Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When I click on links I keep getting redirected


  • This topic is locked This topic is locked
37 replies to this topic

#1 pjb25

pjb25

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 31 March 2012 - 10:04 PM

Whenever I searched google and then clicked on a link, I got redirected to strange websites (websites that the link didn't entail and that I didn't want to go to.) In Mozilla Firefox, I went to Options. Advanced. and clicked on Warn me when websites try to redirect or reload the page. And now whenever I click on a link the page reloads and stays the same about 4 times before finally taking me to the website I want to go to.

The problem started after I got a virus that caused a notification to come up on my screen trying to get me to buy corrective software. The notification had the name S.M.A.R.T. at the top of it. I did a system restore and then accessed the internet. Immediately I experienced the problem with being redirected. I downloaded Microsoft Security Essentials. I know now this may not have been the right course of action. When the problem persisted I did some more research and found BleepingComputer.

I also keep having an internet explorer window pop up even though I don't think I have internet explorer downloaded on my computer. Also, many of my personal files were hidden without my consent following the virus.

Can you please help me?

I have a 64-bit operating system. Here's the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Paul Bu at 19:14:19 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.799 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Users\Paul Bu\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe
C:\Windows\system32\AUDIODG.EXE
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Lexar_Echo_Backup_Manager.exe] C:\Users\Paul Bu\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{5C42264D-FECB-432E-9E97-FD46A7AC7E53} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul Bu\AppData\Roaming\Mozilla\Firefox\Profiles\29rbcbjw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111113063626178&tb_oid=10-12-2011&tb_mrud=10-12-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Users\Paul Bu\AppData\Roaming\Mozilla\Firefox\Profiles\29rbcbjw.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: C:\Users\Paul Bu\AppData\Roaming\Mozilla\Firefox\Profiles\29rbcbjw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-15 14904]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;C:\Windows\system32\DRIVERS\GUCI_AVS.sys --> C:\Windows\system32\DRIVERS\GUCI_AVS.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1caa699920ce87f;Google Update Service (gupdate1caa699920ce87f);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 133104]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 133104]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-01 00:01:12 -------- d-----w- C:\Users\Paul Bu\AppData\Roaming\Lexar
2012-03-31 22:40:34 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D182CB68-EF7D-48E7-875C-E226481E0B7B}\offreg.dll
2012-03-31 22:01:30 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C0C1.tmp
2012-03-31 22:01:30 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C0C0.tmp
2012-03-31 22:01:30 149504 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C0C0.tmp.dat
2012-03-31 22:01:27 -------- d-----w- C:\Users\Paul Bu\AppData\Roaming\Remote
2012-03-31 04:52:54 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7F81E4B-2E7B-4A8E-A4E7-B12340DB998C}\gapaengine.dll
2012-03-31 04:52:44 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D182CB68-EF7D-48E7-875C-E226481E0B7B}\mpengine.dll
2012-03-31 04:46:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-31 04:45:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-31 04:45:35 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-03-31 03:27:58 243200 ---ha-w- C:\ProgramData\JCA9LJB8yldSPc.exe
2012-03-14 20:34:05 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 20:34:04 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:34:02 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:23:33 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:23:30 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:23:30 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:23:29 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-13 21:23:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-13 21:23:29 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-13 21:23:29 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-13 21:23:29 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-13 21:23:29 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 21:23:29 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-13 21:23:29 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 21:22:34 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:22:34 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:22:34 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 21:22:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 21:22:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:22:31 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:22:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 19:22:51.84 ===============

Attached Files


Edited by pjb25, 31 March 2012 - 11:18 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 31 March 2012 - 11:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 06:35 PM

I had no problems running Combofix. I'm still being redirected whenever I click on links in google. I haven't gotten any internet explorer pop ups in the last few hours, but I got a bunch as Combofix was finishing up.

Here's my combofix log:

ComboFix 12-04-01.01 - Paul Bu 04/01/2012 11:41:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1797 [GMT -7:00]
Running from: c:\users\Paul Bu\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\JCA9LJB8yldSPc
c:\users\Paul Bu\Documents\~WRL1919.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 06:27 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-01 06:26 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B332F3E-A522-4199-9F80-7A5631E93B98}\mpengine.dll
2012-04-01 00:01 . 2012-04-01 00:01 -------- d-----w- c:\users\Paul Bu\AppData\Roaming\Lexar
2012-03-31 22:01 . 2012-03-31 22:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C0C1.tmp
2012-03-31 22:01 . 2012-03-31 22:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C0C0.tmp
2012-03-31 22:01 . 2012-03-31 22:41 -------- d-----w- c:\users\Paul Bu\AppData\Roaming\Remote
2012-03-31 04:52 . 2012-03-31 04:52 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7F81E4B-2E7B-4A8E-A4E7-B12340DB998C}\gapaengine.dll
2012-03-31 04:46 . 2012-03-31 04:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-31 04:45 . 2012-03-31 04:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-31 04:45 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-31 03:27 . 2012-03-31 03:27 243200 ---ha-w- c:\programdata\JCA9LJB8yldSPc.exe
2012-03-14 20:34 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 20:34 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:34 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:23 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:23 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:23 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:23 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:23 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:23 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:23 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:23 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 21:23 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 21:23 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 21:23 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 21:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:22 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:22 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:22 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-10-17 02:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-14 23:16 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-14 23:16 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-14 23:16 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-14 23:16 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexar_Echo_Backup_Manager.exe"="c:\users\Paul Bu\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe" [2010-03-23 37438648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 2244608]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-12-15 12862]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1caa699920ce87f;Google Update Service (gupdate1caa699920ce87f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 133104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 19:29]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 19:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2009-09-17 314880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\Paul Bu\AppData\Roaming\Mozilla\Firefox\Profiles\29rbcbjw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111113063626178&tb_oid=10-12-2011&tb_mrud=10-12-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\windows\AsScrPro.exe
.
**************************************************************************
.
Completion time: 2012-04-01 12:39:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 19:39
.
Pre-Run: 235,086,880,768 bytes free
Post-Run: 235,385,946,112 bytes free
.
- - End Of File - - 1A839F171C749B23065CC16DDB3DA77B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 01 April 2012 - 06:38 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 07:19 PM

I have downloaded and have clicked on TDSSkiller several times and nothing is happening.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 01 April 2012 - 07:42 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 07:55 PM

When I ran TDSS Fix tool, it said "infected MBR detected" and "repair succeeded"

#8 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 08:27 PM

I restarted my computer when the TDSS Fix tool was done. Windows wouldn't start. I had to choose Startup Repair. The problem wasn't fixed and I was told to click on Startup Repair again, so I did. I was told that Startup Repair could not fix the problem automatically, so I chose to "Send information about this problem." The problem still wasn't fixed so I did a system restore. The system restore is in the works right now.

Edited by pjb25, 01 April 2012 - 08:31 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 01 April 2012 - 08:40 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 09:35 PM

Hello,

Windows still isn't working.

Here's the log from the Farbar Scan:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 01-04-2012 19:31:09
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244608 2009-09-11] (VIA)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141608 2010-01-22] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-09-30] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKU\Paul Bu\...\Run: [JiKJGqSIsOjjAl.exe] C:\ProgramData\JiKJGqSIsOjjAl.exe [316416 2012-03-30] ( )
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

==================== Services (Whitelisted) ======

2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 gupdate1caa699920ce87f; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-02-05] (Google Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-08-24] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
3 GUCI_AVS; C:\Windows\System32\Drivers\GUCI_AVS.sys [692736 2009-10-28] (PixArt Imaging Incorporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
3 mfeavfk01; [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-01 11:41 - 2012-04-01 12:04 - 0018109 ____A C:\Users\Paul Bu\Desktop\combofix log.txt
2012-04-01 11:40 - 2012-04-01 11:40 - 0018109 ____A C:\ComboFix.txt
2012-04-01 10:32 - 2012-04-01 19:07 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 10:32 - 2012-04-01 11:40 - 0000000 ____D C:\ComboFix
2012-04-01 10:31 - 2012-04-01 11:40 - 0000000 ____D C:\Qoobox
2012-03-31 22:21 - 2012-03-31 22:21 - 0018420 ____A C:\Users\Paul Bu\Downloads\Angel in the Flesh.docx
2012-03-31 18:25 - 2012-03-31 18:25 - 0007193 ____A C:\Users\Paul Bu\Desktop\Attach.txt
2012-03-31 18:24 - 2012-03-31 18:24 - 0019299 ____A C:\Users\Paul Bu\Desktop\DDS.txt
2012-03-31 18:03 - 2012-03-31 18:03 - 0000000 ____A C:\Users\Paul Bu\defogger_reenable
2012-03-31 16:01 - 2012-04-01 19:07 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Lexar
2012-03-31 14:01 - 2012-03-31 14:41 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Remote
2012-03-30 21:57 - 2012-03-30 21:57 - 0266946 ____A C:\Users\Paul Bu\Downloads\215.docx
2012-03-30 20:46 - 2012-03-30 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-30 20:45 - 2012-04-01 19:07 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-03-30 19:28 - 2012-03-30 19:28 - 0000649 ___AH C:\Users\Paul Bu\Desktop\SMART_HDD.lnk
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\Users\All Users\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\ProgramData\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\Users\All Users\-JCA9LJB8yldSPc
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\ProgramData\-JCA9LJB8yldSPc
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\Users\All Users\JCA9LJB8yldSPc.exe
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\ProgramData\JCA9LJB8yldSPc.exe
2012-03-30 19:22 - 2012-03-30 19:20 - 0316416 ___AH ( ) C:\Users\All Users\JiKJGqSIsOjjAl.exe
2012-03-30 19:22 - 2012-03-30 19:20 - 0316416 ___AH ( ) C:\ProgramData\JiKJGqSIsOjjAl.exe
2012-03-24 22:35 - 2012-03-24 22:35 - 1368804 ____A C:\Users\Paul Bu\Desktop\The Patriarch (a novel).pdf
2012-03-21 11:18 - 2012-03-21 11:18 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-21 11:15 - 2012-03-21 11:19 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-14 12:34 - 2011-11-19 10:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 12:34 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 12:34 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 13:23 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 13:23 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 13:22 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 13:22 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 13:22 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 13:22 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 13:22 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 13:22 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 13:22 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


============ 3 Months Modified Files and Folders =============

2012-04-01 19:31 - 2012-04-01 19:30 - 0000000 ____D C:\FRST
2012-04-01 19:12 - 2010-01-30 19:16 - 0000000 ___HD C:\users\Paul Bu
2012-04-01 19:12 - 2009-12-15 04:44 - 0000000 ____D C:\Program Files\Best Buy Software Installer
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ___HD C:\Users\All Users\P4G
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ____D C:\Windows\SysWOW64\ASUS_Screensaver dir
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ____D C:\Program Files\P4G
2012-04-01 19:12 - 2009-12-15 04:35 - 0000000 ____D C:\Program Files\ATKGFNEX
2012-04-01 19:12 - 2009-12-15 04:30 - 0000000 ____D C:\Program Files\Elantech
2012-04-01 19:12 - 2009-12-15 04:27 - 0000000 ___HD C:\Users\All Users\AmUStor
2012-04-01 19:12 - 2009-12-15 04:27 - 0000000 ____D C:\Program Files (x86)\AmIcoSingLun
2012-04-01 19:12 - 2009-12-15 04:10 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-04-01 19:12 - 2009-12-15 04:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-01 19:12 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-01 19:11 - 2009-12-15 04:39 - 0000000 ___HD C:\ProgramData\P4G
2012-04-01 19:11 - 2009-12-15 04:27 - 0000000 ___HD C:\ProgramData\AmUStor
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-01 19:09 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-04-01 19:08 - 2011-10-21 16:12 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\vlc
2012-04-01 19:08 - 2011-05-21 18:41 - 0000000 ___HD C:\PSFONTS
2012-04-01 19:08 - 2010-11-30 19:53 - 0000000 ___HD C:\Users\All Users\McAfee Security Scan
2012-04-01 19:08 - 2010-11-30 19:53 - 0000000 ___HD C:\ProgramData\McAfee Security Scan
2012-04-01 19:08 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files\McAfee.com
2012-04-01 19:08 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files\McAfee
2012-04-01 19:08 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-04-01 19:08 - 2010-10-16 18:41 - 0000000 ___HD C:\Users\All Users\McAfee
2012-04-01 19:08 - 2010-10-16 18:41 - 0000000 ___HD C:\ProgramData\McAfee
2012-04-01 19:08 - 2010-10-05 15:11 - 0000000 ___HD C:\Users\Paul Bu\Desktop\City Plan of Florence 1_files
2012-04-01 19:08 - 2010-10-04 14:42 - 0000000 ___HD C:\Users\Paul Bu\Desktop\City Plan of Florence, from Art in Ren Ita_files
2012-04-01 19:08 - 2010-08-30 18:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Winamp
2012-04-01 19:08 - 2010-03-16 19:04 - 0000000 ___HD C:\Users\Paul Bu\Downloads\Bergman IQ Tests
2012-04-01 19:08 - 2010-03-05 22:47 - 0000000 ___HD C:\Users\All Users\avg9
2012-04-01 19:08 - 2010-03-05 22:47 - 0000000 ___HD C:\ProgramData\avg9
2012-04-01 19:08 - 2010-02-13 20:33 - 0000000 ____D C:\Program Files (x86)\SecondLife
2012-04-01 19:08 - 2010-02-06 11:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Microsoft Help
2012-04-01 19:08 - 2010-02-05 20:22 - 0000000 ___HD C:\Users\Paul Bu\Downloads\Final Draft v7.1.1.19
2012-04-01 19:08 - 2010-02-05 20:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\BitTorrent
2012-04-01 19:08 - 2010-02-04 09:05 - 0000000 ___HD C:\Users\All Users\Hewlett-Packard
2012-04-01 19:08 - 2010-02-04 09:05 - 0000000 ___HD C:\ProgramData\Hewlett-Packard
2012-04-01 19:08 - 2010-01-30 19:19 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Best_Buy«
2012-04-01 19:08 - 2010-01-30 19:18 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Roxio
2012-04-01 19:08 - 2009-12-15 04:43 - 0000000 __HDC C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
2012-04-01 19:08 - 2009-12-15 04:43 - 0000000 __HDC C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
2012-04-01 19:08 - 2009-12-15 04:20 - 0000000 ___HD C:\Users\Public\Documents\Boingo
2012-04-01 19:08 - 2009-12-15 04:14 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-04-01 19:08 - 2009-12-15 04:10 - 0000000 ___HD C:\Users\All Users\InstallShield
2012-04-01 19:08 - 2009-12-15 04:10 - 0000000 ___HD C:\ProgramData\InstallShield
2012-04-01 19:08 - 2009-12-15 04:01 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-01 19:08 - 2009-12-15 04:01 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-01 19:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-01 19:08 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-01 19:07 - 2012-04-01 10:32 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 19:07 - 2012-03-31 16:01 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Lexar
2012-04-01 19:07 - 2012-03-30 20:45 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-01 19:07 - 2010-11-30 19:53 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-01 19:07 - 2010-10-16 18:48 - 0000000 ____D C:\Program Files (x86)\McAfeeMOBK
2012-04-01 19:07 - 2010-10-16 18:48 - 0000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-04-01 19:07 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-04-01 19:07 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-01 19:07 - 2010-02-19 21:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-01 19:07 - 2010-02-05 20:38 - 0000000 ____D C:\Program Files (x86)\Final Draft 7
2012-04-01 19:07 - 2009-12-15 04:20 - 0000000 ___HD C:\Intel
2012-04-01 19:07 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-01 19:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-01 18:31 - 2010-02-06 11:53 - 0000000 ___HD C:\Users\Paul Bu\Downloads\Microsoft Office Word 2007
2012-04-01 18:31 - 2010-02-06 11:32 - 0000000 ___HD C:\Users\Paul Bu\Downloads\WinRAR 3.90 Final
2012-04-01 18:31 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-04-01 18:30 - 2011-05-21 18:42 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\MakeMusic
2012-04-01 18:30 - 2010-02-19 21:25 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Mozilla
2012-04-01 18:30 - 2010-02-15 21:32 - 0000000 ___HD C:\Users\Paul Bu\Documents\Writing
2012-04-01 18:30 - 2010-02-13 20:34 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Mozilla
2012-04-01 18:30 - 2010-02-13 20:33 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\SecondLife
2012-04-01 18:30 - 2010-02-01 07:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Microsoft Games
2012-04-01 18:30 - 2010-01-30 19:30 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Macromedia
2012-04-01 18:30 - 2010-01-30 19:30 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Adobe
2012-04-01 18:30 - 2010-01-30 19:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\LocalLow
2012-04-01 18:30 - 2010-01-30 19:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\VirtualStore
2012-04-01 18:29 - 2011-10-02 21:48 - 0000000 ___HD C:\Users\All Users\DivX
2012-04-01 18:29 - 2011-10-02 21:48 - 0000000 ___HD C:\ProgramData\DivX
2012-04-01 18:29 - 2010-02-07 01:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\ASUS
2012-04-01 18:29 - 2010-02-07 01:45 - 0000000 ___HD C:\Users\All Users\ASUS
2012-04-01 18:29 - 2010-02-07 01:45 - 0000000 ___HD C:\ProgramData\ASUS
2012-04-01 18:29 - 2010-02-05 11:29 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Google
2012-04-01 18:29 - 2010-02-01 17:44 - 0000000 ___HD C:\Users\All Users\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2012-04-01 18:29 - 2010-02-01 17:44 - 0000000 ___HD C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2012-04-01 18:29 - 2010-02-01 17:43 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-04-01 18:29 - 2010-02-01 17:43 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-04-01 18:29 - 2010-02-01 17:42 - 0000000 ___HD C:\Users\All Users\Apple
2012-04-01 18:29 - 2010-02-01 17:42 - 0000000 ___HD C:\ProgramData\Apple
2012-04-01 18:29 - 2009-12-15 04:11 - 0000000 ___HD C:\Users\All Users\Adobe
2012-04-01 18:29 - 2009-12-15 04:11 - 0000000 ___HD C:\ProgramData\Adobe
2012-04-01 18:29 - 2009-12-15 04:10 - 0000000 ___HD C:\Users\All Users\Uninstall
2012-04-01 18:29 - 2009-12-15 04:10 - 0000000 ___HD C:\ProgramData\Uninstall
2012-04-01 18:26 - 2009-12-15 04:11 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-01 16:50 - 2010-01-30 11:09 - 2388459520 __ASH C:\hiberfil.sys
2012-04-01 12:04 - 2012-04-01 11:41 - 0018109 ____A C:\Users\Paul Bu\Desktop\combofix log.txt
2012-04-01 11:40 - 2012-04-01 11:40 - 0018109 ____A C:\ComboFix.txt
2012-04-01 11:40 - 2012-04-01 10:32 - 0000000 ____D C:\ComboFix
2012-04-01 11:40 - 2012-04-01 10:31 - 0000000 ____D C:\Qoobox
2012-03-31 22:21 - 2012-03-31 22:21 - 0018420 ____A C:\Users\Paul Bu\Downloads\Angel in the Flesh.docx
2012-03-31 18:25 - 2012-03-31 18:25 - 0007193 ____A C:\Users\Paul Bu\Desktop\Attach.txt
2012-03-31 18:24 - 2012-03-31 18:24 - 0019299 ____A C:\Users\Paul Bu\Desktop\DDS.txt
2012-03-31 18:03 - 2012-03-31 18:03 - 0000000 ____A C:\Users\Paul Bu\defogger_reenable
2012-03-31 14:41 - 2012-03-31 14:01 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Remote
2012-03-30 21:57 - 2012-03-30 21:57 - 0266946 ____A C:\Users\Paul Bu\Downloads\215.docx
2012-03-30 20:46 - 2012-03-30 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-30 20:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-30 19:46 - 2009-12-15 04:39 - 0001870 ____A C:\Windows\System32\AutoRunFilter.ini
2012-03-30 19:43 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-30 19:43 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 19:41 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-30 19:40 - 2009-12-15 04:04 - 1998462 ____A C:\Windows\WindowsUpdate.log
2012-03-30 19:35 - 2010-02-05 11:44 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-30 19:34 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-30 19:34 - 2009-07-13 20:51 - 0047631 ____A C:\Windows\setupact.log
2012-03-30 19:33 - 2009-12-15 04:24 - 0115640 ____A C:\Windows\PFRO.log
2012-03-30 19:28 - 2012-03-30 19:28 - 0000649 ___AH C:\Users\Paul Bu\Desktop\SMART_HDD.lnk
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\Users\All Users\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\ProgramData\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\Users\All Users\-JCA9LJB8yldSPc
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\ProgramData\-JCA9LJB8yldSPc
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\Users\All Users\JCA9LJB8yldSPc.exe
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\ProgramData\JCA9LJB8yldSPc.exe
2012-03-30 19:20 - 2012-03-30 19:22 - 0316416 ___AH ( ) C:\Users\All Users\JiKJGqSIsOjjAl.exe
2012-03-30 19:20 - 2012-03-30 19:22 - 0316416 ___AH ( ) C:\ProgramData\JiKJGqSIsOjjAl.exe
2012-03-30 19:05 - 2010-02-05 11:44 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-27 15:47 - 2010-08-30 15:58 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\BitComet
2012-03-27 07:32 - 2009-12-15 04:39 - 0001789 ____A C:\Windows\System32\ServiceFilter.ini
2012-03-24 22:35 - 2012-03-24 22:35 - 1368804 ____A C:\Users\Paul Bu\Desktop\The Patriarch (a novel).pdf
2012-03-21 11:19 - 2012-03-21 11:15 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-21 11:18 - 2012-03-21 11:18 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-14 17:32 - 2009-07-13 20:45 - 0366080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 16:56 - 2010-02-01 17:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Apple Computer
2012-02-16 11:13 - 2010-01-30 19:16 - 0000174 ___SH C:\Users\Paul Bu\Start Menu\Programs\Startup\desktop.ini
2012-02-16 11:13 - 2010-01-30 19:16 - 0000174 ___SH C:\Users\Paul Bu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 11:12 - 2009-12-15 04:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 22:27 - 2012-03-13 13:22 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 13:22 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 13:22 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 13:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-13 13:23 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-05 16:38 - 2012-02-05 16:38 - 0130165 ____A C:\Users\Paul Bu\Desktop\top 50 mfa.pdf
2012-02-03 12:45 - 2010-03-02 13:37 - 0009728 ___AH C:\Users\Paul Bu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-02 20:16 - 2012-03-13 13:23 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 10:22 - 2009-12-15 04:14 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-24 22:27 - 2012-03-13 13:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 13:22 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 13:22 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-22 13:10 - 2012-01-22 13:10 - 6656602 ____A C:\Users\Paul Bu\Desktop\The-Life-and-Times-of-Jesus-the-Messiah.pdf
2012-01-04 21:48 - 2012-01-04 21:48 - 4075340 ____A C:\Users\Paul Bu\Desktop\0babyface.pdf
2012-01-04 21:45 - 2012-01-04 21:45 - 0839191 ____A C:\Users\Paul Bu\Desktop\WhiskeySourFree.pdf
2012-01-04 01:59 - 2012-02-14 15:17 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-14 15:16 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-14 15:16 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-14 15:16 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3037.09 MB
Available physical RAM: 2533.09 MB
Total Pagefile: 3035.23 MB
Available Pagefile: 2525.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.43 GB) (Free:218.91 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (UDISK) (Removable) (Total:1.89 GB) (Free:1.77 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 8 MB
Disk 1 Online 1936 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E UDISK FAT Removable 1935 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-03-25 13:16

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 01 April 2012 - 09:59 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 10:25 PM

Hello,

Windows still not working.

Here's Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-01 20:22:02 R:1
Running from E:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

 ■T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 01 April 2012 - 10:48 PM

I would like a new scan with FRST please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pjb25

pjb25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 April 2012 - 11:15 PM

New scan with FRST:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 01-04-2012 21:11:19
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244608 2009-09-11] (VIA)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141608 2010-01-22] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-09-30] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKU\Paul Bu\...\Run: [JiKJGqSIsOjjAl.exe] C:\ProgramData\JiKJGqSIsOjjAl.exe [316416 2012-03-30] ( )
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

==================== Services (Whitelisted) ======

2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 gupdate1caa699920ce87f; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-02-05] (Google Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-08-24] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
3 GUCI_AVS; C:\Windows\System32\Drivers\GUCI_AVS.sys [692736 2009-10-28] (PixArt Imaging Incorporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
3 mfeavfk01; [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-01 11:41 - 2012-04-01 12:04 - 0018109 ____A C:\Users\Paul Bu\Desktop\combofix log.txt
2012-04-01 11:40 - 2012-04-01 11:40 - 0018109 ____A C:\ComboFix.txt
2012-04-01 10:32 - 2012-04-01 19:07 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 10:32 - 2012-04-01 11:40 - 0000000 ____D C:\ComboFix
2012-04-01 10:31 - 2012-04-01 11:40 - 0000000 ____D C:\Qoobox
2012-03-31 22:21 - 2012-03-31 22:21 - 0018420 ____A C:\Users\Paul Bu\Downloads\Angel in the Flesh.docx
2012-03-31 18:25 - 2012-03-31 18:25 - 0007193 ____A C:\Users\Paul Bu\Desktop\Attach.txt
2012-03-31 18:24 - 2012-03-31 18:24 - 0019299 ____A C:\Users\Paul Bu\Desktop\DDS.txt
2012-03-31 18:03 - 2012-03-31 18:03 - 0000000 ____A C:\Users\Paul Bu\defogger_reenable
2012-03-31 16:01 - 2012-04-01 19:07 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Lexar
2012-03-31 14:01 - 2012-03-31 14:41 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Remote
2012-03-30 21:57 - 2012-03-30 21:57 - 0266946 ____A C:\Users\Paul Bu\Downloads\215.docx
2012-03-30 20:46 - 2012-03-30 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-30 20:45 - 2012-04-01 19:07 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-03-30 19:28 - 2012-03-30 19:28 - 0000649 ___AH C:\Users\Paul Bu\Desktop\SMART_HDD.lnk
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\Users\All Users\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\ProgramData\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\Users\All Users\-JCA9LJB8yldSPc
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\ProgramData\-JCA9LJB8yldSPc
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\Users\All Users\JCA9LJB8yldSPc.exe
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\ProgramData\JCA9LJB8yldSPc.exe
2012-03-30 19:22 - 2012-03-30 19:20 - 0316416 ___AH ( ) C:\Users\All Users\JiKJGqSIsOjjAl.exe
2012-03-30 19:22 - 2012-03-30 19:20 - 0316416 ___AH ( ) C:\ProgramData\JiKJGqSIsOjjAl.exe
2012-03-24 22:35 - 2012-03-24 22:35 - 1368804 ____A C:\Users\Paul Bu\Desktop\The Patriarch (a novel).pdf
2012-03-21 11:18 - 2012-03-21 11:18 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-21 11:15 - 2012-03-21 11:19 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-14 12:34 - 2011-11-19 10:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 12:34 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 12:34 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 13:23 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 13:23 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 13:23 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 13:23 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 13:22 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 13:22 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 13:22 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 13:22 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 13:22 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 13:22 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 13:22 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


============ 3 Months Modified Files and Folders =============

2012-04-01 21:11 - 2012-04-01 19:30 - 0000000 ____D C:\FRST
2012-04-01 19:12 - 2010-01-30 19:16 - 0000000 ___HD C:\users\Paul Bu
2012-04-01 19:12 - 2009-12-15 04:44 - 0000000 ____D C:\Program Files\Best Buy Software Installer
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ___HD C:\Users\All Users\P4G
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ___HD C:\ProgramData\P4G
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ____D C:\Windows\SysWOW64\ASUS_Screensaver dir
2012-04-01 19:12 - 2009-12-15 04:39 - 0000000 ____D C:\Program Files\P4G
2012-04-01 19:12 - 2009-12-15 04:35 - 0000000 ____D C:\Program Files\ATKGFNEX
2012-04-01 19:12 - 2009-12-15 04:30 - 0000000 ____D C:\Program Files\Elantech
2012-04-01 19:12 - 2009-12-15 04:27 - 0000000 ___HD C:\Users\All Users\AmUStor
2012-04-01 19:12 - 2009-12-15 04:27 - 0000000 ___HD C:\ProgramData\AmUStor
2012-04-01 19:12 - 2009-12-15 04:27 - 0000000 ____D C:\Program Files (x86)\AmIcoSingLun
2012-04-01 19:12 - 2009-12-15 04:10 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-04-01 19:12 - 2009-12-15 04:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-01 19:12 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-01 19:12 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-01 19:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-01 19:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-04-01 19:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-01 19:09 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-04-01 19:08 - 2011-10-21 16:12 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\vlc
2012-04-01 19:08 - 2011-05-21 18:41 - 0000000 ___HD C:\PSFONTS
2012-04-01 19:08 - 2010-11-30 19:53 - 0000000 ___HD C:\Users\All Users\McAfee Security Scan
2012-04-01 19:08 - 2010-11-30 19:53 - 0000000 ___HD C:\ProgramData\McAfee Security Scan
2012-04-01 19:08 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files\McAfee.com
2012-04-01 19:08 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files\McAfee
2012-04-01 19:08 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-04-01 19:08 - 2010-10-16 18:41 - 0000000 ___HD C:\Users\All Users\McAfee
2012-04-01 19:08 - 2010-10-16 18:41 - 0000000 ___HD C:\ProgramData\McAfee
2012-04-01 19:08 - 2010-10-05 15:11 - 0000000 ___HD C:\Users\Paul Bu\Desktop\City Plan of Florence 1_files
2012-04-01 19:08 - 2010-10-04 14:42 - 0000000 ___HD C:\Users\Paul Bu\Desktop\City Plan of Florence, from Art in Ren Ita_files
2012-04-01 19:08 - 2010-08-30 18:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Winamp
2012-04-01 19:08 - 2010-03-16 19:04 - 0000000 ___HD C:\Users\Paul Bu\Downloads\Bergman IQ Tests
2012-04-01 19:08 - 2010-03-05 22:47 - 0000000 ___HD C:\Users\All Users\avg9
2012-04-01 19:08 - 2010-03-05 22:47 - 0000000 ___HD C:\ProgramData\avg9
2012-04-01 19:08 - 2010-02-13 20:33 - 0000000 ____D C:\Program Files (x86)\SecondLife
2012-04-01 19:08 - 2010-02-06 11:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Microsoft Help
2012-04-01 19:08 - 2010-02-05 20:22 - 0000000 ___HD C:\Users\Paul Bu\Downloads\Final Draft v7.1.1.19
2012-04-01 19:08 - 2010-02-05 20:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\BitTorrent
2012-04-01 19:08 - 2010-02-04 09:05 - 0000000 ___HD C:\Users\All Users\Hewlett-Packard
2012-04-01 19:08 - 2010-02-04 09:05 - 0000000 ___HD C:\ProgramData\Hewlett-Packard
2012-04-01 19:08 - 2010-01-30 19:19 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Best_Buy«
2012-04-01 19:08 - 2010-01-30 19:18 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Roxio
2012-04-01 19:08 - 2009-12-15 04:43 - 0000000 __HDC C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
2012-04-01 19:08 - 2009-12-15 04:43 - 0000000 __HDC C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
2012-04-01 19:08 - 2009-12-15 04:20 - 0000000 ___HD C:\Users\Public\Documents\Boingo
2012-04-01 19:08 - 2009-12-15 04:14 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-04-01 19:08 - 2009-12-15 04:10 - 0000000 ___HD C:\Users\All Users\InstallShield
2012-04-01 19:08 - 2009-12-15 04:10 - 0000000 ___HD C:\ProgramData\InstallShield
2012-04-01 19:08 - 2009-12-15 04:01 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-01 19:08 - 2009-12-15 04:01 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-01 19:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-01 19:08 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-01 19:07 - 2012-04-01 10:32 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 19:07 - 2012-03-31 16:01 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Lexar
2012-04-01 19:07 - 2012-03-30 20:45 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-01 19:07 - 2010-11-30 19:53 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-01 19:07 - 2010-10-16 18:48 - 0000000 ____D C:\Program Files (x86)\McAfeeMOBK
2012-04-01 19:07 - 2010-10-16 18:48 - 0000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-04-01 19:07 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-04-01 19:07 - 2010-10-16 18:47 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-01 19:07 - 2010-02-19 21:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-01 19:07 - 2010-02-05 20:38 - 0000000 ____D C:\Program Files (x86)\Final Draft 7
2012-04-01 19:07 - 2009-12-15 04:20 - 0000000 ___HD C:\Intel
2012-04-01 19:07 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-01 19:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-01 18:31 - 2010-02-06 11:53 - 0000000 ___HD C:\Users\Paul Bu\Downloads\Microsoft Office Word 2007
2012-04-01 18:31 - 2010-02-06 11:32 - 0000000 ___HD C:\Users\Paul Bu\Downloads\WinRAR 3.90 Final
2012-04-01 18:31 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-04-01 18:30 - 2011-05-21 18:42 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\MakeMusic
2012-04-01 18:30 - 2010-02-19 21:25 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Mozilla
2012-04-01 18:30 - 2010-02-15 21:32 - 0000000 ___HD C:\Users\Paul Bu\Documents\Writing
2012-04-01 18:30 - 2010-02-13 20:34 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Mozilla
2012-04-01 18:30 - 2010-02-13 20:33 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\SecondLife
2012-04-01 18:30 - 2010-02-01 07:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Microsoft Games
2012-04-01 18:30 - 2010-01-30 19:30 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Macromedia
2012-04-01 18:30 - 2010-01-30 19:30 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\Adobe
2012-04-01 18:30 - 2010-01-30 19:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\LocalLow
2012-04-01 18:30 - 2010-01-30 19:16 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\VirtualStore
2012-04-01 18:29 - 2011-10-02 21:48 - 0000000 ___HD C:\Users\All Users\DivX
2012-04-01 18:29 - 2011-10-02 21:48 - 0000000 ___HD C:\ProgramData\DivX
2012-04-01 18:29 - 2010-02-07 01:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\ASUS
2012-04-01 18:29 - 2010-02-07 01:45 - 0000000 ___HD C:\Users\All Users\ASUS
2012-04-01 18:29 - 2010-02-07 01:45 - 0000000 ___HD C:\ProgramData\ASUS
2012-04-01 18:29 - 2010-02-05 11:29 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Google
2012-04-01 18:29 - 2010-02-01 17:44 - 0000000 ___HD C:\Users\All Users\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2012-04-01 18:29 - 2010-02-01 17:44 - 0000000 ___HD C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2012-04-01 18:29 - 2010-02-01 17:43 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-04-01 18:29 - 2010-02-01 17:43 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-04-01 18:29 - 2010-02-01 17:42 - 0000000 ___HD C:\Users\All Users\Apple
2012-04-01 18:29 - 2010-02-01 17:42 - 0000000 ___HD C:\ProgramData\Apple
2012-04-01 18:29 - 2009-12-15 04:11 - 0000000 ___HD C:\Users\All Users\Adobe
2012-04-01 18:29 - 2009-12-15 04:11 - 0000000 ___HD C:\ProgramData\Adobe
2012-04-01 18:29 - 2009-12-15 04:10 - 0000000 ___HD C:\Users\All Users\Uninstall
2012-04-01 18:29 - 2009-12-15 04:10 - 0000000 ___HD C:\ProgramData\Uninstall
2012-04-01 18:26 - 2009-12-15 04:11 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-01 16:50 - 2010-01-30 11:09 - 2388459520 __ASH C:\hiberfil.sys
2012-04-01 12:04 - 2012-04-01 11:41 - 0018109 ____A C:\Users\Paul Bu\Desktop\combofix log.txt
2012-04-01 11:40 - 2012-04-01 11:40 - 0018109 ____A C:\ComboFix.txt
2012-04-01 11:40 - 2012-04-01 10:32 - 0000000 ____D C:\ComboFix
2012-04-01 11:40 - 2012-04-01 10:31 - 0000000 ____D C:\Qoobox
2012-03-31 22:21 - 2012-03-31 22:21 - 0018420 ____A C:\Users\Paul Bu\Downloads\Angel in the Flesh.docx
2012-03-31 18:25 - 2012-03-31 18:25 - 0007193 ____A C:\Users\Paul Bu\Desktop\Attach.txt
2012-03-31 18:24 - 2012-03-31 18:24 - 0019299 ____A C:\Users\Paul Bu\Desktop\DDS.txt
2012-03-31 18:03 - 2012-03-31 18:03 - 0000000 ____A C:\Users\Paul Bu\defogger_reenable
2012-03-31 14:41 - 2012-03-31 14:01 - 0000000 ____D C:\Users\Paul Bu\AppData\Roaming\Remote
2012-03-30 21:57 - 2012-03-30 21:57 - 0266946 ____A C:\Users\Paul Bu\Downloads\215.docx
2012-03-30 20:46 - 2012-03-30 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-30 20:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-30 19:46 - 2009-12-15 04:39 - 0001870 ____A C:\Windows\System32\AutoRunFilter.ini
2012-03-30 19:43 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-30 19:43 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 19:41 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-30 19:40 - 2009-12-15 04:04 - 1998462 ____A C:\Windows\WindowsUpdate.log
2012-03-30 19:35 - 2010-02-05 11:44 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-30 19:34 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-30 19:34 - 2009-07-13 20:51 - 0047631 ____A C:\Windows\setupact.log
2012-03-30 19:33 - 2009-12-15 04:24 - 0115640 ____A C:\Windows\PFRO.log
2012-03-30 19:28 - 2012-03-30 19:28 - 0000649 ___AH C:\Users\Paul Bu\Desktop\SMART_HDD.lnk
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\Users\All Users\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000208 ___AH C:\ProgramData\-JCA9LJB8yldSPcr
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\Users\All Users\-JCA9LJB8yldSPc
2012-03-30 19:28 - 2012-03-30 19:28 - 0000000 ___AH C:\ProgramData\-JCA9LJB8yldSPc
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\Users\All Users\JCA9LJB8yldSPc.exe
2012-03-30 19:27 - 2012-03-30 19:27 - 0243200 ___AH ( ) C:\ProgramData\JCA9LJB8yldSPc.exe
2012-03-30 19:20 - 2012-03-30 19:22 - 0316416 ___AH ( ) C:\Users\All Users\JiKJGqSIsOjjAl.exe
2012-03-30 19:20 - 2012-03-30 19:22 - 0316416 ___AH ( ) C:\ProgramData\JiKJGqSIsOjjAl.exe
2012-03-30 19:05 - 2010-02-05 11:44 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-27 15:47 - 2010-08-30 15:58 - 0000000 ___HD C:\Users\Paul Bu\AppData\Roaming\BitComet
2012-03-27 07:32 - 2009-12-15 04:39 - 0001789 ____A C:\Windows\System32\ServiceFilter.ini
2012-03-24 22:35 - 2012-03-24 22:35 - 1368804 ____A C:\Users\Paul Bu\Desktop\The Patriarch (a novel).pdf
2012-03-21 11:19 - 2012-03-21 11:15 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-21 11:18 - 2012-03-21 11:18 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-21 11:18 - 2012-03-21 11:18 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-21 11:18 - 2012-03-21 11:18 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-21 11:18 - 2012-03-21 11:18 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-21 11:18 - 2012-03-21 11:18 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-21 11:18 - 2012-03-21 11:18 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-21 11:18 - 2012-03-21 11:18 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-21 11:18 - 2012-03-21 11:18 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-14 17:32 - 2009-07-13 20:45 - 0366080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 16:56 - 2010-02-01 17:45 - 0000000 ___HD C:\Users\Paul Bu\AppData\Local\Apple Computer
2012-02-16 11:13 - 2010-01-30 19:16 - 0000174 ___SH C:\Users\Paul Bu\Start Menu\Programs\Startup\desktop.ini
2012-02-16 11:13 - 2010-01-30 19:16 - 0000174 ___SH C:\Users\Paul Bu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 11:12 - 2009-12-15 04:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 22:27 - 2012-03-13 13:22 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 13:22 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 13:22 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 13:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-13 13:23 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 13:23 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 13:23 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-05 16:38 - 2012-02-05 16:38 - 0130165 ____A C:\Users\Paul Bu\Desktop\top 50 mfa.pdf
2012-02-03 12:45 - 2010-03-02 13:37 - 0009728 ___AH C:\Users\Paul Bu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-02 20:16 - 2012-03-13 13:23 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 10:22 - 2009-12-15 04:14 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-24 22:27 - 2012-03-13 13:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 13:22 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 13:22 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-22 13:10 - 2012-01-22 13:10 - 6656602 ____A C:\Users\Paul Bu\Desktop\The-Life-and-Times-of-Jesus-the-Messiah.pdf
2012-01-04 21:48 - 2012-01-04 21:48 - 4075340 ____A C:\Users\Paul Bu\Desktop\0babyface.pdf
2012-01-04 21:45 - 2012-01-04 21:45 - 0839191 ____A C:\Users\Paul Bu\Desktop\WhiskeySourFree.pdf
2012-01-04 01:59 - 2012-02-14 15:17 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-14 15:16 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-14 15:16 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-14 15:16 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3037.09 MB
Available physical RAM: 2509.69 MB
Total Pagefile: 3035.23 MB
Available Pagefile: 2507.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.43 GB) (Free:218.91 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (UDISK) (Removable) (Total:1.89 GB) (Free:1.77 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 8 MB
Disk 1 Online 1936 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E UDISK FAT Removable 1935 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-25 13:16

======================= End Of Log ==========================

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 AM

Posted 01 April 2012 - 11:29 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Last Boot: 2012-03-25 13:16

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users