Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tough fakerean infection


  • This topic is locked This topic is locked
41 replies to this topic

#1 clsman

clsman

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 23 February 2012 - 10:56 AM

Good morning.

I had an infection a few weeks ago and installed malwarebytes software. It removed the issue, but I unfortunately don't remember which virus it was.

However, since then I have been suspicious that something still exists, because periodically I get sent to other pages when I am searching for something. I thought maybe it had to do with google's new privacy policies and maybe they were now forcing their own results on you. I mean, I guess they can do anything they want, right?

Well, yesterday I got an alert about an infection from the MS virus program with Windows 7. Before I could do anything, it started shutting down my system, closing open programs without saving, etc. When I rebooted, it gave me another warning and mentioned fakerean. I had the MS program remove it, but now I can not start ANY programs. I am only able to access this website because I rebooted in safe mode with networking and used the HTML Help command to enter the IE browser pointed to google and started searching for fakerean.

I have downloaded different versions of the fix registry program that I've found online and they all seem to run, but whether I try it in normal mode or safe mode with networking, I still can't run ANYTHING after I do that. This includes renaming rkill with different endings or entirely new, random names. I can not run any program at all, so not sure what to try next.

Thank you in advance!

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 23 February 2012 - 12:58 PM

:welcome:

Lets give it a try. You will need a USB flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 23 February 2012 - 01:11 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 clsman

clsman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 23 February 2012 - 01:54 PM

Thanks for taking on my problem! I followed your instructions for my 64-bit version of Windows 7 and here's the log output:

Scan result of Farbar Recovery Scan Tool Version: 21-02-2012
Ran by SYSTEM at 2012-02-23 13:29:18
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11725928 2010-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-23] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" [0 ] ()
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [x]
HKLM-x32\...\Run: [DropBoxUtility] "C:\Program Files (x86)\DropBox\DropBox\DropBox.exe" /s [405504 2008-02-09] (DropShots)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\JEZ\...\Run: [AV Security Essentials] "C:\ProgramData\ad203e\AVad2_8039.exe" /s /d [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [347216 2011-02-23] (Dritek System Inc.)
3 EgisTec Ticket Service; "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" [172912 2010-09-27] (Egis Technology Inc. )
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868224 2011-01-06] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-09-13] (Intel Corporation)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
3 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [1249064 2011-07-29] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
2 McMPFSvc; "C:\Program Files\Common Files\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
3 McODS; "C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe" [x]
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
3 wampapache; "c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\DRIVERS\bScsiMSa.sys [52264 2011-01-19] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\DRIVERS\bScsiSDa.sys [85544 2011-01-13] (Broadcom Corporation)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [29720 2010-07-28] (Initio Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-07-14] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-06-20] (Lavasoft AB)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
3 NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-23 07:25 - 2012-02-23 07:25 - 0396041 ____A C:\Users\JEZ\Desktop\MiniToolBox.exe
2012-02-23 07:24 - 2012-02-23 07:24 - 0000335 ____A C:\Users\JEZ\Desktop\FixExe.reg
2012-02-23 07:18 - 2012-02-23 05:57 - 0000319 ____A C:\Users\JEZ\Desktop\T2.reg
2012-02-23 07:18 - 2012-02-23 05:56 - 0000319 ____A C:\Users\JEZ\Desktop\t1.reg
2012-02-23 06:07 - 2012-02-23 06:08 - 1008141 ____A C:\Users\JEZ\Desktop\iexplore.exe.com
2012-02-22 21:10 - 2012-02-22 21:07 - 0000319 ____A C:\Users\JEZ\Desktop\trojan_fakerean_exe_fix.reg
2012-02-22 19:17 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-02-22 19:01 - 2012-02-22 19:01 - 0000099 ___AH C:\Users\JEZ\Documents\.~lock.DS inventory.ods#
2012-02-22 06:21 - 2012-02-22 06:36 - 0000099 ___AH C:\Users\JEZ\Documents\.~lock.signs.odt#
2012-02-21 16:30 - 2012-02-22 05:30 - 0000099 ___AH C:\Users\JEZ\Documents\.~lock.DVD collection.ods#
2012-02-19 13:49 - 2012-02-23 10:18 - 0883710 ____A C:\Windows\ntbtlog.txt
2012-02-17 21:51 - 2012-02-17 21:52 - 0000000 ____D C:\Users\JEZ\AppData\Local\{5D22C36D-F7E1-4AEB-8303-5DB84F84B095}
2012-02-17 21:51 - 2012-02-17 21:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{00DDA3EA-1093-4F81-BF81-D0C81692D758}
2012-02-17 07:51 - 2012-02-17 07:51 - 0010921 ____A C:\Users\JEZ\Documents\signs.odt
2012-02-17 06:08 - 2012-02-17 06:08 - 0182175 ____A C:\Users\JEZ\Documents\20120201.odt
2012-02-17 06:07 - 2012-02-17 06:07 - 0171991 ____A C:\Users\JEZ\Documents\20120102.odt
2012-02-15 00:01 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-15 00:01 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 00:01 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-15 00:01 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 00:01 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 00:01 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 00:01 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 00:01 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-15 00:01 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 00:01 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 00:01 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-15 00:01 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 00:01 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-15 00:01 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 00:01 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 00:00 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 00:00 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 00:00 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 00:00 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 00:00 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-15 00:00 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 00:00 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 00:00 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 00:00 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 00:00 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-15 00:00 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-14 18:52 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-14 18:52 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-14 18:52 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-14 18:52 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-14 18:52 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-14 18:52 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-14 18:52 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-14 18:52 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 18:52 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-14 18:52 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-12 22:03 - 2012-02-12 22:03 - 0000000 ____D C:\Users\JEZ\AppData\Local\{9B3C6782-2BF6-4F90-AEF7-E8FECB6695B2}
2012-02-12 22:03 - 2012-02-12 22:03 - 0000000 ____D C:\Users\JEZ\AppData\Local\{90B81582-5B95-45E5-9D6C-621CE1945E85}
2012-02-12 03:51 - 2012-02-12 03:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{27D56E21-AD86-4603-8027-C6F6FD87D239}
2012-02-12 03:50 - 2012-02-12 03:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{BCB0B265-4D1C-4654-9C4C-76454A9312E8}
2012-02-11 15:50 - 2012-02-11 15:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{883FA243-F5C8-44CE-9AA0-92293E663053}
2012-02-11 15:50 - 2012-02-11 15:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{47DD20E8-25FE-4686-B699-C3A63B2C6789}
2012-02-10 04:18 - 2012-02-10 04:18 - 0000012 ____A C:\Windows\srun.log
2012-02-09 12:28 - 2012-02-09 12:28 - 0000000 ____D C:\Users\JEZ\AppData\Local\{FE4544F3-E592-433E-BA3D-496EA43F8BC0}
2012-02-09 12:28 - 2012-02-09 12:28 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D6763B2F-0823-4D52-945E-8B91ED3F1C0C}
2012-02-06 20:41 - 2012-02-06 20:41 - 0000000 ____D C:\Program Files (x86)\LP
2012-02-06 20:21 - 2012-02-10 05:47 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\12C7D
2012-02-06 20:20 - 2012-02-10 05:47 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\80412
2012-02-06 20:20 - 2012-02-06 20:20 - 0000012 ____A C:\Windows\sruna.log
2012-02-06 20:20 - 2012-02-06 20:20 - 0000000 ____D C:\Users\JEZ\AppData\Local\SanctionedMedia
2012-02-06 19:07 - 2012-02-06 19:08 - 0000000 ____D C:\Program Files\iTunes
2012-02-06 19:07 - 2012-02-06 19:07 - 0000000 ____D C:\Program Files\iPod
2012-02-06 09:39 - 2012-02-06 09:40 - 0000000 ____D C:\Users\JEZ\AppData\Local\{0EC977B9-DF9A-43C1-984C-07EE526C47D2}
2012-02-06 09:39 - 2012-02-06 09:39 - 0000000 ____D C:\Users\JEZ\AppData\Local\{93BE84C5-8F1A-4D6C-8985-41EDECC5B8E6}
2012-02-02 20:59 - 2012-02-02 20:59 - 0000000 ____D C:\Users\JEZ\AppData\Local\{B4FB3446-3C34-4AB2-BA29-7E7CEB6E1347}
2012-02-02 20:59 - 2012-02-02 20:59 - 0000000 ____D C:\Users\JEZ\AppData\Local\{4880AD9C-3580-42DC-A81E-7CE537FA84BF}
2012-02-02 20:08 - 2012-02-02 20:08 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Malwarebytes
2012-02-02 20:06 - 2012-02-02 20:06 - 0001109 ____A C:\Users\Public\Desktop\mbb.scr.lnk
2012-02-02 20:06 - 2012-02-02 20:06 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-02 20:06 - 2012-02-02 20:06 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-02 20:06 - 2012-02-02 20:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-02 20:06 - 2011-12-10 12:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-02 19:58 - 2012-02-02 20:21 - 0000000 __SHD C:\Users\All Users\ad203e
2012-02-02 19:58 - 2012-02-02 20:21 - 0000000 __SHD C:\ProgramData\ad203e
2012-02-02 19:58 - 2012-02-02 20:00 - 0000000 __SHD C:\Users\JEZ\AppData\Roaming\AV Security Essentials
2012-02-02 19:58 - 2012-02-02 19:58 - 0000000 __SHD C:\Users\All Users\AVXLHUAASE
2012-02-02 19:58 - 2012-02-02 19:58 - 0000000 __SHD C:\ProgramData\AVXLHUAASE
2012-02-01 03:21 - 2012-02-01 03:21 - 0000228 ____A C:\Users\JEZ\Desktop\Google Calendar.url
2012-02-01 03:18 - 2012-02-01 03:18 - 0000122 ____A C:\Windows\wininit.ini
2012-01-31 00:49 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-31 00:49 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-31 00:49 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-31 00:49 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-31 00:49 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-31 00:49 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-31 00:49 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-31 00:49 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-31 00:49 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-31 00:49 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-31 00:49 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-31 00:49 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-31 00:49 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-31 00:49 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-29 14:34 - 2012-01-29 14:34 - 0399128 ____A C:\Users\JEZ\Downloads\1.25.12_Morris_$85,000_T300_Frank.pdf
2012-01-29 13:14 - 2012-01-29 13:15 - 0000000 ____D C:\Users\JEZ\AppData\Local\{7DB3A597-CDAF-4209-8B4A-D3EC84834DA4}
2012-01-29 13:14 - 2012-01-29 13:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{FE249144-31D2-4A0B-8BCD-DFD5F76ED673}
2012-01-29 01:14 - 2012-01-29 01:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D1C0EDB5-0688-4E30-B402-2FB9E53308B6}
2012-01-29 01:14 - 2012-01-29 01:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3E4799D4-A2C3-4611-A35B-D268973633B7}
2012-01-28 13:13 - 2012-01-28 13:13 - 0000000 ____D C:\Users\JEZ\AppData\Local\{599E365E-9C40-4282-A33B-AAC4117EBFFD}
2012-01-28 13:13 - 2012-01-28 13:13 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3EE95A32-BDDA-4788-8066-9928DC858AA6}
2012-01-27 18:08 - 2012-01-27 18:08 - 0000000 ____D C:\Users\JEZ\AppData\Local\{C26AE77D-5FBA-4D0F-9840-78AB77AC1A9C}
2012-01-27 18:07 - 2012-01-27 18:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{26873CB7-2A82-40EB-9FE9-0139BEA169FD}
2012-01-27 07:42 - 2012-01-27 07:42 - 1123839 ____A C:\Users\JEZ\Desktop\ABC.123 Client 7.6.10 Guardian.pdf
2012-01-27 07:41 - 2012-01-27 07:41 - 2394678 ____A C:\Users\JEZ\Desktop\EB 015711_GLWB_Natl.pdf
2012-01-27 06:07 - 2012-01-27 06:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3EA6C11A-A4FA-4DAF-A869-DA639B4E34D3}
2012-01-27 06:06 - 2012-01-27 06:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D072948A-FFA9-4F4F-B847-B9A0232BAB7A}
2012-01-26 17:48 - 2012-01-26 17:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D07D42A6-1774-4C41-96C2-C4DBC75D2708}
2012-01-26 17:48 - 2012-01-26 17:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{7785243D-4800-42B2-B733-48C735C604D0}
2012-01-26 08:37 - 2012-01-26 08:49 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Stamps.com Internet Postage
2012-01-26 08:37 - 2012-01-26 08:37 - 0001010 ____A C:\Users\Public\Desktop\Stamps.com.lnk
2012-01-26 08:36 - 2012-01-26 08:36 - 0000000 ____D C:\Users\All Users\{61D81E18-EDF3-41C9-BD85-D528EBAFCC38}
2012-01-26 08:36 - 2012-01-26 08:36 - 0000000 ____D C:\ProgramData\{61D81E18-EDF3-41C9-BD85-D528EBAFCC38}
2012-01-26 08:14 - 2012-01-26 08:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{41AC8C95-B28D-496A-BCF6-6C5D2722E28F}


============ 3 Months Modified Files and Folders =============

2012-02-23 13:29 - 2012-02-23 13:29 - 0000000 ____D C:\FRST
2012-02-23 10:23 - 2011-07-20 02:05 - 0016936 ____A C:\aaw7boot.log
2012-02-23 10:23 - 2011-03-29 02:48 - 3104722944 __ASH C:\hiberfil.sys
2012-02-23 10:23 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-23 10:23 - 2009-07-13 20:51 - 0054454 ____A C:\Windows\setupact.log
2012-02-23 10:18 - 2012-02-19 13:49 - 0883710 ____A C:\Windows\ntbtlog.txt
2012-02-23 07:25 - 2012-02-23 07:25 - 0396041 ____A C:\Users\JEZ\Desktop\MiniToolBox.exe
2012-02-23 07:24 - 2012-02-23 07:24 - 0000335 ____A C:\Users\JEZ\Desktop\FixExe.reg
2012-02-23 07:21 - 2011-03-29 02:51 - 1127357 ____A C:\Windows\WindowsUpdate.log
2012-02-23 07:18 - 2011-06-16 10:40 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-23 07:10 - 2011-06-16 10:40 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-23 06:40 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-23 06:40 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-23 06:08 - 2012-02-23 06:07 - 1008141 ____A C:\Users\JEZ\Desktop\iexplore.exe.com
2012-02-23 05:57 - 2012-02-23 07:18 - 0000319 ____A C:\Users\JEZ\Desktop\T2.reg
2012-02-23 05:56 - 2012-02-23 07:18 - 0000319 ____A C:\Users\JEZ\Desktop\t1.reg
2012-02-22 21:12 - 2009-07-13 21:13 - 0743290 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-22 21:07 - 2012-02-22 21:10 - 0000319 ____A C:\Users\JEZ\Desktop\trojan_fakerean_exe_fix.reg
2012-02-22 19:15 - 2011-03-29 02:48 - 0039026 ____A C:\Windows\PFRO.log
2012-02-22 19:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-22 19:01 - 2012-02-22 19:01 - 0000099 ___AH C:\Users\JEZ\Documents\.~lock.DS inventory.ods#
2012-02-22 06:36 - 2012-02-22 06:21 - 0000099 ___AH C:\Users\JEZ\Documents\.~lock.signs.odt#
2012-02-22 05:39 - 2011-12-07 17:47 - 0036864 ____A C:\Users\JEZ\Documents\DS inventory.xls
2012-02-22 05:38 - 2011-12-05 14:13 - 0057931 ____A C:\Users\JEZ\Documents\DS inventory.ods
2012-02-22 05:31 - 2011-06-08 15:30 - 87093387 ____A C:\Users\JEZ\Documents\DVD collection.ods
2012-02-22 05:30 - 2012-02-21 16:30 - 0000099 ___AH C:\Users\JEZ\Documents\.~lock.DVD collection.ods#
2012-02-22 04:58 - 2012-01-12 09:56 - 0060188 ____A C:\Users\JEZ\Documents\antiques.ods
2012-02-21 20:25 - 2011-07-08 09:06 - 0127773 ____A C:\Users\JEZ\Documents\media record.ods
2012-02-19 15:45 - 2011-08-03 11:50 - 0000000 ___RD C:\Users\JEZ\Dropbox
2012-02-19 15:45 - 2011-08-03 11:03 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Dropbox
2012-02-19 15:45 - 2011-05-27 18:31 - 0000000 ____D C:\Users\All Users\clear.fi
2012-02-19 15:45 - 2011-05-27 18:31 - 0000000 ____D C:\ProgramData\clear.fi
2012-02-19 15:45 - 2011-03-29 03:04 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-02-19 15:45 - 2011-03-29 03:04 - 0000000 ____D C:\ProgramData\boost_interprocess
2012-02-19 12:38 - 2011-07-20 02:06 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-02-19 12:38 - 2011-07-20 02:06 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-02-17 21:52 - 2012-02-17 21:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{5D22C36D-F7E1-4AEB-8303-5DB84F84B095}
2012-02-17 21:52 - 2011-05-28 19:03 - 0000000 ____D C:\Users\JEZ\AppData\Local\Windows Live
2012-02-17 21:51 - 2012-02-17 21:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{00DDA3EA-1093-4F81-BF81-D0C81692D758}
2012-02-17 14:43 - 2011-12-21 14:47 - 0011397 ____A C:\Users\JEZ\Documents\DS mall sales.ods
2012-02-17 11:10 - 2011-07-07 06:30 - 0219466 ____A C:\Users\JEZ\Documents\collecting.ods
2012-02-17 10:32 - 2011-09-23 12:20 - 0090103 ____A C:\Users\JEZ\Documents\jez shopping list.ods
2012-02-17 07:51 - 2012-02-17 07:51 - 0010921 ____A C:\Users\JEZ\Documents\signs.odt
2012-02-17 06:08 - 2012-02-17 06:08 - 0182175 ____A C:\Users\JEZ\Documents\20120201.odt
2012-02-17 06:07 - 2012-02-17 06:07 - 0171991 ____A C:\Users\JEZ\Documents\20120102.odt
2012-02-16 00:01 - 2011-02-25 02:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 04:15 - 2011-05-27 03:58 - 0000174 ___SH C:\Users\JEZ\Start Menu\Programs\Startup\desktop.ini
2012-02-15 04:15 - 2011-05-27 03:58 - 0000174 ___SH C:\Users\JEZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 00:29 - 2009-07-13 20:45 - 0341856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 00:02 - 2011-06-09 02:19 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-12 22:03 - 2012-02-12 22:03 - 0000000 ____D C:\Users\JEZ\AppData\Local\{9B3C6782-2BF6-4F90-AEF7-E8FECB6695B2}
2012-02-12 22:03 - 2012-02-12 22:03 - 0000000 ____D C:\Users\JEZ\AppData\Local\{90B81582-5B95-45E5-9D6C-621CE1945E85}
2012-02-12 03:51 - 2012-02-12 03:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{27D56E21-AD86-4603-8027-C6F6FD87D239}
2012-02-12 03:51 - 2012-02-12 03:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{BCB0B265-4D1C-4654-9C4C-76454A9312E8}
2012-02-11 15:50 - 2012-02-11 15:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{883FA243-F5C8-44CE-9AA0-92293E663053}
2012-02-11 15:50 - 2012-02-11 15:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{47DD20E8-25FE-4686-B699-C3A63B2C6789}
2012-02-10 07:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-10 05:47 - 2012-02-06 20:21 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\12C7D
2012-02-10 05:47 - 2012-02-06 20:20 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\80412
2012-02-10 04:18 - 2012-02-10 04:18 - 0000012 ____A C:\Windows\srun.log
2012-02-09 12:28 - 2012-02-09 12:28 - 0000000 ____D C:\Users\JEZ\AppData\Local\{FE4544F3-E592-433E-BA3D-496EA43F8BC0}
2012-02-09 12:28 - 2012-02-09 12:28 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D6763B2F-0823-4D52-945E-8B91ED3F1C0C}
2012-02-09 05:52 - 2011-07-06 09:44 - 0133519 ____A C:\Users\JEZ\Documents\books.ods
2012-02-08 19:17 - 2011-05-27 04:35 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\uTorrent
2012-02-08 05:26 - 2011-06-02 08:47 - 0000000 ____D C:\Users\JEZ\Documents\movies
2012-02-06 20:41 - 2012-02-06 20:41 - 0000000 ____D C:\Program Files (x86)\LP
2012-02-06 20:20 - 2012-02-06 20:20 - 0000012 ____A C:\Windows\sruna.log
2012-02-06 20:20 - 2012-02-06 20:20 - 0000000 ____D C:\Users\JEZ\AppData\Local\SanctionedMedia
2012-02-06 19:08 - 2012-02-06 19:07 - 0000000 ____D C:\Program Files\iTunes
2012-02-06 19:08 - 2011-12-27 13:25 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-06 19:07 - 2012-02-06 19:07 - 0000000 ____D C:\Program Files\iPod
2012-02-06 09:40 - 2012-02-06 09:39 - 0000000 ____D C:\Users\JEZ\AppData\Local\{0EC977B9-DF9A-43C1-984C-07EE526C47D2}
2012-02-06 09:39 - 2012-02-06 09:39 - 0000000 ____D C:\Users\JEZ\AppData\Local\{93BE84C5-8F1A-4D6C-8985-41EDECC5B8E6}
2012-02-03 14:39 - 2011-07-08 15:07 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\PowerCinema
2012-02-02 20:59 - 2012-02-02 20:59 - 0000000 ____D C:\Users\JEZ\AppData\Local\{B4FB3446-3C34-4AB2-BA29-7E7CEB6E1347}
2012-02-02 20:59 - 2012-02-02 20:59 - 0000000 ____D C:\Users\JEZ\AppData\Local\{4880AD9C-3580-42DC-A81E-7CE537FA84BF}
2012-02-02 20:21 - 2012-02-02 19:58 - 0000000 __SHD C:\Users\All Users\ad203e
2012-02-02 20:21 - 2012-02-02 19:58 - 0000000 __SHD C:\ProgramData\ad203e
2012-02-02 20:08 - 2012-02-02 20:08 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Malwarebytes
2012-02-02 20:06 - 2012-02-02 20:06 - 0001109 ____A C:\Users\Public\Desktop\mbb.scr.lnk
2012-02-02 20:06 - 2012-02-02 20:06 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-02 20:06 - 2012-02-02 20:06 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-02 20:06 - 2012-02-02 20:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-02 20:00 - 2012-02-02 19:58 - 0000000 __SHD C:\Users\JEZ\AppData\Roaming\AV Security Essentials
2012-02-02 20:00 - 2009-07-13 18:34 - 0001401 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-02-02 19:58 - 2012-02-02 19:58 - 0000000 __SHD C:\Users\All Users\AVXLHUAASE
2012-02-02 19:58 - 2012-02-02 19:58 - 0000000 __SHD C:\ProgramData\AVXLHUAASE
2012-02-01 03:21 - 2012-02-01 03:21 - 0000228 ____A C:\Users\JEZ\Desktop\Google Calendar.url
2012-02-01 03:18 - 2012-02-01 03:18 - 0000122 ____A C:\Windows\wininit.ini
2012-02-01 03:18 - 2011-08-03 11:04 - 0000993 ____A C:\Users\JEZ\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-01 03:18 - 2011-08-03 11:04 - 0000993 ____A C:\Users\JEZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-01-31 12:35 - 2011-07-24 08:59 - 0017955 ____A C:\Users\JEZ\Documents\xmas cards.ods
2012-01-31 04:44 - 2011-05-28 10:30 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 14:34 - 2012-01-29 14:34 - 0399128 ____A C:\Users\JEZ\Downloads\1.25.12_Morris_$85,000_T300_Frank.pdf
2012-01-29 13:15 - 2012-01-29 13:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{7DB3A597-CDAF-4209-8B4A-D3EC84834DA4}
2012-01-29 13:14 - 2012-01-29 13:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{FE249144-31D2-4A0B-8BCD-DFD5F76ED673}
2012-01-29 01:14 - 2012-01-29 01:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D1C0EDB5-0688-4E30-B402-2FB9E53308B6}
2012-01-29 01:14 - 2012-01-29 01:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3E4799D4-A2C3-4611-A35B-D268973633B7}
2012-01-28 13:13 - 2012-01-28 13:13 - 0000000 ____D C:\Users\JEZ\AppData\Local\{599E365E-9C40-4282-A33B-AAC4117EBFFD}
2012-01-28 13:13 - 2012-01-28 13:13 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3EE95A32-BDDA-4788-8066-9928DC858AA6}
2012-01-27 18:08 - 2012-01-27 18:08 - 0000000 ____D C:\Users\JEZ\AppData\Local\{C26AE77D-5FBA-4D0F-9840-78AB77AC1A9C}
2012-01-27 18:07 - 2012-01-27 18:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{26873CB7-2A82-40EB-9FE9-0139BEA169FD}
2012-01-27 07:42 - 2012-01-27 07:42 - 1123839 ____A C:\Users\JEZ\Desktop\ABC.123 Client 7.6.10 Guardian.pdf
2012-01-27 07:41 - 2012-01-27 07:41 - 2394678 ____A C:\Users\JEZ\Desktop\EB 015711_GLWB_Natl.pdf
2012-01-27 06:07 - 2012-01-27 06:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3EA6C11A-A4FA-4DAF-A869-DA639B4E34D3}
2012-01-27 06:07 - 2012-01-27 06:06 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D072948A-FFA9-4F4F-B847-B9A0232BAB7A}
2012-01-26 17:48 - 2012-01-26 17:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D07D42A6-1774-4C41-96C2-C4DBC75D2708}
2012-01-26 17:48 - 2012-01-26 17:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{7785243D-4800-42B2-B733-48C735C604D0}
2012-01-26 08:49 - 2012-01-26 08:37 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Stamps.com Internet Postage
2012-01-26 08:37 - 2012-01-26 08:37 - 0001010 ____A C:\Users\Public\Desktop\Stamps.com.lnk
2012-01-26 08:37 - 2011-05-27 05:00 - 0000036 ___AH C:\Windows\SysWOW64\f9t.dat
2012-01-26 08:37 - 2011-05-27 05:00 - 0000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
2012-01-26 08:36 - 2012-01-26 08:36 - 0000000 ____D C:\Users\All Users\{61D81E18-EDF3-41C9-BD85-D528EBAFCC38}
2012-01-26 08:36 - 2012-01-26 08:36 - 0000000 ____D C:\ProgramData\{61D81E18-EDF3-41C9-BD85-D528EBAFCC38}
2012-01-26 08:14 - 2012-01-26 08:14 - 0000000 ____D C:\Users\JEZ\AppData\Local\{41AC8C95-B28D-496A-BCF6-6C5D2722E28F}
2012-01-23 18:07 - 2012-01-23 18:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{EA95084F-ECA9-43FC-AB02-61B9D04C4862}
2012-01-23 18:07 - 2012-01-23 18:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\{351B2BB8-39E5-400A-B368-4F383EB132E5}
2012-01-21 07:12 - 2012-01-21 05:51 - 0000154 ____A C:\Users\JEZ\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-01-21 07:12 - 2012-01-21 05:51 - 0000154 ____A C:\Users\JEZ\AppData\Roaming\Rim.Desktop.Exception.log
2012-01-21 07:11 - 2011-07-13 15:18 - 0005632 ____A C:\Users\JEZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-21 06:04 - 2012-01-21 06:04 - 14019313 ____A C:\Users\JEZ\Documents\LoaderBackup-(2012-01-21).ipd
2012-01-21 05:53 - 2012-01-21 05:53 - 0000000 ____D C:\Users\JEZ\Documents\BlackBerry
2012-01-21 05:53 - 2012-01-21 05:51 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Research In Motion
2012-01-21 05:51 - 2012-01-21 05:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\Research In Motion
2012-01-21 05:49 - 2012-01-21 05:49 - 0001153 ____A C:\Users\JEZ\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-01-21 05:49 - 2012-01-21 05:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-01-21 05:49 - 2012-01-21 05:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-01-21 05:49 - 2012-01-21 05:49 - 0000000 ____D C:\Users\All Users\Research In Motion
2012-01-21 05:49 - 2012-01-21 05:49 - 0000000 ____D C:\ProgramData\Research In Motion
2012-01-21 05:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\ModemLogs
2012-01-21 05:48 - 2012-01-21 05:48 - 0000000 ____D C:\Program Files (x86)\Research In Motion
2012-01-20 18:14 - 2011-05-27 05:00 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Stamps.com Internet Postage old
2012-01-19 12:01 - 2012-01-19 12:01 - 0681129 ____A C:\Users\JEZ\Downloads\Dear Clifton Club Member Jan 2012 (Beach).docx
2012-01-18 03:02 - 2011-05-27 03:55 - 0000000 ____D C:\Users\JEZ\AppData\LocalLow
2012-01-17 11:32 - 2012-01-06 08:35 - 0011384 ____A C:\Users\JEZ\Documents\expenses.ods
2012-01-17 11:27 - 2012-01-17 11:26 - 0546656 ____A C:\Windows\Minidump\011712-27206-01.dmp
2012-01-17 11:26 - 2011-09-22 19:24 - 441176338 ____A C:\Windows\MEMORY.DMP
2012-01-17 11:26 - 2011-09-22 19:24 - 0000000 ____D C:\Windows\Minidump
2012-01-13 20:06 - 2012-02-14 18:52 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 08:59 - 2011-12-21 07:21 - 0011776 ____A C:\Users\JEZ\Documents\tags.xls
2012-01-09 16:08 - 2012-01-09 16:07 - 0000000 ____D C:\Users\JEZ\AppData\Local\Microsoft Games
2012-01-09 08:44 - 2012-01-09 08:44 - 0000000 ____D C:\Users\JEZ\AppData\Local\{BB548C65-523C-4DDE-A7AC-880BAACEF7FD}
2012-01-09 08:44 - 2012-01-09 08:44 - 0000000 ____D C:\Users\JEZ\AppData\Local\{8A4ED7E2-046F-4A91-A941-56FCF1F12754}
2012-01-08 07:32 - 2012-01-08 07:12 - 0000000 ____D C:\Users\JEZ\AppData\Local\Deployment
2012-01-08 07:17 - 2012-01-08 07:15 - 0000000 ____D C:\wamp
2012-01-08 07:14 - 2012-01-08 07:14 - 20608447 ____A (Hervé Leclerc (HeL) ) C:\Users\JEZ\Documents\WampServer2.1e-x32.exe
2012-01-08 07:12 - 2012-01-08 07:12 - 0000000 ____D C:\Users\JEZ\AppData\Local\Apps\2.0
2012-01-07 15:50 - 2012-01-07 15:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{37FCBF86-E70E-422F-B3CC-EC9FEECE682B}
2012-01-07 15:50 - 2012-01-07 15:49 - 0000000 ____D C:\Users\JEZ\AppData\Local\{8FFFCA0A-3890-4D35-B524-4532F02BC4B9}
2012-01-06 10:49 - 2012-01-06 10:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{FA9D86A5-A0AA-4DCA-A100-8C26D0ABB081}
2012-01-06 10:48 - 2012-01-06 10:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{8BE9AE0A-791B-4937-9F9A-073F374C4D79}
2012-01-05 19:46 - 2011-06-02 09:13 - 0000000 ____D C:\Users\JEZ\Documents\My Scans
2012-01-05 18:51 - 2012-01-05 18:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{8A304E64-620A-4628-B809-7B85DE158E51}
2012-01-05 18:51 - 2012-01-05 18:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{6115E364-0119-49B0-8BCE-D5EC504636DF}
2012-01-05 08:10 - 2012-01-05 08:05 - 0019302 ____A C:\Users\JEZ\Documents\xmas card addresses.odt
2012-01-05 06:51 - 2012-01-05 06:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{5EF23B6A-5DA4-4E52-ACBE-0F6E095442F4}
2012-01-05 06:50 - 2012-01-05 06:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{A4D7CF25-7403-46C8-908C-47396043565B}
2012-01-04 06:30 - 2012-01-04 06:30 - 0000000 ____D C:\Users\JEZ\AppData\Local\{7D5E2519-A026-447E-B0BE-3B38249C90E7}
2012-01-04 06:30 - 2012-01-04 06:29 - 0000000 ____D C:\Users\JEZ\AppData\Local\{C007A078-7791-449B-88F0-E9D3B9E19AAD}
2012-01-04 02:44 - 2012-02-14 18:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-14 18:52 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-14 18:52 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-14 18:52 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2011-12-30 08:21 - 2011-12-30 08:21 - 0014221 ____A C:\Users\JEZ\Documents\upland hunting checklist.ods
2011-12-29 22:26 - 2012-02-14 18:52 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-14 18:52 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-28 21:08 - 2011-07-06 06:21 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\HpUpdate
2011-12-27 19:59 - 2012-02-14 18:52 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-24 07:47 - 2011-06-08 14:08 - 0450873 ____A C:\Users\JEZ\Documents\DVD-R.ods
2011-12-22 08:27 - 2011-12-22 08:27 - 0032768 ____A C:\Users\JEZ\Downloads\Lease Purchase Contracts v2.doc
2011-12-21 21:03 - 2011-12-21 21:03 - 0000000 ____D C:\Windows\Hewlett-Packard
2011-12-21 21:03 - 2011-07-06 06:18 - 0000000 ____D C:\Program Files (x86)\HP
2011-12-20 13:27 - 2011-12-20 13:24 - 0000000 ____D C:\Users\JEZ\AppData\Local\Plex Media Server
2011-12-20 09:25 - 2011-12-20 09:23 - 0011776 ____A C:\Users\JEZ\Documents\AZ test.xls
2011-12-19 06:48 - 2011-12-19 06:48 - 0000000 ____D C:\Users\JEZ\AppData\Local\{FC065F64-E207-4969-A9F4-954240A751AE}
2011-12-18 12:05 - 2011-07-25 14:42 - 0790924 ____A C:\Windows\SysWOW64\TVersityMediaServer.log
2011-12-17 08:53 - 2011-12-17 08:53 - 0000000 ____D C:\Users\JEZ\AppData\Local\{C170FBAA-58FA-42B2-9F22-58D5A34288C9}
2011-12-17 08:53 - 2011-12-17 08:53 - 0000000 ____D C:\Users\JEZ\AppData\Local\{9CE42E1C-CC41-4E80-AD50-2CC9BD6BBCA7}
2011-12-16 09:54 - 2011-12-16 09:54 - 0397303 ____A C:\Users\JEZ\Downloads\CPT DEC 15 FINAL.pdf
2011-12-16 00:46 - 2012-02-14 18:52 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-15 23:52 - 2012-02-14 18:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 06:40 - 2011-12-15 06:40 - 0000000 ____D C:\Users\JEZ\AppData\Local\{9AC6C537-6113-4E19-B1CA-ADCD5CFBE1EF}
2011-12-15 06:39 - 2011-12-15 06:39 - 0000000 ____D C:\Users\JEZ\AppData\Local\{2F2CCD08-9864-4FA8-B036-80DBC5922393}
2011-12-15 04:35 - 2011-12-15 04:35 - 0794920 ____A C:\Users\JEZ\Downloads\SVT.odp
2011-12-15 04:33 - 2011-12-15 04:33 - 1157632 ____A C:\Users\JEZ\Downloads\SVT.ppt
2011-12-15 01:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 16:07 - 2011-12-14 16:06 - 0000000 ____D C:\Users\JEZ\AppData\Local\{64FFBA07-303E-4020-92F0-50DEA1F3B254}
2011-12-14 16:06 - 2011-12-14 16:06 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3B13217E-5BCA-4465-A5FE-7CFD5B500F93}
2011-12-13 23:43 - 2012-02-15 00:00 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-13 23:16 - 2012-02-15 00:00 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-13 23:11 - 2012-02-15 00:01 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-13 23:04 - 2012-02-15 00:00 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-13 23:04 - 2012-02-15 00:00 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-13 23:03 - 2012-02-15 00:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-13 23:03 - 2012-02-15 00:00 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-13 23:01 - 2012-02-15 00:00 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-13 23:00 - 2012-02-15 00:01 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-13 22:59 - 2012-02-15 00:01 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-13 22:57 - 2012-02-15 00:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-13 22:57 - 2012-02-15 00:01 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-13 22:53 - 2012-02-15 00:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 20:54 - 2011-12-13 20:54 - 0000000 ____D C:\Users\JEZ\AppData\Local\{C0D3F669-DF97-4CE5-91D2-06C6F5161487}
2011-12-13 20:54 - 2011-12-13 20:53 - 0000000 ____D C:\Users\JEZ\AppData\Local\{ED6AF5F9-8621-4707-BA76-A6FD9FF348FF}
2011-12-13 19:30 - 2012-02-15 00:00 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-13 19:10 - 2012-02-15 00:00 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-13 19:04 - 2012-02-15 00:01 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-13 18:57 - 2012-02-15 00:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-13 18:57 - 2012-02-15 00:00 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-13 18:56 - 2012-02-15 00:00 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-13 18:55 - 2012-02-15 00:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-13 18:54 - 2012-02-15 00:00 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-13 18:53 - 2012-02-15 00:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-13 18:52 - 2012-02-15 00:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-13 18:50 - 2012-02-15 00:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-13 18:50 - 2012-02-15 00:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-13 18:47 - 2012-02-15 00:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-13 10:54 - 2011-12-13 10:54 - 0017408 ____A C:\Users\JEZ\Documents\mall.xls
2011-12-13 10:15 - 2011-12-13 10:14 - 0025600 ____A C:\Users\JEZ\Documents\DS print.xls
2011-12-13 10:13 - 2011-12-13 10:13 - 0019022 ____A C:\Users\JEZ\Documents\DS print.ods
2011-12-13 10:12 - 2011-12-13 10:12 - 0028178 ____A C:\Users\JEZ\Documents\dusty shelves.ods
2011-12-12 18:36 - 2011-12-12 18:35 - 0000000 ____D C:\Users\JEZ\Documents\PicabooX
2011-12-12 14:07 - 2011-12-12 14:07 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
2011-12-12 14:07 - 2011-12-12 14:07 - 0000000 ____D C:\Program Files (x86)\Picaboo X
2011-12-11 14:09 - 2011-12-11 14:09 - 0035328 ____A C:\Users\JEZ\Downloads\CPT_Dec8_letter.doc
2011-12-10 20:26 - 2011-12-10 20:25 - 0000000 ____D C:\Users\JEZ\AppData\Local\{0C7BDF38-7764-49D9-8A6C-31A84A214597}
2011-12-10 20:25 - 2011-12-10 20:25 - 0000000 ____D C:\Users\JEZ\AppData\Local\{8BEBE647-8A8D-414E-906E-DF7D32C9790B}
2011-12-10 12:24 - 2012-02-02 20:06 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 18:16 - 2011-12-09 18:16 - 0000000 ____D C:\Users\JEZ\AppData\Local\{F46236EB-B04D-44D9-A7E9-94793464095D}
2011-12-09 18:16 - 2011-12-09 18:16 - 0000000 ____D C:\Users\JEZ\AppData\Local\{23EFC391-B58F-48E5-A2CE-615529A7AC42}
2011-12-08 14:16 - 2011-12-08 14:16 - 0112094 ____A C:\Users\JEZ\Downloads\Real Estate Services Firm Finds New Home at Playhouse Square - Crains Cleveland.pdf
2011-12-07 22:09 - 2011-07-08 15:24 - 0000000 ____D C:\Users\JEZ\Documents\My Labels
2011-12-06 21:46 - 2011-12-06 21:46 - 0000000 ____D C:\Users\JEZ\AppData\Local\{0026948C-6B74-485A-8EFA-BCB1D445B500}
2011-12-06 21:46 - 2011-12-06 21:45 - 0000000 ____D C:\Users\JEZ\AppData\Local\{45EBED3C-D827-40C5-AA2D-C484D5DCD6D0}
2011-12-06 08:20 - 2011-12-06 08:20 - 0040493 ____A C:\Users\JEZ\Downloads\387297_2795735415163_1311800055_3160141_1505106733_n.jpg
2011-12-05 10:18 - 2011-12-04 15:24 - 0000000 ____D C:\Users\JEZ\AppData\Local\ApplicationHistory
2011-12-05 10:12 - 2011-07-08 15:05 - 0005057 ____A C:\Windows\dsetupu_log.txt
2011-12-05 10:10 - 2011-12-05 10:10 - 0000000 ____D C:\Users\JEZ\Downloads\brother
2011-12-04 15:28 - 2011-07-24 17:28 - 0000000 ___HD C:\jexepackres
2011-12-04 15:24 - 2011-12-04 15:24 - 0000091 ____A C:\Users\JEZ\AppData\Local\fusioncache.dat
2011-12-04 15:24 - 2011-12-04 15:20 - 4554388 ____A C:\Users\JEZ\Downloads\transcode360-v1.0-B4.1.zip
2011-12-04 15:23 - 2011-12-04 15:23 - 0000000 ____D C:\Windows\SysWOW64\URTTEMP
2011-12-04 15:23 - 2011-06-09 02:11 - 0759394 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-12-04 15:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Registration
2011-12-02 23:16 - 2011-12-02 23:16 - 0000000 ____D C:\Users\JEZ\AppData\Local\{C0ED2477-49D7-4B1B-AA72-1734FA225CCB}
2011-12-02 23:16 - 2011-12-02 23:16 - 0000000 ____D C:\Users\JEZ\AppData\Local\{B96C6A15-0A46-490C-9014-9628A014D53D}
2011-12-02 07:03 - 2011-12-02 07:02 - 0000396 ____A C:\InstallHelper.log
2011-12-02 07:02 - 2011-12-02 07:02 - 0002049 ____A C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2011-12-02 07:02 - 2011-12-02 07:02 - 0000000 ____D C:\Users\All Users\eBay
2011-12-02 07:02 - 2011-12-02 07:02 - 0000000 ____D C:\ProgramData\eBay
2011-12-02 07:02 - 2011-12-02 07:02 - 0000000 ____D C:\Program Files (x86)\eBay
2011-12-01 20:27 - 2011-12-01 20:27 - 0000000 ____D C:\Users\JEZ\AppData\Local\{E7F53753-694E-4484-9819-CA3823A26C4B}
2011-12-01 20:27 - 2011-12-01 20:27 - 0000000 ____D C:\Users\JEZ\AppData\Local\{D8F511B0-71A6-432A-8BE8-D3854A133400}
2011-11-30 16:34 - 2011-11-30 16:34 - 0012429 ____A C:\Users\JEZ\Downloads\11_30_11 letter to members regarding beacheop (2).docx
2011-11-30 16:32 - 2011-11-30 16:32 - 0012148 ____A C:\Users\JEZ\Downloads\11_30_11 letter to members regarding beacheop.docx
2011-11-30 16:30 - 2011-11-30 16:30 - 0011397 ____A C:\Users\JEZ\Downloads\11_30_11 letter to members regarding beach.docx
2011-11-30 15:51 - 2011-11-30 15:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{3FCA6EFF-B122-4741-9F66-911E7303B385}
2011-11-30 15:51 - 2011-11-30 15:51 - 0000000 ____D C:\Users\JEZ\AppData\Local\{2C633521-59C0-4767-A7F1-AE27B2770166}
2011-11-30 04:39 - 2011-11-30 04:39 - 0000000 ____D C:\Users\JEZ\AppData\Roaming\Bidgood Svcs
2011-11-30 04:39 - 2011-11-30 04:39 - 0000000 ____D C:\Program Files\Picture Resize
2011-11-30 04:36 - 2011-11-30 04:36 - 0000000 ____D C:\Program Files (x86)\Geeks Ltd
2011-11-30 04:32 - 2011-11-30 04:30 - 0000000 ____D C:\Users\JEZ\Documents\Image Converter Plus
2011-11-30 04:30 - 2011-11-30 04:30 - 0000000 ____D C:\Users\Public\Documents\ImageConverter Plus
2011-11-30 04:30 - 2011-11-30 04:30 - 0000000 ____D C:\Program Files\ImageConverter Plus
2011-11-30 04:26 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-11-30 03:50 - 2011-11-30 03:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{96C13CF8-1B4C-4C13-B0BB-0F66C280BCED}
2011-11-30 03:50 - 2011-11-30 03:50 - 0000000 ____D C:\Users\JEZ\AppData\Local\{8A8494D9-FAD1-4BFE-8A76-6421AC4D9686}
2011-11-29 05:12 - 2011-11-29 05:12 - 0000000 ____D C:\Users\JEZ\AppData\Local\{B67199DA-3418-4FF1-974E-93BCEDF8F0ED}
2011-11-29 05:12 - 2011-11-29 05:12 - 0000000 ____D C:\Users\JEZ\AppData\Local\{90F1E253-012B-4A85-AE05-4ADDC3AF187C}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2011-05-28 05:43] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3947.86 MB
Available physical RAM: 3233.55 MB
Total Pagefile: 3946.01 MB
Available Pagefile: 3219.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:145 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (DVDVolume) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
4 Drive g: (USB20FD) (Removable) (Total:29.84 GB) (Free:25.62 GB) FAT32
5 Drive h: (Elements) (Fixed) (Total:1863.01 GB) (Free:5.21 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 29 GB 0 B
Disk 2 Online 1863 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 450 GB 15 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 450 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 17 MB

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB20FD FAT32 Removable 29 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Elements NTFS Partition 1863 GB Healthy



==========================================================

Last Boot: 2012-02-18 21:58

======================= End Of Log ==========================

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 23 February 2012 - 07:12 PM

Download the enclosed file.

Save it next to FRST in the USB drive.

Run FRST as you did before. This time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in normal Mode. If able, run Combofix as folows.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 clsman

clsman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 23 February 2012 - 10:28 PM

I re-ran frst with the fixlist file on the flash drive and posted the log below. I then rebooted in normal mode and was able to pull up the 64-bit version of IE and am using that to type this message, but still unable to run other programs, including combofix (which I saved directly to the desktop). I first disabled MSE before trying to run combofix, by the way. I didn't see any other anti-virus/malware programs running. When I got to the forums here and tried to advance a page, IE did try to redirect me to some pharmacy site, so I am assuming I still have that problem. I just hit the back button and reclicked page 2 and got there no problem. So, here's the log:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 21-02-2012
Ran by SYSTEM at 2012-02-23 22:09:26 R:1
Running from G:\

==============================================

C:\Users\JEZ\Desktop\iexplore.exe.com moved successfully.
C:\Windows\svchost.exe moved successfully.
C:\Program Files (x86)\LP moved successfully.
C:\Users\All Users\ad203e moved successfully.
C:\ProgramData\ad203e not found.
C:\Users\JEZ\AppData\Roaming\AV Security Essentials moved successfully.
C:\Users\All Users\AVXLHUAASE moved successfully.
C:\ProgramData\AVXLHUAASE not found.

==== End of Fixlog ====

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 24 February 2012 - 12:08 AM

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Overwrite the existing one. Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 clsman

clsman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 February 2012 - 12:47 AM

I followed your instructions and here is the log. The other file is attached.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 21-02-2012
Ran by SYSTEM at 2012-02-24 00:37:28 R:2
Running from G:\

==============================================


========= G:\MbrFix64 /drive 0 savembr G:\MBRDUMP.txt =========


========= End of CMD: =========


========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {3045dfcd-59f9-11e0-8c70-c300963ceeb3}
resumeobject {3045dfcc-59f9-11e0-8c70-c300963ceeb3}
displayorder {3045dfcd-59f9-11e0-8c70-c300963ceeb3}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {3045dfcd-59f9-11e0-8c70-c300963ceeb3}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {3045dfce-59f9-11e0-8c70-c300963ceeb3}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {3045dfcc-59f9-11e0-8c70-c300963ceeb3}
nx OptIn

Windows Boot Loader
-------------------
identifier {3045dfce-59f9-11e0-8c70-c300963ceeb3}
device ramdisk=[C:]\Recovery\3045dfce-59f9-11e0-8c70-c300963ceeb3\Winre.wim,{3045dfcf-59f9-11e0-8c70-c300963ceeb3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\3045dfce-59f9-11e0-8c70-c300963ceeb3\Winre.wim,{3045dfcf-59f9-11e0-8c70-c300963ceeb3}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {3045dfcc-59f9-11e0-8c70-c300963ceeb3}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {3045dfcf-59f9-11e0-8c70-c300963ceeb3}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\3045dfce-59f9-11e0-8c70-c300963ceeb3\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====

Attached Files



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 24 February 2012 - 11:20 AM

I would suggest you remove Mcafee for the time being. It is notorious for blocking programs.

See if you can download and run OTL as follows:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in


    netsvcs
    set /c
    /md5start
    UXTHEME.DLL
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    Userinit.exe
    Explorer.exe
    Winlogon.exe
    Regedit.exe
    SCLWAPI.dll
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 clsman

clsman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 February 2012 - 02:37 PM

Hello again. I am not able to follow your current set of instructions, because I can not run ANY programs, except for 64-bit IE. I can not run 'uninstall program' from the control panel, and even though I can DL OTL to the desktop, I can not run it. Double clicking doesn't do anything, and neither does trying to run it as the adminstrator after right clicking.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 24 February 2012 - 02:44 PM

Mmmm! Lets check the file explorer.exe for 32bit applications.

Run FRST.

Type the following in the edit box after "Search:".

explorer.exe

It then should look like:

Search: explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 clsman

clsman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 February 2012 - 03:06 PM

I am not sure if it matters, but I was already running in normal mode so I ran FRST from there and did the search you asked. Here are the results. If I should have done this in safe mode, let me know and I will do it again. Thanks.

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe
[2011-05-28 08:43] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-05-28 08:43] - [2011-02-26 00:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-05-28 08:43] - [2011-02-25 00:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-06-08 22:31] - [2010-11-20 07:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011-05-28 08:43] - [2011-02-26 00:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010-07-17 14:26] - [2010-07-17 14:26] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-02-04 05:49] - [2010-02-04 05:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-05-28 08:43] - [2011-02-26 00:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010-07-17 14:26] - [2010-07-17 14:26] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2010-02-04 05:49] - [2010-02-04 05:49] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-07-13 18:41] - [2009-07-13 20:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-05-28 08:43] - [2011-02-26 01:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-05-28 08:43] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-06-08 22:31] - [2010-11-20 08:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011-05-28 08:43] - [2011-02-26 01:26] - 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010-07-17 14:26] - [2010-07-17 14:26] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010-02-04 05:49] - [2010-02-04 05:49] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-05-28 08:43] - [2011-02-26 01:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010-07-17 14:26] - [2010-07-17 14:26] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010-02-04 05:49] - [2010-02-04 05:49] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-07-13 18:56] - [2009-07-13 20:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

C:\Windows\SysWOW64\explorer.exe
[2011-05-28 08:43] - [2011-02-25 00:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

====== End Of Search ======

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 24 February 2012 - 07:29 PM

Download the enclosed file.

Save it next to FRST in the USB drive.

Run FRST as you did before. This time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in normal or safe mode. If able, retry OTL.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 clsman

clsman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 24 February 2012 - 08:47 PM

Still can't run any programs. Here's the log:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 21-02-2012
Ran by SYSTEM at 2012-02-24 20:09:33 R:3
Running from G:\

==============================================

C:\Windows\SysWOW64\explorer.exe moved successfully.
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe

==== End of Fixlog ====

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:30 AM

Posted 24 February 2012 - 10:46 PM

Please re-scan with FRST. This time around remove all checkmarks and click on Scan. Post the FRST.txt produced after the scan.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users