Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon.FP


  • This topic is locked This topic is locked
18 replies to this topic

#1 Resin01

Resin01

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 22 April 2012 - 02:29 PM

Hi everybody. It seems that I have gotten this virus sadly, and looking through your forum posts I can see that its not that easy to get rid off. Therefor I was hoping that someone would lend me at hand. Any help is greatly appreviated!

As soon as I start get into windows "Microsoft Security essentials pops up telling me that I have the virus Alureon.FP, and then removes it. Sadly after this I cant reboot my pc unless I to a system restore.

If I click on details for the infection it tells me that its in:
file:C:\Windows\assembly\temp\U\80000032.$
file:C:\Windows\assembly\temp\U\80000032.@
file:C:\Windows\assembly\temp\U\80000064.$
file:C:\Windows\assembly\temp\U\80000064.@


I would love to post a log, but can someone direct me to a proper scanner for this?

Thanks in advance
Resin01

BC AdBot (Login to Remove)

 


#2 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 22 April 2012 - 03:38 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Resin at 22:35:40 on 2012-04-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.8126.5425 [GMT 2:00]
.
AV: YouSee Sikkerhedspakke 9.15 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: YouSee Sikkerhedspakke 9.15 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: YouSee Sikkerhedspakke 9.15 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Users\Resin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Resin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Hjælp til logon til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\NRS\iescript\baselitmus.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\NRS\iescript\baselitmus.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Resin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [F-Secure TNB] "C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
dRun: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe /app 24F425B73FEA9E29FE2A82811F11A7D4
StartupFolder: C:\Users\Resin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Resin\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\FSPS\program\FSLSP.DLL
LSP: mswsock.dll
Trusted Zone: danskebank.dk\www
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\36964796E60207C616A71602141313F566C62723F223 : DhcpNameServer = 192.168.6.23
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\36964796E60207C616A71602141313F566C62743F223 : DhcpNameServer = 192.168.6.27
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\454434D233245403 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\454434D233245403 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\761337 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\761337 : DhcpNameServer = 89.150.129.4 89.150.129.10
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\86A656D6D656 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\86A656D6D656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\95F445021313D2132383 : DhcpNameServer = 10.0.2.128
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{265EEE8E-3228-44D3-AEA5-F7FDF5860049}
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - component: C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: C:\Users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Resin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Resin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\HIPS\drivers\fshs.sys [2011-12-25 60040]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\minifilter\fsvista.sys [2011-12-25 14904]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/12/15 00:20:29];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-12-15 146928]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdService;NVIDIA Update Service;C:\Windows\System32\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe [2012-4-16 31232]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S1 fsgbqjcm;fsgbqjcm;\??\C:\Windows\system32\drivers\fsgbqjcm.sys --> C:\Windows\system32\drivers\fsgbqjcm.sys [?]
S1 iugxricg;iugxricg;\??\C:\Windows\system32\drivers\iugxricg.sys --> C:\Windows\system32\drivers\iugxricg.sys [?]
S1 ivfpxjsg;ivfpxjsg;\??\C:\Windows\system32\drivers\ivfpxjsg.sys --> C:\Windows\system32\drivers\ivfpxjsg.sys [?]
S1 lfavqwwn;lfavqwwn;\??\C:\Windows\system32\drivers\lfavqwwn.sys --> C:\Windows\system32\drivers\lfavqwwn.sys [?]
S1 nbrqnqie;nbrqnqie;\??\C:\Windows\system32\drivers\nbrqnqie.sys --> C:\Windows\system32\drivers\nbrqnqie.sys [?]
S1 obbxggaz;obbxggaz;\??\C:\Windows\system32\drivers\obbxggaz.sys --> C:\Windows\system32\drivers\obbxggaz.sys [?]
S1 ugeoucio;ugeoucio;\??\C:\Windows\system32\drivers\ugeoucio.sys --> C:\Windows\system32\drivers\ugeoucio.sys [?]
S1 xfbienes;xfbienes;\??\C:\Windows\system32\drivers\xfbienes.sys --> C:\Windows\system32\drivers\xfbienes.sys [?]
S1 zxxrqrna;zxxrqrna;\??\C:\Windows\system32\drivers\zxxrqrna.sys --> C:\Windows\system32\drivers\zxxrqrna.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2010-12-15 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
S4 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-9 338168]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-23 1431888]
S4 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\ORSP Client\fsorsp.exe [2011-12-25 61088]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S4 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S4 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-19 20480]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;D:\3dsmax2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-1-4 6438264]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-15 2533400]
.
=============== Created Last 30 ================
.
2012-04-22 20:25:01 50000 ----a-w- C:\Windows\System32\drivers\obbxggaz.sys
2012-04-22 20:14:19 50000 ----a-w- C:\Windows\System32\drivers\nbrqnqie.sys
2012-04-22 20:08:56 50000 ----a-w- C:\Windows\System32\drivers\xfbienes.sys
2012-04-22 19:56:11 50000 ----a-w- C:\Windows\System32\drivers\ugeoucio.sys
2012-04-22 19:42:03 50000 ----a-w- C:\Windows\System32\drivers\ivfpxjsg.sys
2012-04-22 19:36:59 50000 ----a-w- C:\Windows\System32\drivers\fsgbqjcm.sys
2012-04-22 19:35:25 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D720C55E-2BC1-4F43-BC76-8626591654DF}\offreg.dll
2012-04-22 19:25:01 50000 ----a-w- C:\Windows\System32\drivers\zxxrqrna.sys
2012-04-22 19:24:52 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D720C55E-2BC1-4F43-BC76-8626591654DF}\mpengine.dll
2012-04-22 19:12:24 50000 ----a-w- C:\Windows\System32\drivers\lfavqwwn.sys
2012-04-22 19:06:46 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-22 18:58:32 50000 ----a-w- C:\Windows\System32\drivers\iugxricg.sys
2012-04-22 18:57:14 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37447F54-AC93-4518-B394-BD9E1BB6F582}\gapaengine.dll
2012-04-22 18:55:09 -------- d-----w- C:\Users\Resin\AppData\Local\{F12123F0-1C69-41BF-9F32-DA670A74E901}
2012-04-22 18:54:59 -------- d-----w- C:\Users\Resin\AppData\Local\{3E39C83D-7AB5-4CC9-8D6E-DE3C3D05FB5B}
2012-04-20 11:08:46 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-04-20 11:07:13 -------- d-----w- C:\ProgramData\Battle.net
2012-04-20 11:06:04 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-04-19 22:28:55 -------- d-----w- C:\ProgramData\Recovery
2012-04-19 19:33:58 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-19 18:33:46 -------- d-----w- C:\Users\Resin\AppData\Local\{98A69FBD-2420-443E-8AE7-D59EBE3BE701}
2012-04-19 18:33:36 -------- d-----w- C:\Users\Resin\AppData\Local\{2F22952E-5D30-49EC-B69D-FF10359E1FAC}
2012-04-19 14:43:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-19 14:43:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-19 14:24:43 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-19 14:22:24 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-19 14:22:24 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-19 14:22:13 -------- d-----w- C:\ProgramData\PC Tools
2012-04-19 14:22:12 -------- d-----w- C:\Users\Resin\AppData\Roaming\TestApp
2012-04-19 14:17:45 -------- d-----w- C:\Users\Resin\AppData\Roaming\QuickScan
2012-04-19 14:14:20 -------- d-----w- C:\Users\Resin\AppData\Local\{9A3B6D63-D23A-49B2-89F1-12FAA36E02C4}
2012-04-19 14:14:09 -------- d-----w- C:\Users\Resin\AppData\Local\{BE405D3C-32DA-40A3-9862-5B5795AB0596}
2012-04-19 13:41:27 -------- d-----w- C:\Users\Resin\AppData\Local\{C1649BFD-F4B5-459B-9C54-3F8018ACA7ED}
2012-04-19 13:41:04 -------- d-----w- C:\Users\Resin\AppData\Local\{6119597D-2397-4F08-849D-BD364CFF7701}
2012-04-19 13:31:02 -------- d-----w- C:\Users\Resin\AppData\Local\{32C6BF04-FA8A-4B72-B45A-2D69DAA0353A}
2012-04-19 13:30:52 -------- d-----w- C:\Users\Resin\AppData\Local\{D69F4C4B-477C-42DE-8333-A09D776D2676}
2012-04-19 13:08:26 -------- d-----w- C:\Users\Resin\AppData\Local\{869B08AC-1544-4313-86B0-6D66765F7083}
2012-04-19 13:08:04 -------- d-----w- C:\Users\Resin\AppData\Local\{51B14D03-5439-4D75-9422-6908629607DE}
2012-04-19 13:02:46 -------- d-----w- C:\Users\Resin\AppData\Local\{48E66B4E-044D-4554-AAFE-0873F8B85421}
2012-04-19 13:02:35 -------- d-----w- C:\Users\Resin\AppData\Local\{1B4D62B3-C227-4F9B-B1CF-26AACCD7A759}
2012-04-19 12:56:51 -------- d-----w- C:\Users\Resin\AppData\Local\{016FEBB3-D932-4864-A718-7B99A02051F6}
2012-04-19 12:56:41 -------- d-----w- C:\Users\Resin\AppData\Local\{11096258-78DC-4F83-BFFF-7D54957E7B33}
2012-04-19 11:16:52 -------- d-----w- C:\Users\Resin\AppData\Local\{5A0353E2-49CF-472C-8912-5C0DA78172AB}
2012-04-19 11:16:42 -------- d-----w- C:\Users\Resin\AppData\Local\{960D0261-9F31-4858-8B68-AF4E547961D9}
2012-04-19 11:10:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\DSETUP.dll
2012-04-19 11:10:56 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\DXSETUP.exe
2012-04-19 11:10:56 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\dsetup32.dll
2012-04-19 11:09:58 -------- d-----w- C:\Users\Resin\AppData\Local\{0965C3A8-F10B-4744-821A-A3FA2094EC87}
2012-04-19 11:09:48 -------- d-----w- C:\Users\Resin\AppData\Local\{794A564A-2486-47C4-8FBA-346BBBDBCB59}
2012-04-19 10:46:54 130048 ----a-w- C:\ProgramData\C1Btcq5x.exe
2012-04-19 10:36:33 -------- d-----w- C:\Users\Resin\AppData\Local\{E7DEB311-C078-4745-8EB6-F15F5C760530}
2012-04-19 10:36:22 -------- d-----w- C:\Users\Resin\AppData\Local\{3AB60E3C-314E-40FE-9D80-4323F6E55525}
2012-04-16 05:32:57 -------- d-----w- C:\Users\Resin\AppData\Local\{690ED934-CA9D-4FDF-83D9-AD3C7E53E871}
2012-04-13 05:31:09 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-13 05:30:00 -------- d-----we C:\Windows\system64
2012-04-12 03:58:03 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:58:03 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:58:03 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 03:58:02 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 03:58:02 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:58:02 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 03:58:02 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 03:58:02 -------- d-----w- C:\Users\Resin\AppData\Local\{36FCA64E-D5FF-4D29-A736-EBEA4576F1E1}
2012-04-11 04:50:26 209960 ----a-w- C:\Windows\SysWow64\unwofmfl.dll
2012-04-11 04:08:32 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{024E31CC-7EF6-444D-9792-10715C9B8C80}\mpengine.dll
2012-04-05 11:47:02 -------- d-----w- C:\Users\Resin\AppData\Local\{17F848CC-675C-49CC-AA2A-59BD7A8D5045}
2012-04-05 04:46:55 -------- d-----w- C:\Users\Resin\AppData\Local\{5E3540D8-17ED-44B4-A1AC-FB20F289A515}
2012-04-04 10:45:07 -------- d-----w- C:\Users\Resin\AppData\Local\{128112F5-0143-4845-8AD5-B8B9EF92C098}
2012-04-01 17:24:05 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-04-01 13:09:17 -------- d-----w- C:\Users\Resin\AppData\Local\{0145EEE5-92E4-4E50-A316-45641ADED0C0}
2012-03-31 10:10:35 -------- d-----w- C:\Users\Resin\AppData\Local\{EBEEC885-0A5A-42FE-AFC9-3E0CB0C15155}
2012-03-30 07:10:09 -------- d-----w- C:\Users\Resin\AppData\Local\{6443CEDF-3009-4024-A60A-62FFC8F3F897}
2012-03-29 15:16:14 -------- d-----w- C:\Users\Resin\AppData\Local\{AC425772-DF63-4E92-A6C9-6CA8420AFC75}
2012-03-28 15:25:13 -------- d-----w- C:\Users\Resin\AppData\Local\{6EB96FB3-3264-4230-8F11-FC42C3EC6C0B}
2012-03-28 15:25:00 -------- d-----w- C:\Users\Resin\AppData\Local\{AF5DB717-653A-4A1C-89DF-920C47EDCD82}
2012-03-27 15:44:30 -------- d-----w- C:\Users\Resin\AppData\Local\{AB383B27-785C-4BB7-A1AC-577B7BEBD8B2}
2012-03-27 15:44:17 -------- d-----w- C:\Users\Resin\AppData\Local\{1A912049-EE31-403D-AD2F-C3C04423876A}
2012-03-26 17:30:16 -------- d-----w- C:\Users\Resin\AppData\Local\{6D823E91-3283-4DC1-8ABD-BC15D7FC72ED}
2012-03-26 17:30:04 -------- d-----w- C:\Users\Resin\AppData\Local\{BDD2F0A4-119D-4404-A337-BC7FB1F5F5CE}
2012-03-25 22:57:19 -------- d-----w- C:\Users\Resin\AppData\Local\{E74AB83C-4763-48E1-9021-38683E7A4DBE}
2012-03-25 22:56:44 -------- d-----w- C:\Users\Resin\AppData\Local\{BA5B72B0-E470-45E2-9E42-0217CA3A7861}
2012-03-25 10:56:32 -------- d-----w- C:\Users\Resin\AppData\Local\{16957FF4-B838-4DE2-84C9-D633D45E77CF}
2012-03-25 10:56:08 -------- d-----w- C:\Users\Resin\AppData\Local\{19CF9C77-EB93-40E5-B3BB-8C579962AA29}
2012-03-24 17:26:30 -------- d-----w- C:\Users\Resin\AppData\Local\{D1006700-7076-4CBB-B7A5-F078109A2768}
2012-03-24 17:25:54 -------- d-----w- C:\Users\Resin\AppData\Local\{ABE67556-FE10-4BA9-BEB4-8D12CA2C7B45}
2012-03-24 05:25:28 -------- d-----w- C:\Users\Resin\AppData\Local\{451B90D0-1057-45E5-824F-F2823F30CD44}
.
==================== Find3M ====================
.
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-25 22:00:09 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
2012-02-17 23:21:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 04:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-02 22:50:43 5265 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-02-02 22:50:43 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:36:53,90 ===============

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 22 April 2012 - 04:22 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 25 April 2012 - 12:03 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 25 April 2012 - 02:45 PM

Hey mate

Thanks for the concern. I have had some problems with my flash drive being lost, so I had to get my tablet working as a flash drive.


Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 25-04-2012 21:31:26
Running from J:\Download
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [F-Secure TNB] "C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [1655464 2011-01-05] (F-Secure Corporation)
HKU\Resin\...\Run: [AdobeBridge] [x]
HKU\Resin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Resin\...\Run: [Google Update] "C:\Users\Resin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-13] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
4 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
4 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-02-08] (DeviceVM, Inc.)
4 FSORSPClient; "C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\ORSP Client\fsorsp.exe" [61088 2011-12-28] (F-Secure Corporation)
4 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [85560 2011-06-21] (Hewlett-Packard Company)
4 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2009-12-16] (Hewlett-Packard)
4 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.)
4 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
3 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [63304 2011-01-07] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [3804120 2011-08-07] (INCA Internet Co., Ltd.)
2 nvUpdService; C:\Windows\SysWow64\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe /svc 24F425B73FEA9E29FE2A82811F11A7D4 [31232 2012-04-15] ()
2 phjxllpx; C:\Windows\SysWow64\unwofmfl.dll [209960 2012-04-10] (2q3wet Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-03] ()
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-01-31] (Skype Technologies)
4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe [244736 2010-01-13] (IDT, Inc.)
4 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [6438264 2011-06-06] (Wacom Technology, Corp.)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2666880 2012-03-19] (TeamViewer GmbH)
4 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-04-30] (Intel Corporation)
2 vaiomediaplatform-videoserver-appserver; C:\Windows\System32\wps.dll [6656 2009-07-13] (Oak Technology Inc.)
4 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation)
4 mi-raysat_3dsmax2012_64; "C:\3dsmax2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2010-01-29] (DeviceVM, Inc.)
1 F-Secure HIPS; \??\C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\HIPS\drivers\fshs.sys [60040 2011-01-05] (F-Secure Corporation)
1 FSES; C:\Windows\System32\Drivers\FSES.sys [46664 2011-01-05] (F-Secure Corporation)
1 fsvista; \??\C:\Program Files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\minifilter\fsvista.sys [14904 2011-01-05] ()
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
3 nusb3hub; C:\Windows\System32\Drivers\nusb3hub.sys [75776 2009-11-20] (NEC Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [177152 2009-11-20] (NEC Electronics Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2011-03-17] (Wacom Technology)
3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2011-03-17] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2011-03-17] (Wacom Technology)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-01-27] (CyberLink Corp.)

========================== NetSvcs (Whitelisted) ===========
NETSVC: vaiomediaplatform-videoserver-appserver
NETSVCx32: phjxllpx

============ One Month Created Files and Folders ==============

2012-04-25 21:31 - 2011-05-12 11:24 - 0000000 ____D C:\FRST
2012-04-25 08:36 - 2012-04-22 02:36 - 132083757 ____A C:\Users\Resin\Downloads\Parks.and.Recreation.S04E20.HDTV.x264-LOL.mp4
2012-04-23 09:01 - 2011-05-23 09:04 - 735408128 ____A C:\Users\Resin\Downloads\Jesus Camp (2006).avi
2012-04-23 07:56 - 2011-02-23 11:20 - 224521367 ____A C:\Users\Resin\Downloads\NewGamePlus.S01S01.HDTV.x264-NGPcRew.mp4
2012-04-22 13:19 - 2011-03-16 14:08 - 2053340 ____A C:\Users\Resin\Downloads\tdsskiller.zip
2012-04-22 13:19 - 2011-01-20 08:52 - 0142900 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_23.19.32_log.txt
2012-04-22 12:38 - 2012-03-11 13:09 - 0011510 ____A C:\Users\Resin\Desktop\Attach.txt
2012-04-22 11:11 - 2011-12-11 09:47 - 0001205 ____A C:\Users\Resin\Downloads\FixNCR.reg.crdownload
2012-04-22 11:04 - 2012-04-19 05:32 - 0447905 ____A C:\Users\Resin\Downloads\Ikke bekræftet 74690.crdownload
2012-04-22 10:55 - 2011-12-03 01:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{F12123F0-1C69-41BF-9F32-DA670A74E901}
2012-04-22 10:54 - 2011-10-01 01:40 - 0000000 ____D C:\Users\Resin\AppData\Local\{3E39C83D-7AB5-4CC9-8D6E-DE3C3D05FB5B}
2012-04-22 08:35 - 2011-05-26 13:18 - 0046887 ____A C:\Users\Resin\Desktop\measure_start.png
2012-04-22 08:34 - 2011-11-26 02:29 - 486764260 ____A C:\Users\Resin\Downloads\MythBusters.S10E04.HDTV.x264-MOMENTUM.mp4
2012-04-22 08:32 - 2011-04-10 02:50 - 92144277 ____A C:\Users\Resin\Downloads\Bobs.Burgers.S02E05.HDTV.x264-LOL.mp4
2012-04-22 07:46 - 2011-04-24 04:22 - 106802361 ____A C:\Users\Resin\Downloads\The.Simpsons.S23E18.HDTV.x264-LOL.mp4
2012-04-22 05:59 - 2012-02-23 09:52 - 208721941 ____A C:\Users\Resin\Downloads\The.Middle.S03E20.HDTV.x264-LOL.mp4
2012-04-22 04:21 - 2011-03-29 08:50 - 0000000 ____D C:\Users\Resin\Downloads\Haywire[2011]BRRip XviD-ETRG
2012-04-22 02:33 - 2012-04-22 02:33 - 183302264 ____A C:\Users\Resin\Downloads\Parks.and.Recreation.S04E19.Live.Ammo.HDTV.XviD-FQM.avi
2012-04-22 02:31 - 2011-04-29 08:55 - 151994377 ____A C:\Users\Resin\Downloads\Parks.and.Recreation.S04E18.HDTV.x264-LOL.mp4
2012-04-22 02:29 - 2012-03-24 06:46 - 193083140 ____A C:\Users\Resin\Downloads\Modern.Family.S03E19.HDTV.x264-LOL.mp4
2012-04-20 03:41 - 2012-02-17 15:12 - 0000000 ____D C:\Users\Resin\Documents\Diablo III
2012-04-20 03:07 - 2011-11-22 23:52 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-20 03:07 - 2011-11-22 23:52 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-20 03:06 - 2012-04-20 03:07 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 03:06 - 2012-04-20 03:07 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-19 14:28 - 2012-04-19 06:41 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-19 14:28 - 2012-04-19 06:41 - 0000000 ____D C:\ProgramData\Recovery
2012-04-19 13:11 - 2012-04-22 02:33 - 159699913 ____A C:\Users\Resin\Downloads\Modern.Family.S03E20.HDTV.x264-LOL.mp4
2012-04-19 13:08 - 2012-04-19 13:14 - 0006508 ____A C:\Users\Resin\Downloads\Modern.Family.S03E20.HDTV.x264-LOL.[eztv].torrent
2012-04-19 11:33 - 2009-07-13 20:57 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-04-19 10:33 - 2012-03-06 01:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{98A69FBD-2420-443E-8AE7-D59EBE3BE701}
2012-04-19 10:33 - 2011-07-14 07:01 - 0000000 ____D C:\Users\Resin\AppData\Local\{2F22952E-5D30-49EC-B69D-FF10359E1FAC}
2012-04-19 06:43 - 2012-03-20 15:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-19 06:43 - 2011-01-21 06:30 - 0001912 ____A C:\Windows\epplauncher.mif
2012-04-19 06:43 - 2011-01-21 03:31 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-19 06:42 - 2011-02-27 07:10 - 10370928 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\mseinstall.exe
2012-04-19 06:41 - 2009-07-13 17:14 - 55154568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-04-19 06:37 - 2012-02-29 13:02 - 0879984 ____A (BitTorrent, Inc.) C:\Users\Resin\Downloads\uTorrent.exe
2012-04-19 06:24 - 2011-10-02 11:10 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-19 06:23 - 2012-03-16 13:05 - 15659960 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\Windows-KB890830-V4.7.exe
2012-04-19 06:22 - 2012-04-01 09:25 - 0000000 ____D C:\Users\Resin\AppData\Roaming\TestApp
2012-04-19 06:22 - 2012-03-20 11:32 - 3712464 ____A (PC Tools) C:\Users\Resin\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-04-19 06:22 - 2012-01-20 08:24 - 0001696 ____A C:\Users\Resin\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
2012-04-19 06:22 - 2012-01-01 15:04 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-19 06:22 - 2012-01-01 15:04 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-19 06:22 - 2009-07-13 17:45 - 0230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-19 06:22 - 2009-06-10 12:34 - 2029629 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-19 06:17 - 2012-01-01 15:07 - 0000000 ____D C:\Users\Resin\AppData\Roaming\QuickScan
2012-04-19 06:14 - 2011-12-05 08:01 - 0000000 ____D C:\Users\Resin\AppData\Local\{9A3B6D63-D23A-49B2-89F1-12FAA36E02C4}
2012-04-19 06:14 - 2011-07-20 11:50 - 0000000 ____D C:\Users\Resin\AppData\Local\{BE405D3C-32DA-40A3-9862-5B5795AB0596}
2012-04-19 05:41 - 2012-03-11 03:18 - 0000000 ____D C:\Users\Resin\AppData\Local\{6119597D-2397-4F08-849D-BD364CFF7701}
2012-04-19 05:41 - 2012-01-11 10:39 - 0000000 ____D C:\Users\Resin\AppData\Local\{C1649BFD-F4B5-459B-9C54-3F8018ACA7ED}
2012-04-19 05:32 - 2012-04-19 03:18 - 0652234 ____A C:\Users\Resin\Downloads\Ikke bekræftet 71968.crdownload
2012-04-19 05:31 - 2011-06-26 17:26 - 0000000 ____D C:\Users\Resin\AppData\Local\{32C6BF04-FA8A-4B72-B45A-2D69DAA0353A}
2012-04-19 05:30 - 2011-05-26 00:00 - 0000000 ____D C:\Users\Resin\AppData\Local\{D69F4C4B-477C-42DE-8333-A09D776D2676}
2012-04-19 05:08 - 2012-01-12 09:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{51B14D03-5439-4D75-9422-6908629607DE}
2012-04-19 05:08 - 2011-12-19 08:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{869B08AC-1544-4313-86B0-6D66765F7083}
2012-04-19 05:02 - 2011-12-19 08:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{48E66B4E-044D-4554-AAFE-0873F8B85421}
2012-04-19 05:02 - 2011-12-11 13:04 - 0000000 ____D C:\Users\Resin\AppData\Local\{1B4D62B3-C227-4F9B-B1CF-26AACCD7A759}
2012-04-19 04:58 - 2012-02-25 16:49 - 73479000 ____A (F-Secure Corporation) C:\Users\Resin\Downloads\sikkerhedspakke_9.exe
2012-04-19 04:56 - 2012-04-02 12:22 - 0000000 ____D C:\Users\Resin\AppData\Local\{016FEBB3-D932-4864-A718-7B99A02051F6}
2012-04-19 04:56 - 2012-01-07 01:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{11096258-78DC-4F83-BFFF-7D54957E7B33}
2012-04-19 03:18 - 2012-04-02 11:33 - 0327410 ____A C:\Users\Resin\Downloads\Ikke bekræftet 69291.crdownload
2012-04-19 03:16 - 2012-01-22 05:03 - 0000000 ____D C:\Users\Resin\AppData\Local\{5A0353E2-49CF-472C-8912-5C0DA78172AB}
2012-04-19 03:16 - 2011-04-17 05:48 - 0000000 ____D C:\Users\Resin\AppData\Local\{960D0261-9F31-4858-8B68-AF4E547961D9}
2012-04-19 03:09 - 2012-01-29 15:44 - 0000000 ____D C:\Users\Resin\AppData\Local\{0965C3A8-F10B-4744-821A-A3FA2094EC87}
2012-04-19 03:09 - 2011-05-19 22:11 - 0000000 ____D C:\Users\Resin\AppData\Local\{794A564A-2486-47C4-8FBA-346BBBDBCB59}
2012-04-19 02:49 - 2012-01-14 07:46 - 0006807 ____A C:\Users\Resin\Downloads\Raising.Hope.S02E21.HDTV.x264-LOL.[eztv] (1).torrent.crdownload
2012-04-19 02:48 - 2012-04-19 02:49 - 0006807 ____A C:\Users\Resin\Downloads\Raising.Hope.S02E21.HDTV.x264-LOL.[eztv].torrent.crdownload
2012-04-19 02:46 - 2012-04-19 05:00 - 0000344 ____A C:\Windows\Tasks\At41.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At48.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At47.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At46.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At45.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At44.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At43.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At42.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At40.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At38.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At37.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At36.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At35.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At34.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At33.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At32.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At31.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At30.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At29.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At28.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At27.job
2012-04-19 02:46 - 2012-04-19 03:09 - 0000344 ____A C:\Windows\Tasks\At26.job
2012-04-19 02:46 - 2012-04-19 03:01 - 0000344 ____A C:\Windows\Tasks\At39.job
2012-04-19 02:46 - 2012-01-14 08:01 - 0130048 ____A (Eugene Roshal & FAR Group) C:\Users\All Users\C1Btcq5x.exe
2012-04-19 02:46 - 2012-01-14 08:01 - 0130048 ____A (Eugene Roshal & FAR Group) C:\ProgramData\C1Btcq5x.exe
2012-04-19 02:46 - - 0000344 ____A C:\Windows\Tasks\At25.job
2012-04-19 02:36 - 2012-03-25 14:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{E7DEB311-C078-4745-8EB6-F15F5C760530}
2012-04-19 02:36 - 2011-12-27 07:23 - 0000000 ____D C:\Users\Resin\AppData\Local\{3AB60E3C-314E-40FE-9D80-4323F6E55525}
2012-04-15 21:32 - 2011-12-04 03:48 - 0000000 ____D C:\Users\Resin\AppData\Local\{690ED934-CA9D-4FDF-83D9-AD3C7E53E871}
2012-04-14 09:55 - - 0004374 ____A C:\Users\Resin\AppData\Local\00000000-0000-0000-0000-000000000000.txt
2012-04-14 09:53 - 2012-04-14 09:45 - 0834075 ____A C:\Users\Resin\Downloads\YouTube.apk
2012-04-14 09:48 - 2012-04-14 09:45 - 4317137 ____A C:\Users\Resin\Downloads\YouTube_Downloader.rar
2012-04-14 09:45 - 2012-04-14 09:36 - 0005648 ____A C:\Users\Resin\Downloads\YouTube_Downloader (2).rar.crdownload
2012-04-14 09:45 - 2011-11-28 12:15 - 0005648 ____A C:\Users\Resin\Downloads\YouTube (1).apk.crdownload
2012-04-14 09:38 - 2012-04-14 09:53 - 0002824 ____A C:\Users\Resin\Downloads\YouTube.apk.crdownload
2012-04-14 09:36 - 2012-04-14 09:49 - 0005648 ____A C:\Users\Resin\Downloads\YouTube_Downloader.rar.crdownload
2012-04-14 09:36 - 2012-04-14 09:38 - 0005648 ____A C:\Users\Resin\Downloads\YouTube_Downloader (1).rar.crdownload
2012-04-14 06:58 - 2010-11-20 04:20 - 0041216 ____A C:\Windows\SysWOW64\netxlmnt.dat
2012-04-14 06:58 - 2009-07-13 17:16 - 0058112 ____A C:\Windows\SysWOW64\ygwdarpt.dat
2012-04-14 06:58 - 2009-07-13 17:14 - 0055040 ____A C:\Windows\SysWOW64\adwfqroo.dat
2012-04-12 22:07 - 2010-11-20 04:19 - 0365824 ____A C:\Windows\SysWOW64\lumqthdd.dat
2012-04-12 22:07 - 2010-11-20 04:16 - 0136960 ____A C:\Windows\SysWOW64\myvsgwyv.dat
2012-04-12 22:07 - 2009-07-13 17:16 - 0154368 ____A C:\Windows\SysWOW64\wzvyngsm.dat
2012-04-12 22:07 - 2009-07-13 17:16 - 0036608 ____A C:\Windows\SysWOW64\wffsmkzv.dat
2012-04-12 22:07 - 2009-07-13 17:16 - 0034048 ____A C:\Windows\SysWOW64\sgphqtrs.dat
2012-04-12 21:46 - 2012-04-12 21:28 - 0287872 ____A (Premium) C:\Users\Resin\Downloads\DownloadSetup (2).exe
2012-04-12 21:31 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-12 21:30 - 2012-04-25 21:03 - 0000000 ____D C:\Windows\system64
2012-04-12 21:28 - 2012-02-12 05:20 - 0287872 ____A (Premium) C:\Users\Resin\Downloads\DownloadSetup (1).exe
2012-04-12 21:28 - 2011-02-16 10:10 - 0373513 ____A C:\Users\Resin\Downloads\The Tao Of Badass Ebook.zip
2012-04-12 21:27 - 2012-04-12 21:46 - 0287872 ____A (Premium) C:\Users\Resin\Downloads\DownloadSetup.exe
2012-04-11 20:00 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 20:00 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 20:00 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 20:00 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 20:00 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 20:00 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 20:00 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 20:00 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 20:00 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 20:00 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 20:00 - 2011-05-07 07:36 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 20:00 - 2011-05-07 07:36 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 20:00 - 2011-05-07 07:36 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 20:00 - 2011-05-07 07:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 20:00 - 2011-05-07 07:35 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 20:00 - 2011-05-07 07:35 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 20:00 - 2011-05-07 07:35 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 20:00 - 2011-05-07 07:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 20:00 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 20:00 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 20:00 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 20:00 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 20:00 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 20:00 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 20:00 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 20:00 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 20:00 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 20:00 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 20:00 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 19:58 - 2011-06-06 05:23 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 19:58 - 2011-06-06 05:23 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 19:58 - 2011-04-25 01:59 - 0000000 ____D C:\Users\Resin\AppData\Local\{36FCA64E-D5FF-4D29-A736-EBEA4576F1E1}
2012-04-11 19:58 - 2011-01-05 07:09 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 19:58 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 19:58 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 19:58 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 19:58 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 20:50 - 2010-11-20 04:21 - 0209960 ____A (2q3wet Corporation) C:\Windows\SysWOW64\unwofmfl.dll
2012-04-05 03:47 - 2012-03-25 02:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{17F848CC-675C-49CC-AA2A-59BD7A8D5045}
2012-04-04 20:46 - 2011-07-17 23:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{5E3540D8-17ED-44B4-A1AC-FB20F289A515}
2012-04-04 02:45 - 2011-02-12 02:01 - 0000000 ____D C:\Users\Resin\AppData\Local\{128112F5-0143-4845-8AD5-B8B9EF92C098}
2012-04-02 11:33 - 2012-04-02 11:24 - 5300728 ____A C:\Users\Resin\Downloads\igallery V 1.1.zip
2012-04-02 11:33 - 2011-05-09 08:44 - 1733599 ____A C:\Users\Resin\Downloads\ibrowser V 1.4.5.zip
2012-04-02 11:24 - 2012-04-02 11:33 - 0473422 ____A C:\Users\Resin\Downloads\ibrowser.zip
2012-04-02 11:20 - 2011-02-15 11:53 - 0239297 ____A C:\Users\Resin\Downloads\ListX with tinyMCE and image gallery.zip
2012-04-02 08:28 - 2011-02-14 11:29 - 0114557 ____A C:\Users\Resin\Downloads\lightbox2.05.zip
2012-04-02 03:46 - 2011-04-17 06:03 - 0105984 ____A C:\Users\Resin\Downloads\Excel.xls
2012-04-02 00:55 - 2011-12-15 08:04 - 0046077 ____A C:\Users\Resin\Downloads\AdvImage-upload.zip
2012-04-02 00:28 - 2011-03-30 13:14 - 0433936 ____A C:\Users\Resin\Downloads\jbimages-2.1.zip
2012-04-01 09:24 - 2012-01-04 12:39 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-04-01 09:24 - 2011-01-20 11:07 - 0001168 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-04-01 05:09 - 2011-07-01 09:39 - 0000000 ____D C:\Users\Resin\AppData\Local\{0145EEE5-92E4-4E50-A316-45641ADED0C0}
2012-03-31 02:10 - 2012-01-05 08:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{EBEEC885-0A5A-42FE-AFC9-3E0CB0C15155}
2012-03-29 23:10 - 2011-10-15 00:46 - 0000000 ____D C:\Users\Resin\AppData\Local\{6443CEDF-3009-4024-A60A-62FFC8F3F897}
2012-03-29 14:34 - 2012-01-07 04:40 - 0838905 ____A C:\Users\Resin\Downloads\tinymce_3.5b3.zip
2012-03-29 07:16 - 2012-03-24 09:26 - 0000000 ____D C:\Users\Resin\AppData\Local\{AC425772-DF63-4E92-A6C9-6CA8420AFC75}
2012-03-28 07:25 - 2011-11-28 11:59 - 0000000 ____D C:\Users\Resin\AppData\Local\{6EB96FB3-3264-4230-8F11-FC42C3EC6C0B}
2012-03-28 07:25 - 2011-02-19 21:12 - 0000000 ____D C:\Users\Resin\AppData\Local\{AF5DB717-653A-4A1C-89DF-920C47EDCD82}
2012-03-27 08:58 - 2011-07-26 07:05 - 0251965 ___AT C:\Users\Resin\Desktop\test.jpg
2012-03-27 08:50 - 2010-12-15 00:33 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-03-27 08:49 - 2012-01-09 12:43 - 4518720 ____A (FileZilla Project) C:\Users\Resin\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-03-27 07:44 - 2011-11-20 02:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{1A912049-EE31-403D-AD2F-C3C04423876A}
2012-03-27 07:44 - 2011-10-17 11:18 - 0000000 ____D C:\Users\Resin\AppData\Local\{AB383B27-785C-4BB7-A1AC-577B7BEBD8B2}
2012-03-26 09:30 - 2012-03-06 13:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{BDD2F0A4-119D-4404-A337-BC7FB1F5F5CE}
2012-03-26 09:30 - 2011-06-17 06:26 - 0000000 ____D C:\Users\Resin\AppData\Local\{6D823E91-3283-4DC1-8ABD-BC15D7FC72ED}

============ 3 Months Modified Files and Folders =============

2012-04-25 21:31 - 2012-04-25 21:31 - 0000000 ____D C:\FRST
2012-04-25 21:03 - 2012-04-19 11:33 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-04-25 21:03 - 2012-02-07 11:26 - 0000000 ____D C:\Users\Resin\AppData\Roaming\Skype
2012-04-25 21:03 - 2011-01-27 15:18 - 0000000 ____D C:\Users\Resin\AppData\Roaming\uTorrent
2012-04-25 21:03 - 2011-01-24 14:55 - 0000000 ____D C:\Users\Resin\AppData\Roaming\vlc
2012-04-25 21:03 - 2011-01-20 08:47 - 0000000 ____D C:\users\Resin
2012-04-25 21:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-25 21:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-25 20:57 - 2012-04-19 14:28 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-25 20:57 - 2012-04-19 14:28 - 0000000 ____D C:\ProgramData\Recovery
2012-04-25 08:38 - 2012-04-25 08:36 - 132083757 ____A C:\Users\Resin\Downloads\Parks.and.Recreation.S04E20.HDTV.x264-LOL.mp4
2012-04-23 09:08 - 2012-04-23 09:01 - 735408128 ____A C:\Users\Resin\Downloads\Jesus Camp (2006).avi
2012-04-23 08:01 - 2012-04-23 07:56 - 224521367 ____A C:\Users\Resin\Downloads\NewGamePlus.S01S01.HDTV.x264-NGPcRew.mp4
2012-04-22 20:51 - 2010-05-29 09:29 - 0000000 ____D C:\Windows\SysWOW64\Drivers\da-DK
2012-04-22 20:51 - 2010-05-29 09:29 - 0000000 ____D C:\Windows\da-DK
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-22 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-22 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-22 20:49 - 2012-04-22 04:21 - 0000000 ____D C:\Users\Resin\Downloads\Haywire[2011]BRRip XviD-ETRG
2012-04-22 20:49 - 2012-04-19 06:24 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-22 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-22 13:20 - 2012-04-22 13:19 - 0142900 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_23.19.32_log.txt
2012-04-22 13:19 - 2012-04-22 13:19 - 2053340 ____A C:\Users\Resin\Downloads\tdsskiller.zip
2012-04-22 12:38 - 2012-04-22 12:38 - 0011510 ____A C:\Users\Resin\Desktop\Attach.txt
2012-04-22 11:16 - 2011-01-24 09:01 - 0000000 ____D C:\Users\Resin\AppData\Local\CrashDumps
2012-04-22 11:11 - 2012-04-22 11:11 - 0001205 ____A C:\Users\Resin\Downloads\FixNCR.reg.crdownload
2012-04-22 11:09 - 2012-04-14 09:55 - 0004374 ____A C:\Users\Resin\AppData\Local\00000000-0000-0000-0000-000000000000.txt
2012-04-22 11:04 - 2012-04-22 11:04 - 0447905 ____A C:\Users\Resin\Downloads\Ikke bekræftet 74690.crdownload
2012-04-22 10:56 - 2010-12-15 00:12 - 1410263 ____A C:\Windows\WindowsUpdate.log
2012-04-22 10:55 - 2012-04-22 10:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{F12123F0-1C69-41BF-9F32-DA670A74E901}
2012-04-22 10:55 - 2012-04-22 10:54 - 0000000 ____D C:\Users\Resin\AppData\Local\{3E39C83D-7AB5-4CC9-8D6E-DE3C3D05FB5B}
2012-04-22 10:54 - 2012-04-12 21:31 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-22 10:54 - 2012-01-20 14:27 - 0000000 ____D C:\Users\Resin\AppData\Roaming\Dropbox
2012-04-22 10:53 - 2011-09-19 12:46 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForResin.job
2012-04-22 10:53 - 2010-12-15 00:04 - 2095464448 __ASH C:\hiberfil.sys
2012-04-22 10:53 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 10:53 - 2009-07-13 20:51 - 0071002 ____A C:\Windows\setupact.log
2012-04-22 10:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-22 08:39 - 2012-04-22 08:34 - 486764260 ____A C:\Users\Resin\Downloads\MythBusters.S10E04.HDTV.x264-MOMENTUM.mp4
2012-04-22 08:35 - 2012-04-22 08:35 - 0046887 ____A C:\Users\Resin\Desktop\measure_start.png
2012-04-22 08:33 - 2012-04-22 08:32 - 92144277 ____A C:\Users\Resin\Downloads\Bobs.Burgers.S02E05.HDTV.x264-LOL.mp4
2012-04-22 07:48 - 2012-04-22 07:46 - 106802361 ____A C:\Users\Resin\Downloads\The.Simpsons.S23E18.HDTV.x264-LOL.mp4
2012-04-22 06:01 - 2012-04-22 05:59 - 208721941 ____A C:\Users\Resin\Downloads\The.Middle.S03E20.HDTV.x264-LOL.mp4
2012-04-22 02:36 - 2012-04-22 02:33 - 183302264 ____A C:\Users\Resin\Downloads\Parks.and.Recreation.S04E19.Live.Ammo.HDTV.XviD-FQM.avi
2012-04-22 02:33 - 2012-04-22 02:31 - 151994377 ____A C:\Users\Resin\Downloads\Parks.and.Recreation.S04E18.HDTV.x264-LOL.mp4
2012-04-22 02:33 - 2012-04-22 02:29 - 193083140 ____A C:\Users\Resin\Downloads\Modern.Family.S03E19.HDTV.x264-LOL.mp4
2012-04-20 04:05 - 2011-01-26 11:45 - 0000000 ____D C:\Users\Resin\Documents\My Received Files
2012-04-20 03:41 - 2012-04-20 03:41 - 0000000 ____D C:\Users\Resin\Documents\Diablo III
2012-04-20 03:41 - 2012-04-20 03:06 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 03:41 - 2012-04-20 03:06 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-20 03:07 - 2012-04-20 03:07 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-20 03:07 - 2012-04-20 03:07 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-19 16:11 - 2011-01-21 04:54 - 0000000 ____D C:\Users\All Users\f-secure
2012-04-19 16:11 - 2011-01-21 04:54 - 0000000 ____D C:\ProgramData\f-secure
2012-04-19 14:54 - 2011-08-23 01:51 - 0000000 ____D C:\Windows\en
2012-04-19 14:54 - 2011-08-23 01:50 - 0000000 ____D C:\Windows\da
2012-04-19 14:54 - 2011-08-23 01:49 - 0000000 ____D C:\Program Files\Windows Live
2012-04-19 14:54 - 2011-01-20 08:50 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-19 14:52 - 2011-01-21 04:55 - 0000000 ____D C:\Program Files (x86)\YouSee
2012-04-19 13:14 - 2012-04-19 13:11 - 159699913 ____A C:\Users\Resin\Downloads\Modern.Family.S03E20.HDTV.x264-LOL.mp4
2012-04-19 13:08 - 2012-04-19 13:08 - 0006508 ____A C:\Users\Resin\Downloads\Modern.Family.S03E20.HDTV.x264-LOL.[eztv].torrent
2012-04-19 10:34 - 2012-04-19 10:33 - 0000000 ____D C:\Users\Resin\AppData\Local\{98A69FBD-2420-443E-8AE7-D59EBE3BE701}
2012-04-19 10:33 - 2012-04-19 10:33 - 0000000 ____D C:\Users\Resin\AppData\Local\{2F22952E-5D30-49EC-B69D-FF10359E1FAC}
2012-04-19 06:43 - 2012-04-19 06:43 - 0001912 ____A C:\Windows\epplauncher.mif
2012-04-19 06:43 - 2012-04-19 06:43 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-19 06:43 - 2012-04-19 06:43 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-19 06:43 - 2012-04-19 06:22 - 2029629 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-19 06:43 - 2011-01-21 04:45 - 1458894 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-19 06:43 - 2010-05-29 09:29 - 0528702 ____A C:\Windows\System32\perfh006.dat
2012-04-19 06:43 - 2010-05-29 09:29 - 0108784 ____A C:\Windows\System32\perfc006.dat
2012-04-19 06:42 - 2012-04-19 06:42 - 10370928 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\mseinstall.exe
2012-04-19 06:41 - 2012-04-19 06:23 - 15659960 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\Windows-KB890830-V4.7.exe
2012-04-19 06:41 - 2012-04-19 06:22 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-19 06:41 - 2012-04-19 06:22 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-19 06:37 - 2012-04-19 06:37 - 0879984 ____A (BitTorrent, Inc.) C:\Users\Resin\Downloads\uTorrent.exe
2012-04-19 06:36 - 2009-07-13 21:13 - 1432246 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-19 06:35 - 2011-04-13 11:09 - 0000942 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347680032-3753822684-2415491236-1000UA.job
2012-04-19 06:31 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-19 06:22 - 2012-04-19 06:22 - 3712464 ____A (PC Tools) C:\Users\Resin\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-04-19 06:22 - 2012-04-19 06:22 - 0001696 ____A C:\Users\Resin\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
2012-04-19 06:22 - 2012-04-19 06:22 - 0000000 ____D C:\Users\Resin\AppData\Roaming\TestApp
2012-04-19 06:20 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-19 06:20 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-19 06:17 - 2012-04-19 06:17 - 0000000 ____D C:\Users\Resin\AppData\Roaming\QuickScan
2012-04-19 06:17 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-19 06:14 - 2012-04-19 06:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{BE405D3C-32DA-40A3-9862-5B5795AB0596}
2012-04-19 06:14 - 2012-04-19 06:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{9A3B6D63-D23A-49B2-89F1-12FAA36E02C4}
2012-04-19 06:14 - 2011-01-21 04:54 - 0378576 ____A C:\Windows\fsinstaller.log
2012-04-19 05:41 - 2012-04-19 05:41 - 0000000 ____D C:\Users\Resin\AppData\Local\{C1649BFD-F4B5-459B-9C54-3F8018ACA7ED}
2012-04-19 05:41 - 2012-04-19 05:41 - 0000000 ____D C:\Users\Resin\AppData\Local\{6119597D-2397-4F08-849D-BD364CFF7701}
2012-04-19 05:36 - 2011-01-21 04:55 - 1621016 ____A C:\Windows\FSSFM.log
2012-04-19 05:36 - 2011-01-21 04:55 - 11735755 ____A C:\Windows\fssgpex.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 1147916 ____A C:\Windows\FSPROD.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0702668 ____A C:\Windows\FSSETUP.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0651693 ____A C:\Windows\RunSetup.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0502400 ____A C:\Windows\FSDEPH.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0164681 ____A C:\Windows\FSAVINST.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0140303 ____A C:\Windows\preconfig.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0083861 ____A C:\Windows\fwesinst.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0081396 ____A C:\Windows\FSISU.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0078301 ____A C:\Windows\fsmainst.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0063127 ____A C:\Windows\FSSSINST.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0059686 ____A C:\Windows\fwinst.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0038543 ____A C:\Windows\ih8.fssg.xml.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0030954 ____A C:\Windows\FSSYSUPD.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0030695 ____A C:\Windows\FSPRODRM.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0024837 ____A C:\Windows\FSSCINST.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0021110 ____A C:\Windows\FSGKIAIN.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0009457 ____A C:\Windows\FSLDIN.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0009019 ____A C:\Windows\FSAUASUB.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0008272 ____A C:\Windows\fsdginst.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0002794 ____A C:\Windows\fsgadget.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0001530 ____A C:\Windows\FSASWINS.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0001389 ____A C:\Windows\fsauains.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0001170 ____A C:\Windows\fstnbins.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0001019 ____A C:\Windows\FSGUIINS.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0000627 ____A C:\Windows\HELPINST.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0000587 ____A C:\Windows\fsavunin.log
2012-04-19 05:36 - 2011-01-21 04:55 - 0000499 ____A C:\Windows\FSPSINST.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0000498 ____A C:\Windows\FSAVCSIN.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0000489 ____A C:\Windows\FSGemini.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0000476 ____A C:\Windows\DAASINST.LOG
2012-04-19 05:36 - 2011-01-21 04:55 - 0000421 ____A C:\Windows\CSCOZARM.LOG
2012-04-19 05:35 - 2012-04-19 04:58 - 73479000 ____A (F-Secure Corporation) C:\Users\Resin\Downloads\sikkerhedspakke_9.exe
2012-04-19 05:35 - 2011-01-21 04:55 - 0000000 ____D C:\Users\All Users\fssg
2012-04-19 05:35 - 2011-01-21 04:55 - 0000000 ____D C:\ProgramData\fssg
2012-04-19 05:35 - 2011-01-21 04:54 - 0326628 ____A C:\Windows\ih8.config.xml.log
2012-04-19 05:35 - 2011-01-21 04:54 - 0008868 ____A C:\Windows\Q-Klez.log
2012-04-19 05:35 - 2011-01-21 04:54 - 0007125 ____A C:\Windows\fswil.log
2012-04-19 05:35 - 2011-01-21 04:54 - 0003466 ____A C:\Windows\fsihcomptest.log
2012-04-19 05:33 - 2011-10-17 09:23 - 0000000 ____D C:\Users\Resin\AppData\Local\Conduit
2012-04-19 05:33 - 2011-01-20 08:47 - 0000000 ____D C:\Users\Resin\AppData\LocalLow
2012-04-19 05:32 - 2012-04-19 05:32 - 0652234 ____A C:\Users\Resin\Downloads\Ikke bekræftet 71968.crdownload
2012-04-19 05:31 - 2012-04-19 05:31 - 0000000 ____D C:\Users\Resin\AppData\Local\{32C6BF04-FA8A-4B72-B45A-2D69DAA0353A}
2012-04-19 05:31 - 2012-04-19 05:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{D69F4C4B-477C-42DE-8333-A09D776D2676}
2012-04-19 05:08 - 2012-04-19 05:08 - 0000000 ____D C:\Users\Resin\AppData\Local\{869B08AC-1544-4313-86B0-6D66765F7083}
2012-04-19 05:08 - 2012-04-19 05:08 - 0000000 ____D C:\Users\Resin\AppData\Local\{51B14D03-5439-4D75-9422-6908629607DE}
2012-04-19 05:02 - 2012-04-19 05:02 - 0000000 ____D C:\Users\Resin\AppData\Local\{48E66B4E-044D-4554-AAFE-0873F8B85421}
2012-04-19 05:02 - 2012-04-19 05:02 - 0000000 ____D C:\Users\Resin\AppData\Local\{1B4D62B3-C227-4F9B-B1CF-26AACCD7A759}
2012-04-19 05:00 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At40.job
2012-04-19 04:57 - 2012-04-19 04:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{016FEBB3-D932-4864-A718-7B99A02051F6}
2012-04-19 04:56 - 2012-04-19 04:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{11096258-78DC-4F83-BFFF-7D54957E7B33}
2012-04-19 04:56 - 2011-01-25 12:37 - 0000000 ____D C:\Users\Resin\AppData\Local\Windows Live
2012-04-19 03:18 - 2012-04-19 03:18 - 0327410 ____A C:\Users\Resin\Downloads\Ikke bekræftet 69291.crdownload
2012-04-19 03:17 - 2012-04-19 03:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{5A0353E2-49CF-472C-8912-5C0DA78172AB}
2012-04-19 03:16 - 2012-04-19 03:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{960D0261-9F31-4858-8B68-AF4E547961D9}
2012-04-19 03:12 - 2010-05-29 11:02 - 0977399 ____A C:\Windows\DirectX.log
2012-04-19 03:10 - 2012-04-19 03:09 - 0000000 ____D C:\Users\Resin\AppData\Local\{0965C3A8-F10B-4744-821A-A3FA2094EC87}
2012-04-19 03:09 - 2012-04-19 03:09 - 0000000 ____D C:\Users\Resin\AppData\Local\{794A564A-2486-47C4-8FBA-346BBBDBCB59}
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At48.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At47.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At46.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At45.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At44.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At43.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At42.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At41.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At39.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At37.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At36.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At35.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At34.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At33.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At32.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At31.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At30.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At29.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At28.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At27.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At26.job
2012-04-19 03:09 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At25.job
2012-04-19 03:01 - 2012-04-19 02:46 - 0000344 ____A C:\Windows\Tasks\At38.job
2012-04-19 02:49 - 2012-04-19 02:49 - 0006807 ____A C:\Users\Resin\Downloads\Raising.Hope.S02E21.HDTV.x264-LOL.[eztv] (1).torrent.crdownload
2012-04-19 02:48 - 2012-04-19 02:48 - 0006807 ____A C:\Users\Resin\Downloads\Raising.Hope.S02E21.HDTV.x264-LOL.[eztv].torrent.crdownload
2012-04-19 02:46 - 2012-04-19 02:46 - 0130048 ____A (Eugene Roshal & FAR Group) C:\Users\All Users\C1Btcq5x.exe
2012-04-19 02:46 - 2012-04-19 02:46 - 0130048 ____A (Eugene Roshal & FAR Group) C:\ProgramData\C1Btcq5x.exe
2012-04-19 02:36 - 2012-04-19 02:36 - 0000000 ____D C:\Users\Resin\AppData\Local\{E7DEB311-C078-4745-8EB6-F15F5C760530}
2012-04-19 02:36 - 2012-04-19 02:36 - 0000000 ____D C:\Users\Resin\AppData\Local\{3AB60E3C-314E-40FE-9D80-4323F6E55525}
2012-04-16 08:55 - 2011-04-13 11:09 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347680032-3753822684-2415491236-1000Core.job
2012-04-15 21:33 - 2012-04-15 21:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{690ED934-CA9D-4FDF-83D9-AD3C7E53E871}
2012-04-14 09:53 - 2012-04-14 09:53 - 0834075 ____A C:\Users\Resin\Downloads\YouTube.apk
2012-04-14 09:49 - 2012-04-14 09:48 - 4317137 ____A C:\Users\Resin\Downloads\YouTube_Downloader.rar
2012-04-14 09:47 - 2011-01-20 10:50 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-14 09:45 - 2012-04-14 09:45 - 0005648 ____A C:\Users\Resin\Downloads\YouTube_Downloader (2).rar.crdownload
2012-04-14 09:45 - 2012-04-14 09:45 - 0005648 ____A C:\Users\Resin\Downloads\YouTube (1).apk.crdownload
2012-04-14 09:38 - 2012-04-14 09:38 - 0002824 ____A C:\Users\Resin\Downloads\YouTube.apk.crdownload
2012-04-14 09:36 - 2012-04-14 09:36 - 0005648 ____A C:\Users\Resin\Downloads\YouTube_Downloader.rar.crdownload
2012-04-14 09:36 - 2012-04-14 09:36 - 0005648 ____A C:\Users\Resin\Downloads\YouTube_Downloader (1).rar.crdownload
2012-04-14 06:58 - 2012-04-14 06:58 - 0058112 ____A C:\Windows\SysWOW64\ygwdarpt.dat
2012-04-14 06:58 - 2012-04-14 06:58 - 0055040 ____A C:\Windows\SysWOW64\adwfqroo.dat
2012-04-14 06:58 - 2012-04-14 06:58 - 0041216 ____A C:\Windows\SysWOW64\netxlmnt.dat
2012-04-12 22:07 - 2012-04-12 22:07 - 0365824 ____A C:\Windows\SysWOW64\lumqthdd.dat
2012-04-12 22:07 - 2012-04-12 22:07 - 0154368 ____A C:\Windows\SysWOW64\wzvyngsm.dat
2012-04-12 22:07 - 2012-04-12 22:07 - 0136960 ____A C:\Windows\SysWOW64\myvsgwyv.dat
2012-04-12 22:07 - 2012-04-12 22:07 - 0036608 ____A C:\Windows\SysWOW64\wffsmkzv.dat
2012-04-12 22:07 - 2012-04-12 22:07 - 0034048 ____A C:\Windows\SysWOW64\sgphqtrs.dat
2012-04-12 21:46 - 2012-04-12 21:46 - 0287872 ____A (Premium) C:\Users\Resin\Downloads\DownloadSetup (2).exe
2012-04-12 21:30 - 2012-04-12 21:30 - 0000000 ____D C:\Windows\system64
2012-04-12 21:28 - 2012-04-12 21:28 - 0373513 ____A C:\Users\Resin\Downloads\The Tao Of Badass Ebook.zip
2012-04-12 21:28 - 2012-04-12 21:28 - 0287872 ____A (Premium) C:\Users\Resin\Downloads\DownloadSetup (1).exe
2012-04-12 21:27 - 2012-04-12 21:27 - 0287872 ____A (Premium) C:\Users\Resin\Downloads\DownloadSetup.exe
2012-04-12 18:19 - 2011-04-13 11:10 - 0002410 ____A C:\Users\Resin\Desktop\Google Chrome.lnk
2012-04-12 05:08 - 2012-02-10 13:26 - 0000000 ____D C:\Users\Resin\Documents\Webcam
2012-04-11 20:01 - 2011-01-21 03:30 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-11 20:01 - 2011-01-21 03:30 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-11 19:58 - 2012-04-11 19:58 - 0000000 ____D C:\Users\Resin\AppData\Local\{36FCA64E-D5FF-4D29-A736-EBEA4576F1E1}
2012-04-11 19:58 - 2011-01-20 09:30 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 23:15 - 2012-04-05 03:47 - 0000000 ____D C:\Users\Resin\AppData\Local\{17F848CC-675C-49CC-AA2A-59BD7A8D5045}
2012-04-10 20:50 - 2012-04-10 20:50 - 0209960 ____A (2q3wet Corporation) C:\Windows\SysWOW64\unwofmfl.dll
2012-04-04 20:46 - 2012-04-04 20:46 - 0000000 ____D C:\Users\Resin\AppData\Local\{5E3540D8-17ED-44B4-A1AC-FB20F289A515}
2012-04-04 02:45 - 2012-04-04 02:45 - 0000000 ____D C:\Users\Resin\AppData\Local\{128112F5-0143-4845-8AD5-B8B9EF92C098}
2012-04-02 13:34 - 2011-07-17 03:00 - 0000000 ____D C:\Users\Resin\AppData\Roaming\FileZilla
2012-04-02 12:22 - 2012-04-01 05:09 - 0000000 ____D C:\Users\Resin\AppData\Local\{0145EEE5-92E4-4E50-A316-45641ADED0C0}
2012-04-02 11:33 - 2012-04-02 11:33 - 5300728 ____A C:\Users\Resin\Downloads\igallery V 1.1.zip
2012-04-02 11:33 - 2012-04-02 11:33 - 1733599 ____A C:\Users\Resin\Downloads\ibrowser V 1.4.5.zip
2012-04-02 11:24 - 2012-04-02 11:24 - 0473422 ____A C:\Users\Resin\Downloads\ibrowser.zip
2012-04-02 11:20 - 2012-04-02 11:20 - 0239297 ____A C:\Users\Resin\Downloads\ListX with tinyMCE and image gallery.zip
2012-04-02 08:28 - 2012-04-02 08:28 - 0114557 ____A C:\Users\Resin\Downloads\lightbox2.05.zip
2012-04-02 03:46 - 2012-04-02 03:46 - 0105984 ____A C:\Users\Resin\Downloads\Excel.xls
2012-04-02 00:55 - 2012-04-02 00:55 - 0046077 ____A C:\Users\Resin\Downloads\AdvImage-upload.zip
2012-04-02 00:28 - 2012-04-02 00:28 - 0433936 ____A C:\Users\Resin\Downloads\jbimages-2.1.zip
2012-04-01 09:25 - 2011-07-04 12:11 - 0000000 ____D C:\Users\Resin\AppData\Roaming\TeamViewer
2012-04-01 09:24 - 2012-04-01 09:24 - 0001168 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-04-01 09:24 - 2012-04-01 09:24 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-03-31 02:10 - 2012-03-31 02:10 - 0000000 ____D C:\Users\Resin\AppData\Local\{EBEEC885-0A5A-42FE-AFC9-3E0CB0C15155}
2012-03-29 23:11 - 2012-03-29 23:10 - 0000000 ____D C:\Users\Resin\AppData\Local\{6443CEDF-3009-4024-A60A-62FFC8F3F897}
2012-03-29 14:34 - 2012-03-29 14:34 - 0838905 ____A C:\Users\Resin\Downloads\tinymce_3.5b3.zip
2012-03-29 07:16 - 2012-03-29 07:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{AC425772-DF63-4E92-A6C9-6CA8420AFC75}
2012-03-28 17:02 - 2012-04-19 06:41 - 55154568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-28 07:25 - 2012-03-28 07:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{AF5DB717-653A-4A1C-89DF-920C47EDCD82}
2012-03-28 07:25 - 2012-03-28 07:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{6EB96FB3-3264-4230-8F11-FC42C3EC6C0B}
2012-03-27 14:58 - 2012-01-20 14:15 - 0000132 ____A C:\Users\Resin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-03-27 08:58 - 2012-03-27 08:58 - 0251965 ___AT C:\Users\Resin\Desktop\test.jpg
2012-03-27 08:50 - 2012-03-27 08:50 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-03-27 08:49 - 2012-03-27 08:49 - 4518720 ____A (FileZilla Project) C:\Users\Resin\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-03-27 07:44 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Resin\AppData\Local\{AB383B27-785C-4BB7-A1AC-577B7BEBD8B2}
2012-03-27 07:44 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Resin\AppData\Local\{1A912049-EE31-403D-AD2F-C3C04423876A}
2012-03-26 09:30 - 2012-03-26 09:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{BDD2F0A4-119D-4404-A337-BC7FB1F5F5CE}
2012-03-26 09:30 - 2012-03-26 09:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{6D823E91-3283-4DC1-8ABD-BC15D7FC72ED}
2012-03-25 14:57 - 2012-03-25 14:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{E74AB83C-4763-48E1-9021-38683E7A4DBE}
2012-03-25 14:57 - 2012-03-25 14:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{BA5B72B0-E470-45E2-9E42-0217CA3A7861}
2012-03-25 02:56 - 2012-03-25 02:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{19CF9C77-EB93-40E5-B3BB-8C579962AA29}
2012-03-25 02:56 - 2012-03-25 02:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{16957FF4-B838-4DE2-84C9-D633D45E77CF}
2012-03-24 09:26 - 2012-03-24 09:26 - 0000000 ____D C:\Users\Resin\AppData\Local\{D1006700-7076-4CBB-B7A5-F078109A2768}
2012-03-24 09:26 - 2012-03-24 09:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{ABE67556-FE10-4BA9-BEB4-8D12CA2C7B45}
2012-03-24 07:10 - 2011-04-13 13:57 - 0000000 ____D C:\Program Files (x86)\Wolfire
2012-03-24 06:46 - 2012-03-24 05:58 - 0000000 ____D C:\Users\Resin\Downloads\Mission Impossible Ghost Protocol 2011 DVDSCR AC3 XViD - INSPiRAL
2012-03-23 21:25 - 2012-03-23 21:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{451B90D0-1057-45E5-824F-F2823F30CD44}
2012-03-23 21:25 - 2012-03-22 21:09 - 0000000 ____D C:\Users\Resin\AppData\Local\{CB1FF3A5-EAE2-465A-B518-85614C4C6627}
2012-03-22 21:09 - 2012-03-22 21:09 - 0000000 ____D C:\Users\Resin\AppData\Local\{DAE5FEB1-3271-4CB3-9027-104AB2A8C002}
2012-03-22 08:33 - 2012-03-22 08:33 - 0000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2012-03-22 08:33 - 2012-03-22 08:33 - 0000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2012-03-22 08:32 - 2012-03-22 08:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{A352CAC5-FCEE-4CDF-9C24-99F077E64F99}
2012-03-22 08:32 - 2012-03-22 08:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{77FE6F8A-56CC-4506-9807-F89C65324ED0}
2012-03-21 10:26 - 2012-03-21 10:26 - 0000000 ____D C:\Users\Resin\AppData\Local\{EFD24669-98CE-49B6-BA30-52F668536BE0}
2012-03-21 10:26 - 2012-03-21 10:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{44DB8EB4-96FB-4270-B988-4A606F57B511}
2012-03-21 09:56 - 2012-03-20 14:38 - 1992477249 ____A C:\Users\Resin\Downloads\a172-win.exe
2012-03-21 09:39 - 2012-03-21 09:39 - 0000000 ____D C:\Users\Resin\AppData\Roaming\Unity
2012-03-21 08:13 - 2012-03-21 08:13 - 0000000 ____D C:\Users\Resin\AppData\Roaming\MinMaxGames
2012-03-21 08:12 - 2012-03-21 08:12 - 0004096 ____A C:\Windows\d3dx.dat
2012-03-20 16:15 - 2012-03-20 16:15 - 3857920 ____A C:\Users\Resin\Downloads\hamachi.msi
2012-03-20 15:42 - 2012-03-20 15:19 - 0000000 ____D C:\Users\Resin\Documents\Visual Studio 2010
2012-03-20 15:27 - 2009-07-13 20:45 - 5027952 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-20 15:22 - 2011-01-20 08:48 - 0134056 ____A C:\Users\Resin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-20 15:20 - 2012-03-20 15:20 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-03-20 15:20 - 2012-03-20 15:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-03-20 15:19 - 2012-03-20 15:19 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-03-20 15:19 - 2012-03-20 15:19 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-20 15:19 - 2012-03-20 15:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-20 15:19 - 2012-03-20 15:19 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-20 15:17 - 2012-03-20 15:17 - 0000000 ____D C:\Windows\symbols
2012-03-20 15:17 - 2012-03-20 15:17 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2012-03-20 15:17 - 2012-03-20 15:17 - 0000000 ____D C:\Program Files\Microsoft Help Viewer
2012-03-20 15:17 - 2012-03-20 15:17 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-03-20 15:17 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-20 15:12 - 2012-03-20 15:12 - 3252048 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\vcs_web.exe
2012-03-20 15:12 - 2012-03-20 15:10 - 51182360 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\XNAGS40_setup.exe
2012-03-20 14:37 - 2012-03-20 14:37 - 0152167 ____A C:\Users\Resin\Downloads\a172-win.exe.torrent
2012-03-20 11:32 - 2012-03-20 11:32 - 0718168 ____A (Microsoft Corporation) C:\Users\Resin\Downloads\sdksetup.exe
2012-03-20 11:11 - 2012-03-20 11:02 - 355600103 ____A C:\Users\Resin\Downloads\The.Walking.Dead.S02E13.HDTV.x264-ASAP.[VTV].mp4
2012-03-20 10:45 - 2012-03-20 10:45 - 0001028 ____A C:\Users\Resin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-20 09:24 - 2012-03-20 09:24 - 0000000 ____D C:\Users\Resin\AppData\Local\{29E71AC1-209A-49B1-BB80-13E1A3372B2C}
2012-03-20 09:23 - 2012-03-20 09:23 - 0000000 ____D C:\Users\Resin\AppData\Local\{F0D4AB88-CC75-47BD-B866-5C2A49C1B6E3}
2012-03-19 14:15 - 2012-03-19 13:54 - 366728786 ____A C:\Users\Resin\Downloads\Comic.Book.Men.S01E06.Ink.HDTV.XviD-FQM.avi
2012-03-19 10:37 - 2012-03-19 10:37 - 0000000 ____D C:\Users\Resin\AppData\Local\{97BB9B7F-5F11-4162-A25F-537763CAD2F1}
2012-03-19 10:37 - 2012-03-19 10:37 - 0000000 ____D C:\Users\Resin\AppData\Local\{1C72F28C-1F84-443A-ABF2-DC090C0D30B2}
2012-03-18 13:03 - 2012-03-18 13:03 - 0000000 ____D C:\Users\Resin\AppData\Local\{9C8A56D4-526C-4A06-A4AC-FE9318C886BB}
2012-03-18 13:03 - 2012-03-18 13:03 - 0000000 ____D C:\Users\Resin\AppData\Local\{94A265DF-4122-4C70-82FA-6DE831754372}
2012-03-18 07:22 - 2012-03-18 07:18 - 0000000 ____D C:\Users\Resin\Downloads\The Inbetweener Movie 2011 DVDRip XviD AC3-26K
2012-03-18 04:44 - 2012-03-18 04:44 - 0000000 ____D C:\Users\Resin\AppData\Roaming\RotMG.Production
2012-03-18 01:03 - 2012-03-18 01:02 - 0000000 ____D C:\Users\Resin\AppData\Local\{3495E9D2-EC95-40CF-B27E-21C6BA597431}
2012-03-18 01:02 - 2012-03-18 01:02 - 0000000 ____D C:\Users\Resin\AppData\Local\{84CD8377-6258-4D8C-8BD7-E652400040FA}
2012-03-17 05:04 - 2012-03-17 05:04 - 0000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-03-17 02:55 - 2012-03-17 02:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{CFFD9ADC-98F2-4C46-BB96-56DE01E48C93}
2012-03-17 02:55 - 2012-03-17 02:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{23AFB35F-D340-4D17-96A0-FB06315C9E6E}
2012-03-16 13:05 - 2012-03-16 13:05 - 0000000 ____D C:\Users\Resin\Downloads\We.Bought.a.Zoo.2011.DVDRip.XviD-NeDiVx
2012-03-16 10:16 - 2012-03-16 10:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{BB6B3C63-8474-4324-8B8F-921524CF6034}
2012-03-16 10:15 - 2012-03-16 10:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{3F58B13B-69AF-49A8-8F98-03A3A1C5384B}
2012-03-16 01:19 - 2012-03-16 01:19 - 0000000 ____D C:\Users\Resin\AppData\Local\{EB268883-9062-46B9-96FE-2D8A88FBBF61}
2012-03-15 11:56 - 2012-03-15 11:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{DC7D00E1-7E2A-4705-A65C-17D091F40852}
2012-03-15 11:56 - 2012-03-15 11:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{367E2A17-B7E7-43F1-BE89-F565C52F5E9F}
2012-03-14 08:43 - 2012-03-14 08:42 - 0000000 ____D C:\Users\Resin\AppData\Local\{E16736B4-F761-4C89-B8FD-540562A740AC}
2012-03-14 08:42 - 2012-03-14 08:42 - 0000000 ____D C:\Users\Resin\AppData\Local\{7EE41553-CEF3-4C95-A1BA-F7006A2388A9}
2012-03-13 23:22 - 2012-03-13 23:22 - 0000000 ____D C:\Users\Resin\AppData\Local\{91771F22-DA79-44C5-9C4B-CA6E469BFDAC}
2012-03-13 11:15 - 2012-03-13 11:15 - 0000000 ____D C:\Windows\pss
2012-03-13 11:09 - 2011-04-13 09:01 - 0000000 ____D C:\Users\Resin\AppData\Local\ElevatedDiagnostics
2012-03-13 11:06 - 2012-02-23 10:21 - 0510542 ____A C:\Windows\ntbtlog.txt
2012-03-13 10:54 - 2012-03-13 10:54 - 0065536 __ASH C:\Windows\System32\config\components{b1360947-2b52-11e0-bb60-70f395caa1c9}.TxR.blf
2012-03-13 09:11 - 2012-03-13 09:11 - 0000000 ____D C:\Users\Resin\AppData\Local\{D3F191CD-F0EC-422C-A23D-B92DC9C9098E}
2012-03-13 09:11 - 2012-03-13 09:11 - 0000000 ____D C:\Users\Resin\AppData\Local\{5E80FFEF-00D1-42DD-9E44-8EF62820E2D7}
2012-03-12 09:26 - 2012-03-12 09:26 - 0003504 ____A C:\Users\Resin\Downloads\Family.Guy.S10E16.HDTV.x264-LOL.[eztv].torrent
2012-03-12 09:25 - 2012-03-12 09:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{DEEAD924-B8D4-4106-8207-F842FB853A69}
2012-03-12 09:25 - 2012-03-12 09:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{7496CCF5-9F91-4578-9118-E9A7E7FF4653}
2012-03-11 15:18 - 2012-03-11 15:18 - 0000000 ____D C:\Users\Resin\AppData\Local\{E60075D8-2B61-44E3-B1C0-04612218D007}
2012-03-11 15:18 - 2012-03-11 15:18 - 0000000 ____D C:\Users\Resin\AppData\Local\{6F441121-EB47-4B33-B918-BC80BBCA7580}
2012-03-11 13:09 - 2012-03-11 13:09 - 0088282 ____A C:\Users\Resin\Desktop\animation_02.jpg
2012-03-11 03:19 - 2011-11-10 00:12 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-03-11 03:19 - 2011-02-10 08:30 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-03-11 03:18 - 2012-03-11 03:17 - 0000000 ____D C:\Users\Resin\AppData\Local\{60D3F748-D8F9-41C1-826B-869445969B43}
2012-03-11 03:17 - 2012-03-11 03:17 - 0000000 ____D C:\Users\Resin\AppData\Local\{566725A0-2DAD-4603-97C6-638FCBD6FCBE}
2012-03-10 02:42 - 2012-03-10 02:41 - 0000000 ____D C:\Users\Resin\AppData\Local\{8967C82F-A82A-43F7-95CE-A16CBE655CFB}
2012-03-10 02:41 - 2012-03-10 02:41 - 0000000 ____D C:\Users\Resin\AppData\Local\{DD60A5FF-B0B3-43E5-8EFD-0B7BB3326FD4}
2012-03-09 17:00 - 2012-03-09 17:00 - 0004591 ____A C:\Users\Resin\Desktop\RuningFox.gif
2012-03-09 14:43 - 2011-12-29 08:56 - 0000000 ____D C:\Users\Resin\AppData\Local\Deployment
2012-03-09 10:34 - 2012-03-09 10:34 - 0000000 ____D C:\Users\Resin\Downloads\Wyatt Earps Revenge 2012 DVDRip Xvid UnKnOwN
2012-03-09 09:16 - 2012-03-09 09:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{4D944C1E-E9B6-4E85-B27C-95F89E2468A2}
2012-03-09 09:16 - 2012-03-09 09:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{7F5E875F-1399-4B14-9DA6-15AA3B641B0C}
2012-03-08 08:49 - 2012-03-08 08:49 - 0000000 ____D C:\Users\Resin\AppData\Local\{E181A5DE-1FA0-49BE-B882-3CF46E1F7CAE}
2012-03-08 08:49 - 2012-03-08 08:49 - 0000000 ____D C:\Users\Resin\AppData\Local\{BB5D9D32-CB39-4B04-B67C-EE71726A9738}
2012-03-07 13:37 - 2012-03-07 13:37 - 0174080 ____A C:\Users\Resin\Downloads\Program for AMAL 8 marts 2012 (1).ppt
2012-03-07 13:36 - 2012-03-07 13:36 - 0176128 ____A C:\Users\Resin\Downloads\Program for AMAL 8 marts 2012.ppt
2012-03-07 09:47 - 2012-03-07 09:47 - 0000000 ____D C:\Users\Resin\AppData\Local\{DAB1B68D-F27F-4EA3-A1F2-A802B4553015}
2012-03-07 09:47 - 2012-03-07 09:46 - 0000000 ____D C:\Users\Resin\AppData\Local\{089EC246-94C4-4BB4-A3FA-9F6D8F7C7FDC}
2012-03-06 13:25 - 2012-03-06 13:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{FA88BCCD-4567-4855-8504-389D2E6DC085}
2012-03-06 13:25 - 2012-03-06 13:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{BCB4CBFB-4ABE-41DB-B289-4E972E2AEED3}
2012-03-06 09:58 - 2012-03-06 09:57 - 0000000 ____D C:\Users\Resin\Downloads\The Woman in Black[2012]DVDScr XviD-ETRG
2012-03-06 05:57 - 2012-02-22 13:41 - 0000002 ____A C:\Users\Resin\AppData\Roaming\ceville_console_history.txt
2012-03-06 01:25 - 2012-03-06 01:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{988484DD-0954-4239-9DC2-2C1311FAEB74}
2012-03-06 01:24 - 2012-03-06 01:24 - 0000000 ____D C:\Users\Resin\AppData\Local\{18B5772F-B7C8-4B54-9B73-E8782FE6A6BF}
2012-03-05 22:53 - 2012-04-11 20:00 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 20:00 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 20:00 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 12:56 - 2012-03-05 12:50 - 0000000 ____D C:\Users\Resin\Downloads\ATM.2012.HDRiP.AC3-5.1.XviD-SiC
2012-03-05 12:14 - 2012-03-05 12:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{F7D0CA28-1F55-4F89-A1C8-8410DD65E6BF}
2012-03-05 12:14 - 2012-03-05 12:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{EAF26E57-562A-4C38-A102-750E36B9695E}
2012-03-05 10:27 - 2012-03-05 10:27 - 0017192 ____A C:\Users\Resin\Downloads\Spartacus.S02E06.HDTV.x264-ASAP.[eztv].torrent
2012-03-05 00:13 - 2012-03-05 00:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{BA657B51-07F8-4867-85B4-46245ED5C5AD}
2012-03-05 00:13 - 2012-03-05 00:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{226FCBD4-4601-4347-A190-B04378CE86B8}
2012-03-04 06:54 - 2012-03-04 06:30 - 0000000 ____D C:\Users\Resin\Downloads\The.Big.Year.2011.DVDRip.XviD-ALLiANCE
2012-03-04 06:34 - 2012-03-04 06:34 - 0000000 ____D C:\Users\Resin\Downloads\Goon 2011 VODRip XviD - QP
2012-03-04 06:22 - 2012-03-04 06:22 - 0000000 ____D C:\Users\Resin\AppData\Local\{FA77A84B-F4E9-45E5-8D3A-0CE50B87BC83}
2012-03-04 06:22 - 2012-03-04 06:22 - 0000000 ____D C:\Users\Resin\AppData\Local\{2B51A6AD-427A-474C-B5C3-E47EA7B787D2}
2012-03-03 04:24 - 2012-03-03 04:24 - 11591537 ____A C:\Users\Resin\Downloads\phpnuke-release-8.2.4.zip
2012-03-03 03:22 - 2012-03-03 03:22 - 0000000 ____D C:\Users\Resin\AppData\Local\{CD76C13F-2A69-41C9-89E8-7C48DF950DC8}
2012-03-03 03:22 - 2012-03-03 03:22 - 0000000 ____D C:\Users\Resin\AppData\Local\{4C1711CC-404B-4D1B-8BF6-FCCAF518904E}
2012-03-02 14:40 - 2012-03-02 14:40 - 2460899 ____A C:\Users\Resin\Downloads\phpBB-3.0.10.zip
2012-03-02 10:42 - 2012-03-02 10:42 - 0000000 ____D C:\Users\Resin\AppData\Local\{92B600FF-E95D-425D-8A92-B2C6F924BC19}
2012-03-02 10:42 - 2012-03-02 10:42 - 0000000 ____D C:\Users\Resin\AppData\Local\{7C32EDCA-63DE-4378-802F-94202DD866CE}
2012-03-01 15:14 - 2012-03-01 15:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{DF478015-9C63-47D0-A521-E33393584D60}
2012-03-01 15:14 - 2012-03-01 15:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{52CB5CA5-A252-4EBD-BE88-87479F24B853}
2012-02-29 22:46 - 2012-04-11 19:58 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 19:58 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 19:58 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 19:58 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 22:21 - 2012-02-29 22:21 - 0000000 ____D C:\Users\Resin\AppData\Local\{F7D5D958-AE4C-4A3C-8832-E351827EE7A6}
2012-02-29 22:21 - 2012-02-29 22:20 - 0000000 ____D C:\Users\Resin\AppData\Local\{A89CDEF0-2BF4-4EE0-A471-79B7BE403E72}
2012-02-29 21:37 - 2012-04-11 19:58 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 19:58 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 19:58 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 13:02 - 2012-02-29 13:02 - 0001575 ____A C:\Users\Resin\Downloads\userlist.sql
2012-02-29 09:55 - 2012-02-29 09:55 - 0016896 ____A C:\Users\Resin\Downloads\xp01.xls
2012-02-29 09:17 - 2012-02-29 09:17 - 0000000 ____D C:\Users\Resin\AppData\Local\{FAFBE57A-5387-43F3-B218-A7176C661228}
2012-02-29 09:17 - 2012-02-29 09:17 - 0000000 ____D C:\Users\Resin\AppData\Local\{4F9A0A31-05B9-491C-AB32-177C758E7CED}
2012-02-28 12:17 - 2012-02-28 12:17 - 0000000 ____D C:\Users\Resin\AppData\Local\{0C634DB9-2760-420D-BE64-1A7E8ABA82E1}
2012-02-28 12:17 - 2012-02-28 12:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{7616F4B8-0BF2-4C4D-BEF9-D4D29FC8917F}
2012-02-28 00:16 - 2012-02-28 00:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{FEDA49A6-7220-4037-BF98-91628D5E0AAE}
2012-02-28 00:16 - 2012-02-28 00:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{F67BF330-76D5-45CF-9927-F4F83ED37F53}
2012-02-27 23:34 - 2012-04-11 20:00 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 20:00 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 20:00 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 20:00 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 20:00 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 20:00 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 20:00 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 20:00 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 20:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 20:00 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 20:00 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 20:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 20:00 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 20:00 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 20:00 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 20:00 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 20:00 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 20:00 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 20:00 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 20:00 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 20:00 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 20:00 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 20:00 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 20:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 20:00 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 20:00 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 14:48 - 2012-02-27 14:48 - 4630207 ____A C:\Users\Resin\Downloads\nottetris2-win.zip
2012-02-27 14:48 - 2012-02-27 14:48 - 0000000 ____D C:\Users\Resin\Desktop\nottetis
2012-02-27 14:48 - 2012-02-27 14:48 - 0000000 ____D C:\Users\Resin\AppData\Roaming\LOVE
2012-02-27 11:06 - 2012-02-27 11:06 - 3928328 ____A (TeamViewer GmbH) C:\Users\Resin\Downloads\TeamViewer_Setup_da.exe
2012-02-27 10:41 - 2012-02-27 10:41 - 0000608 ____A C:\Users\Resin\Desktop\XAMPP Control Panel.lnk
2012-02-27 10:40 - 2012-02-27 10:37 - 0000000 ____D C:\xampp
2012-02-27 10:28 - 2012-02-27 10:28 - 0000000 ____D C:\Users\Resin\Desktop\backup
2012-02-27 09:36 - 2012-02-27 09:36 - 0000000 ____D C:\Users\Resin\AppData\Local\{ACA2865F-7D8E-406E-9203-D379F89E9E3B}
2012-02-27 09:36 - 2012-02-27 09:35 - 0000000 ____D C:\Users\Resin\AppData\Local\{491ABAA7-5D53-40A0-A92F-F2936D917E30}
2012-02-26 15:53 - 2011-07-04 10:56 - 0000000 ____D C:\Users\Resin\Desktop\rene fremkaldt
2012-02-26 04:08 - 2012-02-26 04:08 - 0000000 ____D C:\Users\Resin\AppData\Local\{ED45B662-5F60-4C45-B675-7F2FA4543331}
2012-02-26 04:08 - 2012-02-26 04:08 - 0000000 ____D C:\Users\Resin\AppData\Local\{3140F5C8-8DBB-4927-8F46-D0DCD4F74F80}
2012-02-25 17:30 - 2012-02-25 17:30 - 0000000 ____D C:\Users\Resin\Downloads\The Grey 2012 DVDSCR XviD - NO WATERMARK - INFERNO
2012-02-25 17:00 - 2012-02-25 16:50 - 0000000 ____D C:\Users\Resin\Downloads\The Muppets 2011 DVDSCR XViD -INSPiRAL
2012-02-25 16:49 - 2012-02-25 16:48 - 0000000 ____D C:\Users\Resin\Downloads\Seeking Justice 2011 DVDRip XviD-FTW
2012-02-25 16:08 - 2012-02-25 16:07 - 0000000 ____D C:\Users\Resin\AppData\Local\{2A2076F9-FD23-43DA-BB47-222F5D168A9F}
2012-02-25 16:07 - 2012-02-25 16:07 - 0000000 ____D C:\Users\Resin\AppData\Local\{28E333AC-2571-4611-975D-C05BCF1A5D87}
2012-02-25 14:00 - 2011-01-21 04:56 - 0042672 ____A C:\Windows\SysWOW64\Drivers\fsbts.sys
2012-02-25 13:58 - 2012-01-20 14:30 - 0001026 ____A C:\Users\Resin\Desktop\Dropbox.lnk
2012-02-25 13:55 - 2012-02-25 13:55 - 0002376 ____A C:\Users\Public\Desktop\YouSee Sikkerhedspakke.lnk
2012-02-25 13:55 - 2010-12-15 00:18 - 0288632 ____A C:\Windows\PFRO.log
2012-02-25 13:52 - 2012-02-25 11:37 - 0000000 ____D C:\Users\Resin\AppData\Local\dxhr
2012-02-25 11:36 - 2012-02-25 11:36 - 0000000 ____D C:\Users\Resin\AppData\Local\28050
2012-02-25 08:28 - 2012-02-25 08:23 - 84881998 ____A C:\Users\Resin\Downloads\xampp-win32-1.7.7-VC9-installer.exe
2012-02-25 04:09 - 2011-05-01 09:15 - 0000175 ____A C:\Windows\FSAVES_inst.log
2012-02-25 04:09 - 2011-01-21 04:56 - 0001953 ____A C:\Windows\fsav_db_setup.log
2012-02-25 04:07 - 2012-02-25 04:07 - 0000000 ____D C:\Users\Resin\AppData\Local\{190F5A3C-749B-42C1-8953-EFC271E3F865}
2012-02-25 04:07 - 2012-02-25 04:06 - 0000000 ____D C:\Users\Resin\AppData\Local\{DB955681-B66C-4485-A40D-F463921D0B28}
2012-02-24 09:01 - 2012-02-24 09:01 - 0005440 ____A C:\Users\Resin\Downloads\The.Big.Bang.Theory.S05E18.HDTV.x264-LOL.[eztv].torrent
2012-02-24 00:36 - 2012-04-19 06:22 - 0230952 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-02-23 23:30 - 2012-02-23 23:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{E33A4BD4-3234-4FAB-8FDB-D0F221C96D58}
2012-02-23 23:30 - 2012-02-23 23:29 - 0000000 ____D C:\Users\Resin\AppData\Local\{CDE092C2-F7A2-4C2A-A5CF-A387F0D42DE2}
2012-02-23 11:01 - 2011-01-21 05:07 - 0007607 ____A C:\Users\Resin\AppData\Local\Resmon.ResmonCfg
2012-02-23 10:55 - 2011-08-31 11:29 - 0000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2012-02-23 10:54 - 2010-12-15 00:31 - 0000000 __HDC C:\Users\All Users\{9E0FD0C6-8828-4330-9178-0CB40323EA92}
2012-02-23 10:54 - 2010-12-15 00:31 - 0000000 __HDC C:\ProgramData\{9E0FD0C6-8828-4330-9178-0CB40323EA92}
2012-02-23 10:53 - 2012-02-23 10:53 - 0000000 ____D C:\Users\Resin\AppData\Local\PackageAware
2012-02-23 09:52 - 2012-02-23 09:52 - 0014386 ____A C:\Users\Resin\Downloads\Kitchen.Nightmares.US.S05E15.WS.PDTV.XviD-2HD.[eztv].torrent
2012-02-23 09:52 - 2012-02-23 09:52 - 0007438 ____A C:\Users\Resin\Downloads\The.Middle.S03E17.REPACK.HDTV.XviD-2HD.[eztv].torrent
2012-02-23 09:42 - 2012-02-23 09:42 - 0000000 ____D C:\Users\Resin\AppData\Local\{C305162C-A5AE-497D-AFA7-74288FA8711A}
2012-02-23 09:42 - 2012-02-23 09:42 - 0000000 ____D C:\Users\Resin\AppData\Local\{23C3D6E7-59E6-43C7-B78D-97CACC2FDD3E}
2012-02-23 00:18 - 2011-01-20 09:05 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 14:03 - 2012-02-22 13:39 - 0000000 ____D C:\Users\Resin\Documents\Ceville
2012-02-22 12:35 - 2012-02-22 12:34 - 0000000 ____D C:\Users\Resin\AppData\Local\{E7488B95-09A1-4D3A-BCB4-606168DFE118}
2012-02-22 12:34 - 2012-02-22 12:34 - 0000000 ____D C:\Users\Resin\AppData\Local\{9062882D-FE90-476F-925F-1D44E6BA93AF}
2012-02-22 01:25 - 2012-02-22 01:25 - 0000000 ____D C:\Users\Resin\AppData\Local\{A95F5858-5025-4F2C-8100-118C9D8233DF}
2012-02-21 13:09 - 2012-02-21 12:36 - 0000000 ____D C:\Users\Resin\Downloads\Hugo.2011.DVDRip.XviD- AMIABLE
2012-02-21 09:52 - 2012-02-21 09:52 - 0000000 ____D C:\Users\Resin\AppData\Local\{FF6C95D7-A8CE-4CC8-BB61-B8739364CD91}
2012-02-21 09:52 - 2012-02-21 09:52 - 0000000 ____D C:\Users\Resin\AppData\Local\{E19CF601-7FD1-402B-91F4-3945B0D40C21}
2012-02-20 12:39 - 2012-02-20 12:39 - 0000000 ____D C:\Users\Resin\.netbeans
2012-02-20 12:39 - 2012-02-20 12:27 - 0000000 ____D C:\Users\Resin\.nbi
2012-02-20 12:38 - 2012-02-20 12:38 - 0002013 ____A C:\Users\Public\Desktop\NetBeans IDE 7.1.lnk
2012-02-20 12:38 - 2012-02-20 12:28 - 0000000 ____D C:\Program Files\NetBeans 7.1
2012-02-20 12:27 - 2012-02-20 11:11 - 0000000 ____D C:\Ruby187
2012-02-20 11:12 - 2012-02-20 11:12 - 0000000 ____D C:\Users\Resin\.gem
2012-02-20 09:36 - 2012-02-20 09:36 - 0000000 ____D C:\Users\Resin\AppData\Local\{8BDA525C-B4CE-45D5-83ED-AF3E4463EA05}
2012-02-20 09:36 - 2012-02-20 09:36 - 0000000 ____D C:\Users\Resin\AppData\Local\{3E3A7952-2ED0-498A-BCE9-180DF96BFB05}
2012-02-20 09:35 - 2012-02-20 09:35 - 0000000 ____D C:\Users\Resin\AppData\Local\{9C7BC419-B1D1-4A9C-A3C7-887D93EE4C2A}
2012-02-19 14:33 - 2012-02-19 14:33 - 0000000 ____D C:\Program Files\Common Files\INCA Shared
2012-02-19 09:30 - 2012-02-19 09:09 - 0038711 ____A C:\Users\Resin\Desktop\Ide.png
2012-02-19 08:11 - 2012-02-19 08:11 - 0015159 ____A C:\Users\Resin\Desktop\Fit 4 War intro.docx
2012-02-19 03:16 - 2012-02-19 03:16 - 0000000 ____D C:\Users\Resin\AppData\Local\{4C971008-0AF2-4C5F-B0D9-EF60A7162C60}
2012-02-19 03:16 - 2012-02-19 03:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{306A80D6-29A2-47A8-9432-C698EC02666E}
2012-02-19 02:28 - 2011-08-31 11:29 - 0000000 ____D C:\Users\Resin\AppData\Roaming\Gmote
2012-02-19 01:09 - 2009-07-13 18:34 - 0000513 ____A C:\Windows\win.ini
2012-02-18 15:15 - 2012-02-18 15:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{EA1B3B92-7CED-49C8-95B8-AE55DBF7490C}
2012-02-18 15:15 - 2012-02-18 15:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{0E78E50F-3670-410B-B1BF-340653F2AC3A}
2012-02-18 07:39 - 2012-02-18 07:39 - 0004042 ____A C:\Users\Resin\Desktop\newMockup.bmml
2012-02-18 07:15 - 2012-02-18 07:15 - 0000953 ____A C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2012-02-18 07:15 - 2012-02-18 07:15 - 0000000 ____D C:\Users\Resin\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2012-02-18 07:15 - 2012-02-18 07:15 - 0000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2012-02-18 03:15 - 2012-02-18 03:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{FABA4CBD-E30F-4E48-9C47-9C8B6C9913E4}
2012-02-18 03:14 - 2012-02-18 03:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{D651F889-D1B4-4B58-A038-DF443261F4EE}
2012-02-17 15:21 - 2012-02-17 15:21 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-17 15:21 - 2012-02-17 15:21 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-17 15:21 - 2012-02-17 15:21 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-17 15:21 - 2011-01-20 09:11 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-17 15:14 - 2012-02-17 15:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{D70F93B0-6F69-4F66-A0EC-422F81711CCF}
2012-02-17 15:14 - 2012-02-17 15:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{7A913CD3-247A-4B77-BC74-75FE3E61C2FD}
2012-02-17 15:12 - 2011-01-20 09:03 - 0000174 ___SH C:\Users\Resin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 15:07 - 2012-02-17 15:07 - 0000000 ____D C:\Users\Resin\AppData\Local\{AECC827A-D6D2-4687-8D24-27D7A007071E}
2012-02-16 22:38 - 2012-03-13 09:23 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 09:23 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 09:23 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 09:23 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 13:02 - 2010-05-29 11:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 12:57 - 2012-02-16 12:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{4350C02D-7205-4CA4-82FE-372B6C9E9AF4}
2012-02-16 12:57 - 2012-02-16 00:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{50E8E4EA-EC0E-422E-AD80-6874B5336199}
2012-02-16 00:14 - 2012-02-16 00:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{39D2B3FC-0555-41E7-A8CE-4CFCD8151718}
2012-02-15 15:08 - 2012-02-15 15:08 - 0009102 ____A C:\Users\Resin\Documents\bodycraft.xlsx
2012-02-15 13:29 - 2012-02-15 13:29 - 0305654 ____A C:\Users\Resin\Desktop\vitagreen.psd
2012-02-15 13:26 - 2012-02-15 13:26 - 0044080 ____A C:\Users\Resin\Desktop\vitagreen.png
2012-02-15 09:32 - 2012-02-15 09:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{EF3BE9F2-FE23-46F4-ABD8-C368013C7CD7}
2012-02-15 09:32 - 2012-02-15 09:32 - 0000000 ____D C:\Users\Resin\AppData\Local\{3A36783F-68DF-42E5-AE1F-D74FC68F3E92}
2012-02-14 11:18 - 2012-02-14 11:18 - 0000000 ____D C:\Users\Resin\AppData\Local\{B0DFB91E-44A3-4B29-A3FC-72D0F3827E37}
2012-02-14 11:18 - 2012-02-14 11:17 - 0000000 ____D C:\Users\Resin\AppData\Local\{1402FEF0-B10B-4F9D-97EC-DD7FC3A804A5}
2012-02-13 10:54 - 2011-04-07 14:16 - 0000000 ____D C:\Users\Resin\Desktop\webdev
2012-02-13 09:57 - 2012-02-13 09:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{5601BA9C-63B4-4536-ADC3-1025DDE26FF6}
2012-02-13 09:57 - 2012-02-13 09:57 - 0000000 ____D C:\Users\Resin\AppData\Local\{2E75BB60-883D-4B6F-AFA0-7CDE8162F455}
2012-02-12 15:14 - 2012-02-12 15:14 - 0000000 ____D C:\Users\Resin\AppData\Local\{D4B2E6A8-AE27-4A9D-A77C-33838ACC6CF6}
2012-02-12 15:14 - 2012-02-12 15:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{96BF087E-9DC2-4AF6-9A47-CB98E896154F}
2012-02-12 09:19 - 2012-02-12 05:05 - 0000000 ____D C:\Users\Resin\Downloads\National Geographic-Science of Dogs (2007) WS-PDTV_XviD~Ekolb
2012-02-12 08:16 - 2012-02-12 07:39 - 0000000 ____D C:\Users\Resin\Downloads\J Edgar 2011 DVDRip XviD-PADDO
2012-02-12 07:41 - 2012-02-12 07:40 - 0000000 ____D C:\Users\Resin\Downloads\Tower.Heist.2011.DVDRip-PA
2012-02-12 05:20 - 2012-02-12 04:33 - 1560034138 ____A C:\Users\Resin\Downloads\Discovery.Living.With.Wolves.Xvid.AC3.avi
2012-02-12 03:13 - 2012-02-12 03:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{917870FD-1C47-4B5B-AD6B-7188114DD1A7}
2012-02-12 03:13 - 2012-02-12 03:13 - 0000000 ____D C:\Users\Resin\AppData\Local\{119E7934-41BE-40F3-B81B-02E5E4806761}
2012-02-11 14:07 - 2012-02-11 14:07 - 0000000 ____D C:\Users\Resin\AppData\Local\{CFD6C1C7-6A1D-4B92-AE3B-59C99BBD779B}
2012-02-11 14:07 - 2012-02-11 14:07 - 0000000 ____D C:\Users\Resin\AppData\Local\{AB9E1C81-835C-432A-ADAB-BEACDCE6E97C}
2012-02-11 05:09 - 2012-02-04 06:51 - 0000000 ____D C:\Users\Resin\Downloads\The Dog Whisperer
2012-02-11 04:26 - 2012-02-11 02:36 - 0000000 ____D C:\Users\Resin\Downloads\It's Me or the Dog - Series 2
2012-02-11 02:07 - 2012-02-11 02:06 - 0000000 ____D C:\Users\Resin\AppData\Local\{3333D19A-4191-4022-B4FB-FBE9E8A15418}
2012-02-11 02:06 - 2012-02-11 02:06 - 0000000 ____D C:\Users\Resin\AppData\Local\{B2B429F4-75B0-40CD-9862-4ABC06A79877}
2012-02-10 14:03 - 2012-02-10 13:52 - 0000000 ____D C:\Users\Resin\Downloads\Mastering Leadership Vol. 6 - Raising The Perfect Puppy
2012-02-10 13:27 - 2010-05-29 11:14 - 0000000 ____D C:\Users\All Users\CyberLink
2012-02-10 13:27 - 2010-05-29 11:14 - 0000000 ____D C:\ProgramData\CyberLink
2012-02-10 13:26 - 2011-04-08 09:54 - 0000000 ____D C:\Users\Resin\AppData\Roaming\CyberLink
2012-02-10 13:26 - 2011-01-20 09:03 - 0000000 ____D C:\Users\Resin\AppData\Local\Hewlett-Packard
2012-02-10 09:47 - 2012-02-10 08:05 - 0000000 ____D C:\Users\Resin\Downloads\Cesar.Millan.Mastering.Leadership.Vol.4.DVDRip.XviD-MEGAMAN
2012-02-10 09:30 - 2012-02-10 07:29 - 0000000 ____D C:\Users\Resin\Downloads\Cesar Millan Mastering Leadership Series DVDrip
2012-02-09 22:36 - 2012-03-13 11:34 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 11:34 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 07:55 - 2012-02-08 07:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{49BF13D8-1A0C-4A2A-9645-A05317ADB370}
2012-02-07 11:26 - 2012-02-07 11:26 - 0002513 ____A C:\Users\Public\Desktop\Skype.lnk
2012-02-07 11:26 - 2012-02-07 11:26 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-07 11:26 - 2012-02-07 11:26 - 0000000 ____D C:\Users\All Users\Skype
2012-02-07 11:26 - 2012-02-07 11:26 - 0000000 ____D C:\ProgramData\Skype
2012-02-07 08:37 - 2012-02-07 08:37 - 0000000 ____D C:\Users\Resin\AppData\Local\{4E4ED309-501B-4B26-9CFC-EFD1BE3C5C46}
2012-02-07 08:37 - 2012-02-07 08:37 - 0000000 ____D C:\Users\Resin\AppData\Local\{2FA13ACE-CA2A-44C5-A4BB-A4705769B6A5}
2012-02-06 20:02 - 2012-02-06 20:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-06 13:05 - 2012-02-06 13:04 - 0000000 ____D C:\Users\Resin\Downloads\The.Iron.Lady.2011.DVDRip.XviD- TARGET
2012-02-06 11:55 - 2012-02-06 11:35 - 0000000 ____D C:\Users\Resin\Downloads\The Three Musketeers (2011) DVDRip XviD-MAXSPEED
2012-02-06 11:43 - 2012-02-06 11:42 - 0000000 ____D C:\Users\Resin\Downloads\The Social Network[2010]DvDrip[Eng]-FXG
2012-02-06 09:00 - 2012-02-06 09:00 - 0000000 ____D C:\Users\Resin\AppData\Local\{5AC440D1-32A5-4927-9599-EEF595B1BB7A}
2012-02-05 13:46 - 2012-02-05 13:46 - 0005861 ____A C:\Users\Resin\Desktop\flying_bird.gif
2012-02-05 04:56 - 2012-02-05 04:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{D18E0898-A57A-47F5-9C5A-6D2B673F558C}
2012-02-05 04:56 - 2012-02-05 04:56 - 0000000 ____D C:\Users\Resin\AppData\Local\{4D11462C-65BA-408D-B527-2EDBBAC98BD5}
2012-02-04 16:56 - 2012-02-04 16:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{9D0651DC-5BC8-4B57-9A47-8163F544D369}
2012-02-04 16:55 - 2012-02-04 16:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{CA702A59-FE22-4B86-81DD-F5D02526A922}
2012-02-04 08:26 - 2012-02-04 07:58 - 0000000 ____D C:\Users\Public\Documents\Jagged Alliance - Back in Action Demo
2012-02-04 04:55 - 2012-02-04 04:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{FD73AAB6-A837-4301-866D-D035659118D2}
2012-02-04 04:55 - 2012-02-04 04:55 - 0000000 ____D C:\Users\Resin\AppData\Local\{536CFC8C-19F6-48D8-BC1F-5ABA0BFDF414}
2012-02-03 16:54 - 2012-02-03 16:54 - 0000000 ____D C:\Users\Resin\AppData\Local\{9AE21AD0-09E3-478E-B3A7-C8C40A494332}
2012-02-03 16:54 - 2012-02-03 16:54 - 0000000 ____D C:\Users\Resin\AppData\Local\{02FF71C1-0EC2-4E7D-8CA7-21A4937229BF}
2012-02-03 00:15 - 2012-02-03 00:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{7438A959-4107-4087-A822-10AE29C5B612}
2012-02-03 00:15 - 2012-02-03 00:15 - 0000000 ____D C:\Users\Resin\AppData\Local\{5466A91B-5E9E-4B6A-991D-AE3B23B972CE}
2012-02-02 20:34 - 2012-03-13 11:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 14:50 - 2012-02-19 14:34 - 0005265 ____A C:\Windows\SysWOW64\nppt9x.vxd
2012-02-02 14:50 - 2012-02-19 14:34 - 0004774 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2012-02-02 12:11 - 2012-02-02 11:56 - 0000000 ____D C:\Users\Resin\Downloads\Pretty.Woman[1990]DvDrip.Xvid.Delta
2012-02-02 08:39 - 2012-02-02 08:39 - 0000000 ____D C:\Users\Resin\AppData\Local\{9E2D59FC-2400-40F7-B735-D42C7101E719}
2012-02-01 08:03 - 2012-02-01 08:03 - 0000000 ____D C:\Users\Resin\AppData\Local\{F185262D-4AC6-4C7D-97A5-A273E162AE28}
2012-02-01 08:03 - 2012-02-01 08:03 - 0000000 ____D C:\Users\Resin\AppData\Local\{97BCAFBD-BA4B-4151-9F1E-237E9F2FFB38}
2012-01-31 10:18 - 2012-01-31 10:03 - 366361728 ____A C:\Users\Resin\Downloads\Southland.S01E02.HDTV.XviD-2HD.avi
2012-01-31 09:57 - 2012-01-31 09:41 - 366926052 ____A C:\Users\Resin\Downloads\Southland.S01E01.HDTV.XviD-NoTV.avi
2012-01-31 09:39 - 2012-01-31 09:33 - 183454500 ____A C:\Users\Resin\Downloads\The.Daily.Show.2012.01.30.Lou.Dobbs.HDTV.XviD-FQM.[VTV].avi
2012-01-31 09:30 - 2012-01-31 09:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{818C4974-272C-41A8-9747-A77DFCCFA767}
2012-01-31 09:30 - 2012-01-31 09:30 - 0000000 ____D C:\Users\Resin\AppData\Local\{07882460-302F-496A-ACC1-EAE103906E6D}
2012-01-30 11:52 - 2012-01-30 11:51 - 0000000 ____D C:\Users\Resin\AppData\Local\{9402EE99-B2DE-44C9-9C9A-0F59E6F2D9DF}
2012-01-30 11:51 - 2012-01-30 11:51 - 0000000 ____D C:\Users\Resin\AppData\Local\{0A83C3D7-9071-40BC-A3CB-396BE9452681}
2012-01-29 15:44 - 2012-01-29 15:44 - 0000000 ____D C:\Users\Resin\AppData\Local\{08E1E5CD-E63F-4CB9-816A-AF6F4EFD7A37}
2012-01-29 15:44 - 2012-01-29 15:43 - 0000000 ____D C:\Users\Resin\AppData\Local\{5CD6F78C-D544-4C9B-AE48-7677BF022989}
2012-01-29 06:01 - 2012-01-29 05:52 - 366999674 ____A C:\Users\Resin\Downloads\Revenge.S01E03.HDTV.XviD-LOL.[VTV].avi
2012-01-29 05:18 - 2012-01-29 05:09 - 366917002 ____A C:\Users\Resin\Downloads\Revenge.S01E02.HDTV.XviD-LOL.[VTV].avi
2012-01-29 04:44 - 2012-01-29 04:27 - 237510759 ____A C:\Users\Resin\Downloads\Revenge.S01E01.PreAir.h264-P2P.mkv
2012-01-29 03:43 - 2012-01-29 03:43 - 0000000 ____D C:\Users\Resin\AppData\Local\{9D842BB1-2AFB-491F-86AB-843CBBE344A1}
2012-01-29 03:43 - 2012-01-29 03:43 - 0000000 ____D C:\Users\Resin\AppData\Local\{0D32F072-7AAC-45C5-B63E-B4E5EDAF39EF}
2012-01-28 10:05 - 2012-01-28 10:05 - 0162618 ____A C:\Users\Resin\Desktop\Active Beetroot - BRC60.pdf
2012-01-28 01:41 - 2012-01-28 01:41 - 0000000 ____D C:\Users\Resin\AppData\Local\{9F529BFB-7289-4EFC-8596-382FF4578744}
2012-01-28 01:41 - 2012-01-28 01:41 - 0000000 ____D C:\Users\Resin\AppData\Local\{0B8190A2-4B70-4338-93F8-57E8C9E558EE}
2012-01-27 11:59 - 2012-01-27 11:59 - 0000000 ____D C:\Users\Resin\AppData\Local\{D798505C-58A7-47A9-B2E1-57025F88DD6B}
2012-01-27 11:59 - 2012-01-27 11:59 - 0000000 ____D C:\Users\Resin\AppData\Local\{46C042A4-FF8A-4526-8C37-FD17ABE93665}
2012-01-27 11:02 - 2011-11-22 23:36 - 0000000 ____D C:\Users\Resin\Documents\3dsMax

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 8125.86 MB
Available physical RAM: 7153.12 MB
Total Pagefile: 8124 MB
Available Pagefile: 7151.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:445.53 GB) (Free:103.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:186.62 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:19.94 GB) (Free:2.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (SSI_OWD_N_12345) (CDROM) (Total:3.99 GB) (Free:0 GB) UDF
6 Drive i: () (Removable) (Total:28.9 GB) (Free:28.9 GB) FAT32
7 Drive j: (G-PAD) (Removable) (Total:5.26 GB) (Free:5.17 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Str. Ledig Dyn GPT
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 465 GB 0 B
Disk 2 Online 28 GB 0 B
Disk 3 Online 5392 MB 0 B

Afslutter DiskPart...

Partitions of Disk 0:
===============

Disken 0 er nu den valgte disk.

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Partition 1 Prim‘r 199 MB 1024 KB
Partition 2 Prim‘r 445 GB 200 MB
Partition 3 Prim‘r 19 GB 445 GB
Partition 4 Prim‘r 103 MB 465 GB

Afslutter DiskPart...

======================================================================================================

Disk: 0
Disken 0 er nu den valgte disk.

Partition 1 er nu den valgte partition.

Partition 1
Type : 07
Skjult: Nej
Aktiv : Ja
Forskydning i byte: 1048576

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Diskenhed 1 Y SYSTEM NTFS Partition 199 MB I orden

Afslutter DiskPart...

======================================================================================================

Disk: 0
Disken 0 er nu den valgte disk.

Partition 2 er nu den valgte partition.

Partition 2
Type : 07
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 209715200

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Diskenhed 2 C OS NTFS Partition 445 GB I orden

Afslutter DiskPart...

======================================================================================================

Disk: 0
Disken 0 er nu den valgte disk.

Partition 3 er nu den valgte partition.

Partition 3
Type : 07
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 478588960768

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Diskenhed 3 F RECOVERY NTFS Partition 19 GB I orden

Afslutter DiskPart...

======================================================================================================

Disk: 0
Disken 0 er nu den valgte disk.

Partition 4 er nu den valgte partition.

Partition 4
Type : 0C
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 499998785536

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Diskenhed 4 G HP_TOOLS FAT32 Partition 103 MB I orden

Afslutter DiskPart...

======================================================================================================

Partitions of Disk 1:
===============

Disken 1 er nu den valgte disk.

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Partition 1 Prim‘r 465 GB 1024 KB

Afslutter DiskPart...

======================================================================================================

Disk: 1
Disken 1 er nu den valgte disk.

Partition 1 er nu den valgte partition.

Partition 1
Type : 07
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 1048576

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Diskenhed 5 D DATA NTFS Partition 465 GB I orden

Afslutter DiskPart...

======================================================================================================

Partitions of Disk 2:
===============

Disken 2 er nu den valgte disk.

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Partition 1 Prim‘r 28 GB 4096 KB

Afslutter DiskPart...

======================================================================================================

Disk: 2
Disken 2 er nu den valgte disk.

Partition 1 er nu den valgte partition.

Partition 1
Type : 0C
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 4194304

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Diskenhed 6 I FAT32 Flytbar 28 GB I orden

Afslutter DiskPart...

======================================================================================================

Partitions of Disk 3:
===============

Disken 3 er nu den valgte disk.

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
* Partition 1 Prim‘r 5392 MB 0 B

Afslutter DiskPart...

======================================================================================================

Disk: 3
Disken 3 er nu den valgte disk.

Der er ikke valgt en partition.

Der er ikke valgt nogen partition.
V‘lg en partition, og prov igen.

======================================================================================================

==========================================================

Last Boot: 2012-04-19 11:30

======================= End Of Log ==========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 25 April 2012 - 05:06 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 vaiomediaplatform-videoserver-appserver; C:\Windows\System32\wps.dll [6656 2009-07-13] (Oak Technology Inc.)
2 phjxllpx; C:\Windows\SysWow64\unwofmfl.dll [209960 2012-04-10] (2q3wet Corporation)
C:\Windows\System32\wps.dll
C:\Windows\SysWow64\unwofmfl.dll 
NETSVC: vaiomediaplatform-videoserver-appserver
NETSVCx32: phjxllpx
CMD: Del /q C:\Windows\Tasks\At*.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2012 - 10:22 AM

Thank you so far :D Sirefef is still active according to Microsoft Security Essentials

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-26 08:25:10 R:1
Running from I:\Download

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
vaiomediaplatform-videoserver-appserver service not found.
phjxllpx service deleted successfully.
C:\Windows\System32\wps.dll moved successfully.
C:\Windows\SysWow64\unwofmfl.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vaiomediaplatform-videoserver-appserver not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs phjxllpx Deleted successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 26 April 2012 - 01:45 PM

Hello

That removed the active components so now we can remove it without problems

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 27 April 2012 - 10:59 AM

Computer seems to be working fine again :) Just gonna install my normal virus software again, and double check that there are no more viruses to be found. Thank you so much!!


ComboFix 12-04-27.02 - Resin 27-04-2012 17:38:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.8126.6176 [GMT 2:00]
Kører fra: c:\users\Resin\Downloads\ComboFix.exe
AV: YouSee Sikkerhedspakke 9.15 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: YouSee Sikkerhedspakke 9.15 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: YouSee Sikkerhedspakke 9.15 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
* Dannede nyt systemgendannelsespunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
:\programdata\C1Btcq5x.exe
c:\users\Resin\AppData\Roaming\Love
c:\users\Resin\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Resin\AppData\Roaming\Love\not_tetris_2\options.txt
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\bookmarks.json
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\clients.json
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\forms.json
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\history.json
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\passwords.json
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\prefs.json
c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\weave\toFetch\tabs.json
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\security\Database\tmp.edb
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvUpdService
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-03-27 til 2012-04-27 )))))))))))))))))))))))))))))))))))
.
.
2012-04-27 15:46 . 2012-04-27 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 05:31 . 2012-04-26 05:32 -------- d-----w- C:\FRST
2012-04-20 11:08 . 2012-04-20 11:08 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 11:07 . 2012-04-20 11:07 -------- d-----w- c:\programdata\Battle.net
2012-04-20 11:06 . 2012-04-20 11:41 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-19 22:28 . 2012-04-26 04:57 -------- d-----w- c:\programdata\Recovery
2012-04-19 19:33 . 2012-04-26 15:31 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-19 14:24 . 2012-04-23 04:49 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-19 14:22 . 2012-04-23 04:49 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-19 14:22 . 2012-02-24 08:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-19 14:22 . 2012-04-19 14:41 -------- d-----w- c:\programdata\PC Tools
2012-04-19 14:22 . 2012-04-19 14:22 -------- d-----w- c:\users\Resin\AppData\Roaming\TestApp
2012-04-19 14:17 . 2012-04-19 14:17 -------- d-----w- c:\users\Resin\AppData\Roaming\QuickScan
2012-04-19 11:10 . 2012-04-19 11:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\DSETUP.dll
2012-04-19 11:10 . 2012-04-19 11:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\DXSETUP.exe
2012-04-19 11:10 . 2012-04-19 11:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\dsetup32.dll
2012-04-13 05:30 . 2012-04-13 05:30 -------- d-----we c:\windows\system64
2012-04-12 03:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 04:08 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{024E31CC-7EF6-444D-9792-10715C9B8C80}\mpengine.dll
2012-04-01 17:24 . 2012-04-01 17:24 -------- d-----w- c:\program files (x86)\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 16:33 . 2012-03-20 23:19 289472 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-25 22:00 . 2011-01-21 12:56 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2012-02-17 23:21 . 2011-01-20 17:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 17:23 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:23 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:23 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:23 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 19:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 04:02 . 2012-02-07 04:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 22:50 . 2012-02-19 22:34 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-02-02 22:50 . 2012-02-19 22:34 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-01-31 12:44 . 2011-01-20 17:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-04-26 879984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"F-Secure TNB"="c:\program files (x86)\YouSee\Sikkerhedspakke 2010\FSGUI\TNBUtil.exe" [2011-01-05 1655464]
.
c:\users\Resin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Resin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-23 1431888]
R4 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\ORSP Client\fsorsp.exe [2011-12-28 61088]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R4 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;d:\3dsmax2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\HIPS\drivers\fshs.sys [2011-01-05 60040]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\minifilter\fsvista.sys [2011-01-05 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/12/15 00:20];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 23:48 146928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347680032-3753822684-2415491236-1000Core.job
- c:\users\Resin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 19:09]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347680032-3753822684-2415491236-1000UA.job
- c:\users\Resin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 19:09]
.
2012-04-22 c:\windows\Tasks\HPCeeScheduleForResin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF25043.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\YouSee\Sikkerhedspakke 2010\FSPS\program\FSLSP.DLL
Trusted Zone: danskebank.dk\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\454434D233245403: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\761337: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\86A656D6D656: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-Google Update - c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{265EEE8E-3228-44D3-AEA5-F7FDF5860049}"=hex:51,66,7a,6c,4c,1d,38,12,e0,ed,4d,
22,1a,7c,bd,01,d1,b3,b4,bd,f0,d8,44,5d
"{00000000-0000-0000-0000-000000000000}"=hex:51,66,7a,6c,4c,1d,38,12,6e,03,13,
04,32,4e,6e,45,7f,16,43,40,05,5e,44,14
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{C6867EB7-8350-4856-877F-93CF8AE3DC9C}"=hex:51,66,7a,6c,4c,1d,38,12,d9,7d,95,
c2,62,cd,38,0d,f8,69,d0,8f,8f,bd,98,88
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:55,be,49,fe,19,1e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,89,91,c4,f9,c6,a5,44,ac,f9,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,89,91,c4,f9,c6,a5,44,ac,f9,68,\
.
[HKEY_USERS\S-1-5-21-2347680032-3753822684-2415491236-1000\Software\SecuROM\License information*]
"datasecu"=hex:f2,d7,45,46,73,64,2e,96,6c,cc,64,28,ac,61,71,f7,92,07,ad,4f,0d,
3f,16,d1,fe,d4,1b,11,ff,2b,09,89,00,fa,61,9a,2c,06,f5,80,e7,63,e8,0f,58,5f,\
"rkeysecu"=hex:d9,eb,56,a2,c1,4a,2c,80,4b,88,27,b7,6d,0e,15,af
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Gennemført tid: 2012-04-27 17:56:06 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-04-27 15:56
.
Pre-Kørsel: 115.258.265.600 byte ledig
Post-Kørsel: 120.850.022.400 byte ledig
.
- - End Of File - - EFB6CB526FB7A62D10B0B96C54BE1E73

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 27 April 2012 - 12:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 27 April 2012 - 02:03 PM

The TDSSKiller didnt find anything and I dont think the aswMBR did either.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 20:37:16
-----------------------------
20:37:16.739 OS Version: Windows x64 6.1.7601 Service Pack 1
20:37:16.739 Number of processors: 8 586 0x1E05
20:37:16.740 ComputerName: COOKIEMONSTER UserName: Resin
20:37:18.333 Initialize success
20:38:02.893 AVAST engine defs: 12042701
20:38:06.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:38:06.376 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
20:38:06.386 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:38:06.391 Disk 1 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
20:38:06.421 Disk 0 MBR read successfully
20:38:06.431 Disk 0 MBR scan
20:38:06.441 Disk 0 unknown MBR code
20:38:06.496 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:38:06.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456218 MB offset 409600
20:38:06.586 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20418 MB offset 934744064
20:38:06.611 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
20:38:06.671 Disk 0 scanning C:\Windows\system32\drivers
20:38:21.239 Service scanning
20:38:55.519 Modules scanning
20:38:55.539 Disk 0 trace - called modules:
20:38:55.579 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
20:38:55.589 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009b31790]
20:38:55.599 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8009a35b10]
20:38:55.609 5 hpdskflt.sys[fffff88001bdd289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b42050]
20:38:57.163 AVAST engine scan C:\Windows
20:39:02.285 AVAST engine scan C:\Windows\system32
20:42:47.338 AVAST engine scan C:\Windows\system32\drivers
20:43:05.380 AVAST engine scan C:\Users\Resin
20:50:27.809 AVAST engine scan C:\ProgramData
20:52:56.489 Scan finished successfully
21:02:41.094 Disk 0 MBR has been saved successfully to "C:\Users\Resin\Desktop\MBR.dat"
21:02:41.104 The log file has been saved successfully to "C:\Users\Resin\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 27 April 2012 - 02:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

Firefox::
FF - ProfilePath - c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 29 April 2012 - 04:45 AM

ComboFix 12-04-27.02 - Resin 28-04-2012 7:32.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.8126.6431 [GMT 2:00]
Kører fra: c:\users\Resin\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Resin\Desktop\CFscript.txt
AV: YouSee Sikkerhedspakke 9.15 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: YouSee Sikkerhedspakke 9.15 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: YouSee Sikkerhedspakke 9.15 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-03-28 til 2012-04-28 )))))))))))))))))))))))))))))))))))
.
.
2012-04-28 05:38 . 2012-04-28 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 20:45 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03BDDB26-EB84-4152-944C-B87A1827D1FC}\mpengine.dll
2012-04-26 05:31 . 2012-04-26 05:32 -------- d-----w- C:\FRST
2012-04-20 11:08 . 2012-04-20 11:08 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 11:07 . 2012-04-20 11:07 -------- d-----w- c:\programdata\Battle.net
2012-04-20 11:06 . 2012-04-20 11:41 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-19 22:28 . 2012-04-26 04:57 -------- d-----w- c:\programdata\Recovery
2012-04-19 19:33 . 2012-04-26 15:31 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-19 14:24 . 2012-04-23 04:49 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-19 14:22 . 2012-04-23 04:49 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-19 14:22 . 2012-02-24 08:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-19 14:22 . 2012-04-19 14:41 -------- d-----w- c:\programdata\PC Tools
2012-04-19 14:22 . 2012-04-19 14:22 -------- d-----w- c:\users\Resin\AppData\Roaming\TestApp
2012-04-19 14:17 . 2012-04-19 14:17 -------- d-----w- c:\users\Resin\AppData\Roaming\QuickScan
2012-04-19 11:10 . 2012-04-19 11:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\DSETUP.dll
2012-04-19 11:10 . 2012-04-19 11:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\DXSETUP.exe
2012-04-19 11:10 . 2012-04-19 11:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\177822931cd1e1d01\dsetup32.dll
2012-04-13 05:30 . 2012-04-13 05:30 -------- d-----we c:\windows\system64
2012-04-12 03:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-01 17:24 . 2012-04-01 17:24 -------- d-----w- c:\program files (x86)\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 16:23 . 2011-01-21 12:56 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2012-03-22 16:33 . 2012-03-20 23:19 289472 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-23 08:18 . 2011-01-20 17:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 23:21 . 2011-01-20 17:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 17:23 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:23 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:23 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:23 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 19:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 04:02 . 2012-02-07 04:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 22:50 . 2012-02-19 22:34 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-02-02 22:50 . 2012-02-19 22:34 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_15.49.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-29 17:19 . 2012-04-27 16:29 58070 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-28 05:42 46594 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-20 18:59 . 2012-04-28 05:42 14330 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2347680032-3753822684-2415491236-1000_UserData.bin
+ 2010-05-29 17:19 . 2012-04-27 16:29 58070 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-27 16:29 46578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-20 18:59 . 2012-04-27 16:29 14290 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2347680032-3753822684-2415491236-1000_UserData.bin
- 2012-04-27 15:49 . 2012-04-27 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-28 05:40 . 2012-04-28 05:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-27 15:49 . 2012-04-27 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-28 05:40 . 2012-04-28 05:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-21 07:48 . 2012-04-28 05:16 378048 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-01-21 07:48 . 2012-04-27 15:31 378048 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-27 16:33 678794 c:\windows\system64\perfh009.dat
+ 2010-05-29 17:29 . 2012-04-27 16:33 533806 c:\windows\system64\perfh006.dat
+ 2009-07-14 02:36 . 2012-04-27 16:33 133710 c:\windows\system64\perfc009.dat
+ 2010-05-29 17:29 . 2012-04-27 16:33 111104 c:\windows\system64\perfc006.dat
- 2011-01-20 17:05 . 2012-01-31 12:44 279656 c:\windows\system64\MpSigStub.exe
+ 2011-01-20 17:05 . 2012-02-23 08:18 279656 c:\windows\system64\MpSigStub.exe
- 2011-01-21 07:48 . 2012-04-27 15:31 378048 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-01-21 07:48 . 2012-04-28 05:16 378048 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-27 16:33 678794 c:\windows\system32\perfh009.dat
+ 2010-05-29 17:29 . 2012-04-27 16:33 533806 c:\windows\system32\perfh006.dat
+ 2009-07-14 02:36 . 2012-04-27 16:33 133710 c:\windows\system32\perfc009.dat
+ 2010-05-29 17:29 . 2012-04-27 16:33 111104 c:\windows\system32\perfc006.dat
+ 2009-07-14 05:01 . 2012-04-28 05:39 529504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-27 15:48 529504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-21 12:56 . 2012-04-28 05:39 35333024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2347680032-3753822684-2415491236-1000-12288.dat
- 2011-01-21 12:56 . 2012-04-27 15:48 35333024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2347680032-3753822684-2415491236-1000-12288.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-04-26 879984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"F-Secure TNB"="c:\program files (x86)\YouSee\Sikkerhedspakke 2010\FSGUI\TNBUtil.exe" [2011-01-05 1655464]
"F-Secure Manager"="c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Common\FSM32.EXE" [2011-01-05 201384]
.
c:\users\Resin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Resin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\Win2K\FSfilter.sys [2011-01-05 41896]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\Win2K\FSrec.sys [2011-01-05 27304]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-23 1431888]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R4 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;d:\3dsmax2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\HIPS\drivers\fshs.sys [2011-01-05 60040]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\minifilter\fsvista.sys [2011-01-05 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/12/15 00:20];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 23:48 146928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\minifilter\fsgk.sys [2011-01-05 139208]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\YouSee\Sikkerhedspakke 2010\ORSP Client\fsorsp.exe [2011-01-05 58024]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347680032-3753822684-2415491236-1000Core.job
- c:\users\Resin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 19:09]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347680032-3753822684-2415491236-1000UA.job
- c:\users\Resin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 19:09]
.
2012-04-22 c:\windows\Tasks\HPCeeScheduleForResin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Resin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\YouSee\Sikkerhedspakke 2010\FSPS\program\FSLSP.DLL
Trusted Zone: danskebank.dk\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\454434D233245403: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\761337: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{8B3826D2-154A-4093-B987-9CCB4CAAC59A}\86A656D6D656: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Resin\AppData\Roaming\Mozilla\Firefox\Profiles\oq6rzccg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{265EEE8E-3228-44D3-AEA5-F7FDF5860049}"=hex:51,66,7a,6c,4c,1d,38,12,e0,ed,4d,
22,1a,7c,bd,01,d1,b3,b4,bd,f0,d8,44,5d
"{00000000-0000-0000-0000-000000000000}"=hex:51,66,7a,6c,4c,1d,38,12,6e,03,13,
04,32,4e,6e,45,7f,16,43,40,05,5e,44,14
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{C6867EB7-8350-4856-877F-93CF8AE3DC9C}"=hex:51,66,7a,6c,4c,1d,38,12,d9,7d,95,
c2,62,cd,38,0d,f8,69,d0,8f,8f,bd,98,88
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:55,be,49,fe,19,1e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,89,91,c4,f9,c6,a5,44,ac,f9,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,89,91,c4,f9,c6,a5,44,ac,f9,68,\
.
[HKEY_USERS\S-1-5-21-2347680032-3753822684-2415491236-1000\Software\SecuROM\License information*]
"datasecu"=hex:f2,d7,45,46,73,64,2e,96,6c,cc,64,28,ac,61,71,f7,92,07,ad,4f,0d,
3f,16,d1,fe,d4,1b,11,ff,2b,09,89,00,fa,61,9a,2c,06,f5,80,e7,63,e8,0f,58,5f,\
"rkeysecu"=hex:d9,eb,56,a2,c1,4a,2c,80,4b,88,27,b7,6d,0e,15,af
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\fsgk32st.exe
c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\FSGK32.EXE
c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Common\FSMA32.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Common\FSHDLL32.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\fssm32.exe
c:\program files (x86)\YouSee\Sikkerhedspakke 2010\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Gennemført tid: 2012-04-28 07:50:26 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-04-28 05:50
ComboFix2.txt 2012-04-27 15:56
.
Pre-Kørsel: 121.846.362.112 byte ledig
Post-Kørsel: 121.686.749.184 byte ledig
.
- - End Of File - - 319C3CBD02293ADB6066FF21E565DA60

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 29 April 2012 - 06:31 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Resin01

Resin01
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 29 April 2012 - 06:49 AM

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Photoshop CS5.1
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player
All Zombies Must Die!
Alliance of Valiant Arms
Anomaly Warzone Earth Demo
Apple Application Support
Apple Software Update
Arcade
Assassin's Creed Brotherhood
Assassin's Creed II
Assassin's Creed Revelations
Autodesk Backburner 2012.0.0
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Aztaka Demo
Balsamiq Mockups For Desktop
Bastion
Batman: Arkham City™ PC
Ben There, Dan That!
Bing Bar
Blackwell Convergence
Blackwell Deception
Blackwell Unbound
BufferChm
Bulletstorm
C510
Call of Duty: Black Ops
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
Crysis 2 Demo
Crysis Warhead
CyberLink DVD Suite
D3DX10
Dead Island
Dead Space™ 2
Destinations
Deus Ex: Human Revolution
DeviceDiscovery
DeviceIO
DH Mobility Modder.NET
Divinity II - The Dragon Knight Saga
Dragon NaturallySpeaking 11
Dropbox
Dual-Core Optimizer
DVD Menu Pack for HP MediaSmart Video
ESU for Microsoft Windows 7
Far Cry 2
Fences
FileZilla Client 3.5.3
From Dust
GameSpy Comrade
Global Agenda
Google Chrome
GPBaseService2
GraphicsGale FreeEdition version 1.93.19
Hewlett-Packard ACLM.NET v1.1.1.0
HP Customer Experience Enhancements
HP ENVY Document Card Utilities
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP QuickWeb Installer
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0180
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
ICA
IDT Audio
IIS 7.5 Express
Intel Digital Logo
Intel® Management Engine Components
Intel® Rapid Storage Technology
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Jagged Alliance - Back in Action Demo
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Just Cause 2
Last Remnant - Demo 2
Lightfish Demo
LIMBO
LogonStudio
Länkad bok
Mafia II
Magicka
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007-tilføjelsesprogram: Microsoft Gem som PDF
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mirror's Edge
Mount & Blade: With Fire and Sword
Mount and Blade: Warband
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 10.0.2 (x86 da)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nation Red
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA PhysX
On the Rain-Slick Precipice of Darkness, Episode Two
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
OpenAL
Orcs Must Die!
Overgrowth (remove only)
PDF Settings CS5
Portal
Portal 2
Power2Go
Prince of Persia
Pro Motion 6.5
PS_AIO_07_C510_SW_Min
PSPPContent
PSPPRO_DCRAW
PunkBuster Services
PureHD
PX Profile Update
Q.U.B.E. Demo
QuickTime
Realm of the Mad God
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Saints Row: The Third
Sanctum - Demo
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Serious Sam 3: BFE
Setup
Shank
Shank 2 Demo
Share
Singularity
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Space Pirates and Zombies
Stardock MyColors
Status
Steam
Super Monday Night Combat
TeamViewer 7
The Blackwell Legacy
The Elder Scrolls V: Skyrim
Tiled - Tiled Map Editor
Time Gentlemen, Please!
Tom Clancy's Rainbow Six: Vegas 2
Tom Clancy's Splinter Cell: Conviction
Toolbox
TrayApp
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VIO
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
VSClassic
VSPro
Warhammer 40,000 Space Marine
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
World of Warcraft FREE Trial
XAMPP 1.7.7
YouSee Player
YouSee Sikkerhedspakke
Zen Bound® 2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users