - 0001874 ____A C:\Users\Guest\Desktop\Customize Fences.lnk
2011-10-20 23:53 - 2011-10-20 23:53 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Stardock
2011-10-20 23:53 - 2011-10-20 23:53 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Real
2011-10-20 23:53 - 2011-10-20 23:53 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2011-10-20 23:53 - 2011-10-20 23:53 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2011-10-20 23:53 - 2011-10-20 23:51 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2011-10-20 23:52 - 2011-10-20 23:51 - 0000174 __ASH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2011-10-20 23:52 - 2011-10-20 23:51 - 0000174 __ASH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-10-20 23:50 - 2011-10-20 23:50 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\Templates
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\Start Menu
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\PrintHood
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\NetHood
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\My Documents
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2011-10-20 23:50 - 2011-10-20 23:50 - 0000000 ____D C:\Users\Guest\AppData\Local\NVIDIA Corporation
2011-10-20 15:26 - 2011-10-20 15:26 - 0094208 ____A (DivX, Inc.) C:\Windows\SysWOW64\dpl100.dll
2011-10-14 09:30 - 2011-12-15 12:31 - 0559616 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-14 08:02 - 2011-12-15 12:31 - 0429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-10 20:36 - 2011-10-10 20:36 - 0000000 ____D C:\Users\Edger\AppData\Local\{98055B76-8664-485D-9A9E-E5284CAFC3E6}
2011-10-10 20:36 - 2011-10-10 20:36 - 0000000 ____D C:\Users\Edger\AppData\Local\{6871996E-E766-43D1-8BD4-E41AC05CE337}
2011-10-10 14:00 - 2011-10-10 14:00 - 0016053 ____A C:\Users\Edger\Desktop\hs_err_pid4860.log
2011-10-10 14:00 - 2011-10-10 14:00 - 0015785 ____A C:\Users\Edger\Desktop\hs_err_pid4828.log
2011-10-10 13:52 - 2011-10-10 13:52 - 0015820 ____A C:\Users\Edger\Desktop\hs_err_pid6132.log
2011-10-10 13:51 - 2011-10-10 13:51 - 0015924 ____A C:\Users\Edger\Desktop\hs_err_pid6568.log
2011-10-10 13:51 - 2011-10-10 13:51 - 0015913 ____A C:\Users\Edger\Desktop\hs_err_pid3048.log
2011-10-08 12:19 - 2010-01-29 05:25 - 0000039 ____A C:\Windows\vbaddin.ini
2011-10-08 11:41 - 2011-10-08 11:41 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-10-08 09:58 - 2011-10-08 09:57 - 0000000 ____D C:\Users\Edger\AppData\Local\{35DCDADA-2559-48CC-8038-B7C4036518AC}
2011-10-08 09:57 - 2011-10-08 09:57 - 0000000 ____D C:\Users\Edger\AppData\Local\{1ACFF7FC-CD98-447D-AC51-906A783472E8}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 7678.31 MB
Available physical RAM: 6867.47 MB
Total Pagefile: 7303.49 MB
Available Pagefile: 6848.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Windows Vista) (Fixed) (Total:111.78 GB) (Free:3.4 GB) NTFS
2 Drive d: () (Fixed) (Total:74.53 GB) (Free:4.79 GB) NTFS ==>[Drive with boot components]
4 Drive f: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
5 Drive g: (MSSS_Media64) (Removable) (Total:0.97 GB) (Free:0.69 GB) NTFS ==>[Drive with boot components]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B
Disk 1 Online 37 GB 10 MB
Disk 2 Online 112 GB 8 MB
Disk 3 Online 989 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB

Disk: 0
Partition 1
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 75 GB Healthy

==========================================================

Last Boot: 2011-12-31 11:21

======================= End Of Log ==========================

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:56 AM

Posted 31 December 2011 - 03:37 PM

Download the enclosed file. [attachment=115670:fixlist.txt]

Save it in the flash drive.

Run FRST as you did before, except that this time around click on the fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. If successful, run Combofix as follows:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 link_0587

link_0587
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 31 December 2011 - 06:24 PM

You are a genius! I am back inside again, and will proceed to use combofix now. Thank you so much for your help. I will also update to SP2 as soon as everything is complete. Thank you very much again

-Fix result of Farbars's Recovery Tool (FRST written

by farbar Version 2.3.0)
Ran by Edger at 2011-12-31 15:19:04 R:1
Running from H:\

==============================================

HKEY_USERS\Mcx1\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon\\Shell Value deleted

successfully.
HKEY_USERS\Mcx2\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon\\Shell Value deleted

successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001

\Control\Session Manager\SubSystems\\Windows Value

was restored.
C:\Users\Edger\AppData\Local\h2gupxtuef253afy moved

successfully.
C:\ProgramData\h2gupxtuef253afy moved successfully.
C:\Windows\system64 moved successfully.

==== End of Fixlog ====

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:56 AM

Posted 31 December 2011 - 08:23 PM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:56 AM

Posted 11 January 2012 - 09:56 PM

Are we still on?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:56 AM

Posted 10 March 2012 - 07:17 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users