Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack plus Trojans in system32


  • This topic is locked This topic is locked
37 replies to this topic

#1 eugene22n

eugene22n

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 24 April 2012 - 11:43 PM

Hi,

I've exhausted my methods for trying to remove this malware/virus that is browser redirecting and randomly opening up windows. It's also done various other damage to the system such as disabling the windows firewall and modifying the uac settings which I can no longer edit.

I've tried a variety of programs such as AVG, Security Essentials, Trend Micro, and Malwarebytes. All detect and remove the files but after a required restart the system is no longer booting. I then have to system restore to get back in.

The files in question so far are all identified as "Trojan horse Backdoor.Generic15.ABEM"

They are in system32:

raspppoe.dll, mfeapfk.dll and sometimes conserv.dll.

I am running on Windows Ultimate 7 SP1 64-bit.

Any help is much appreciated,

Thank You ahead of time, Eugene

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 AM

Posted 25 April 2012 - 12:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 01:20 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
HijackThis 2.0.2
Java™ 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 01:28 AM

Originally when I ran DeFogger the computer started to boot cycle. I restored to my earliest restore point; did it again and it worked fine after the restart. Below is the log from DDS.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Eugene at 23:20:41 on 2012-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4072.2147 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Eugene\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Users\Eugene\AppData\Local\Akamai\netsession_win.exe
C:\Users\Eugene\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Users\Eugene\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Users\Eugene\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Eugene\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [RockMelt Update] "C:\Users\Eugene\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Eugene\AppData\Local\Akamai\netsession_win.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Eugene\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eugene\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Eugene\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\Eugene\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: linkedin.com
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxps://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB}\231303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB}\242435D4 : DhcpNameServer = 192.168.0.254
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB}\2456C6B696E6F5E4B2F57457563747 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB}\24F6277616274647F5E45647 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB}\25160747572756 : DhcpNameServer = 192.168.5.254
TCP: Interfaces\{E16B22EC-5D15-448D-8BDD-66844DD9B3FB}\26F6277616274647F5C616E6 : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\j0hp1mtt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\system32\drivers\AppleHFS.sys --> C:\Windows\system32\drivers\AppleHFS.sys [?]
R0 AppleMNT;AppleMNT;C:\Windows\system32\drivers\AppleMNT.sys --> C:\Windows\system32\drivers\AppleMNT.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]
R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]
R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TracSrvWrapper;Check Point Endpoint Connect;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-6-6 3487288]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]
R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\system32\DRIVERS\vnaap.sys --> C:\Windows\system32\DRIVERS\vnaap.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-18 136176]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-6-10 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe --> C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [?]
S3 clr_optimization_v4.0.30128_64;Microsoft .NET Framework NGEN v4.0.30128_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30128\mscorsvw.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30128\mscorsvw.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-18 136176]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-4-27 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
.
=============== Created Last 30 ================
.
2012-04-25 06:05:56 -------- d-----w- C:\Users\Eugene\AppData\Local\{DFF2969B-C9A0-42E3-AE3E-2471EB4315B3}
2012-04-25 04:51:12 -------- d-----w- C:\Users\Eugene\AppData\Roaming\AVG
2012-04-25 04:30:27 -------- d-----w- C:\Users\Eugene\AppData\Roaming\AVG2012
2012-04-25 04:13:49 -------- d-----w- C:\Users\Eugene\AppData\Local\{A535AF75-E61F-4D59-80D1-65B11DE0343F}
2012-04-25 04:13:29 -------- d-----w- C:\Users\Eugene\AppData\Local\{A9A3CBE6-C660-4E48-B170-63D8A72BEC10}
2012-04-25 04:10:07 -------- d-----we C:\Windows\system64
2012-04-25 02:50:23 -------- d-----w- C:\ComboFix
2012-04-25 02:41:43 -------- d-----w- C:\Users\Eugene\AppData\Local\{252FE6AA-55F2-4920-91DD-45AB54E1E290}
2012-04-25 02:41:19 -------- d-----w- C:\Users\Eugene\AppData\Local\{B2F5A73E-9029-453B-9620-4C27B514B515}
2012-04-24 11:28:19 -------- d-----w- C:\Users\Eugene\AppData\Local\{DA4DDC1C-46BF-48EF-ABC7-708BB699B594}
2012-04-24 11:27:58 -------- d-----w- C:\Users\Eugene\AppData\Local\{E954E104-B65E-4D2F-9996-F428081F8131}
2012-04-24 10:53:11 -------- d-----w- C:\Users\Eugene\AppData\Local\{C910460E-C3B9-44D1-A439-FC11EB60BDF7}
2012-04-24 10:52:34 -------- d-----w- C:\Users\Eugene\AppData\Local\{991D0C23-3E79-41AC-9D99-2732072EE70F}
2012-04-24 05:48:10 -------- d-----w- C:\Users\Eugene\AppData\Local\{CB0FF945-9CF8-41E2-A52C-FC19593A3004}
2012-04-24 05:47:47 -------- d-----w- C:\Users\Eugene\AppData\Local\{981BDDB0-0CFC-4264-8753-9788F2B86EBF}
2012-04-24 05:41:24 -------- d--h--w- C:\ProgramData\Common Files
2012-04-24 05:40:24 -------- d--h--w- C:\$AVG
2012-04-24 05:40:23 -------- d-----w- C:\ProgramData\AVG2012
2012-04-24 05:39:22 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-24 05:36:27 -------- d-----w- C:\ProgramData\MFAData
2012-04-23 22:13:30 -------- d-----w- C:\Users\Eugene\AppData\Local\{8168323A-916E-4B0D-AB72-4C46C57E5342}
2012-04-23 18:36:45 -------- d-----w- C:\Users\Eugene\AppData\Local\{AAB3C05D-B4AD-4FAA-9ED2-192700FBAEC7}
2012-04-23 15:21:47 -------- d-----w- C:\Users\Eugene\AppData\Local\{E42A4019-267D-4307-AD0A-346AFF14245E}
2012-04-23 12:25:39 -------- d-----w- C:\Users\Eugene\AppData\Local\{F3858723-15BD-4B1C-B43A-22B68147EA84}
2012-04-23 08:59:46 -------- d-----w- C:\Users\Eugene\AppData\Local\{044F661B-F725-4013-9C10-C761B8BDB5A6}
2012-04-23 08:52:27 -------- d-----w- C:\Users\Eugene\AppData\Local\{A3698A02-C022-4220-B49A-185457BFF027}
2012-04-23 07:59:45 -------- d-----w- C:\Users\Eugene\AppData\Local\{D4AC5729-163A-4B62-8382-69A9299AB4F4}
2012-04-23 07:34:31 -------- d-----w- C:\Users\Eugene\AppData\Local\{A8366470-E697-4F7F-B734-3D3A00935105}
2012-04-23 07:33:57 -------- d-----w- C:\Users\Eugene\AppData\Local\{B97CE909-ED65-4374-9FCC-1DF3DA3BCC18}
2012-04-22 20:11:07 -------- d-----w- C:\Users\Eugene\AppData\Local\{801AC661-D8F1-426A-B611-DB71BE8E9C39}
2012-04-22 19:52:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-22 19:50:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-22 07:31:13 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-20 22:13:53 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9D7E999-0697-4D0A-98BF-842D10E99570}\mpengine.dll
2012-04-17 05:54:55 -------- d-----r- C:\Users\Eugene\Dropbox
2012-04-17 05:51:49 -------- d-----w- C:\Users\Eugene\AppData\Roaming\Dropbox
2012-04-11 21:31:18 -------- d-----w- C:\Users\Eugene\AppData\Local\{44E6793E-24DE-4F23-8452-23AAF867C457}
2012-04-11 10:12:04 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 10:12:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:12:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 10:06:14 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 10:06:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 10:06:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 10:06:13 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 10:06:13 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 10:06:13 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 10:06:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-03 09:55:45 -------- d-----w- C:\Users\Eugene\AppData\Local\{7DF7D55F-824F-4CF4-99E9-21477D56F92A}
2012-04-02 05:53:22 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 02:18:48 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 02:17:48 -------- d-----w- C:\Users\Eugene\AppData\Local\{85CB0751-D482-4886-8C8F-F870179B703E}
.
==================== Find3M ====================
.
2012-04-17 05:55:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:23:51.01 ===============

#5 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 01:37 AM

And the second log file from DDS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/16/2009 10:54:29 PM
System Uptime: 4/24/2012 11:01:42 PM (0 hours ago)
.
Motherboard: Apple Inc. | | Mac-F2268EC8
Processor: Intel® Core™2 Duo CPU T9900 @ 3.06GHz | U2E1 | 3059/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 422 GiB total, 4.337 GiB free.
D: is CDROM ()
E: is FIXED (HFS) - 44 GiB total, 30.207 GiB free.
F: is CDROM ()
H: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_05AC&PID_8507&MI_00\6&275509D8&0&0000
Manufacturer: Microsoft
Name: Built-in iSight
PNP Device ID: USB\VID_05AC&PID_8507&MI_00\6&275509D8&0&0000
Service: usbvideo
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&123709FE&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&123709FE&0&2
Service: BthPan
.
==== System Restore Points ===================
.
RP408: 4/23/2012 10:38:37 PM - Installed AVG 2012
RP409: 4/23/2012 10:39:33 PM - Installed AVG 2012
RP410: 4/24/2012 1:12:19 AM - Installed AVG 2012
RP411: 4/24/2012 3:56:54 AM - Installed AVG 2012
RP412: 4/24/2012 4:30:42 AM - Installed AVG 2012
RP413: 4/24/2012 9:23:51 PM - Installed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Media Player
Adobe Reader 9.4.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Baseball Mogul 2012
Bing Bar
Bing Rewards Client Installer
BLM 2.7.7
Canon MP Navigator EX 2.1
Canon MX330 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Check Point Endpoint Connect
D3DX10
DAEMON Tools Pro
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dropbox
Feedback Tool
Football Manager 2010
Football Manager 2012
Football Mogul 2012
Galactic Civilizations II
GalCiv II - Dark Avatar
GalCiv II - Twilight of the Arnor
GameCenter 1.3.0.5
Google Chrome
Google Talk Plugin
Google Update Helper
HandBrake 0.9.5
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)
Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)
ieSpell
IIS 7.5 Express
Impulse
iPhoneBrowser
Java Auto Updater
Java™ 6 Update 26
Magic The Gathering - Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
Microsoft Default Manager
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4 Beta
Microsoft Expression Blend SDK Beta for .NET 4
Microsoft Expression Blend SDK Beta for Silverlight 4
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Outlook 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express for Windows Phone CTP - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Windows Phone Developer Resources
Microsoft Windows Phone Developer Tools CTP - ENU
Microsoft Windows XP Tablet PC Edition Development Kit Version 1.7
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio 4.0 Windows Phone Extensions
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
NuGet
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OnLive
Phone to PC 4.1.1.0
QuickTime
Realtek High Definition Audio Driver
RockMelt
Rosetta Stone Version 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
SimCity 4 Deluxe
Skype™ 4.1
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Spybot - Search & Destroy
Star Wars: The Old Republic
StarCraft II
Steam
Telerik RadControls for ASP.NET AJAX Q3 2011
thinkorswim from TD AMERITRADE
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 wrapper
TurboTax Business 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
VLC media player 1.0.2
Vuze
WCF RIA Services V1.0 SP1
WebM Media Foundation Components
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Phone 7 Add-in for Visual Studio 2010 - ENU
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
4/24/2012 9:16:50 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/24/2012 9:08:46 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
4/24/2012 9:00:32 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/24/2012 8:41:55 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
4/24/2012 8:05:44 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/24/2012 8:02:10 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/24/2012 7:50:07 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/24/2012 7:07:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server VSS Writer service to connect.
4/24/2012 7:07:21 PM, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2012 6:46:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/24/2012 6:45:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/24/2012 6:45:40 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:44:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:44:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/24/2012 6:44:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/24/2012 6:44:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/24/2012 6:44:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/24/2012 6:43:58 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/24/2012 6:43:58 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/24/2012 6:43:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2012 6:43:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/24/2012 6:43:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vmm vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 6:43:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2012 6:43:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2012 6:43:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2012 6:43:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2012 6:43:11 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
4/24/2012 6:40:19 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
4/24/2012 6:40:19 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
4/24/2012 6:22:30 PM, Error: Service Control Manager [7023] - The L8042pr2 service terminated with the following error: Access is denied.
4/24/2012 11:06:34 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/24/2012 11:05:24 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
4/24/2012 11:04:54 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
4/24/2012 11:04:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/24/2012 11:04:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
4/24/2012 11:04:52 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2012 11:04:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Deployment Agent Service service to connect.
4/24/2012 11:04:17 PM, Error: Service Control Manager [7000] - The Web Deployment Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2012 11:03:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/24/2012 11:03:24 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/24/2012 11:02:44 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
4/24/2012 1:22:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vmm vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
4/23/2012 8:19:54 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E16B22EC-5D15-448D-8BDD-66844DD9B3FB} because another computer on the network has the same name. The server could not start.
4/23/2012 8:19:54 AM, Error: NetBT [4321] - The name "EUGENE-PC :20" could not be registered on the interface with IP address 192.168.10.198. The computer with the IP address 192.168.10.103 did not allow the name to be claimed by this computer.
4/23/2012 5:24:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
4/23/2012 5:24:28 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 2:02:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vmm vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
4/23/2012 12:59:54 AM, Error: Service Control Manager [7023] - The Id2scaps service terminated with the following error: Access is denied.
4/23/2012 12:56:36 AM, Error: Microsoft Antimalware [3002] -
4/23/2012 1:52:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/23/2012 1:52:26 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2012 1:07:06 PM, Error: NetBT [4321] - The name "EUGENE-PC :20" could not be registered on the interface with IP address 192.168.10.198. The computer with the IP address 192.168.10.119 did not allow the name to be claimed by this computer.
4/22/2012 1:07:06 PM, Error: NetBT [4321] - The name "EUGENE-PC :0" could not be registered on the interface with IP address 192.168.10.198. The computer with the IP address 192.168.10.119 did not allow the name to be claimed by this computer.
4/21/2012 11:43:37 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
4/21/2012 1:38:59 AM, Error: NetBT [4321] - The name "EUGENE-PC :0" could not be registered on the interface with IP address 192.168.10.198. The computer with the IP address 192.168.10.103 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 AM

Posted 25 April 2012 - 01:43 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 03:16 AM

ComboFix has been running for a couple of hours now. It hit the part where it started the restart. Screen went blank, then the cursor went away but I don't believe the computer has actually restarted as of now as I haven't heard that loud "bong" Apple computers make when they start up. The harddrive is active but not very (just based on sound). How long is resonable for it to run before I have to hard reset? Overnight is fine meaning it would run in total for over 12 hours potentially. Longer even? Is it highly dependent on harddisk size?

If I do have to do a hard reset, at what point should I do it and should I try to pull it into safe mode in that case?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 AM

Posted 25 April 2012 - 03:23 AM

go ahead and do the hard restart and see if apon startup combofix continues
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 03:50 AM

It did run at startup. It generated the file. When I tried to open Internet Explorer I got a illegal operations error. I restarted but now the computer is in a restart loop.

I also tried to dump the log file to a memory stick but it would not detect, so I took pictures of the whole log. If you would find it helpful I could attach then.

In the meantime windows is sending me to startup repair or a restore. I'll wait to hear from you before moving forward with anything.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 AM

Posted 25 April 2012 - 03:53 AM

Hello

do this instead and it will be about an hour before I can reply again but I will reply

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 04:09 AM

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 25-04-2012 02:01:48
Running from D:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8114720 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2010-01-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-08-15] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2009-07-06] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" [611888 2010-06-06] (Check Point Software Technologies)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKU\Eugene\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Eugene\...\Run: [RockMelt Update] "C:\Users\Eugene\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2011-06-01] (RockMelt Inc.)
HKU\Eugene\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-10-11] (Valve Corporation)
HKU\Eugene\...\Run: [Akamai NetSession Interface] "C:\Users\Eugene\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-16] (Adobe Systems Incorporated)
2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-08-15] ()
2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [110904 2010-01-16] (Apple Inc.)
2 asmagent; C:\Windows\System32\raspppoe.dll [6656 2009-07-13] (Oak Technology Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13088 2009-02-25] (Intuit Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [3487288 2010-06-06] (Check Point Software Technologies)
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [x]
3 clr_optimization_v4.0.30128_32; C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [x]
3 clr_optimization_v4.0.30128_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30128\mscorsvw.exe [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
3 WMZuneComm; "c:\Program Files\Zune\WMZuneComm.exe" [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
3 ZuneNetworkSvc; "c:\Program Files\Zune\ZuneNss.exe" [x]
3 ZuneWlanCfgSvc; "c:\Program Files\Zune\ZuneWlanCfgSvc.exe" [x]

========================== Drivers (Whitelisted) =============

0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [72024 2011-08-15] (Apple Inc.)
0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [16216 2011-08-15] (Apple Inc.)
3 applemtm; C:\Windows\System32\Drivers\applemtm.sys [12288 2011-01-31] (Apple Inc.)
3 applemtp; C:\Windows\System32\Drivers\applemtp.sys [38912 2011-01-31] (Apple Inc.)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-03-30] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-07-29] (DT Soft Ltd)
3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [18432 2009-07-22] (Apple Inc.)
2 KeyAgent; C:\Windows\System32\Drivers\KeyAgent.sys [17752 2011-08-15] (Apple Inc.)
3 KeyMagic; C:\Windows\System32\Drivers\KeyMagic.sys [32256 2011-06-02] (Apple Inc.)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-03-30] ()
2 MacHALDriver; C:\Windows\System32\Drivers\MacHALDriver.sys [21048 2010-11-11] (Apple Inc.)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [61952 2010-06-30] (MotioninJoy)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx64.sys [1495456 2009-07-22] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [350952 2010-08-12] (NVIDIA Corporation)
3 nvsmu; C:\Windows\System32\Drivers\nvsmu.sys [27680 2009-07-22] (NVIDIA Corporation)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-07-29] (Duplex Secure Ltd.)
1 vmm; C:\Windows\System32\Drivers\vmm.sys [295272 2010-02-24] (Microsoft Corporation)
3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2010-06-06] (Check Point Software Technologies)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 CP_OMDRV; [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
2 VNASC; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: asmagent
NETSVC: U81xobex

============ One Month Created Files and Folders ==============

2012-04-25 00:40 - 2012-04-23 17:16 - 0022371 ____A C:\Users\Eugene\Documents\ComboFix.txt
2012-04-25 00:38 - 2012-04-25 00:38 - 0022371 ____A C:\ComboFix.txt
2012-04-25 00:28 - 2012-04-23 21:40 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 22:53 - 2012-04-24 22:35 - 0256000 ____A C:\Windows\PEV.exe
2012-04-24 22:53 - 2012-04-24 22:35 - 0098816 ____A C:\Windows\sed.exe
2012-04-24 22:53 - 2012-04-24 22:35 - 0080412 ____A C:\Windows\grep.exe
2012-04-24 22:53 - 2011-12-08 17:46 - 0000000 ____D C:\ComboFix
2012-04-24 22:53 - 2011-03-25 02:40 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-24 22:53 - 2011-03-14 23:41 - 0208896 ____A C:\Windows\MBR.exe
2012-04-24 22:53 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-24 22:53 - 2009-06-10 12:36 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-24 22:53 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-24 22:52 - 2012-01-04 15:33 - 4475037 ____R (Swearware) C:\Users\Eugene\Desktop\ComboFix.exe
2012-04-24 22:20 - 2012-04-24 22:52 - 0607260 ____R (Swearware) C:\Users\Eugene\Desktop\dds.scr
2012-04-24 22:18 - 2010-11-17 15:48 - 0879714 ____A C:\Users\Eugene\Desktop\SecurityCheck.exe
2012-04-24 22:05 - 2011-09-30 14:36 - 0000000 ____D C:\Users\Eugene\AppData\Local\{DFF2969B-C9A0-42E3-AE3E-2471EB4315B3}
2012-04-24 22:00 - 2012-04-24 22:20 - 0050477 ____A C:\Users\Eugene\Desktop\Defogger.exe
2012-04-24 21:16 - 2012-04-24 22:00 - 0000732 ____A C:\Users\Eugene\Desktop\defogger_disable.log
2012-04-24 21:16 - 2009-10-16 21:54 - 0000578 ____A C:\Users\Eugene\defogger_reenable
2012-04-24 20:51 - 2011-12-27 13:52 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\AVG
2012-04-24 20:30 - 2012-04-24 20:54 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\AVG2012
2012-04-24 20:19 - 2012-04-24 20:18 - 0023392 ____A C:\TDSSKiller.2.7.2.0_24.04.2012_21.19.33_log.txt
2012-04-24 20:18 - 2011-04-11 15:51 - 1954684 ____A C:\Users\Eugene\Desktop\tdsskiller.zip
2012-04-24 20:18 - 2010-09-07 21:54 - 0000346 ____A C:\TDSSKiller.2.7.2.0_24.04.2012_21.18.55_log.txt
2012-04-24 20:13 - 2011-10-02 01:27 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A535AF75-E61F-4D59-80D1-65B11DE0343F}
2012-04-24 20:13 - 2011-09-29 14:15 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A9A3CBE6-C660-4E48-B170-63D8A72BEC10}
2012-04-24 18:41 - 2011-12-04 15:17 - 0000000 ____D C:\Users\Eugene\AppData\Local\{252FE6AA-55F2-4920-91DD-45AB54E1E290}
2012-04-24 18:41 - 2011-10-10 01:20 - 0000000 ____D C:\Users\Eugene\AppData\Local\{B2F5A73E-9029-453B-9620-4C27B514B515}
2012-04-24 10:48 - 2012-01-26 21:47 - 0000000 ____A C:\Users\Eugene\Desktop\New Text Document (4).txt
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-24 03:57 - 2011-03-12 02:11 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-24 03:57 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-24 03:57 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-24 03:57 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-24 03:57 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-24 03:38 - 2009-12-15 13:40 - 0000000 ____D C:\Windows\ERDNT
2012-04-24 03:37 - 2012-04-24 22:29 - 0000000 ____D C:\Qoobox
2012-04-24 03:28 - 2012-01-13 10:40 - 0000000 ____D C:\Users\Eugene\AppData\Local\{DA4DDC1C-46BF-48EF-ABC7-708BB699B594}
2012-04-24 03:27 - 2011-10-29 12:14 - 0000000 ____D C:\Users\Eugene\AppData\Local\{E954E104-B65E-4D2F-9996-F428081F8131}
2012-04-24 03:06 - 2011-09-13 01:02 - 0000000 ____D C:\Users\Eugene\Desktop\raspppoe
2012-04-24 02:58 - 2012-04-24 04:23 - 0017825 ____A C:\Users\Eugene\Desktop\raspppoe.zip
2012-04-24 02:53 - 2011-12-09 16:35 - 0000000 ____D C:\Users\Eugene\AppData\Local\{C910460E-C3B9-44D1-A439-FC11EB60BDF7}
2012-04-24 02:52 - 2012-04-23 21:47 - 0000000 ____D C:\Users\Eugene\AppData\Local\{991D0C23-3E79-41AC-9D99-2732072EE70F}
2012-04-23 21:48 - 2011-12-26 01:47 - 0000000 ____D C:\Users\Eugene\AppData\Local\{CB0FF945-9CF8-41E2-A52C-FC19593A3004}
2012-04-23 21:47 - 2011-12-30 15:39 - 0000000 ____D C:\Users\Eugene\AppData\Local\{981BDDB0-0CFC-4264-8753-9788F2B86EBF}
2012-04-23 21:40 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-23 21:40 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-23 21:40 - - 0000000 ____D C:\$AVG
2012-04-23 21:39 - 2012-04-24 22:29 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-23 21:36 - 2012-04-24 22:29 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-23 21:36 - 2012-04-24 22:29 - 0000000 ____D C:\ProgramData\MFAData
2012-04-23 21:36 - 2011-12-10 13:50 - 3867720 ____A (AVG Technologies) C:\Users\Eugene\Downloads\avg_free_stb_all_2012_2127_cnet.exe
2012-04-23 14:13 - 2012-04-22 12:11 - 0000000 ____D C:\Users\Eugene\AppData\Local\{8168323A-916E-4B0D-AB72-4C46C57E5342}
2012-04-23 10:36 - 2012-01-23 18:33 - 0000000 ____D C:\Users\Eugene\AppData\Local\{AAB3C05D-B4AD-4FAA-9ED2-192700FBAEC7}
2012-04-23 07:21 - 2011-10-13 17:57 - 0000000 ____D C:\Users\Eugene\AppData\Local\{E42A4019-267D-4307-AD0A-346AFF14245E}
2012-04-23 04:25 - 2011-10-21 13:28 - 0000000 ____D C:\Users\Eugene\AppData\Local\{F3858723-15BD-4B1C-B43A-22B68147EA84}
2012-04-23 01:01 - 2009-07-13 17:39 - 0262406 ____A C:\Windows\ntbtlog.txt
2012-04-23 00:59 - 2011-09-15 04:02 - 0000000 ____D C:\Users\Eugene\AppData\Local\{044F661B-F725-4013-9C10-C761B8BDB5A6}
2012-04-23 00:55 - 2011-12-27 13:44 - 0001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-23 00:55 - 2010-05-18 01:44 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Eugene\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-23 00:52 - 2011-12-29 12:39 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A3698A02-C022-4220-B49A-185457BFF027}
2012-04-22 23:59 - 2012-02-13 11:07 - 0000000 ____D C:\Users\Eugene\AppData\Local\{D4AC5729-163A-4B62-8382-69A9299AB4F4}
2012-04-22 23:34 - 2012-01-28 01:38 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A8366470-E697-4F7F-B734-3D3A00935105}
2012-04-22 23:33 - 2011-12-24 00:39 - 0000000 ____D C:\Users\Eugene\AppData\Local\{B97CE909-ED65-4374-9FCC-1DF3DA3BCC18}
2012-04-22 12:11 - 2012-04-03 01:56 - 0000000 ____D C:\Users\Eugene\AppData\Local\{801AC661-D8F1-426A-B611-DB71BE8E9C39}
2012-04-22 11:52 - 2012-04-24 22:29 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-22 11:50 - 2012-04-24 22:29 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-16 21:54 - 2012-04-23 21:36 - 0000000 ___RD C:\Users\Eugene\Dropbox
2012-04-16 21:54 - 2012-02-16 22:09 - 0001059 ____A C:\Users\Eugene\Start Menu\Programs\Startup\Dropbox.lnk
2012-04-16 21:54 - 2012-02-16 22:09 - 0001059 ____A C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-04-16 21:54 - 2012-02-16 22:09 - 0001029 ____A C:\Users\Eugene\Desktop\Dropbox.lnk
2012-04-16 21:51 - 2010-07-21 20:53 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Dropbox
2012-04-15 21:50 - 2011-02-24 23:49 - 0107926 ____A C:\Users\Eugene\Desktop\sitemap.xml
2012-04-12 22:04 - 2011-04-27 18:16 - 0065738 ____A C:\Users\Eugene\Desktop\Luxe(2).docx
2012-04-11 13:31 - 2011-09-26 23:11 - 0000000 ____D C:\Users\Eugene\AppData\Local\{44E6793E-24DE-4F23-8452-23AAF867C457}
2012-04-11 02:16 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 02:16 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 02:16 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 02:16 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 02:16 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 02:16 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 02:16 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 02:16 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 02:16 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 02:16 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 02:16 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 02:16 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 02:16 - 2011-03-14 23:40 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 02:16 - 2011-03-14 23:40 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 02:16 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 02:16 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 02:16 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 02:16 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 02:16 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 02:16 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 02:12 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 02:12 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 02:12 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 02:06 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 02:06 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 02:06 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 02:06 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 02:06 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 02:06 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 02:06 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-06 20:07 - 2011-12-10 14:15 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-04 15:24 - 2010-10-27 13:40 - 0000000 ____D C:\Users\Eugene\Desktop\WakeOnLanGui
2012-04-04 15:23 - 2012-04-04 15:24 - 0187488 ____A C:\Users\Eugene\Desktop\WakeOnLanGui.zip
2012-04-03 01:55 - 2011-12-01 22:40 - 0000000 ____D C:\Users\Eugene\AppData\Local\{7DF7D55F-824F-4CF4-99E9-21477D56F92A}
2012-04-01 21:53 - 2012-04-16 21:55 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-01 18:20 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-01 18:18 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-01 18:17 - 2011-09-14 00:53 - 0000000 ____D C:\Users\Eugene\AppData\Local\{85CB0751-D482-4886-8C8F-F870179B703E}
2012-03-28 15:12 - 2010-05-02 13:52 - 0000000 ____D C:\Users\Eugene\Desktop\New folder (3)
2012-03-27 15:39 - 2011-10-05 18:09 - 0063362 ____A C:\Users\Eugene\Desktop\b.jpg
2012-03-27 08:24 - 2011-05-21 09:35 - 0619912 ___AT C:\Users\Eugene\Desktop\CEOCAMabc.jpg


============ 3 Months Modified Files and Folders =============

2012-04-25 02:02 - 2012-04-25 02:01 - 0000000 ____D C:\FRST
2012-04-25 00:47 - 2009-10-16 21:47 - 3202125824 __ASH C:\hiberfil.sys
2012-04-25 00:44 - 2009-10-16 21:54 - 1533102 ____A C:\Windows\WindowsUpdate.log
2012-04-25 00:39 - 2009-07-13 20:45 - 0013952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-25 00:39 - 2009-07-13 20:45 - 0013952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-25 00:38 - 2012-04-25 00:40 - 0022371 ____A C:\Users\Eugene\Documents\ComboFix.txt
2012-04-25 00:38 - 2012-04-25 00:38 - 0022371 ____A C:\ComboFix.txt
2012-04-25 00:38 - 2012-04-24 22:53 - 0000000 ____D C:\ComboFix
2012-04-25 00:38 - 2012-04-24 03:37 - 0000000 ____D C:\Qoobox
2012-04-25 00:36 - 2012-04-24 03:38 - 0000000 ____D C:\Windows\ERDNT
2012-04-25 00:31 - 2009-10-16 16:42 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1035037747-2619450578-1257536889-1001UA.job
2012-04-25 00:28 - 2012-04-25 00:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-25 00:28 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-25 00:27 - 2011-03-17 23:55 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-25 00:27 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-25 00:27 - 2009-07-13 20:51 - 0285432 ____A C:\Windows\setupact.log
2012-04-25 00:26 - 2009-10-16 22:04 - 0265958 ____A C:\Windows\PFRO.log
2012-04-25 00:24 - 2009-07-13 18:34 - 23855104 ____A C:\Windows\System32\config\system.bak
2012-04-25 00:11 - 2011-03-17 23:55 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-25 00:11 - 2009-07-13 18:34 - 119275520 ____A C:\Windows\System32\config\software.bak
2012-04-25 00:09 - 2012-04-01 18:20 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-24 23:59 - 2011-06-01 22:53 - 0000932 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1035037747-2619450578-1257536889-1001UA.job
2012-04-24 23:57 - 2009-07-13 18:34 - 8650752 ____A C:\Windows\System32\config\default.bak
2012-04-24 23:05 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-24 23:03 - 2009-10-16 21:54 - 0000000 ____D C:\users\Eugene
2012-04-24 22:58 - 2011-06-01 22:53 - 0000880 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1035037747-2619450578-1257536889-1001Core.job
2012-04-24 22:52 - 2012-04-24 22:52 - 4475037 ____R (Swearware) C:\Users\Eugene\Desktop\ComboFix.exe
2012-04-24 22:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-24 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-24 22:44 - 2010-07-21 18:15 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A4E32CF0-817B-42F6-AC47-4DB5B1778FE7}
2012-04-24 22:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-24 22:43 - 2012-04-23 21:36 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-24 22:43 - 2012-04-23 21:36 - 0000000 ____D C:\ProgramData\MFAData
2012-04-24 22:43 - 2012-02-17 16:10 - 0000000 ____D C:\Program Files\SmartFTP Client
2012-04-24 22:43 - 2011-11-09 16:21 - 0000000 ____D C:\Users\Eugene\AppData\Local\Akamai
2012-04-24 22:43 - 2009-10-16 17:49 - 0000000 ____D C:\Program Files\Zune
2012-04-24 22:42 - 2011-12-27 13:43 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-24 22:42 - 2011-10-12 02:42 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-24 22:42 - 2011-08-19 16:44 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-04-24 22:42 - 2011-07-29 15:38 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-04-24 22:42 - 2010-06-10 13:38 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-24 22:42 - 2009-10-16 22:01 - 0000000 ____D C:\Program Files\Boot Camp
2012-04-24 22:42 - 2009-10-16 16:42 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-24 22:41 - 2012-04-23 21:40 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-24 22:41 - 2012-04-23 21:40 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-24 22:40 - 2010-03-16 22:01 - 0000000 ____D C:\WP7TrainingKit
2012-04-24 22:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-24 22:39 - 2009-10-16 17:20 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-24 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-24 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-24 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-24 22:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-24 22:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-24 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-24 22:36 - 2011-03-08 03:13 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-24 22:36 - 2010-08-11 02:02 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-24 22:36 - 2009-10-26 21:05 - 0000000 ____D C:\Windows\SysWOW64\AGEIA
2012-04-24 22:36 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-24 22:36 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-24 22:36 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-24 22:36 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-24 22:36 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-24 22:36 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-24 22:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-24 22:35 - 2011-12-16 17:37 - 0000000 ____D C:\Windows\rescache
2012-04-24 22:35 - 2011-12-10 15:27 - 0000000 ____D C:\Windows\symbols
2012-04-24 22:35 - 2011-08-11 02:01 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-04-24 22:35 - 2011-03-08 03:13 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-24 22:35 - 2011-02-15 16:39 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-24 22:35 - 2010-01-28 21:49 - 0000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-04-24 22:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-24 22:35 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-24 22:35 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-24 22:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-24 22:34 - 2012-03-28 15:12 - 0000000 ____D C:\Users\Eugene\Desktop\New folder (3)
2012-04-24 22:34 - 2011-12-27 15:29 - 0000000 ____D C:\Users\Eugene\Desktop\redsn0w_win_0.9.10b1
2012-04-24 22:34 - 2011-12-21 22:11 - 0000000 ____D C:\Users\Eugene\Desktop\stickbackup
2012-04-24 22:34 - 2011-12-15 13:23 - 0000000 ____D C:\Users\Eugene\AppData\Local\SWTOR
2012-04-24 22:34 - 2011-12-10 17:39 - 0000000 ____D C:\Users\Eugene\Desktop\TabletPC
2012-04-24 22:34 - 2011-12-10 17:28 - 0000000 ____D C:\Users\Eugene\Desktop\InkSecureSignatureCodeSample
2012-04-24 22:34 - 2011-12-10 16:40 - 0000000 ____D C:\Users\Eugene\Documents\My Web Sites
2012-04-24 22:34 - 2011-12-10 16:40 - 0000000 ____D C:\Users\Eugene\Documents\IISExpress
2012-04-24 22:34 - 2011-11-27 17:23 - 0000000 ___HD C:\Users\Eugene\SC2-WingsOfLiberty-enUS-Installer
2012-04-24 22:34 - 2011-10-22 18:12 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Worksimaging
2012-04-24 22:34 - 2011-10-12 14:02 - 0000000 ____D C:\Users\Eugene\Desktop\redsn0w_win_0.9.9b4
2012-04-24 22:34 - 2011-09-12 22:04 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Canon
2012-04-24 22:34 - 2011-06-25 21:56 - 0000000 ____D C:\Users\Eugene\Documents\SimCity 4
2012-04-24 22:34 - 2011-06-25 21:55 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\U3
2012-04-24 22:34 - 2011-06-01 22:53 - 0000000 ____D C:\Users\Eugene\AppData\Local\RockMelt
2012-04-24 22:34 - 2011-04-09 16:23 - 0000000 ____D C:\Users\Eugene\Desktop\New folder
2012-04-24 22:34 - 2011-04-09 15:46 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Intuit
2012-04-24 22:34 - 2010-12-16 12:19 - 0000000 ____D C:\Users\Eugene\AppData\Local\OnLive App
2012-04-24 22:34 - 2010-10-18 14:33 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Mozilla
2012-04-24 22:34 - 2010-06-14 00:49 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Malwarebytes
2012-04-24 22:34 - 2010-03-31 14:36 - 0000000 ____D C:\Users\Eugene\AppData\Local\Microsoft_Corporation
2012-04-24 22:34 - 2010-03-15 18:13 - 0000000 ____D C:\Users\Eugene\Documents\Visual Studio 2010
2012-04-24 22:34 - 2010-03-09 16:34 - 0000000 ____D C:\Users\Eugene\Documents\My Games
2012-04-24 22:34 - 2010-02-24 18:19 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Skype
2012-04-24 22:34 - 2009-11-28 23:03 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Sports Interactive
2012-04-24 22:34 - 2009-10-20 00:15 - 0000000 ____D C:\Users\Eugene\Documents\SimCity 4.old
2012-04-24 22:34 - 2009-10-17 19:57 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Azureus
2012-04-24 22:34 - 2009-10-16 21:55 - 0000000 ____D C:\Users\Eugene\AppData\Local\VirtualStore
2012-04-24 22:34 - 2009-10-16 21:54 - 0000000 ____D C:\Users\Eugene\AppData\LocalLow
2012-04-24 22:34 - 2009-10-16 17:20 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Macromedia
2012-04-24 22:34 - 2009-10-16 17:20 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Adobe
2012-04-24 22:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-24 22:29 - 2011-12-27 13:43 - 0000000 ____D C:\Program Files\iTunes
2012-04-24 22:29 - 2011-12-27 13:43 - 0000000 ____D C:\Program Files\iPod
2012-04-24 22:29 - 2011-12-10 17:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Tablet PC Platform SDK
2012-04-24 22:29 - 2011-12-10 16:30 - 0000000 ____D C:\Program Files (x86)\Telerik
2012-04-24 22:29 - 2011-12-10 15:54 - 0000000 ____D C:\Program Files (x86)\IIS Express
2012-04-24 22:29 - 2011-12-10 15:53 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-24 22:29 - 2011-12-10 15:19 - 0000000 ____D C:\Users\All Users\VS
2012-04-24 22:29 - 2011-12-10 15:19 - 0000000 ____D C:\ProgramData\VS
2012-04-24 22:29 - 2011-12-10 15:13 - 0000000 ____D C:\Program Files\IIS
2012-04-24 22:29 - 2011-12-10 15:13 - 0000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2012-04-24 22:29 - 2011-12-10 15:13 - 0000000 ____D C:\Program Files (x86)\IIS
2012-04-24 22:29 - 2011-12-10 15:05 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2012-04-24 22:29 - 2011-12-10 14:58 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2012-04-24 22:29 - 2011-12-10 14:14 - 0000000 ____D C:\Program Files\Paint.NET
2012-04-24 22:29 - 2011-11-27 20:58 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-04-24 22:29 - 2011-11-18 17:20 - 0000000 ___HD C:\Users\All Users\Blizzard Entertainment
2012-04-24 22:29 - 2011-11-18 17:20 - 0000000 ___HD C:\ProgramData\Blizzard Entertainment
2012-04-24 22:29 - 2011-10-19 23:35 - 0000000 ____D C:\Users\Eugene\AppData\Local\Cranium_Consulting_and_Cu
2012-04-24 22:29 - 2011-10-19 23:32 - 0000000 ____D C:\Users\Eugene\AppData\Local\Macroplant,_LLC
2012-04-24 22:29 - 2011-10-12 02:39 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-24 22:29 - 2011-10-12 02:11 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-24 22:29 - 2011-09-27 01:08 - 0000000 ___HD C:\Users\Eugene\.swt
2012-04-24 22:29 - 2011-09-12 22:04 - 0000000 ___HD C:\Users\All Users\CanonIJScan
2012-04-24 22:29 - 2011-09-12 22:04 - 0000000 ___HD C:\ProgramData\CanonIJScan
2012-04-24 22:29 - 2011-08-24 20:36 - 0000000 ____D C:\Program Files (x86)\Wizards of the Coast LLC
2012-04-24 22:29 - 2011-07-29 14:59 - 0000000 ____D C:\Program Files (x86)\Cyanide
2012-04-24 22:29 - 2011-07-13 02:04 - 0000000 ____D C:\Users\Eugene\AppData\Local\HandBrake
2012-04-24 22:29 - 2011-07-08 23:32 - 0000000 ____D C:\Program Files\SAMSUNG
2012-04-24 22:29 - 2011-04-27 15:37 - 0000000 ____D C:\Program Files (x86)\Bluetack
2012-04-24 22:29 - 2011-04-26 21:18 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-04-24 22:29 - 2011-04-26 21:07 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-04-24 22:29 - 2011-04-18 20:47 - 0000000 ____D C:\Program Files (x86)\Internet Explorer Platform Preview
2012-04-24 22:29 - 2011-04-09 22:11 - 0000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-04-24 22:29 - 2011-04-09 15:44 - 0000000 ____D C:\Program Files (x86)\TurboTax
2012-04-24 22:29 - 2011-03-17 23:55 - 0000000 ____D C:\Program Files\Common Files\WebM Project
2012-04-24 22:29 - 2011-03-17 23:55 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-24 22:29 - 2011-03-08 03:23 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-24 22:29 - 2011-02-26 21:47 - 0000000 ___HD C:\Users\All Users\Kodak
2012-04-24 22:29 - 2011-02-26 21:47 - 0000000 ___HD C:\ProgramData\Kodak
2012-04-24 22:29 - 2011-02-24 23:35 - 0000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2012-04-24 22:29 - 2011-02-11 13:40 - 0000000 ____D C:\Program Files (x86)\Feedback Tool
2012-04-24 22:29 - 2011-01-16 23:06 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-24 22:29 - 2011-01-16 23:06 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-24 22:29 - 2010-12-16 12:19 - 0000000 ____D C:\Program Files (x86)\OnLive
2012-04-24 22:29 - 2010-11-25 04:43 - 0000000 ____D C:\a556c42751ee5697e1e67a1d0134
2012-04-24 22:29 - 2010-11-08 22:10 - 0000000 ____D C:\Program Files (x86)\thinkTDA
2012-04-24 22:29 - 2010-10-21 08:33 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-24 22:29 - 2010-10-12 09:09 - 0000000 ____D C:\Program Files (x86)\ieSpell
2012-04-24 22:29 - 2010-10-12 01:52 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-24 22:29 - 2010-09-26 19:40 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-24 22:29 - 2010-09-26 19:40 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-24 22:29 - 2010-09-26 19:35 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-24 22:29 - 2010-09-24 02:24 - 0000000 ____D C:\Program Files (x86)\Codemasters
2012-04-24 22:29 - 2010-09-10 00:01 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-24 22:29 - 2010-09-01 02:06 - 0000000 ____D C:\Program Files (x86)\NASCAR SimRacing Demo
2012-04-24 22:29 - 2010-06-14 00:49 - 0000000 ___HD C:\Users\All Users\Malwarebytes
2012-04-24 22:29 - 2010-06-14 00:49 - 0000000 ___HD C:\ProgramData\Malwarebytes
2012-04-24 22:29 - 2010-06-14 00:49 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 22:29 - 2010-06-10 13:38 - 0000000 ___HD C:\Users\All Users\Spybot - Search & Destroy
2012-04-24 22:29 - 2010-06-10 13:38 - 0000000 ___HD C:\ProgramData\Spybot - Search & Destroy
2012-04-24 22:29 - 2010-06-02 14:44 - 0000000 ____D C:\Program Files (x86)\Infogrames Interactive
2012-04-24 22:29 - 2010-06-02 14:36 - 0000000 ____D C:\Program Files\WinMount
2012-04-24 22:29 - 2010-05-18 01:44 - 0000000 ____D C:\Program Files (x86)\MicroProse
2012-04-24 22:29 - 2010-05-03 01:25 - 0000000 ____D C:\Program Files (x86)\Stardock Games
2012-04-24 22:29 - 2010-05-03 01:01 - 0000000 __HDC C:\Users\All Users\{0D3F1181-2990-450C-9561-37F58E771480}
2012-04-24 22:29 - 2010-05-03 01:01 - 0000000 __HDC C:\ProgramData\{0D3F1181-2990-450C-9561-37F58E771480}
2012-04-24 22:29 - 2010-05-03 01:01 - 0000000 ___HD C:\Users\All Users\Stardock
2012-04-24 22:29 - 2010-05-03 01:01 - 0000000 ___HD C:\ProgramData\Stardock
2012-04-24 22:29 - 2010-05-03 01:01 - 0000000 ____D C:\Program Files (x86)\Stardock
2012-04-24 22:29 - 2010-04-26 21:03 - 0000000 ____D C:\Sports Mogul
2012-04-24 22:29 - 2010-04-06 22:33 - 0000000 ____D C:\Program Files (x86)\EA SPORTS
2012-04-24 22:29 - 2010-03-31 14:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-04-24 22:29 - 2010-03-31 14:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-24 22:29 - 2010-03-31 14:23 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-04-24 22:29 - 2010-03-31 14:22 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2012-04-24 22:29 - 2010-03-16 22:47 - 0000000 ____D C:\Program Files (x86)\WPF Toolkit
2012-04-24 22:29 - 2010-03-16 22:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Expression
2012-04-24 22:29 - 2010-03-15 18:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-04-24 22:29 - 2010-03-15 18:14 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-04-24 22:29 - 2010-03-15 18:12 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-04-24 22:29 - 2010-03-15 18:10 - 0000000 ____D C:\Program Files (x86)\Microsoft XDE
2012-04-24 22:29 - 2010-03-15 18:09 - 0000000 ____D C:\Program Files\Microsoft Help Viewer
2012-04-24 22:29 - 2010-03-15 18:09 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-04-24 22:29 - 2010-03-11 02:00 - 0000000 ____D C:\Program Files (x86)\Railroad Tycoon 3
2012-04-24 22:29 - 2010-02-24 18:18 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-24 22:29 - 2010-02-24 18:18 - 0000000 ___HD C:\Users\All Users\Skype
2012-04-24 22:29 - 2010-02-24 18:18 - 0000000 ___HD C:\ProgramData\Skype
2012-04-24 22:29 - 2010-01-28 21:52 - 0000000 ____D C:\Program Files\Canon
2012-04-24 22:29 - 2010-01-28 21:48 - 0000000 ___HD C:\Program Files\CanonBJ
2012-04-24 22:29 - 2010-01-28 21:48 - 0000000 ____D C:\Program Files (x86)\Canon
2012-04-24 22:29 - 2010-01-04 18:25 - 0000000 ___HD C:\Users\All Users\Rosetta Stone
2012-04-24 22:29 - 2010-01-04 18:25 - 0000000 ___HD C:\ProgramData\Rosetta Stone
2012-04-24 22:29 - 2010-01-04 18:25 - 0000000 ____D C:\Program Files (x86)\Rosetta Stone
2012-04-24 22:29 - 2009-12-13 17:24 - 0000000 ____D C:\Program Files (x86)\Alcohol Soft
2012-04-24 22:29 - 2009-11-28 22:55 - 0000000 ____D C:\Program Files (x86)\Sports Interactive
2012-04-24 22:29 - 2009-10-27 16:11 - 0000000 ____D C:\Program Files (x86)\Windows Virtual PC
2012-04-24 22:29 - 2009-10-27 15:48 - 0000000 ____D C:\Program Files\Windows XP Mode
2012-04-24 22:29 - 2009-10-27 14:40 - 0000000 ____D C:\Program Files\WinRAR
2012-04-24 22:29 - 2009-10-26 21:05 - 0000000 ____D C:\Program Files (x86)\AGEIA Technologies
2012-04-24 22:29 - 2009-10-26 21:04 - 0000000 ____D C:\NVIDIA
2012-04-24 22:29 - 2009-10-25 14:13 - 0000000 ___HD C:\Users\All Users\McAfee
2012-04-24 22:29 - 2009-10-25 14:13 - 0000000 ___HD C:\ProgramData\McAfee
2012-04-24 22:29 - 2009-10-24 01:57 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-24 22:29 - 2009-10-24 00:44 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-24 22:29 - 2009-10-24 00:42 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-24 22:29 - 2009-10-20 14:20 - 0000000 ___HD C:\Users\All Users\Adobe
2012-04-24 22:29 - 2009-10-20 14:20 - 0000000 ___HD C:\ProgramData\Adobe
2012-04-24 22:29 - 2009-10-20 14:19 - 0000000 ____D C:\Users\Eugene\AppData\Local\Adobe
2012-04-24 22:29 - 2009-10-18 21:54 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-04-24 22:29 - 2009-10-18 21:54 - 0000000 ___HD C:\ProgramData\CanonBJ
2012-04-24 22:29 - 2009-10-18 19:29 - 0000000 ____D C:\Program Files (x86)\Maxis
2012-04-24 22:29 - 2009-10-18 19:27 - 0000000 ____D C:\Program Files (x86)\Elaborate Bytes
2012-04-24 22:29 - 2009-10-17 21:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-24 22:29 - 2009-10-16 22:03 - 0000000 ____D C:\Users\Eugene\AppData\Local\Microsoft Games
2012-04-24 22:29 - 2009-10-16 22:01 - 0000000 ____D C:\Program Files\Realtek
2012-04-24 22:29 - 2009-10-16 22:01 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-24 22:29 - 2009-10-16 22:01 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-04-24 22:29 - 2009-10-16 22:01 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-24 22:29 - 2009-10-16 22:00 - 0000000 ____D C:\Program Files\IDT
2012-04-24 22:29 - 2009-10-16 22:00 - 0000000 ____D C:\Program Files (x86)\IDT
2012-04-24 22:29 - 2009-10-16 21:58 - 0000000 ____D C:\Program Files\DIFX
2012-04-24 22:29 - 2009-10-16 21:57 - 0000000 ___HD C:\Users\All Users\Apple
2012-04-24 22:29 - 2009-10-16 21:57 - 0000000 ___HD C:\ProgramData\Apple
2012-04-24 22:29 - 2009-10-16 21:57 - 0000000 ____D C:\Users\Eugene\AppData\Local\Apple
2012-04-24 22:29 - 2009-10-16 18:30 - 0000000 ____D C:\Program Files (x86)\Vuze
2012-04-24 22:29 - 2009-10-16 18:14 - 0000000 ____D C:\Program Files (x86)\CheckPoint
2012-04-24 22:29 - 2009-10-16 16:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-24 22:29 - 2009-10-16 16:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-04-24 22:29 - 2009-10-16 16:42 - 0000000 ____D C:\Users\Eugene\AppData\Local\Google
2012-04-24 22:29 - 2009-10-16 16:42 - 0000000 ____D C:\Users\Eugene\AppData\Local\Apps\2.0
2012-04-24 22:29 - 2009-10-16 16:40 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-24 22:29 - 2009-10-16 16:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-24 22:29 - 2009-10-16 16:39 - 0000000 ___RD C:\MSOCache
2012-04-24 22:29 - 2009-10-16 16:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-24 22:29 - 2009-10-16 16:32 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-04-24 22:29 - 2009-10-16 16:32 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-04-24 22:29 - 2009-07-13 23:46 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-24 22:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-24 22:29 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-24 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-24 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-24 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-24 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-24 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-24 22:20 - 2012-04-24 22:20 - 0607260 ____R (Swearware) C:\Users\Eugene\Desktop\dds.scr
2012-04-24 22:18 - 2012-04-24 22:18 - 0879714 ____A C:\Users\Eugene\Desktop\SecurityCheck.exe
2012-04-24 22:05 - 2012-04-24 22:05 - 0000000 ____D C:\Users\Eugene\AppData\Local\{DFF2969B-C9A0-42E3-AE3E-2471EB4315B3}
2012-04-24 22:05 - 2012-04-16 21:54 - 0000000 ___RD C:\Users\Eugene\Dropbox
2012-04-24 22:05 - 2012-04-16 21:51 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\Dropbox
2012-04-24 22:05 - 2011-10-11 23:24 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-24 22:05 - 2009-10-24 00:47 - 0000000 ___HD C:\Users\Eugene\Tracing
2012-04-24 22:03 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-24 22:00 - 2012-04-24 22:00 - 0050477 ____A C:\Users\Eugene\Desktop\Defogger.exe
2012-04-24 22:00 - 2012-04-24 21:16 - 0000732 ____A C:\Users\Eugene\Desktop\defogger_disable.log
2012-04-24 22:00 - 2012-04-24 21:16 - 0000578 ____A C:\Users\Eugene\defogger_reenable
2012-04-24 21:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-24 20:54 - 2012-04-24 20:51 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\AVG
2012-04-24 20:50 - 2012-04-23 21:39 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-24 20:30 - 2012-04-24 20:30 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\AVG2012
2012-04-24 20:20 - 2012-04-24 20:19 - 0023392 ____A C:\TDSSKiller.2.7.2.0_24.04.2012_21.19.33_log.txt
2012-04-24 20:18 - 2012-04-24 20:18 - 1954684 ____A C:\Users\Eugene\Desktop\tdsskiller.zip
2012-04-24 20:18 - 2012-04-24 20:18 - 0000346 ____A C:\TDSSKiller.2.7.2.0_24.04.2012_21.18.55_log.txt
2012-04-24 20:13 - 2012-04-24 20:13 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A9A3CBE6-C660-4E48-B170-63D8A72BEC10}
2012-04-24 20:13 - 2012-04-24 20:13 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A535AF75-E61F-4D59-80D1-65B11DE0343F}
2012-04-24 18:41 - 2012-04-24 18:41 - 0000000 ____D C:\Users\Eugene\AppData\Local\{B2F5A73E-9029-453B-9620-4C27B514B515}
2012-04-24 18:41 - 2012-04-24 18:41 - 0000000 ____D C:\Users\Eugene\AppData\Local\{252FE6AA-55F2-4920-91DD-45AB54E1E290}
2012-04-24 10:48 - 2012-04-24 10:48 - 0000000 ____A C:\Users\Eugene\Desktop\New Text Document (4).txt
2012-04-24 04:23 - 2012-04-24 03:06 - 0000000 ____D C:\Users\Eugene\Desktop\raspppoe
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-24 03:57 - 2012-04-24 03:57 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-24 03:28 - 2012-04-24 03:28 - 0000000 ____D C:\Users\Eugene\AppData\Local\{DA4DDC1C-46BF-48EF-ABC7-708BB699B594}
2012-04-24 03:28 - 2012-04-24 03:27 - 0000000 ____D C:\Users\Eugene\AppData\Local\{E954E104-B65E-4D2F-9996-F428081F8131}
2012-04-24 02:58 - 2012-04-24 02:58 - 0017825 ____A C:\Users\Eugene\Desktop\raspppoe.zip
2012-04-24 02:53 - 2012-04-24 02:53 - 0000000 ____D C:\Users\Eugene\AppData\Local\{C910460E-C3B9-44D1-A439-FC11EB60BDF7}
2012-04-24 02:52 - 2012-04-24 02:52 - 0000000 ____D C:\Users\Eugene\AppData\Local\{991D0C23-3E79-41AC-9D99-2732072EE70F}
2012-04-23 21:48 - 2012-04-23 21:48 - 0000000 ____D C:\Users\Eugene\AppData\Local\{CB0FF945-9CF8-41E2-A52C-FC19593A3004}
2012-04-23 21:47 - 2012-04-23 21:47 - 0000000 ____D C:\Users\Eugene\AppData\Local\{981BDDB0-0CFC-4264-8753-9788F2B86EBF}
2012-04-23 21:40 - 2012-04-23 21:40 - 0000000 ____D C:\$AVG
2012-04-23 21:36 - 2012-04-23 21:36 - 3867720 ____A (AVG Technologies) C:\Users\Eugene\Downloads\avg_free_stb_all_2012_2127_cnet.exe
2012-04-23 21:17 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-23 21:02 - 2009-10-16 16:42 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1035037747-2619450578-1257536889-1001Core.job
2012-04-23 17:24 - 2009-10-24 01:58 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\vlc
2012-04-23 17:16 - 2009-10-17 19:57 - 0000000 ____D C:\Users\Eugene\Documents\Azureus Downloads
2012-04-23 14:13 - 2012-04-23 14:13 - 0000000 ____D C:\Users\Eugene\AppData\Local\{8168323A-916E-4B0D-AB72-4C46C57E5342}
2012-04-23 10:36 - 2012-04-23 10:36 - 0000000 ____D C:\Users\Eugene\AppData\Local\{AAB3C05D-B4AD-4FAA-9ED2-192700FBAEC7}
2012-04-23 07:21 - 2012-04-23 07:21 - 0000000 ____D C:\Users\Eugene\AppData\Local\{E42A4019-267D-4307-AD0A-346AFF14245E}
2012-04-23 04:27 - 2012-04-16 21:54 - 0001059 ____A C:\Users\Eugene\Start Menu\Programs\Startup\Dropbox.lnk
2012-04-23 04:27 - 2012-04-16 21:54 - 0001059 ____A C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-04-23 04:26 - 2012-04-16 21:54 - 0001029 ____A C:\Users\Eugene\Desktop\Dropbox.lnk
2012-04-23 04:25 - 2012-04-23 04:25 - 0000000 ____D C:\Users\Eugene\AppData\Local\{F3858723-15BD-4B1C-B43A-22B68147EA84}
2012-04-23 01:44 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Offline Web Pages
2012-04-23 01:44 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-23 01:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-23 01:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-23 01:43 - 2009-07-13 23:46 - 0000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2012-04-23 01:43 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-23 01:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-04-23 01:38 - 2012-04-22 11:50 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-23 01:03 - 2012-04-23 01:01 - 0262406 ____A C:\Windows\ntbtlog.txt
2012-04-23 00:59 - 2012-04-23 00:59 - 0000000 ____D C:\Users\Eugene\AppData\Local\{044F661B-F725-4013-9C10-C761B8BDB5A6}
2012-04-23 00:55 - 2012-04-23 00:55 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Eugene\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-23 00:55 - 2012-04-23 00:55 - 0001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-23 00:52 - 2012-04-23 00:52 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A3698A02-C022-4220-B49A-185457BFF027}
2012-04-22 23:59 - 2012-04-22 23:59 - 0000000 ____D C:\Users\Eugene\AppData\Local\{D4AC5729-163A-4B62-8382-69A9299AB4F4}
2012-04-22 23:34 - 2012-04-22 23:34 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A8366470-E697-4F7F-B734-3D3A00935105}
2012-04-22 23:34 - 2012-04-22 23:33 - 0000000 ____D C:\Users\Eugene\AppData\Local\{B97CE909-ED65-4374-9FCC-1DF3DA3BCC18}
2012-04-22 23:34 - 2011-09-13 01:35 - 0000000 ____D C:\Users\Eugene\AppData\Local\Windows Live
2012-04-22 12:11 - 2012-04-22 12:11 - 0000000 ____D C:\Users\Eugene\AppData\Local\{801AC661-D8F1-426A-B611-DB71BE8E9C39}
2012-04-22 11:52 - 2012-04-22 11:52 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-22 11:10 - 2010-02-24 19:46 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\skypePM
2012-04-17 15:59 - 2011-06-01 22:54 - 0002326 ____A C:\Users\Eugene\Desktop\RockMelt.lnk
2012-04-16 21:55 - 2012-04-01 18:18 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-16 21:55 - 2011-06-11 14:30 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-15 21:47 - 2012-04-01 21:53 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 16:12 - 2012-04-15 21:50 - 0107926 ____A C:\Users\Eugene\Desktop\sitemap.xml
2012-04-13 14:12 - 2009-10-16 16:45 - 0002415 ____A C:\Users\Eugene\Desktop\Google Chrome.lnk
2012-04-12 22:04 - 2012-04-12 22:04 - 0065738 ____A C:\Users\Eugene\Desktop\Luxe(2).docx
2012-04-11 13:31 - 2012-04-11 13:31 - 0000000 ____D C:\Users\Eugene\AppData\Local\{44E6793E-24DE-4F23-8452-23AAF867C457}
2012-04-11 02:25 - 2009-07-13 21:13 - 0896134 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-11 02:19 - 2009-10-16 16:39 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-11 02:19 - 2009-10-16 16:39 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-11 02:18 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-11 02:07 - 2009-10-16 15:09 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 18:09 - 2011-12-30 22:18 - 0001297 ____A C:\Users\Eugene\Desktop\New Text Document (2).txt
2012-04-06 20:07 - 2012-04-06 20:07 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-06 20:07 - 2009-10-19 13:11 - 0000000 ____D C:\Program Files (x86)\Safari
2012-04-04 15:24 - 2012-04-04 15:24 - 0000000 ____D C:\Users\Eugene\Desktop\WakeOnLanGui
2012-04-04 15:24 - 2012-04-04 15:23 - 0187488 ____A C:\Users\Eugene\Desktop\WakeOnLanGui.zip
2012-04-04 14:56 - 2010-06-14 00:49 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 01:56 - 2012-04-03 01:55 - 0000000 ____D C:\Users\Eugene\AppData\Local\{7DF7D55F-824F-4CF4-99E9-21477D56F92A}
2012-04-01 18:17 - 2012-04-01 18:17 - 0000000 ____D C:\Users\Eugene\AppData\Local\{85CB0751-D482-4886-8C8F-F870179B703E}
2012-03-27 15:39 - 2012-03-27 15:39 - 0063362 ____A C:\Users\Eugene\Desktop\b.jpg
2012-03-27 08:24 - 2012-03-27 08:24 - 0619912 ___AT C:\Users\Eugene\Desktop\CEOCAMabc.jpg
2012-03-20 14:20 - 2012-03-20 14:20 - 4659953 ____A C:\Users\Eugene\Desktop\smarthoa stuff 3-20-12.mp4
2012-03-20 08:54 - 2012-03-20 12:45 - 0072347 ____A C:\Users\Eugene\Desktop\Glenwood HOA, Package, 2012-13-1.pdf
2012-03-18 20:31 - 2012-03-18 20:30 - 0000000 ____D C:\Users\Eugene\AppData\Local\{ACB6D0E8-F48D-46DF-A22A-6E5139C912A4}
2012-03-18 20:31 - 2009-07-13 20:45 - 5002128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-18 20:30 - 2012-03-18 20:30 - 0000000 ____D C:\Users\Eugene\AppData\Local\{8CBD0E54-F1D5-4598-B517-DB78978CCA9E}
2012-03-18 17:54 - 2011-06-14 14:41 - 0000000 ____D C:\Users\Eugene\AppData\Local\ElevatedDiagnostics
2012-03-12 21:45 - 2009-10-25 01:00 - 0875980 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-12 21:25 - 2010-11-17 22:26 - 0000000 ___HD C:\Users\All Users\Avira
2012-03-12 21:25 - 2010-11-17 22:26 - 0000000 ___HD C:\ProgramData\Avira
2012-03-12 09:38 - 2012-03-12 09:38 - 0000000 ____D C:\Users\Eugene\AppData\Local\{13487A00-BAE7-4CA6-A906-16E37B970F0C}
2012-03-12 09:38 - 2012-03-12 09:37 - 0000000 ____D C:\Users\Eugene\AppData\Local\{8796875A-8067-4743-B00F-C0B91B2625AF}
2012-03-05 22:53 - 2012-04-11 02:12 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 02:12 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 02:12 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-02 10:40 - 2012-03-02 10:40 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A591409C-8CA7-4C4E-B1DB-2DC2C9B98EE6}
2012-03-02 10:39 - 2012-03-02 10:39 - 0000000 ____D C:\Users\Eugene\AppData\Local\{64FD1EDE-B18A-43C5-8E55-B30FBA8F39CB}
2012-03-01 18:20 - 2012-03-01 18:20 - 0063302 ____A C:\Users\Eugene\Desktop\SOC426.PDF
2012-02-29 22:46 - 2012-04-11 02:06 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 02:06 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 02:06 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 02:06 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 02:06 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 02:06 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 02:06 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-11 02:16 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 02:16 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 02:16 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 02:16 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 02:16 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 02:16 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 02:16 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 02:16 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 02:16 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 02:16 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 02:16 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 02:16 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 02:16 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 02:16 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 02:16 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 02:16 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 02:16 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 02:16 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 02:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 02:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 02:16 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 02:16 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 02:16 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 02:16 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 02:16 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 02:16 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 09:18 - 2009-10-16 15:09 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-17 16:11 - 2012-02-17 16:11 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\SmartFTP
2012-02-17 16:10 - 2012-02-17 16:10 - 0002659 ____A C:\Users\Public\Desktop\SmartFTP Client.lnk
2012-02-17 16:09 - 2012-02-17 16:09 - 0000000 ____D C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-02-16 22:38 - 2012-03-13 17:14 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-16 22:38 - 2012-03-13 17:14 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 22:11 - 2012-02-16 22:11 - 0000000 ____D C:\Users\Eugene\AppData\Local\{54BF9E01-C317-4A06-8A52-65E14B12A44D}
2012-02-16 22:09 - 2010-01-26 18:04 - 0000000 ___RD C:\Users\Eugene\Podcasts
2012-02-16 22:09 - 2009-10-27 16:17 - 0000000 ___RD C:\Users\Eugene\Virtual Machines
2012-02-16 22:09 - 2009-10-16 21:55 - 0000174 ___SH C:\Users\Eugene\Start Menu\Programs\Startup\desktop.ini
2012-02-16 22:09 - 2009-10-16 21:55 - 0000174 ___SH C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 21:34 - 2012-03-13 17:14 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 17:14 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 17:14 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 17:12 - 2012-02-14 17:12 - 0000000 ____D C:\Users\Eugene\AppData\Local\{F620B051-B6EF-418B-829B-6CB0C7E261B8}
2012-02-14 17:12 - 2012-02-14 17:12 - 0000000 ____D C:\Users\Eugene\AppData\Local\{328EE0F7-9027-4F7A-83E8-0E78B732B059}
2012-02-14 11:09 - 2012-02-14 11:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-13 11:07 - 2012-02-13 11:07 - 0000000 ____D C:\Users\Eugene\AppData\Local\{749BBAA7-DBAB-434C-A486-4C9CA242D42A}
2012-02-13 11:07 - 2012-02-13 11:06 - 0000000 ____D C:\Users\Eugene\AppData\Local\{CEB8C6BD-FC18-4A8A-93F1-11A492E93739}
2012-02-12 13:37 - 2012-02-12 13:37 - 0000000 ____D C:\Users\Eugene\AppData\Local\{AE7953E6-4C48-4D2F-8EC0-3BBA933740B8}
2012-02-12 12:33 - 2012-02-12 12:33 - 0000000 ____D C:\Users\Eugene\AppData\Local\{35B5661C-DDC2-4948-865B-B2461EA032E6}
2012-02-09 22:36 - 2012-03-13 17:15 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 17:15 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-05 12:47 - 2011-04-27 19:34 - 0000000 ____D C:\Users\Eugene\AppData\Roaming\dvdcss
2012-02-03 13:50 - 2012-02-03 13:50 - 0000000 ____D C:\Users\Eugene\AppData\Local\{EB9BEA15-934F-4CE5-8876-29F70F9D543C}
2012-02-03 13:50 - 2012-02-03 13:49 - 0000000 ____D C:\Users\Eugene\AppData\Local\{1CC40DA6-E413-409A-872B-34319A7D48AA}
2012-02-03 11:02 - 2012-02-03 11:02 - 0000000 ____D C:\Users\Eugene\AppData\Local\{33EADC1A-A99B-4CDA-B97B-BB019DB76FDE}
2012-02-02 20:34 - 2012-03-13 17:15 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-28 01:38 - 2012-01-28 01:38 - 0000000 ____D C:\Users\Eugene\AppData\Local\{A6650474-8AB2-48E0-BB0E-C498AFBC32C7}
2012-01-28 01:38 - 2012-01-28 01:37 - 0000000 ____D C:\Users\Eugene\AppData\Local\{99C71E2A-169F-4200-917D-74CAF8500B48}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4071.71 MB
Available physical RAM: 3448.08 MB
Total Pagefile: 4069.86 MB
Available Pagefile: 3438.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (BOOTCAMP) (Fixed) (Total:421.57 GB) (Free:3.94 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: () (Removable) (Total:7.47 GB) (Free:0.84 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 128 MB
Disk 1 Online 7667 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 512 B
Partition 2 Primary 43 GB 200 MB
Partition 3 Primary 421 GB 44 GB

======================================================================================================

Disk: 0
Partition 1
Type : EE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : AF
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C BOOTCAMP NTFS Partition 421 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FAT32 Removable 7655 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-19 14:42

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 AM

Posted 25 April 2012 - 05:15 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 asmagent; C:\Windows\System32\raspppoe.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\raspppoe.dll
NETSVC: asmagent

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

reboot the computer and let me know if it starts up

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 05:30 AM

The computer started up. No more access errors. Based on some quick usage I don't see any redirects at this point. Log below:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-25 03:22:19 R:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
asmagent service deleted successfully.
C:\Windows\System32\raspppoe.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs asmagent Deleted successfully.

==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:55 AM

Posted 25 April 2012 - 07:14 AM

Hello

very good!!! I want you to rerun combofix at this time (trust me it will not happen again) and send me the report from the new run



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 eugene22n

eugene22n
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 25 April 2012 - 04:45 PM

I have successfully rerun ComboFix with no restart required this time. I have not been experiencing redirects or any other suspicious behavior today. Log included in part below:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users