Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Window 7 can't start many programs after removing virues?


  • This topic is locked This topic is locked
20 replies to this topic

#1 audioworm

audioworm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 02 February 2012 - 03:58 PM

Hi, I am new here and sorry for my English. Yesterday I was on my computer and AVG detected some threats and I removed it. After that I can't start many programs like firefox, anti virus programs, system restore to factory state ( Only system restore to previous time works), and my video games etc.
I can run only run Internet explorer 64 bit and some other program like solitude card game, notepad, ccleaner (that is strange because i cant open AVG or Ad aware)

I did try system restore but it did not fix the problem. I tried open scanner but they wont open. Sometimes window explorer wont open on startup and all i got was a blackscreen with the mousepointer. Many of my startup program has stopped and my cpu usage is around 1-2 % unlike the 7-13% on usual startup. That is all the symptoms i can identify now.
If anyone can help me I would appriciate alots, thank you.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 PM

Posted 02 February 2012 - 05:27 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 audioworm

audioworm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 02 February 2012 - 06:51 PM

Hi, thank you for your reply Budapest

I followed the guide you gave me and this is what happened

1- Starting at step 6: I downloaded defogger but when i tried to run it, the black box appeared for a fraction of second then disspeared. I tried it again and the same thing happens.

2-I skipped to step 7: I downloaded the dds thing and tried to open, but this time nothing happen, not even the black box. All i got was a "user account control" box that asked me for permission and when i click ok, the waiting circle appeared next to the pointer then it stopped. That is also a problem that i forgot to add in my original post. Besides unable to open programs like AVG, Adaware, firefox,etc, I also cannot install anything. The program just won't open.

3-So I skipped to step 8: It wants me to download Gmer which only work in 32 bit and my 64 bit so i skiped this one too.

The last two steps is what I am doing now

Bottom line is my computer cannot open or install any of the programs above. Thank you for your reply and i hope to hear your instruction again.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 03 February 2012 - 10:31 AM

Hello audioworm,

Welcome to this forum. I see the system is pretty unresponsive and you can't even open AVG to see the logs and tell me what it removed. We need to dig deeper to remove the malware.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 audioworm

audioworm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 03 February 2012 - 12:55 PM

Hello Farbar

First of all, I want to thank you for taking your time helping me, and here is my log



Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 09:38:54
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-11-29] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-14] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-14] (Intel Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-03-09] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-03-21] (IDT, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [13256 2010-11-10] (Microsoft)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1500528 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2415456 2011-12-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [197288 2011-11-14] (Lavasoft)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [892768 2011-12-18] ()
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187 192.168.1.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Tcpip\..\Interfaces\{79FE279F-A7BC-40B2-BAD5-C9214B868BB4}: [NameServer]10.2.64.1

==================== Services (Whitelisted) ======

2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [15296 2010-11-10] (Alienware)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [331608 2012-01-06] ()
2 HssSrv; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [363336 2012-01-04] (AnchorFree Inc.)
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-01-06] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-01-04] ()
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-09-13] (Intel Corporation)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-12-16] (Lavasoft Limited)
4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 SftService; "C:\Program Files (x86)\AlienRespawn\sftservice.EXE" [1692480 2011-08-18] (SoftThinks SAS)
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [244960 2011-10-25] ()
2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [869216 2011-12-18] ()
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)
0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [16752 2009-06-26] (Windows ® Win 7 DDK provider)
3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [56832 2011-11-23] (AnchorFree Inc.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-12-16] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-12-12] (Lavasoft AB)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [326760 2010-11-30] (Realtek Semiconductor Corp.)
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [37888 2011-11-23] (AnchorFree Inc)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-02 15:33 - 2012-02-02 15:33 - 0607260 ____A (Swearware) C:\Users\Kevin Tran\Desktop\dds.scr
2012-02-02 15:32 - 2012-02-02 15:32 - 0050477 ____A C:\Users\Kevin Tran\Desktop\Defogger.exe
2012-02-02 15:28 - 2012-02-02 15:28 - 0607260 ____A (Swearware) C:\Users\Guest\Desktop\dds.scr
2012-02-02 15:23 - 2012-02-02 15:23 - 0050477 ____A C:\Users\Guest\Desktop\Defogger.exe
2012-02-02 13:59 - 2012-02-02 13:59 - 0000000 ____D C:\$WINDOWS.~LS
2012-02-02 13:35 - 2012-02-03 09:39 - 0000000 ____D C:\FRST
2012-02-02 13:16 - 2012-02-02 14:10 - 0001908 ____A C:\Windows\diagwrn.xml
2012-02-02 13:16 - 2012-02-02 14:10 - 0001908 ____A C:\Windows\diagerr.xml
2012-02-02 12:34 - 2012-02-02 12:34 - 0007605 ____A C:\Users\Kevin Tran\Local Settings\Resmon.ResmonCfg
2012-02-02 12:34 - 2012-02-02 12:34 - 0007605 ____A C:\Users\Kevin Tran\Local Settings\Application Data\Resmon.ResmonCfg
2012-02-02 12:34 - 2012-02-02 12:34 - 0007605 ____A C:\Users\Kevin Tran\AppData\Local\Resmon.ResmonCfg
2012-02-02 12:17 - 2012-02-02 12:17 - 0074400 ____A C:\Users\Guest\Local Settings\GDIPFONTCACHEV1.DAT
2012-02-02 12:17 - 2012-02-02 12:17 - 0074400 ____A C:\Users\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-02-02 12:17 - 2012-02-02 12:17 - 0074400 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-02 12:16 - 2012-02-02 12:16 - 0000000 ____D C:\Users\Guest\Local Settings\Microsoft Games
2012-02-02 12:16 - 2012-02-02 12:16 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\Microsoft Games
2012-02-02 12:16 - 2012-02-02 12:16 - 0000000 ____D C:\Users\Guest\AppData\Local\Microsoft Games
2012-02-02 12:15 - 2012-02-02 12:15 - 0000402 __ASH C:\Users\Guest\My Documents\desktop.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Templates
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\NetHood
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents\My Videos
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents\My Pictures
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents\My Music
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\Temporary Internet Files
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\History
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\Application Data\Temporary Internet Files
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\Application Data\History
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\Local Settings\VirtualStore
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\VirtualStore
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\users\Guest
2012-02-02 12:15 - 2012-02-01 11:38 - 0000000 ____D C:\Users\Guest\Local Settings\SoftThinks
2012-02-02 12:15 - 2012-02-01 11:38 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\SoftThinks
2012-02-02 12:15 - 2012-02-01 11:38 - 0000000 ____D C:\Users\Guest\AppData\Local\SoftThinks
2012-02-02 12:15 - 2009-07-14 01:44 - 0000000 ____D C:\Users\Guest\Application Data\Media Center Programs
2012-02-02 12:15 - 2009-07-14 01:44 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2012-02-02 12:00 - 2012-02-02 12:00 - 0000886 ____A C:\Users\Kevin Tran\Desktop\exe_fix_w7.zip
2012-02-02 11:32 - 2012-02-03 09:27 - 0000780 ____A C:\Windows\setupact.log
2012-02-02 11:32 - 2012-02-02 13:54 - 0000000 ____A C:\Windows\setuperr.log
2012-02-02 11:30 - 2012-02-02 11:30 - 0004958 ____A C:\Users\Kevin Tran\Desktop\Default_REG.reg
2012-02-02 11:21 - 2012-02-02 11:21 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Apps\2.0
2012-02-02 11:17 - 2012-02-02 11:17 - 0005828 ____A C:\Users\Kevin Tran\Desktop\Default_EXE.reg
2012-02-02 09:32 - 2012-02-02 10:25 - 7490912 ____A (PortableApps.com) C:\Users\Kevin Tran\Desktop\ClamWinPortable_0.97.3_English.paf.exe
2012-02-02 09:32 - 2012-02-02 09:32 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-02-02 09:20 - 2011-11-17 00:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-02-02 09:20 - 2011-11-17 00:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-02-02 09:20 - 2011-11-17 00:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-02-02 09:20 - 2011-11-17 00:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-02-02 09:20 - 2011-11-17 00:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-02-02 09:20 - 2011-11-17 00:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-02-02 09:20 - 2011-11-17 00:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-02-02 09:20 - 2011-11-17 00:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-02-02 09:20 - 2011-11-17 00:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-02-02 09:20 - 2011-11-17 00:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-02-02 09:20 - 2011-11-16 23:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-02-02 09:20 - 2011-11-16 23:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-02-02 09:20 - 2011-11-16 23:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-02-02 09:20 - 2011-11-16 23:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-02-02 02:11 - 2009-07-13 19:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-01-31 19:36 - 2012-01-31 19:36 - 0410482 ____A C:\Users\Kevin Tran\Downloads\ff8fragccn.zip
2012-01-31 19:36 - 2012-01-31 19:36 - 0000000 ____D C:\Users\Kevin Tran\Downloads\ff8fragccn
2012-01-29 19:18 - 2012-01-29 19:18 - 12477871 ____A C:\Users\Kevin Tran\Desktop\Save 102 - Stealtha Windpeak Inn 112.16.36.ess
2012-01-27 23:50 - 2012-01-27 23:50 - 0000892 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-01-27 23:50 - 2012-01-27 23:50 - 0000892 ____A C:\Users\All Users\Desktop\Nexus Mod Manager.lnk
2012-01-24 15:57 - 2012-01-24 15:57 - 0684297 ____A C:\Users\Kevin Tran\Downloads\unhide.exe
2012-01-24 15:44 - 2012-01-24 15:44 - 2246048 ____A (Black Tree Gaming ) C:\Users\Kevin Tran\Downloads\Nexus Mod Manager-0.13.1.exe
2012-01-21 20:52 - 2012-01-21 20:52 - 0000000 ____D C:\Users\All Users\Samsung
2012-01-21 20:52 - 2012-01-21 20:52 - 0000000 ____D C:\Users\All Users\Application Data\Samsung
2012-01-21 20:52 - 2012-01-21 20:52 - 0000000 ____D C:\ProgramData\Samsung
2012-01-16 18:05 - 2012-01-16 18:05 - 0000000 ____D C:\Users\Kevin Tran\Downloads\SkyBoost_r3-6058-r3
2012-01-11 10:05 - 2011-11-19 08:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 10:05 - 2011-11-19 08:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 10:05 - 2011-11-17 00:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 10:05 - 2011-11-16 23:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 10:05 - 2011-10-25 23:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 10:05 - 2011-10-25 23:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 10:05 - 2011-10-25 22:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 10:05 - 2011-10-25 22:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-11 10:05 - 2011-10-13 23:31 - 0918528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-11 10:05 - 2011-10-13 22:24 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-10 09:44 - 2012-02-02 00:06 - 8592473 ____A C:\Users\Kevin Tran\Desktop\sheogorath.ess
2012-01-10 09:44 - 2012-02-01 22:27 - 8601544 ____A C:\Users\Kevin Tran\Desktop\sheogorath.ess.bak
2012-01-09 11:40 - 2012-01-09 11:40 - 0961019 ____A (Flash2X ) C:\Users\Kevin Tran\Downloads\flash_player_setup.exe
2012-01-09 11:40 - 2012-01-09 11:40 - 0000000 ____D C:\Program Files (x86)\Flash2X
2012-01-04 19:19 - 2012-01-04 19:19 - 0000000 ____D C:\Windows\System32\SPReview


============ 3 Months Modified Files and Folders =============

2012-02-03 09:39 - 2012-02-02 13:35 - 0000000 ____D C:\FRST
2012-02-03 09:29 - 2011-12-04 22:02 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-03 09:27 - 2012-02-02 11:32 - 0000780 ____A C:\Windows\setupact.log
2012-02-03 09:27 - 2011-12-02 22:47 - 0031616 ____A C:\aaw7boot.log
2012-02-03 09:27 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-03 09:24 - 2009-07-13 23:10 - 1341775 ____A C:\Windows\WindowsUpdate.log
2012-02-03 09:24 - 2009-07-13 22:45 - 0014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-03 09:24 - 2009-07-13 22:45 - 0014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-02 21:45 - 2009-07-13 23:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-02 21:04 - 2012-02-02 21:04 - 0003544 ____N C:\bootsqm.dat
2012-02-02 18:14 - 2011-12-04 22:02 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-02 15:33 - 2012-02-02 15:33 - 0607260 ____A (Swearware) C:\Users\Kevin Tran\Desktop\dds.scr
2012-02-02 15:32 - 2012-02-02 15:32 - 0050477 ____A C:\Users\Kevin Tran\Desktop\Defogger.exe
2012-02-02 15:28 - 2012-02-02 15:28 - 0607260 ____A (Swearware) C:\Users\Guest\Desktop\dds.scr
2012-02-02 15:23 - 2012-02-02 15:23 - 0050477 ____A C:\Users\Guest\Desktop\Defogger.exe
2012-02-02 14:10 - 2012-02-02 13:16 - 0001908 ____A C:\Windows\diagwrn.xml
2012-02-02 14:10 - 2012-02-02 13:16 - 0001908 ____A C:\Windows\diagerr.xml
2012-02-02 13:59 - 2012-02-02 13:59 - 0000000 ____D C:\$WINDOWS.~LS
2012-02-02 13:54 - 2012-02-02 11:32 - 0000000 ____A C:\Windows\setuperr.log
2012-02-02 12:34 - 2012-02-02 12:34 - 0007605 ____A C:\Users\Kevin Tran\Local Settings\Resmon.ResmonCfg
2012-02-02 12:34 - 2012-02-02 12:34 - 0007605 ____A C:\Users\Kevin Tran\Local Settings\Application Data\Resmon.ResmonCfg
2012-02-02 12:34 - 2012-02-02 12:34 - 0007605 ____A C:\Users\Kevin Tran\AppData\Local\Resmon.ResmonCfg
2012-02-02 12:17 - 2012-02-02 12:17 - 0074400 ____A C:\Users\Guest\Local Settings\GDIPFONTCACHEV1.DAT
2012-02-02 12:17 - 2012-02-02 12:17 - 0074400 ____A C:\Users\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-02-02 12:17 - 2012-02-02 12:17 - 0074400 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-02 12:16 - 2012-02-02 12:16 - 0000000 ____D C:\Users\Guest\Local Settings\Microsoft Games
2012-02-02 12:16 - 2012-02-02 12:16 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\Microsoft Games
2012-02-02 12:16 - 2012-02-02 12:16 - 0000000 ____D C:\Users\Guest\AppData\Local\Microsoft Games
2012-02-02 12:15 - 2012-02-02 12:15 - 0000402 __ASH C:\Users\Guest\My Documents\desktop.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Templates
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\NetHood
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents\My Videos
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents\My Pictures
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents\My Music
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\My Documents
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\Temporary Internet Files
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\History
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\Application Data\Temporary Internet Files
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Local Settings\Application Data\History
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\Local Settings\VirtualStore
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\VirtualStore
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-02-02 12:15 - 2012-02-02 12:15 - 0000000 ____D C:\users\Guest
2012-02-02 12:15 - 2011-11-30 23:51 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-02 12:00 - 2012-02-02 12:00 - 0000886 ____A C:\Users\Kevin Tran\Desktop\exe_fix_w7.zip
2012-02-02 11:30 - 2012-02-02 11:30 - 0004958 ____A C:\Users\Kevin Tran\Desktop\Default_REG.reg
2012-02-02 11:21 - 2012-02-02 11:21 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Apps\2.0
2012-02-02 11:17 - 2012-02-02 11:17 - 0005828 ____A C:\Users\Kevin Tran\Desktop\Default_EXE.reg
2012-02-02 10:27 - 2011-05-05 20:30 - 0000000 ____D C:\Program Files (x86)\Steam
2012-02-02 10:25 - 2012-02-02 09:32 - 7490912 ____A (PortableApps.com) C:\Users\Kevin Tran\Desktop\ClamWinPortable_0.97.3_English.paf.exe
2012-02-02 09:32 - 2012-02-02 09:32 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-02-02 09:17 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\My Documents\Nexus Mod Manager
2012-02-02 09:17 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Documents\Nexus Mod Manager
2012-02-02 09:12 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-02 09:11 - 2011-05-05 18:00 - 0000000 ____D C:\users\UpdatusUser
2012-02-02 09:06 - 2011-11-30 23:51 - 0000000 ____D C:\users\Kevin Tran
2012-02-02 02:11 - 2011-12-04 22:04 - 0000000 ____D C:\Program Files\CCleaner
2012-02-02 02:11 - 2011-12-02 20:31 - 0000000 ____D C:\Users\Kevin Tran\Desktop\Binaries_and_Source_Update_4-1013-1-4
2012-02-02 02:11 - 2011-12-02 13:40 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-02-02 02:11 - 2011-12-02 13:40 - 0000000 ____D C:\Users\All Users\AVG2012
2012-02-02 02:11 - 2011-12-02 13:40 - 0000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-02-02 02:11 - 2011-12-02 13:40 - 0000000 ____D C:\ProgramData\AVG2012
2012-02-02 02:11 - 2011-05-05 17:59 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-02-02 02:11 - 2011-05-05 17:59 - 0000000 ____D C:\Users\All Users\Application Data\NVIDIA
2012-02-02 02:11 - 2011-05-05 17:59 - 0000000 ____D C:\ProgramData\NVIDIA
2012-02-02 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-02 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration
2012-02-02 02:10 - 2011-12-13 13:37 - 0000000 ____D C:\Program Files (x86)\JDownloader
2012-02-02 02:10 - 2011-05-05 18:35 - 0000000 ____D C:\Program Files (x86)\AlienRespawn
2012-02-02 00:06 - 2012-01-10 09:44 - 8592473 ____A C:\Users\Kevin Tran\Desktop\sheogorath.ess
2012-02-01 22:27 - 2012-01-10 09:44 - 8601544 ____A C:\Users\Kevin Tran\Desktop\sheogorath.ess.bak
2012-02-01 19:04 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Skyrim
2012-02-01 19:04 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Skyrim
2012-02-01 19:04 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Skyrim
2012-02-01 11:38 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\Local Settings\SoftThinks
2012-02-01 11:38 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\SoftThinks
2012-02-01 11:38 - 2012-02-02 12:15 - 0000000 ____D C:\Users\Guest\AppData\Local\SoftThinks
2012-02-01 11:38 - 2011-05-05 18:50 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-02-01 11:38 - 2011-05-05 18:50 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-02-01 11:38 - 2011-05-05 18:50 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-02-01 11:38 - 2011-05-05 18:50 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-02-01 11:38 - 2011-05-05 18:50 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-02-01 11:38 - 2011-05-05 18:50 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-01-31 19:36 - 2012-01-31 19:36 - 0410482 ____A C:\Users\Kevin Tran\Downloads\ff8fragccn.zip
2012-01-31 19:36 - 2012-01-31 19:36 - 0000000 ____D C:\Users\Kevin Tran\Downloads\ff8fragccn
2012-01-29 19:18 - 2012-01-29 19:18 - 12477871 ____A C:\Users\Kevin Tran\Desktop\Save 102 - Stealtha Windpeak Inn 112.16.36.ess
2012-01-27 23:50 - 2012-01-27 23:50 - 0000892 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-01-27 23:50 - 2012-01-27 23:50 - 0000892 ____A C:\Users\All Users\Desktop\Nexus Mod Manager.lnk
2012-01-27 23:50 - 2011-11-30 23:57 - 0000000 ____D C:\Program Files\Nexus Mod Manager
2012-01-27 23:44 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\MFAData
2012-01-27 23:44 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2012-01-27 23:44 - 2011-11-30 23:57 - 0000000 ____D C:\ProgramData\MFAData
2012-01-27 23:38 - 2011-12-19 21:11 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-01-27 23:38 - 2011-12-19 21:11 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-01-27 23:37 - 2011-12-02 21:56 - 0000000 ____D C:\Users\All Users\Application Data\Ad-Aware Browsing Protection
2012-01-27 23:37 - 2011-12-02 21:56 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-01-27 23:37 - 2011-12-02 21:56 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-01-27 23:34 - 2009-07-14 01:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-01-26 01:06 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Warcraft III
2012-01-24 20:58 - 2011-12-25 12:16 - 0281032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-01-24 20:58 - 2011-12-16 17:36 - 0290496 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-01-24 20:58 - 2011-12-16 17:36 - 0281032 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-01-24 20:58 - 2011-12-16 17:36 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-24 16:30 - 2012-01-01 00:26 - 0000000 ____D C:\Users\Kevin Tran\Desktop\Masser Versions
2012-01-24 15:57 - 2012-01-24 15:57 - 0684297 ____A C:\Users\Kevin Tran\Downloads\unhide.exe
2012-01-24 15:45 - 2011-12-01 01:27 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Black_Tree_Gaming
2012-01-24 15:45 - 2011-12-01 01:27 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Black_Tree_Gaming
2012-01-24 15:45 - 2011-12-01 01:27 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Black_Tree_Gaming
2012-01-24 15:44 - 2012-01-24 15:44 - 2246048 ____A (Black Tree Gaming ) C:\Users\Kevin Tran\Downloads\Nexus Mod Manager-0.13.1.exe
2012-01-24 15:32 - 2011-12-04 12:48 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Conduit
2012-01-24 15:32 - 2011-12-04 12:48 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Conduit
2012-01-24 15:32 - 2011-12-04 12:48 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Conduit
2012-01-24 15:32 - 2011-12-04 12:48 - 0000000 ____D C:\Hotspot Shield
2012-01-24 15:32 - 2011-12-02 13:43 - 0000000 ____D C:\Users\Kevin Tran\Application Data\AVG2012
2012-01-24 15:32 - 2011-12-02 13:43 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\AVG2012
2012-01-24 15:32 - 2011-12-02 13:40 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-01-24 15:32 - 2011-12-01 00:46 - 0000000 ____D C:\Emergency
2012-01-24 15:32 - 2011-11-30 23:53 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Macrovision
2012-01-24 15:32 - 2011-11-30 23:53 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Macrovision
2012-01-24 15:32 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Creative
2012-01-24 15:32 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Creative
2012-01-24 15:32 - 2011-05-05 20:21 - 0000000 ____D C:\MFG
2012-01-24 15:31 - 2011-12-17 00:14 - 0000000 ____D C:\Users\Kevin Tran\My Documents\id Software
2012-01-24 15:31 - 2011-12-17 00:14 - 0000000 ____D C:\Users\Kevin Tran\Documents\id Software
2012-01-24 15:31 - 2011-12-16 02:10 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\PunkBuster
2012-01-24 15:31 - 2011-12-16 02:10 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\PunkBuster
2012-01-24 15:31 - 2011-12-16 02:10 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\PunkBuster
2012-01-24 15:31 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\My Documents\My Games
2012-01-24 15:31 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Documents\My Games
2012-01-24 15:31 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Mozilla
2012-01-24 15:31 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Mozilla
2012-01-24 15:31 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\VirtualStore
2012-01-24 15:31 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\VirtualStore
2012-01-24 15:31 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\AppData\LocalLow
2012-01-24 15:31 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\VirtualStore
2012-01-24 15:30 - 2011-12-17 00:14 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\id Software
2012-01-24 15:30 - 2011-12-17 00:14 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\id Software
2012-01-24 15:30 - 2011-12-17 00:14 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\id Software
2012-01-24 15:30 - 2011-12-03 03:12 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Adobe
2012-01-24 15:30 - 2011-12-03 03:12 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Adobe
2012-01-24 15:30 - 2011-12-03 03:12 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Adobe
2012-01-24 15:30 - 2011-12-02 13:20 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-24 15:30 - 2011-12-02 13:20 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-01-24 15:30 - 2011-12-02 13:20 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-24 15:30 - 2011-12-02 13:18 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Mozilla
2012-01-24 15:30 - 2011-12-02 13:18 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Mozilla
2012-01-24 15:30 - 2011-12-02 13:18 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Mozilla
2012-01-24 15:30 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Google
2012-01-24 15:30 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Google
2012-01-24 15:30 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Google
2012-01-21 20:52 - 2012-01-21 20:52 - 0000000 ____D C:\Users\All Users\Samsung
2012-01-21 20:52 - 2012-01-21 20:52 - 0000000 ____D C:\Users\All Users\Application Data\Samsung
2012-01-21 20:52 - 2012-01-21 20:52 - 0000000 ____D C:\ProgramData\Samsung
2012-01-17 10:03 - 2011-05-05 20:21 - 0000000 ____D C:\Windows\Panther
2012-01-16 18:05 - 2012-01-16 18:05 - 0000000 ____D C:\Users\Kevin Tran\Downloads\SkyBoost_r3-6058-r3
2012-01-14 16:04 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2012-01-12 09:22 - 2011-12-03 12:27 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-11 10:23 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Hotspot Shield
2012-01-09 11:40 - 2012-01-09 11:40 - 0961019 ____A (Flash2X ) C:\Users\Kevin Tran\Downloads\flash_player_setup.exe
2012-01-09 11:40 - 2012-01-09 11:40 - 0000000 ____D C:\Program Files (x86)\Flash2X
2012-01-09 09:28 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-06 23:43 - 2009-07-13 22:45 - 0319000 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-04 21:54 - 2011-05-05 18:41 - 0000000 ____D C:\Users\All Users\Sonic
2012-01-04 21:54 - 2011-05-05 18:41 - 0000000 ____D C:\Users\All Users\Application Data\Sonic
2012-01-04 21:54 - 2011-05-05 18:41 - 0000000 ____D C:\ProgramData\Sonic
2012-01-04 19:40 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-04 19:38 - 2011-11-30 23:51 - 0000402 __ASH C:\Users\Kevin Tran\My Documents\desktop.ini
2012-01-04 19:38 - 2011-11-30 23:51 - 0000174 ___SH C:\Users\Kevin Tran\Start Menu\Programs\Startup\desktop.ini
2012-01-04 19:38 - 2011-11-30 23:51 - 0000174 ___SH C:\Users\Kevin Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-04 19:32 - 2009-07-14 01:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-01-04 19:32 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\servicing
2012-01-04 19:32 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sppui
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\Setup
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-01-04 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-04 19:29 - 2009-07-13 20:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-01-04 19:29 - 2009-07-13 20:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-01-04 19:19 - 2012-01-04 19:19 - 0000000 ____D C:\Windows\System32\SPReview
2012-01-03 23:22 - 2012-01-03 23:17 - 105861120 ____A C:\Users\Kevin Tran\Downloads\ML-LEO3.avi
2012-01-01 16:00 - 2012-01-01 16:00 - 0000000 ____D C:\Users\Kevin Tran\My Backup Files
2012-01-01 16:00 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\SoftThinks
2012-01-01 16:00 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\SoftThinks
2012-01-01 16:00 - 2011-11-30 23:51 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\SoftThinks
2012-01-01 00:27 - 2012-01-01 00:26 - 0000000 ____D C:\Users\Kevin Tran\Downloads\Masser_Versions-51-2
2012-01-01 00:26 - 2012-01-01 00:26 - 4722013 ____A C:\Users\Kevin Tran\Desktop\Masser_Versions-51-2.rar
2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\Kevin Tran\Local Settings\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\Kevin Tran\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\All Users\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\All Users\Application Data\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
2011-12-30 20:09 - 2011-12-30 20:09 - 0000000 ____D C:\Users\Kevin Tran\Desktop\000AA931
2011-12-30 00:47 - 2011-12-30 00:47 - 0000000 ____D C:\Users\Kevin Tran\Downloads\Skyrim_Battle_Scripts_2_0-824-2-0
2011-12-30 00:46 - 2011-12-30 00:46 - 0048960 ____A C:\Users\Kevin Tran\Desktop\Skyrim_Battle_Scripts_2_0-824-2-0.rar
2011-12-28 00:12 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-25 17:29 - 2011-12-25 17:29 - 0001451 ____A C:\Users\Kevin Tran\Desktop\skyrim - Shortcut.lnk
2011-12-24 10:46 - 2011-11-30 23:51 - 0000060 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-12-18 19:53 - 2011-12-18 19:53 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2011-12-18 19:53 - 2011-12-18 19:53 - 0000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
2011-12-18 19:53 - 2011-12-18 19:53 - 0000000 ____D C:\ProgramData\AVG Secure Search
2011-12-17 16:30 - 2011-12-17 16:30 - 0000000 ____D C:\Users\Kevin Tran\Downloads\Cosmo Beginners Tonetics1
2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\313055a4m715j113g838v8avg1e3
2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\Kevin Tran\Local Settings\313055a4m715j113g838v8avg1e3
2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\Kevin Tran\AppData\Local\313055a4m715j113g838v8avg1e3
2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\All Users\Application Data\313055a4m715j113g838v8avg1e3
2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\All Users\313055a4m715j113g838v8avg1e3
2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\ProgramData\313055a4m715j113g838v8avg1e3
2011-12-17 14:44 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\Kevin Tran\Local Settings\xfspnw3u5ddu0apq5oxm1p687g8l
2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\xfspnw3u5ddu0apq5oxm1p687g8l
2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\Kevin Tran\AppData\Local\xfspnw3u5ddu0apq5oxm1p687g8l
2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\All Users\xfspnw3u5ddu0apq5oxm1p687g8l
2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\All Users\Application Data\xfspnw3u5ddu0apq5oxm1p687g8l
2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\ProgramData\xfspnw3u5ddu0apq5oxm1p687g8l
2011-12-17 00:07 - 2011-12-17 00:07 - 0794408 ____A C:\Windows\SysWOW64\pbsvc.exe
2011-12-17 00:07 - 2011-05-05 18:19 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2011-12-16 23:52 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Activision
2011-12-16 21:13 - 2011-12-17 18:34 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2011-12-16 21:10 - 2011-12-16 21:10 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\adaware
2011-12-16 21:10 - 2011-12-16 21:10 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\adaware
2011-12-16 21:10 - 2011-12-16 21:10 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\adaware
2011-12-16 21:10 - 2011-12-16 21:10 - 0000000 ____D C:\Program Files (x86)\adawaretb
2011-12-16 21:10 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-12-16 21:10 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Application Data\Lavasoft
2011-12-16 21:10 - 2011-11-30 23:57 - 0000000 ____D C:\ProgramData\Lavasoft
2011-12-16 19:27 - 2011-12-16 19:26 - 12407296 ____A C:\Users\Kevin Tran\Downloads\Ad-Aware96Install.msi
2011-12-16 02:10 - 2011-12-16 02:10 - 0000000 ____D C:\Users\Kevin Tran\Application Data\NVIDIA
2011-12-16 02:10 - 2011-12-16 02:10 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\NVIDIA
2011-12-15 23:50 - 2011-12-15 23:50 - 0000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
2011-12-15 23:49 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-15 20:49 - 2011-12-15 20:49 - 0000000 __SHD C:\Windows\ftpcache
2011-12-13 13:38 - 2011-12-13 13:38 - 0000000 ____D C:\Program Files (x86)\facemoods.com
2011-12-12 09:07 - 2011-12-16 21:10 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-12-10 14:24 - 2011-12-02 13:20 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-05 13:13 - 2011-12-05 13:13 - 0000000 ____D C:\Users\All Users\hssff
2011-12-05 13:13 - 2011-12-05 13:13 - 0000000 ____D C:\Users\All Users\Application Data\hssff
2011-12-05 13:13 - 2011-12-05 13:13 - 0000000 ____D C:\ProgramData\hssff
2011-12-04 22:04 - 2011-12-04 22:02 - 0000000 ____D C:\Program Files (x86)\Google
2011-12-04 13:25 - 2011-12-04 13:25 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Sunbelt Software
2011-12-04 13:25 - 2011-12-04 13:25 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Sunbelt Software
2011-12-04 13:25 - 2011-12-04 13:25 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Sunbelt Software
2011-12-04 12:48 - 2011-12-04 12:48 - 0000000 ____D C:\Program Files (x86)\Hotspot_Shield
2011-12-04 12:48 - 2011-12-04 12:48 - 0000000 ____D C:\Program Files (x86)\Conduit
2011-12-03 12:29 - 2011-12-03 12:29 - 0000000 ____D C:\Windows\System32\EventProviders
2011-12-03 11:49 - 2011-12-03 11:49 - 0000000 ____D C:\$AVG
2011-12-03 03:12 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Adobe
2011-12-03 03:12 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Adobe
2011-12-03 02:09 - 2011-12-03 02:09 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Real
2011-12-03 02:09 - 2011-12-03 02:09 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Real
2011-12-02 22:46 - 2011-12-02 22:46 - 0000000 ____D C:\Windows\pss
2011-12-02 22:01 - 2011-12-02 22:01 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-12-02 21:56 - 2011-12-02 21:56 - 0000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2011-12-02 21:52 - 2011-12-02 21:52 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-12-02 20:27 - 2011-12-02 20:27 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\Users\All Users\McAfee
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\ProgramData\McAfee
2011-12-02 20:27 - 2011-12-02 20:27 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2011-12-02 20:22 - 2011-12-02 20:22 - 0000000 ____D C:\Program Files (x86)\StartNow Toolbar
2011-12-02 20:22 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\WinRAR
2011-12-02 13:40 - 2011-12-02 13:40 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2011-12-02 13:40 - 2011-12-02 13:40 - 0000000 ____A C:\Users\All Users\I366MYYw.dat
2011-12-02 13:40 - 2011-12-02 13:40 - 0000000 ____A C:\Users\All Users\Application Data\I366MYYw.dat
2011-12-02 13:40 - 2011-12-02 13:40 - 0000000 ____A C:\ProgramData\I366MYYw.dat
2011-12-02 13:30 - 2011-12-02 13:30 - 0000000 ____D C:\Windows\system64
2011-12-02 13:13 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\SysWOW64\restore
2011-12-02 13:13 - 2009-07-13 21:20 - 0000000 ___RD C:\Users\Public\Libraries
2011-12-02 13:10 - 2011-05-05 19:52 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\642848a4e261h555q377q1bsx5b2
2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\Kevin Tran\Local Settings\642848a4e261h555q377q1bsx5b2
2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\Kevin Tran\AppData\Local\642848a4e261h555q377q1bsx5b2
2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\All Users\Application Data\642848a4e261h555q377q1bsx5b2
2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\All Users\642848a4e261h555q377q1bsx5b2
2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\ProgramData\642848a4e261h555q377q1bsx5b2
2011-12-02 03:10 - 2011-12-02 03:10 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2011-12-01 02:59 - 2011-12-01 02:57 - 0000000 ____D C:\Users\Kevin Tran\Application Data\WinRAR
2011-12-01 02:59 - 2011-12-01 02:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\WinRAR
2011-12-01 01:35 - 2011-12-01 01:35 - 0000000 ____D C:\Games
2011-12-01 00:58 - 2011-12-01 00:58 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Macromedia
2011-12-01 00:58 - 2011-12-01 00:58 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Macromedia
2011-12-01 00:47 - 2011-12-01 00:47 - 0000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk
2011-12-01 00:47 - 2011-12-01 00:47 - 0000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk
2011-12-01 00:19 - 2011-12-01 00:19 - 0000000 ____D C:\Windows\SMINST
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\My Documents\StarCraft II
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Application Data\Activision
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Local Settings\Activision
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Downloads\JDownloader
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Documents\StarCraft II
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Malwarebytes
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Malwarebytes
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\Kevin Tran\AppData\Local\Activision
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Application Data\Blizzard Entertainment
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-11-30 23:57 - 2011-11-30 23:57 - 0000000 ____D C:\ProgramData\AVAST Software
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files\AVAST Software
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Sanny Builder 3
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Call of Duty Game of the Year Edition
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\AVG
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent
2011-11-30 23:56 - 2011-11-30 23:56 - 0000000 ____D C:\Program Files (x86)\3DO
2011-11-30 23:53 - 2011-11-30 23:53 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Roxio Burn
2011-11-30 23:53 - 2011-11-30 23:53 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Roxio Burn
2011-11-30 23:52 - 2011-11-30 23:52 - 0074400 ____A C:\Users\Kevin Tran\Local Settings\GDIPFONTCACHEV1.DAT
2011-11-30 23:52 - 2011-11-30 23:52 - 0074400 ____A C:\Users\Kevin Tran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-11-30 23:52 - 2011-11-30 23:52 - 0074400 ____A C:\Users\Kevin Tran\AppData\Local\GDIPFONTCACHEV1.DAT
2011-11-30 23:52 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\My Documents\AlienFX
2011-11-30 23:52 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\Documents\AlienFX
2011-11-30 23:52 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Roxio
2011-11-30 23:52 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\Application Data\Intel Corporation
2011-11-30 23:52 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Roxio
2011-11-30 23:52 - 2011-11-30 23:52 - 0000000 ____D C:\Users\Kevin Tran\AppData\Roaming\Intel Corporation
2011-11-30 23:52 - 2011-05-05 18:00 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2011-11-30 23:51 - 2011-11-30 23:51 - 0000020 ___SH C:\Users\Kevin Tran\ntuser.ini
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Templates
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Start Menu
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\PrintHood
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\NetHood
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\My Documents\My Videos
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\My Documents\My Pictures
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\My Documents\My Music
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\My Documents
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Local Settings\Temporary Internet Files
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Local Settings\History
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Local Settings\Application Data\Temporary Internet Files
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Local Settings\Application Data\History
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Documents\My Videos
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Documents\My Pictures
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\Documents\My Music
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\AppData\Local\Temporary Internet Files
2011-11-30 23:51 - 2011-11-30 23:51 - 0000000 __SHD C:\Users\Kevin Tran\AppData\Local\History
2011-11-30 23:50 - 2009-07-13 23:01 - 0039219 ____A C:\Windows\SysWOW64\license.rtf
2011-11-30 23:50 - 2009-07-13 23:01 - 0039219 ____A C:\Windows\System32\license.rtf
2011-11-23 22:52 - 2011-12-14 18:42 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 14:45 - 2011-11-23 14:45 - 0056832 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\HssDrv.sys
2011-11-23 14:45 - 2011-11-23 14:45 - 0037888 ____A (AnchorFree Inc) C:\Windows\System32\Drivers\taphss.sys
2011-11-19 08:58 - 2012-01-11 10:05 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 08:01 - 2012-01-11 10:05 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-17 00:49 - 2012-02-02 09:20 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-17 00:49 - 2012-02-02 09:20 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-17 00:44 - 2012-02-02 09:20 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-17 00:41 - 2012-01-11 10:05 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-17 00:35 - 2012-02-02 09:20 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-17 00:35 - 2012-02-02 09:20 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-17 00:35 - 2012-02-02 09:20 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-17 00:35 - 2012-02-02 09:20 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-17 00:35 - 2012-02-02 09:20 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-17 00:35 - 2012-02-02 09:20 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-17 00:33 - 2012-02-02 09:20 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 23:38 - 2012-01-11 10:05 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 23:35 - 2012-02-02 09:20 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 23:34 - 2012-02-02 09:20 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 23:34 - 2012-02-02 09:20 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 23:28 - 2012-02-02 09:20 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-11 00:49 - 2011-12-14 18:42 - 12261888 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-11 00:49 - 2011-12-14 18:42 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-10 23:40 - 2011-12-14 18:42 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-10 23:40 - 2011-12-14 18:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8139.82 MB
Available physical RAM: 7366.48 MB
Total Pagefile: 8137.97 MB
Available Pagefile: 7341.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:689.86 GB) (Free:602.57 GB) NTFS
3 Drive e: (BMAN) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
4 Drive f: (RECOVERY) (Fixed) (Total:8.73 GB) (Free:2.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 3078 KB
Disk 1 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 8 GB 40 MB
Partition 3 Primary 689 GB 8 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 8 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 689 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E BMAN FAT Removable 244 MB Healthy

==========================================================

Last Boot: 2012-01-30 09:53

======================= End Of Log ==========================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 03 February 2012 - 01:35 PM

Let's take care of a few things.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    2011-12-02 13:30 - 2011-12-02 13:30 - 0000000 ____D C:\Windows\system64
    2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\Kevin Tran\Local Settings\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
    2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
    2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\Kevin Tran\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
    2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\All Users\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
    2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\Users\All Users\Application Data\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
    2011-12-31 16:49 - 2011-12-31 16:49 - 0001348 __ASH C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
    2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\313055a4m715j113g838v8avg1e3
    2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\Kevin Tran\Local Settings\313055a4m715j113g838v8avg1e3
    2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\Kevin Tran\AppData\Local\313055a4m715j113g838v8avg1e3
    2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\All Users\Application Data\313055a4m715j113g838v8avg1e3
    2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\Users\All Users\313055a4m715j113g838v8avg1e3
    2011-12-17 14:44 - 2011-12-17 14:44 - 0001414 __ASH C:\ProgramData\313055a4m715j113g838v8avg1e3
    2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\Kevin Tran\Local Settings\xfspnw3u5ddu0apq5oxm1p687g8l
    2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\xfspnw3u5ddu0apq5oxm1p687g8l
    2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\Kevin Tran\AppData\Local\xfspnw3u5ddu0apq5oxm1p687g8l
    2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\All Users\xfspnw3u5ddu0apq5oxm1p687g8l
    2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\Users\All Users\Application Data\xfspnw3u5ddu0apq5oxm1p687g8l
    2011-12-17 02:01 - 2011-12-17 02:01 - 0001404 __ASH C:\ProgramData\xfspnw3u5ddu0apq5oxm1p687g8l
    2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\Kevin Tran\Local Settings\Application Data\642848a4e261h555q377q1bsx5b2
    2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\Kevin Tran\Local Settings\642848a4e261h555q377q1bsx5b2
    2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\Kevin Tran\AppData\Local\642848a4e261h555q377q1bsx5b2
    2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\All Users\Application Data\642848a4e261h555q377q1bsx5b2
    2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\Users\All Users\642848a4e261h555q377q1bsx5b2
    2011-12-02 13:00 - 2011-12-02 13:30 - 0010354 __ASH C:\ProgramData\642848a4e261h555q377q1bsx5b2
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options.
    .
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Go to Start => Control Panel => Program and features.
    Uninstall the following software:
    AVG
    Ad-Aware


    You may install them when we are done.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 audioworm

audioworm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 03 February 2012 - 07:35 PM

Hi farbar, thank you again for your reply


I tried to uninstall the program you mentioned but was unable to. It says "The window installer service could not be accessed. This can occur if the Window Installer is not correctly installed. Contact your support personnel for assistance". I already have Anti-Malware on my computer but It cant run.


And here is my log




Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 06:19:12 R:2
Running from E:\

==============================================

C:\Windows\system64 moved successfully.
C:\Users\Kevin Tran\Local Settings\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 moved successfully.
C:\Users\Kevin Tran\Local Settings\Application Data\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 not found.
C:\Users\Kevin Tran\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 not found.
C:\Users\All Users\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 moved successfully.
C:\Users\All Users\Application Data\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 not found.
C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 not found.
C:\Users\Kevin Tran\Local Settings\Application Data\313055a4m715j113g838v8avg1e3 moved successfully.
C:\Users\Kevin Tran\Local Settings\313055a4m715j113g838v8avg1e3 not found.
C:\Users\Kevin Tran\AppData\Local\313055a4m715j113g838v8avg1e3 not found.
C:\Users\All Users\Application Data\313055a4m715j113g838v8avg1e3 moved successfully.
C:\Users\All Users\313055a4m715j113g838v8avg1e3 not found.
C:\ProgramData\313055a4m715j113g838v8avg1e3 not found.
C:\Users\Kevin Tran\Local Settings\xfspnw3u5ddu0apq5oxm1p687g8l moved successfully.
C:\Users\Kevin Tran\Local Settings\Application Data\xfspnw3u5ddu0apq5oxm1p687g8l not found.
C:\Users\Kevin Tran\AppData\Local\xfspnw3u5ddu0apq5oxm1p687g8l not found.
C:\Users\All Users\xfspnw3u5ddu0apq5oxm1p687g8l moved successfully.
C:\Users\All Users\Application Data\xfspnw3u5ddu0apq5oxm1p687g8l not found.
C:\ProgramData\xfspnw3u5ddu0apq5oxm1p687g8l not found.
C:\Users\Kevin Tran\Local Settings\Application Data\642848a4e261h555q377q1bsx5b2 moved successfully.
C:\Users\Kevin Tran\Local Settings\642848a4e261h555q377q1bsx5b2 not found.
C:\Users\Kevin Tran\AppData\Local\642848a4e261h555q377q1bsx5b2 not found.
C:\Users\All Users\Application Data\642848a4e261h555q377q1bsx5b2 moved successfully.
C:\Users\All Users\642848a4e261h555q377q1bsx5b2 not found.
C:\ProgramData\642848a4e261h555q377q1bsx5b2 not found.

==== End of Fixlog ====


Thank you very much.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 03 February 2012 - 08:09 PM

We will try some other tools to see the changes that have been made by this malware.

  • Please download ExeFix.reg.
    • Double-click it and confirm the prompt to allow it to merge.
  • Run Command Prompt as administrator:
    • Click on Start button.
    • Type Cmd in the Start Search text box.
    • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
    • Type the following in the command window and press Enter: netsh winsock reset
    • Restart.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Set Services to All.
    • Set Drivers to All.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#9 audioworm

audioworm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 03 February 2012 - 08:26 PM

Hi farbar, thank you for your reply.


I tried to download the two programs you gave me but was unable to run them. When I click on them I got the permission box and i click allow but after that nothing happen.


I did the Command promt step and it was good

Thank you.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 03 February 2012 - 08:57 PM

We want to make sure AVG is not interfering. We will remove AVG and Ad-aware loading points before anything.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please download Attached File  fixlist.txt   1.77KB   8 downloads
Save it to your flash drive.
Boot to System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also reboot and try once more to see if those programs could be run.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 03 February 2012 - 09:16 PM

Please don't miss my previous post.

It is too late over here as I'm in a different time zone. I'll see your reply tomorrow. Meanwhile please don't use the computer to connect to internet as you don't have proper protection at the moment.

#12 audioworm

audioworm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 03 February 2012 - 09:37 PM

Hi farbar, thank you for your reply


I ran the Frst and this is what I get

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 06:30:36 R:3
Running from E:\

==============================================

HKLM-x32\\\.\.\.\\Run\\AVG_TRAY Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\vProt Value deleted successfully.
AVGIDSAgent service deleted successfully.
avgwd service deleted successfully.
vToolbarUpdater service deleted successfully.
AVGIDSDriver service deleted successfully.
AVGIDSEH service deleted successfully.
AVGIDSFilter service deleted successfully.
Avgldx64 service deleted successfully.
Avgmfx64 service deleted successfully.
Avgrkx64 service deleted successfully.
Avgtdia service deleted successfully.
HKLM-x32\\\.\.\.\\Run\\Ad-Aware Browsing Protection Value deleted successfully.
Lavasoft Ad-Aware Service service deleted successfully.
Lavasoft Kernexplorer service deleted successfully.
Lbd service deleted successfully.

==== End of Fixlog ===





I also tried to run those programs you gave me earlier but it still does not work



Thank you and good night

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 04 February 2012 - 06:30 AM

We try another thing.

I see you wrote you can open notepad and ccleaner. Now please use another computer to download MiniToolBox and http://oldtimer.geekstogo.com/OTL.exe.

Rename MiniToolBox to notepad and OTL to ccleaner (don't need to change the .exe extension), save them on a flash drive, insert the flash drive to the infected computer and try to run the renamed tools.

In case the above didn't worked please do the following:
Start in Safe Mode Using the F8 key:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
  • Log to Administrator account.
  • Try to run the tools from there.

In case the above steps didn't worked please do the following:
Create a new restore point:
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".

Run command Prompt as Administrator. To do that:
Go to Start and type cmd.exe in the Search box.
It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
Type the following command, right-click in the open Command prompt window and select Paste the press Enter:
sfc /scannow
(note the space between sfc and /)

Please wait until the scan is finished. Then reboot the computer and tell me if anything is changed.

#14 audioworm

audioworm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 04 February 2012 - 01:08 PM

Hi Farbar, thank you for your reply.

-I tried to rename those programs and run them both in normal and safe mode but it did not work


-I tried the next step which is creating a new restore point, but failed because when I tried to access Properties on My Computer nothing happened. I was able to do the sfc /scannow command though, but it was separately and did not contain the creating a restore point part, and it said it did not find anything.

Please note that I performed these steps in safemode except for the very first step which is rename and run those programs in normal mode

Thank you

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:32 PM

Posted 04 February 2012 - 08:16 PM

How long the system took to do sfc /scannow?

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [331608 2012-01-06] ()
    2 HssSrv; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [363336 2012-01-04] (AnchorFree Inc.)
    3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-01-06] ()
    2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-01-04] ()
    3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [56832 2011-11-23] (AnchorFree Inc.)
    3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [37888 2011-11-23] (AnchorFree Inc)
    cmd: bootrec /FixMbr
    cmd: reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @ECHO OFF
    set >log.txt
    ftype >>log.txt
    notepad log.txt
    
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this: Posted Image
    • Double-click to run it. In Windows Vista: Right-click to run it as administrator.
    • A notepad opens, copy and paste the content (log.txt) to your reply.
  • Please download Farbar Service Scanner and run it on the infected system.
    Check all the boxes.
    Click "Scan". It will make a log file. Please copy and paste the content to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users