Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD/Good keeps redirecting me/advertisments (that weren't originally there)all over the internet


  • This topic is locked This topic is locked
29 replies to this topic

#1 StainedChrome

StainedChrome

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 30 April 2012 - 12:41 AM

So my laptop had the BSOD about a month ago and my sister and I thought we had fixed it but it happened again about a week ago.

The first time it happened, after we got done (thinking we fixed it) we noticed that all our files/documents/pictures had disappeared and that our desktop background could no longer change. we did some research online and found out that our files/documents/pictures had been made into hidden files. so we followed a guide on how to make them visible, but we also noticed that we could not use any of the hidden pictures to change our desktop background. All the files that were once hidden and now have been "shown" have a gray-ed filter over it contrary to any new files/documents/picture we created after the first BSOD.

Along with the first BSOD also came advertisements and a TON of them on the internet. google would keep redirecting us to different search engines and sites. sometimes it would even say that "the page was not found" which we obviously knew that couldn't be true since we had just been on there. Advertisments all over kinds of sites that we know would never pay to have a random site in the most random place (for example inbetween facebook comments and such, there would be advertisments) and we know this is unusual because we have another computer in the house that isnt infected and not a single one of these problems have ever shown up. SO we thought to download malwarebytes to just regularly clean up our computer and we figured we would just deal with the random ads and hidden files for now and take care of them later.

BUT the second BSOD showed up about a week or so ago and we knew that things were not "managed" like we thought/hoped they were, so here we are now.
(BTW nothing has changed regarding all the "side-effects" from the first BSOD)
Here is the link on the topic i had yesterday before being directed to come to the malware/spyware removal..etc
http://www.bleepingcomputer.com/forums/topic451086.html/page__gopid__2683329#entry2683329


Here are the logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Hunze at 1:01:41 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2017 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hunze\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360210n6b6l0450z1l5a4471x537
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360210n6b6l0450z1l5a4471x537
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360210n6b6l0450z1l5a4471x537
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - AVG Security Toolbar BHO
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
uRun: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\Windows\TEMP\E_S1F81.tmp" /EF "HKCU"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\Hunze\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent
uRun: [Google Update] "C:\Users\Hunze\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B992E197-A838-4724-A42F-B3BC2B9D344B} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B992E197-A838-4724-A42F-B3BC2B9D344B}\6656267756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B992E197-A838-4724-A42F-B3BC2B9D344B}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B992E197-A838-4724-A42F-B3BC2B9D344B}\F4074796D65737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D8AF27FE-06B8-4EC5-AC95-1FBA7BD0ADA1} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: axsefda - C:\Windows\system32\config\systemprofile\AppData\Local\axsefda.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - AVG Safe Search
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {A3BC75A2-1F87-4686-AA43-5347D756017C} - AVG Security Toolbar BHO
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hunze\AppData\Roaming\Mozilla\Firefox\Profiles\5wo1f2en.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B481db4e8-ab8b-4a4b-bded-42dca2771b60%7D&mid=2618f527b0bb331c9c4f47f55e3051bc-5827e324dcf75e7ce8801804d7a08db77e7aa671&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-11-25%2011%3A20%3A57&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Hunze\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hunze\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Hunze\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-1-11 844320]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 avgfws;AVG Firewall;"C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" --> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" --> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-27 07:24:11 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-27 07:24:09 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 07:24:09 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 08:47:00 -------- d-----w- C:\Users\Hunze\AppData\Local\{BF2C2097-64D5-4933-B52E-9CB8C25B3A8F}
2012-04-24 08:46:49 -------- d-----w- C:\Users\Hunze\AppData\Local\{43DC8280-D277-4F21-994F-BE7E252FC41E}
2012-04-23 21:29:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-23 21:29:23 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-23 02:04:43 -------- d-----w- C:\Users\Hunze\AppData\Local\{0BE31066-3674-4FDA-A7C5-177BC9EC700F}
2012-04-23 02:04:15 -------- d-----w- C:\Users\Hunze\AppData\Local\{138259FF-FEDA-4CCB-8C14-06F2D58EEEE2}
2012-04-21 04:00:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-21 03:43:26 -------- d-----w- C:\Users\Hunze\AppData\Local\{B8648B81-23AA-45D7-BC22-978C1D998218}
2012-04-21 03:43:11 -------- d-----w- C:\Users\Hunze\AppData\Local\{B939CD4D-2F76-43E5-92DE-063CE1B0E788}
2012-04-21 03:20:48 -------- d-----w- C:\Users\Hunze\AppData\Local\{A25DD225-F9B6-4651-A592-0368A3409DE9}
2012-04-21 03:20:35 -------- d-----w- C:\Users\Hunze\AppData\Local\{43F0DC98-DF64-4279-8BA6-D225A18421DB}
2012-04-18 06:59:47 -------- d-----w- C:\Users\Hunze\AppData\Local\{5CCD3543-301D-4129-89E2-CF0D944ECED1}
2012-04-18 00:57:00 -------- d-----w- C:\Users\Hunze\AppData\Local\{E3EC1C84-9FE7-4807-B068-8C85A4E772B2}
2012-04-13 20:40:41 -------- d-----w- C:\Users\Hunze\AppData\Local\{789BE42E-3829-4B68-9ECC-D96364FFC275}
2012-04-12 06:01:24 -------- d-----w- C:\Users\Hunze\AppData\Local\{1EAA0218-2943-48B4-8D6E-5952A5F72536}
2012-04-10 22:41:20 -------- d-----w- C:\Users\Hunze\AppData\Local\{856A55D3-5C19-4C0C-92E4-81B0F0587F16}
2012-04-09 22:34:02 -------- d-----w- C:\Users\Hunze\AppData\Local\{90465F79-C28C-490E-8978-FC7F29ED666A}
2012-04-08 18:22:12 -------- d-----w- C:\Users\Hunze\AppData\Local\{CBAEE24E-E88B-493F-B3C5-57CD1D02A703}
2012-04-07 20:07:21 -------- d-----w- C:\Users\Hunze\AppData\Local\{3EF652F9-58D7-492C-BB8D-8F1C9202C988}
2012-04-07 15:13:57 -------- d-----w- C:\Users\Hunze\AppData\Local\{AEC88BB5-E552-4EC0-8067-563F247BD0CE}
2012-04-07 15:01:34 -------- d-----w- C:\Users\Hunze\AppData\Local\{086E2992-4FED-46B1-9C5C-551576BF15D8}
2012-04-06 22:39:11 -------- d-----w- C:\Users\Hunze\AppData\Local\{9B8070F2-1A42-45D2-9C33-9D48F87D71A9}
2012-04-05 22:47:07 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 22:34:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-05 22:29:09 -------- d-----w- C:\Users\Hunze\AppData\Local\Little_Apps
2012-04-05 22:03:16 -------- d-----w- C:\Users\Hunze\AppData\Local\{79BC58B6-20FF-429C-9477-BA7DEC37FC8D}
2012-04-04 17:52:51 116736 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2232.tmp.dat
2012-04-04 14:40:29 -------- d-----w- C:\Program Files\Common Files\Little Registry Cleaner
2012-04-04 14:35:48 -------- d-----w- C:\Program Files\Little Registry Cleaner
2012-04-04 14:35:39 -------- d-----w- C:\Program Files (x86)\hpmonitor
2012-04-04 14:35:31 -------- d-----w- C:\Program Files (x86)\Brand Affinity Technologies
2012-04-04 13:57:26 -------- d-----w- C:\Users\Hunze\AppData\Local\ElevatedDiagnostics
2012-04-04 00:28:34 -------- d-----w- C:\5bfbba4d5b61a55ce2e7468b
2012-04-04 00:03:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 21:56:04 -------- d--h--w- C:\Users\Hunze\AppData\Local\{78C2540C-CB24-48B4-B9B9-47E9777C1F37}
2012-04-03 21:08:51 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-03 20:26:24 101888 ----a-w- C:\Windows\System32\compgMgr64.dll
2012-04-03 17:40:29 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 17:40:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-03 17:40:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 17:00:23 -------- d-----w- C:\ProgramData\ParetoLogic
2012-04-03 15:20:01 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-03 06:59:32 -------- d-----we C:\Windows\system64
2012-04-03 06:55:33 6982480 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FFDA1FE-CA79-4006-A0DF-9A6C41BEBEBB}\mpengine.dll
2012-04-02 23:17:09 -------- d--h--w- C:\Users\Hunze\AppData\Local\{2F4DA43E-31EC-4936-9C29-1E1BAEAA2F13}
2012-04-02 03:35:39 -------- d--h--w- C:\Users\Hunze\AppData\Local\{1BDB0BD0-ACC1-4DCC-8BC7-EB85604E2AED}
2012-03-31 13:26:19 -------- d--h--w- C:\Users\Hunze\AppData\Local\{9ABC367B-4B89-45E3-A624-7B8F9F6CBEF4}
.
==================== Find3M ====================
.
2012-04-23 13:45:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:02:46.85 ===============



I didn't create a GMER log because the instructions said (32-bit versions of Windows only) and we have 64-bit.

Attached Files


Edited by StainedChrome, 30 April 2012 - 12:52 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 30 April 2012 - 03:08 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 StainedChrome

StainedChrome
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 30 April 2012 - 09:49 PM

Alright, i did everything that was asked!
Here is the log for the Security Check


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Little Registry Cleaner
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````



Here is the log from Combofix


ComboFix 12-04-31.03 - Hunze 04/30/2012 21:47:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2439 [GMT -4:00]
Running from: c:\users\Hunze\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_0941e80o8q2l.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_0941e80o8q2l.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\users\Hunze\Documents\~WRL2081.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 01:58 . 2012-05-01 01:58 -------- d-----w- c:\users\Michael\AppData\Local\temp
2012-05-01 01:58 . 2012-05-01 01:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 07:24 . 2012-04-27 07:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-27 07:24 . 2012-04-27 07:24 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 07:24 . 2012-04-27 07:24 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-26 23:21 . 2012-04-26 23:22 -------- d-----w- c:\users\Michael\AppData\Local\Microsoft Games
2012-04-23 21:29 . 2012-04-23 21:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-23 21:29 . 2012-04-23 21:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-21 04:00 . 2012-04-23 06:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-17 21:29 . 2012-04-28 04:09 -------- d-----w- c:\users\Michael\AppData\Roaming\skypePM
2012-04-17 21:28 . 2012-04-28 07:25 -------- d-----w- c:\users\Michael\AppData\Roaming\Skype
2012-04-08 02:51 . 2012-04-08 02:51 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2012-04-06 22:36 . 2012-04-23 06:01 -------- d-----w- c:\users\Guest
2012-04-05 22:47 . 2012-04-23 09:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 22:34 . 2012-04-05 22:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-05 22:29 . 2012-04-05 22:29 -------- d-----w- c:\users\Hunze\AppData\Local\Little_Apps
2012-04-04 17:37 . 2012-04-04 17:37 -------- d-----w- c:\users\Michael\AppData\Local\Diagnostics
2012-04-04 14:40 . 2012-04-04 14:41 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2012-04-04 14:35 . 2012-04-04 14:35 -------- d-----w- c:\program files\Little Registry Cleaner
2012-04-04 14:35 . 2012-04-04 14:49 -------- d-----w- c:\program files (x86)\hpmonitor
2012-04-04 13:57 . 2012-04-04 13:57 -------- d-----w- c:\users\Hunze\AppData\Local\ElevatedDiagnostics
2012-04-04 13:09 . 2012-04-23 06:01 -------- d-----w- c:\users\Gem
2012-04-04 00:28 . 2012-04-04 00:28 -------- d-----w- C:\5bfbba4d5b61a55ce2e7468b
2012-04-04 00:03 . 2012-04-04 12:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 23:55 . 2012-04-03 23:55 -------- d-----w- c:\users\Hunze\AppData\Roaming\DivX
2012-04-03 21:08 . 2012-04-10 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 20:26 . 2012-04-03 20:26 101888 ----a-w- c:\windows\system32\compgMgr64.dll
2012-04-03 17:40 . 2012-04-03 17:40 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2012-04-03 17:40 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 17:40 . 2012-04-03 21:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 17:40 . 2012-04-03 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-03 17:00 . 2012-04-03 17:00 -------- d-----w- c:\users\Michael\AppData\Roaming\ParetoLogic
2012-04-03 17:00 . 2012-04-03 17:00 -------- d-----w- c:\users\Michael\AppData\Roaming\DriverCure
2012-04-03 17:00 . 2012-04-03 17:26 -------- d-----w- c:\programdata\ParetoLogic
2012-04-03 15:20 . 2012-04-04 00:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-03 02:01 . 2012-04-03 02:01 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 13:45 . 2011-12-12 22:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 17:52 . 2012-04-04 17:52 116736 ----a-w- c:\programdata\Microsoft\Windows\DRM\2232.tmp.dat
2012-03-09 06:21 . 2012-03-09 06:21 99384 ----a-w- c:\users\Michael\AppData\Roaming\inst.exe
2012-03-09 06:21 . 2012-03-09 06:21 82816 ----a-w- c:\users\Michael\AppData\Roaming\pcouffin.sys
2012-02-17 06:38 . 2012-03-13 23:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 23:07 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 23:07 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Hunze\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2012-01-15 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2012-01-15 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2012-01-15 347008]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2008-12-24 1540288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-29 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-1 113664]
Winter Fun Wallpaper Changer.lnk - c:\windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe [2010-2-12 14336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-11-19 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axsefda]
2012-04-04 00:04 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\axsefda.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 253088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 21:34]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000Core.job
- c:\users\Hunze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 13:06]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000UA.job
- c:\users\Hunze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 13:06]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:22]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF7076.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360210n6b6l0450z1l5a4471x537
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Hunze\AppData\Roaming\Mozilla\Firefox\Profiles\5wo1f2en.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B481db4e8-ab8b-4a4b-bded-42dca2771b60%7D&mid=2618f527b0bb331c9c4f47f55e3051bc-5827e324dcf75e7ce8801804d7a08db77e7aa671&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-11-25%2011%3A20%3A57&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
SafeBoot-24723850.sys
SafeBoot-40392612.sys
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - (no file)
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,
35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,
62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5b,4c,94,96,bd,fd,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,91,3c,5f,8a,a2,77,48,ae,04,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,91,3c,5f,8a,a2,77,48,ae,04,fd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-30 22:09:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 02:09
.
Pre-Run: 382,757,900,288 bytes free
Post-Run: 389,879,402,496 bytes free
.
- - End Of File - - DA7EE1DC3D6058C75486699912FFEB27




The only problem I had from Combofix is, right after my computer restarted, i was not able to open up Google Chrome or Internet Explorer. There was a message that said some registry keys associated with these programs could have been deleted. Howwever, after logging off and logging back onto my username, I was able to access Google Chrome and Internet Explorer again. So, I'm not sure why that message was there.


The ads coming up on google have stopped, and google is no longer redirecting me to random sites or telling me that the page cannot be found, so the search engine seems to be running well.

Another issue though is that all my picture and document and music files are still showing up as hidden files. They have a grayed out film over them, and we cannot use any picture files to change our desktop background.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 30 April 2012 - 10:00 PM

Greetings

Run this for your files , it should make your files unhidden - http://download.bleepingcomputer.com/grinler/unhide.exe

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 StainedChrome

StainedChrome
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 30 April 2012 - 10:48 PM

Alright! all my files are Unhidden!!!
THANK YOU SOOOOO MUCH! I'm jumping for joy, this is fantastic!!

I ran TDSSKiller, and this is the log that i got

23:14:02.0405 0764 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:14:02.0405 0764 WcsPlugInService - ok
23:14:02.0526 0764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:14:02.0526 0764 Wd - ok
23:14:02.0756 0764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:14:02.0766 0764 Wdf01000 - ok
23:14:02.0816 0764 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:14:02.0816 0764 WdiServiceHost - ok
23:14:02.0836 0764 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:14:02.0836 0764 WdiSystemHost - ok
23:14:02.0948 0764 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:14:02.0958 0764 WebClient - ok
23:14:03.0056 0764 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:14:03.0068 0764 Wecsvc - ok
23:14:03.0128 0764 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:14:03.0137 0764 wercplsupport - ok
23:14:03.0186 0764 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:14:03.0192 0764 WerSvc - ok
23:14:03.0291 0764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:14:03.0293 0764 WfpLwf - ok
23:14:03.0322 0764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:14:03.0325 0764 WIMMount - ok
23:14:03.0618 0764 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:14:03.0635 0764 winachsf - ok
23:14:03.0690 0764 WinDefend - ok
23:14:03.0713 0764 WinHttpAutoProxySvc - ok
23:14:03.0836 0764 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:14:03.0843 0764 Winmgmt - ok
23:14:04.0508 0764 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:14:04.0555 0764 WinRM - ok
23:14:05.0055 0764 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:14:05.0058 0764 WinUsb - ok
23:14:05.0394 0764 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:14:05.0450 0764 Wlansvc - ok
23:14:06.0148 0764 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:14:06.0202 0764 wlidsvc - ok
23:14:06.0521 0764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:14:06.0521 0764 WmiAcpi - ok
23:14:06.0660 0764 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:14:06.0666 0764 wmiApSrv - ok
23:14:06.0712 0764 WMPNetworkSvc - ok
23:14:06.0748 0764 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:14:06.0755 0764 WPCSvc - ok
23:14:06.0845 0764 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:14:06.0853 0764 WPDBusEnum - ok
23:14:06.0903 0764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:14:06.0904 0764 ws2ifsl - ok
23:14:06.0976 0764 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:14:06.0983 0764 wscsvc - ok
23:14:06.0991 0764 WSearch - ok
23:14:07.0623 0764 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:14:07.0678 0764 wuauserv - ok
23:14:08.0074 0764 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:14:08.0078 0764 WudfPf - ok
23:14:08.0163 0764 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:14:08.0169 0764 WUDFRd - ok
23:14:08.0228 0764 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:14:08.0235 0764 wudfsvc - ok
23:14:08.0346 0764 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:14:08.0359 0764 WwanSvc - ok
23:14:08.0419 0764 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
23:14:08.0422 0764 XAudio - ok
23:14:08.0499 0764 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:14:08.0561 0764 \Device\Harddisk0\DR0 - ok
23:14:08.0576 0764 Boot (0x1200) (60065a0d07d77e69cc81352679c651d2) \Device\Harddisk0\DR0\Partition0
23:14:08.0581 0764 \Device\Harddisk0\DR0\Partition0 - ok
23:14:08.0598 0764 Boot (0x1200) (c4cfef6ce23cf9338192b2fe9287193e) \Device\Harddisk0\DR0\Partition1
23:14:08.0602 0764 \Device\Harddisk0\DR0\Partition1 - ok
23:14:08.0605 0764 ============================================================
23:14:08.0605 0764 Scan finished
23:14:08.0605 0764 ============================================================
23:14:08.0656 3456 Detected object count: 0
23:14:08.0656 3456 Actual detected object count: 0





Here is the log from the aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 23:19:15
-----------------------------
23:19:15.908 OS Version: Windows x64 6.1.7601 Service Pack 1
23:19:15.908 Number of processors: 2 586 0x602
23:19:15.918 ComputerName: HUNZE-PC UserName: Hunze
23:19:20.345 Initialize success
23:20:46.630 AVAST engine defs: 12043001
23:21:47.830 The log file has been saved successfully to "C:\Users\Hunze\Desktop\aswMBR log.txt"
23:22:13.114 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
23:22:13.119 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
23:22:13.149 Disk 0 MBR read successfully
23:22:13.156 Disk 0 MBR scan
23:22:13.167 Disk 0 Windows VISTA default MBR code
23:22:13.184 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
23:22:13.209 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
23:22:13.235 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464838 MB offset 24782848
23:22:13.278 Disk 0 scanning C:\Windows\system32\drivers
23:22:31.064 Service scanning
23:23:12.676 Modules scanning
23:23:12.680 Disk 0 trace - called modules:
23:23:12.691 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
23:23:12.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a32390]
23:23:12.693 3 CLASSPNP.SYS[fffff8800197643f] -> nt!IofCallDriver -> [0xfffffa8004975040]
23:23:12.694 5 amdxata.sys[fffff880011278b9] -> nt!IofCallDriver -> [0xfffffa8004973d30]
23:23:12.695 7 ACPI.sys[fffff88000e357a1] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8004971060]
23:23:17.898 AVAST engine scan C:\Windows
23:23:27.548 AVAST engine scan C:\Windows\system32
23:23:30.494 File: C:\Windows\system32\afd.dll **INFECTED** Win64:ZAccess-E [Rtk]
23:26:04.816 File: C:\Windows\system32\TICalc.dll **INFECTED** Win64:ZAccess-E [Rtk]
23:26:53.916 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
23:26:57.678 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
23:29:21.258 AVAST engine scan C:\Windows\system32\drivers
23:29:50.723 AVAST engine scan C:\Users\Hunze
23:42:38.323 AVAST engine scan C:\ProgramData
23:44:42.383 File: C:\ProgramData\Microsoft\Windows\DRM\2232.tmp.dat **INFECTED** Win32:MalOb-HP [Cryp]
23:45:58.936 Scan finished successfully
23:46:20.453 Disk 0 MBR has been saved successfully to "C:\Users\Hunze\Desktop\MBR.dat"
23:46:20.462 The log file has been saved successfully to "C:\Users\Hunze\Desktop\aswMBR.txt"


It found some infected files, so where should I go from here in order to clean up my computer?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 30 April 2012 - 10:54 PM

Greetings

That is great news!!

I see what looks like some system files that are infected so we need to see if I can find some replacements


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
afd.dll
TICalc.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 StainedChrome

StainedChrome
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 01 May 2012 - 06:14 PM

Alright, I downloaded System Look and these are the results I found


SystemLook 30.07.11 by jpshortstuff
Log created at 19:05 on 01/05/2012 by Hunze
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.dll"
C:\Windows\System32\afd.dll --a---- 6656 bytes [23:31 13/07/2009] [01:39 14/07/2009] 5F22132C9153639762708909F156B33D

Searching for "TICalc.dll "
C:\Windows\System32\TICalc.dll --a---- 6656 bytes [23:31 13/07/2009] [01:39 14/07/2009] 5F22132C9153639762708909F156B33D

-= EOF =-


I always seem to be having issues with files found in system32

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 01 May 2012 - 10:36 PM

Hello


those are infected and it did not show any replacements so lets look for some another way and I want another report to double check some things


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
afd.*
TICalc.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 StainedChrome

StainedChrome
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 03 May 2012 - 03:09 PM

I downloaded System Look and when i click "look" a pop-up window appears and says "Script Required".
I haven't done anything else in the instruction past System Look because i wanna do things step by step, and i can't if system look refuses to work.
):


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 03 May 2012 - 05:47 PM

Hello


did you do this part


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
afd.*
TICalc.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 StainedChrome

StainedChrome
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 04 May 2012 - 04:33 PM

Thankyou for being so patient.

Here are the logs thus far.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:45 on 04/05/2012 by Hunze
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.*"
C:\Windows\System32\afd.dll --a---- 6656 bytes [23:31 13/07/2009] [01:39 14/07/2009] 5F22132C9153639762708909F156B33D
C:\Windows\System32\drivers\afd.sys --a---- 498688 bytes [17:55 16/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 14848 bytes [05:35 14/07/2009] [02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a7ddb2029817a18e\afd.sys.mui --a---- 14848 bytes [05:35 14/07/2009] [02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys --a---- 499712 bytes [22:05 16/06/2011] [02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [17:55 16/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys --a---- 499712 bytes [22:05 16/06/2011] [02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [17:55 16/02/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [01:27 07/06/2011] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [22:05 16/06/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [17:55 16/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [22:05 16/06/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [17:55 16/02/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

Searching for "TICalc.* "
C:\Windows\System32\TICalc.dll --a---- 6656 bytes [23:31 13/07/2009] [01:39 14/07/2009] 5F22132C9153639762708909F156B33D

-= EOF =-


Scan result of Farbar Recovery Scan Tool Version: 02-05-2012 01
Ran by SYSTEM at 04-05-2012 17:24:52
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-09-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-08-03] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2009-12-03] (Chicony)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1540288 2008-12-24] (Leader Technologies Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-01-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Guest\...\Run: [Best Buy pc app] C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Hunze\...\Run: [cdloader] "C:\Users\Hunze\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50520 2010-02-26] (magicJack L.P.)
HKU\Hunze\...\Run: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u [347008 2012-01-14] (EasyBits Software AS)
HKU\Hunze\...\Run: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n [347008 2012-01-14] (EasyBits Software AS)
HKU\Hunze\...\Run: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent [347008 2012-01-14] (EasyBits Software AS)
HKU\Hunze\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-07] (SUPERAntiSpyware.com)
HKU\Michael\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Michael\...\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-21] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [62720 2009-09-24] (NewTech Infosystems, Inc.)
2 tandpl; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 tandpl; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [x]
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [x]
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [x]
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: qmofiltr

============ One Month Created Files and Folders ==============

2012-05-04 17:24 - 2010-02-10 16:25 - 0000000 ____D C:\FRST
2012-05-04 12:50 - 2011-12-24 09:01 - 0006104 ____A C:\Users\Hunze\Desktop\SystemLook.txt
2012-05-04 12:44 - 2012-05-04 12:50 - 0165376 ____A C:\Users\Hunze\Downloads\SystemLook_x64 (1).exe
2012-05-03 12:52 - 2012-05-02 11:28 - 0001893 ____A C:\Users\Michael\Desktop\IMVU.lnk
2012-05-03 12:52 - 2012-03-01 21:33 - 0000000 ____D C:\Users\Michael\AppData\Roaming\IMVU
2012-05-03 12:51 - 2012-05-03 14:51 - 0000000 ____D C:\Users\Michael\AppData\Roaming\IMVUClient
2012-05-03 12:51 - 2012-05-03 12:52 - 0078480 ____A C:\Users\Michael\Desktop\InstallIMVU_471.0_st_c.exe
2012-05-01 23:09 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-01 23:09 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-01 23:09 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-01 23:09 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-01 23:09 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-01 23:09 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-01 23:09 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-01 23:09 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-01 23:09 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-01 23:09 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-01 23:09 - 2011-12-27 10:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-01 23:09 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-01 23:09 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-01 23:09 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-01 23:09 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-01 23:09 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-01 23:09 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-01 23:09 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-01 23:09 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-01 23:07 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-01 23:07 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-01 23:07 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 23:00 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-01 23:00 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-01 23:00 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-01 23:00 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-01 23:00 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-01 23:00 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-01 23:00 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-01 15:17 - 2011-03-26 14:10 - 0000333 ____A C:\Users\Hunze\Downloads\nm247.vcf
2012-05-01 15:05 - 2012-03-15 16:55 - 0006102 ____A C:\Users\Hunze\Downloads\SystemLook.txt
2012-05-01 15:04 - 2012-05-04 12:44 - 0165376 ____A C:\Users\Hunze\Downloads\SystemLook_x64.exe
2012-04-30 19:46 - 2012-04-03 09:07 - 0000512 ____A C:\Users\Hunze\Desktop\MBR.dat
2012-04-30 19:46 - 2011-09-17 11:37 - 0002688 ____A C:\Users\Hunze\Desktop\aswMBR.txt
2012-04-30 19:19 - 2012-04-29 09:14 - 4731392 ____A (AVAST Software) C:\Users\Hunze\Downloads\aswMBR (2).exe
2012-04-30 19:19 - 2010-11-18 07:29 - 0005012 ____A C:\Users\Hunze\Desktop\Kapersky TDSSKiller log.txt
2012-04-30 19:12 - 2012-04-20 19:56 - 0131194 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_23.12.53_log.txt
2012-04-30 19:12 - 2012-04-03 15:59 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Hunze\Downloads\tdsskiller.exe
2012-04-30 19:05 - 2012-01-07 18:48 - 0002802 ____A C:\Users\Hunze\Desktop\unhide.txt
2012-04-30 19:05 - 2011-12-05 22:31 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Hunze\Downloads\unhide.exe
2012-04-30 18:31 - - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-30 18:12 - 2011-12-27 09:49 - 0025844 ____A C:\Users\Hunze\Desktop\combo fix log.txt
2012-04-30 18:09 - 2012-04-03 11:14 - 0025844 ____A C:\ComboFix.txt
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-30 17:59 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-30 17:59 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-30 17:59 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-30 17:59 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-30 17:59 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-30 17:53 - 2012-04-10 14:43 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-30 17:53 - 2012-04-04 05:07 - 0002123 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-04-30 17:53 - 2012-03-15 19:40 - 0001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-30 17:53 - 2012-03-15 19:40 - 0001119 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-04-30 17:53 - 2010-03-01 13:10 - 0002465 ____A C:\Users\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
2012-04-30 17:53 - - 0001368 ____A C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
2012-04-30 17:41 - 2012-04-03 12:24 - 0208896 ____A C:\Windows\MBR.exe
2012-04-30 17:41 - 2012-04-03 12:24 - 0098816 ____A C:\Windows\sed.exe
2012-04-30 17:41 - 2012-04-02 18:01 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-30 17:41 - 2010-02-12 05:37 - 0000000 ____D C:\Windows\ERDNT
2012-04-30 17:41 - 2009-09-17 17:02 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-30 17:41 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-30 17:41 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-30 17:41 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-30 17:41 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-30 17:36 - 2011-10-01 20:05 - 0000000 ____D C:\Users\Hunze\AppData\Local\{A6A24BD4-59D2-42FF-A379-DD89E76A5337}
2012-04-30 17:36 - 2011-07-13 14:28 - 0000000 ____D C:\Users\Hunze\AppData\Local\{3F494D2C-656F-40D5-821E-C66C6038160C}
2012-04-30 17:20 - 2012-04-26 23:24 - 0000000 ____D C:\Qoobox
2012-04-30 17:19 - 2011-12-12 14:46 - 4479797 ____R (Swearware) C:\Users\Hunze\Downloads\ComboFix.exe
2012-04-30 17:16 - 2012-01-14 17:57 - 0000881 ____A C:\Users\Hunze\Desktop\Security Check checkup text.txt
2012-04-30 17:10 - 2012-02-06 16:46 - 0879714 ____A C:\Users\Hunze\Downloads\SecurityCheck (1).exe
2012-04-29 21:15 - 2012-04-30 18:12 - 0411382 ____A C:\Users\Hunze\Desktop\computerrr.png
2012-04-29 21:06 - 2012-04-30 19:46 - 0009435 ____A C:\Users\Hunze\Desktop\Attach.txt
2012-04-29 21:05 - 2012-04-29 21:15 - 0030335 ____A C:\Users\Hunze\Desktop\DDS.txt
2012-04-29 20:59 - 2012-04-29 20:58 - 0000472 ____A C:\Users\Hunze\Downloads\defogger_disable.log
2012-04-29 20:59 - 2010-02-09 11:02 - 0000000 ____A C:\Users\Hunze\defogger_reenable
2012-04-29 20:58 - 2011-12-15 16:45 - 0050477 ____A C:\Users\Hunze\Downloads\Defogger.exe
2012-04-29 09:31 - 2012-04-29 09:14 - 0000512 ____A C:\Users\Hunze\Documents\MBR.dat
2012-04-29 09:31 - 2011-10-10 20:49 - 0002479 ____A C:\Users\Hunze\Documents\aswMBR.txt
2012-04-29 09:14 - 2012-01-30 13:45 - 4731392 ____A (AVAST Software) C:\Users\Hunze\Downloads\aswMBR (1).exe
2012-04-29 09:14 - 2011-02-03 22:12 - 0003280 ____A C:\Users\Hunze\Documents\mbam-log-2012-04-29 (13-08-35).txt
2012-04-29 08:57 - 2012-04-30 19:19 - 4731392 ____A (AVAST Software) C:\Users\Hunze\Downloads\aswMBR.exe
2012-04-29 08:56 - 2011-05-18 19:54 - 0025131 ____A C:\Users\Hunze\Documents\Result.txt
2012-04-29 08:55 - 2011-09-22 02:56 - 0025131 ____A C:\Users\Hunze\Downloads\Result.txt
2012-04-29 08:54 - 2011-11-19 21:54 - 0396041 ____A C:\Users\Hunze\Downloads\MiniToolBox.exe
2012-04-29 08:54 - 2011-03-27 20:53 - 0003536 ____A C:\Users\Hunze\Documents\FSS.txt
2012-04-29 08:53 - 2012-04-29 08:53 - 0003536 ____A C:\Users\Hunze\Downloads\FSS.txt
2012-04-29 08:53 - 2012-03-21 15:01 - 0337321 ____A C:\Users\Hunze\Downloads\FSS.exe
2012-04-29 08:53 - 2010-11-25 05:32 - 0000817 ____A C:\Users\Hunze\Documents\checkup.txt
2012-04-29 08:49 - 2012-04-30 17:10 - 0869194 ____A C:\Users\Hunze\Downloads\SecurityCheck.exe
2012-04-26 23:24 - 2012-05-01 23:12 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-26 23:24 - 2012-05-01 23:12 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-26 23:24 - 2012-04-26 23:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 15:21 - 2012-04-07 18:49 - 0000000 ____D C:\Users\Michael\AppData\Local\Microsoft Games
2012-04-24 00:47 - 2012-02-17 03:48 - 0000000 ____D C:\Users\Hunze\AppData\Local\{BF2C2097-64D5-4933-B52E-9CB8C25B3A8F}
2012-04-24 00:46 - 2011-07-04 18:49 - 0000000 ____D C:\Users\Hunze\AppData\Local\{43DC8280-D277-4F21-994F-BE7E252FC41E}
2012-04-23 13:29 - 2012-05-04 12:51 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-23 13:29 - 2009-07-13 17:14 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 13:29 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 05:45 - 2012-04-23 05:45 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-23 05:45 - 2012-04-23 05:45 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-23 05:45 - 2009-11-11 23:45 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-22 18:04 - 2011-09-10 04:10 - 0000000 ____D C:\Users\Hunze\AppData\Local\{0BE31066-3674-4FDA-A7C5-177BC9EC700F}
2012-04-22 18:04 - 2011-05-04 03:16 - 0000000 ____D C:\Users\Hunze\AppData\Local\{138259FF-FEDA-4CCB-8C14-06F2D58EEEE2}
2012-04-20 20:00 - 2012-04-03 02:16 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-20 19:55 - 2012-04-05 14:33 - 0129092 ____A C:\TDSSKiller.2.7.25.0_20.04.2012_23.55.07_log.txt
2012-04-20 19:43 - 2012-04-20 19:43 - 0000000 ____D C:\Users\Hunze\AppData\Local\{B939CD4D-2F76-43E5-92DE-063CE1B0E788}
2012-04-20 19:43 - 2012-03-18 22:41 - 0000000 ____D C:\Users\Hunze\AppData\Local\{B8648B81-23AA-45D7-BC22-978C1D998218}
2012-04-20 19:20 - 2012-04-24 00:46 - 0000000 ____D C:\Users\Hunze\AppData\Local\{43F0DC98-DF64-4279-8BA6-D225A18421DB}
2012-04-20 19:20 - 2011-11-15 16:24 - 0000000 ____D C:\Users\Hunze\AppData\Local\{A25DD225-F9B6-4651-A592-0368A3409DE9}
2012-04-17 22:59 - 2011-07-18 00:03 - 0000000 ____D C:\Users\Hunze\AppData\Local\{5CCD3543-301D-4129-89E2-CF0D944ECED1}
2012-04-17 16:57 - 2011-06-24 05:32 - 0000000 ____D C:\Users\Hunze\AppData\Local\{E3EC1C84-9FE7-4807-B068-8C85A4E772B2}
2012-04-17 13:29 - 2012-04-27 23:25 - 0000000 ____D C:\Users\Michael\AppData\Roaming\skypePM
2012-04-17 13:28 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2012-04-13 12:40 - 2011-11-28 06:55 - 0000000 ____D C:\Users\Hunze\AppData\Local\{789BE42E-3829-4B68-9ECC-D96364FFC275}
2012-04-11 22:01 - 2011-11-28 07:05 - 0000000 ____D C:\Users\Hunze\AppData\Local\{1EAA0218-2943-48B4-8D6E-5952A5F72536}
2012-04-10 14:41 - 2012-03-15 14:04 - 0000000 ____D C:\Users\Hunze\AppData\Local\{856A55D3-5C19-4C0C-92E4-81B0F0587F16}
2012-04-09 14:34 - 2012-01-10 22:44 - 0000000 ____D C:\Users\Hunze\AppData\Local\{90465F79-C28C-490E-8978-FC7F29ED666A}
2012-04-08 10:22 - 2011-11-19 13:32 - 0000000 ____D C:\Users\Hunze\AppData\Local\{CBAEE24E-E88B-493F-B3C5-57CD1D02A703}
2012-04-07 18:51 - 2012-04-27 20:09 - 0000000 ____D C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 12:07 - 2011-10-25 09:44 - 0000000 ____D C:\Users\Hunze\AppData\Local\{3EF652F9-58D7-492C-BB8D-8F1C9202C988}
2012-04-07 07:13 - 2011-07-09 09:53 - 0000000 ____D C:\Users\Hunze\AppData\Local\{AEC88BB5-E552-4EC0-8067-563F247BD0CE}
2012-04-07 07:01 - 2012-03-01 17:33 - 0000000 ____D C:\Users\Hunze\AppData\Local\{086E2992-4FED-46B1-9C5C-551576BF15D8}
2012-04-06 14:39 - 2012-01-22 22:15 - 0000000 ____D C:\Users\Hunze\AppData\Local\{9B8070F2-1A42-45D2-9C33-9D48F87D71A9}
2012-04-06 14:37 - 2012-04-06 14:37 - 0112400 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-06 14:37 - 2012-04-06 14:37 - 0000398 ____A C:\Users\Guest\Desktop\pc app.appref-ms
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Roxio
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Real
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Epson
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Local\Deployment
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Local\ATI
2012-04-06 14:37 - 2012-04-06 14:36 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Leader Technologies
2012-04-06 14:37 - - 0000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2012-04-06 14:37 - - 0000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2012-04-06 14:36 - 2012-04-30 18:09 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-04-06 14:36 - 2012-04-30 18:09 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-04-06 14:36 - 2012-04-22 22:01 - 0000000 ____D C:\users\Guest
2012-04-06 14:36 - 2012-04-06 15:29 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2012-04-06 14:36 - 2012-04-06 14:37 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-04-06 14:36 - 2012-04-06 14:37 - 0000000 __SHD C:\Users\Guest\My Documents
2012-04-06 14:36 - 2012-04-06 14:37 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-04-06 14:36 - 2012-04-06 14:37 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-04-06 14:36 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2012-04-06 14:36 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Templates
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\NetHood
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-04-06 14:36 - - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2012-04-06 14:36 - - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-05 14:47 - 2012-05-04 12:51 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-05 14:34 - 2012-04-03 02:16 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-05 14:34 - 2010-02-09 12:16 - 0001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-05 14:31 - 2012-04-05 14:30 - 0128170 ____A C:\TDSSKiller.2.7.25.0_05.04.2012_18.31.13_log.txt
2012-04-05 14:30 - 2012-04-05 14:30 - 0000156 ____A C:\TDSSKiller.2.7.25.0_05.04.2012_18.30.29_log.txt
2012-04-05 14:29 - 2012-05-04 13:12 - 0000000 ____D C:\Users\Hunze\AppData\Local\Little_Apps
2012-04-05 14:29 - 2012-04-04 04:55 - 0000156 ____A C:\TDSSKiller.2.7.25.0_05.04.2012_18.29.59_log.txt
2012-04-05 14:03 - 2011-10-14 17:47 - 0000000 ____D C:\Users\Hunze\AppData\Local\{79BC58B6-20FF-429C-9477-BA7DEC37FC8D}
2012-04-05 08:47 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Local\Best Buy pc app
2012-04-04 06:40 - 2012-04-03 12:25 - 0000000 ____D C:\Program Files\Common Files\Little Registry Cleaner
2012-04-04 06:38 - 2009-07-13 17:16 - 0773522 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-04 06:35 - 2012-04-30 19:19 - 0001969 ____A C:\Users\Hunze\Desktop\Little Registry Cleaner.lnk
2012-04-04 06:35 - 2012-04-04 05:55 - 0000000 ____D C:\Program Files (x86)\hpmonitor
2012-04-04 06:35 - 2012-04-03 12:25 - 0000000 ____D C:\Program Files\Little Registry Cleaner
2012-04-04 05:57 - 2012-03-09 16:57 - 0000000 ____D C:\Users\Hunze\AppData\Local\ElevatedDiagnostics
2012-04-04 05:22 - 2012-03-01 21:36 - 0002415 ____A C:\Users\Michael\Desktop\Google Chrome.lnk
2012-04-04 05:21 - 2012-05-04 13:11 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003Core.job
2012-04-04 05:21 - 2012-05-04 05:26 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003UA.job
2012-04-04 05:10 - 2012-04-05 08:49 - 0112400 ____A C:\Users\Gem\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-04 05:10 - 2012-04-05 08:46 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Real
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Roxio
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Macromedia
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Epson
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\ATI
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Apple Computer
2012-04-04 05:10 - 2012-04-04 05:09 - 0000398 ____A C:\Users\Gem\Desktop\pc app.appref-ms
2012-04-04 05:10 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Leader Technologies
2012-04-04 05:10 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Local\ATI
2012-04-04 05:10 - - 0000000 ____D C:\Users\Gem\AppData\Roaming\Adobe
2012-04-04 05:09 - 2012-04-30 18:09 - 0000000 __SHD C:\Users\Gem\AppData\Local\Temporary Internet Files
2012-04-04 05:09 - 2012-04-30 18:09 - 0000000 ____D C:\Users\Gem\AppData\LocalLow
2012-04-04 05:09 - 2012-04-05 08:47 - 0000000 ____D C:\Users\Gem\AppData\Local\Deployment
2012-04-04 05:09 - 2012-04-04 05:18 - 0000020 ___SH C:\Users\Gem\ntuser.ini
2012-04-04 05:09 - 2012-04-04 05:10 - 0000000 __SHD C:\Users\Gem\AppData\Local\History
2012-04-04 05:09 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Media Center Programs
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Templates
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Start Menu
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\PrintHood
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\NetHood
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\My Documents
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Documents\My Videos
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Documents\My Pictures
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Documents\My Music
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Local\VirtualStore
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Local\Microsoft Help
2012-04-04 05:09 - 2009-07-13 20:54 - 0000000 ____D C:\users\Gem
2012-04-04 05:09 - - 0000174 ___SH C:\Users\Gem\Start Menu\Programs\Startup\desktop.ini
2012-04-04 05:09 - - 0000174 ___SH C:\Users\Gem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-04 05:09 - - 0000000 ____D C:\Users\Gem\AppData\Local\Apps\2.0
2012-04-04 05:07 - - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-04 05:06 - 2012-05-04 13:15 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000Core.job
2012-04-04 05:06 - 2012-05-04 05:11 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000UA.job
2012-04-04 05:06 - 2011-04-30 05:35 - 0002405 ____A C:\Users\Hunze\Desktop\Google Chrome.lnk
2012-04-04 04:54 - 2012-04-03 16:04 - 0128998 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_08.54.27_log.txt

============ 3 Months Modified Files and Folders =============

2012-05-04 17:25 - 2012-05-04 17:24 - 0000000 ____D C:\FRST
2012-05-04 13:16 - 2012-01-14 17:57 - 0000000 ____D C:\Users\All Users\GameXN
2012-05-04 13:16 - 2012-01-14 17:57 - 0000000 ____D C:\ProgramData\GameXN
2012-05-04 13:16 - 2011-12-11 14:25 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\go
2012-05-04 13:15 - 2012-04-23 13:29 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-04 13:15 - 2010-01-11 04:01 - 3018608640 __ASH C:\hiberfil.sys
2012-05-04 13:15 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-04 13:15 - 2009-07-13 20:51 - 0643804 ____A C:\Windows\setupact.log
2012-05-04 13:12 - 2010-01-11 04:06 - 1265239 ____A C:\Windows\WindowsUpdate.log
2012-05-04 13:11 - 2012-04-04 05:06 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000UA.job
2012-05-04 12:51 - 2012-04-23 13:29 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 12:51 - 2012-04-23 13:29 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 12:51 - 2012-04-05 14:47 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 12:50 - 2012-05-04 12:50 - 0006104 ____A C:\Users\Hunze\Desktop\SystemLook.txt
2012-05-04 12:50 - 2012-05-01 15:05 - 0006102 ____A C:\Users\Hunze\Downloads\SystemLook.txt
2012-05-04 12:44 - 2012-05-04 12:44 - 0165376 ____A C:\Users\Hunze\Downloads\SystemLook_x64 (1).exe
2012-05-04 12:26 - 2012-04-04 05:21 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003UA.job
2012-05-04 05:26 - 2012-04-04 05:21 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003Core.job
2012-05-04 05:11 - 2012-04-04 05:06 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000Core.job
2012-05-03 15:59 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-03 15:59 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-03 14:51 - 2012-05-03 12:52 - 0000000 ____D C:\Users\Michael\AppData\Roaming\IMVU
2012-05-03 12:52 - 2012-05-03 12:52 - 0001893 ____A C:\Users\Michael\Desktop\IMVU.lnk
2012-05-03 12:52 - 2012-05-03 12:51 - 0000000 ____D C:\Users\Michael\AppData\Roaming\IMVUClient
2012-05-03 12:51 - 2012-05-03 12:51 - 0078480 ____A C:\Users\Michael\Desktop\InstallIMVU_471.0_st_c.exe
2012-05-02 11:28 - 2012-04-04 05:22 - 0002415 ____A C:\Users\Michael\Desktop\Google Chrome.lnk
2012-05-02 10:12 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Real
2012-05-02 07:26 - 2012-04-30 18:31 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-01 23:12 - 2009-11-11 22:28 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-01 23:12 - 2009-11-11 22:28 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-01 23:03 - 2010-02-14 12:54 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-01 23:02 - 2012-04-04 06:38 - 0773522 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-01 23:02 - 2009-07-13 21:13 - 0773522 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-01 15:17 - 2012-05-01 15:17 - 0000333 ____A C:\Users\Hunze\Downloads\nm247.vcf
2012-05-01 15:04 - 2012-05-01 15:04 - 0165376 ____A C:\Users\Hunze\Downloads\SystemLook_x64.exe
2012-04-30 19:46 - 2012-04-30 19:46 - 0002688 ____A C:\Users\Hunze\Desktop\aswMBR.txt
2012-04-30 19:46 - 2012-04-30 19:46 - 0000512 ____A C:\Users\Hunze\Desktop\MBR.dat
2012-04-30 19:19 - 2012-04-30 19:19 - 4731392 ____A (AVAST Software) C:\Users\Hunze\Downloads\aswMBR (2).exe
2012-04-30 19:19 - 2012-04-30 19:19 - 0005012 ____A C:\Users\Hunze\Desktop\Kapersky TDSSKiller log.txt
2012-04-30 19:19 - 2012-04-30 19:12 - 0131194 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_23.12.53_log.txt
2012-04-30 19:12 - 2012-04-30 19:12 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Hunze\Downloads\tdsskiller.exe
2012-04-30 19:09 - 2012-04-30 19:05 - 0002802 ____A C:\Users\Hunze\Desktop\unhide.txt
2012-04-30 19:05 - 2012-04-30 19:05 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Hunze\Downloads\unhide.exe
2012-04-30 18:12 - 2012-04-30 18:12 - 0025844 ____A C:\Users\Hunze\Desktop\combo fix log.txt
2012-04-30 18:09 - 2012-04-30 18:09 - 0025844 ____A C:\ComboFix.txt
2012-04-30 18:09 - 2012-04-30 17:20 - 0000000 ____D C:\Qoobox
2012-04-30 18:09 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-30 18:09 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-04-30 18:07 - 2012-04-30 17:41 - 0000000 ____D C:\Windows\ERDNT
2012-04-30 18:01 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-30 18:00 - 2009-10-29 12:25 - 0302056 ____A C:\Windows\PFRO.log
2012-04-30 18:00 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-30 17:59 - 2012-04-30 17:59 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-30 17:59 - 2009-07-13 18:34 - 76808192 ____A C:\Windows\System32\config\software.bak
2012-04-30 17:59 - 2009-07-13 18:34 - 17039360 ____A C:\Windows\System32\config\system.bak
2012-04-30 17:59 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-04-30 17:59 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-30 17:59 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-30 17:39 - 2012-04-30 17:19 - 4479797 ____R (Swearware) C:\Users\Hunze\Downloads\ComboFix.exe
2012-04-30 17:36 - 2012-04-30 17:36 - 0000000 ____D C:\Users\Hunze\AppData\Local\{A6A24BD4-59D2-42FF-A379-DD89E76A5337}
2012-04-30 17:36 - 2012-04-30 17:36 - 0000000 ____D C:\Users\Hunze\AppData\Local\{3F494D2C-656F-40D5-821E-C66C6038160C}
2012-04-30 17:36 - 2010-02-12 05:48 - 0000000 ____D C:\Users\Hunze\Tracing
2012-04-30 17:16 - 2012-04-30 17:16 - 0000881 ____A C:\Users\Hunze\Desktop\Security Check checkup text.txt
2012-04-30 17:10 - 2012-04-30 17:10 - 0879714 ____A C:\Users\Hunze\Downloads\SecurityCheck (1).exe
2012-04-30 13:14 - 2012-04-04 05:06 - 0002405 ____A C:\Users\Hunze\Desktop\Google Chrome.lnk
2012-04-29 21:15 - 2012-04-29 21:15 - 0411382 ____A C:\Users\Hunze\Desktop\computerrr.png
2012-04-29 21:06 - 2012-04-29 21:06 - 0009435 ____A C:\Users\Hunze\Desktop\Attach.txt
2012-04-29 21:05 - 2012-04-29 21:05 - 0030335 ____A C:\Users\Hunze\Desktop\DDS.txt
2012-04-29 20:59 - 2012-04-29 20:59 - 0000472 ____A C:\Users\Hunze\Downloads\defogger_disable.log
2012-04-29 20:59 - 2012-04-29 20:59 - 0000000 ____A C:\Users\Hunze\defogger_reenable
2012-04-29 20:59 - 2010-02-09 11:02 - 0000000 ____D C:\users\Hunze
2012-04-29 20:58 - 2012-04-29 20:58 - 0050477 ____A C:\Users\Hunze\Downloads\Defogger.exe
2012-04-29 09:31 - 2012-04-29 09:31 - 0002479 ____A C:\Users\Hunze\Documents\aswMBR.txt
2012-04-29 09:31 - 2012-04-29 09:31 - 0000512 ____A C:\Users\Hunze\Documents\MBR.dat
2012-04-29 09:14 - 2012-04-29 09:14 - 4731392 ____A (AVAST Software) C:\Users\Hunze\Downloads\aswMBR (1).exe
2012-04-29 09:14 - 2012-04-29 09:14 - 0003280 ____A C:\Users\Hunze\Documents\mbam-log-2012-04-29 (13-08-35).txt
2012-04-29 08:57 - 2012-04-29 08:57 - 4731392 ____A (AVAST Software) C:\Users\Hunze\Downloads\aswMBR.exe
2012-04-29 08:56 - 2012-04-29 08:56 - 0025131 ____A C:\Users\Hunze\Documents\Result.txt
2012-04-29 08:56 - 2012-04-29 08:55 - 0025131 ____A C:\Users\Hunze\Downloads\Result.txt
2012-04-29 08:54 - 2012-04-29 08:54 - 0396041 ____A C:\Users\Hunze\Downloads\MiniToolBox.exe
2012-04-29 08:54 - 2012-04-29 08:54 - 0003536 ____A C:\Users\Hunze\Documents\FSS.txt
2012-04-29 08:53 - 2012-04-29 08:53 - 0337321 ____A C:\Users\Hunze\Downloads\FSS.exe
2012-04-29 08:53 - 2012-04-29 08:53 - 0003536 ____A C:\Users\Hunze\Downloads\FSS.txt
2012-04-29 08:53 - 2012-04-29 08:53 - 0000817 ____A C:\Users\Hunze\Documents\checkup.txt
2012-04-29 08:49 - 2012-04-29 08:49 - 0869194 ____A C:\Users\Hunze\Downloads\SecurityCheck.exe
2012-04-27 23:25 - 2012-04-17 13:28 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2012-04-27 20:09 - 2012-04-17 13:29 - 0000000 ____D C:\Users\Michael\AppData\Roaming\skypePM
2012-04-26 23:24 - 2012-04-26 23:24 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-26 23:24 - 2012-04-26 23:24 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-26 23:24 - 2012-04-26 23:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 23:24 - 2010-03-28 08:37 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-26 15:22 - 2012-04-26 15:21 - 0000000 ____D C:\Users\Michael\AppData\Local\Microsoft Games
2012-04-24 00:47 - 2012-04-24 00:47 - 0000000 ____D C:\Users\Hunze\AppData\Local\{BF2C2097-64D5-4933-B52E-9CB8C25B3A8F}
2012-04-24 00:46 - 2012-04-24 00:46 - 0000000 ____D C:\Users\Hunze\AppData\Local\{43DC8280-D277-4F21-994F-BE7E252FC41E}
2012-04-23 05:45 - 2012-04-23 05:45 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-23 05:45 - 2012-04-23 05:45 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-23 05:45 - 2012-04-23 05:45 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-23 05:45 - 2011-12-12 14:48 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-23 01:40 - 2012-03-01 21:33 - 0000000 ____D C:\users\Michael
2012-04-22 22:01 - 2012-04-06 14:36 - 0000000 ____D C:\users\Guest
2012-04-22 22:01 - 2012-04-04 05:09 - 0000000 ____D C:\users\Gem
2012-04-22 22:00 - 2012-04-20 20:00 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-22 22:00 - 2011-11-25 07:48 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-22 22:00 - 2011-03-15 13:02 - 0000000 ____D C:\Users\All Users\Real
2012-04-22 22:00 - 2011-03-15 13:02 - 0000000 ____D C:\ProgramData\Real
2012-04-22 22:00 - 2009-10-29 13:02 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-22 22:00 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-22 22:00 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-22 22:00 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-22 22:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-22 22:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-22 22:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-22 22:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-22 22:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-22 21:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-22 18:05 - 2012-04-22 18:04 - 0000000 ____D C:\Users\Hunze\AppData\Local\{0BE31066-3674-4FDA-A7C5-177BC9EC700F}
2012-04-22 18:04 - 2012-04-22 18:04 - 0000000 ____D C:\Users\Hunze\AppData\Local\{138259FF-FEDA-4CCB-8C14-06F2D58EEEE2}
2012-04-22 18:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-20 19:56 - 2012-04-20 19:55 - 0129092 ____A C:\TDSSKiller.2.7.25.0_20.04.2012_23.55.07_log.txt
2012-04-20 19:43 - 2012-04-20 19:43 - 0000000 ____D C:\Users\Hunze\AppData\Local\{B939CD4D-2F76-43E5-92DE-063CE1B0E788}
2012-04-20 19:43 - 2012-04-20 19:43 - 0000000 ____D C:\Users\Hunze\AppData\Local\{B8648B81-23AA-45D7-BC22-978C1D998218}
2012-04-20 19:21 - 2012-04-20 19:20 - 0000000 ____D C:\Users\Hunze\AppData\Local\{A25DD225-F9B6-4651-A592-0368A3409DE9}
2012-04-20 19:20 - 2012-04-20 19:20 - 0000000 ____D C:\Users\Hunze\AppData\Local\{43F0DC98-DF64-4279-8BA6-D225A18421DB}
2012-04-17 22:59 - 2012-04-17 22:59 - 0000000 ____D C:\Users\Hunze\AppData\Local\{5CCD3543-301D-4129-89E2-CF0D944ECED1}
2012-04-17 16:57 - 2012-04-17 16:57 - 0000000 ____D C:\Users\Hunze\AppData\Local\{E3EC1C84-9FE7-4807-B068-8C85A4E772B2}
2012-04-13 12:40 - 2012-04-13 12:40 - 0000000 ____D C:\Users\Hunze\AppData\Local\{789BE42E-3829-4B68-9ECC-D96364FFC275}
2012-04-11 22:01 - 2012-04-11 22:01 - 0000000 ____D C:\Users\Hunze\AppData\Local\{1EAA0218-2943-48B4-8D6E-5952A5F72536}
2012-04-10 14:50 - 2012-04-03 13:08 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-10 14:43 - 2012-04-03 14:35 - 0000921 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-10 14:41 - 2012-04-10 14:41 - 0000000 ____D C:\Users\Hunze\AppData\Local\{856A55D3-5C19-4C0C-92E4-81B0F0587F16}
2012-04-09 14:34 - 2012-04-09 14:34 - 0000000 ____D C:\Users\Hunze\AppData\Local\{90465F79-C28C-490E-8978-FC7F29ED666A}
2012-04-08 10:22 - 2012-04-08 10:22 - 0000000 ____D C:\Users\Hunze\AppData\Local\{CBAEE24E-E88B-493F-B3C5-57CD1D02A703}
2012-04-07 18:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-07 18:51 - 2012-04-07 18:51 - 0000000 ____D C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 12:07 - 2012-04-07 12:07 - 0000000 ____D C:\Users\Hunze\AppData\Local\{3EF652F9-58D7-492C-BB8D-8F1C9202C988}
2012-04-07 07:13 - 2012-04-07 07:13 - 0000000 ____D C:\Users\Hunze\AppData\Local\{AEC88BB5-E552-4EC0-8067-563F247BD0CE}
2012-04-07 07:01 - 2012-04-07 07:01 - 0000000 ____D C:\Users\Hunze\AppData\Local\{086E2992-4FED-46B1-9C5C-551576BF15D8}
2012-04-06 14:39 - 2012-04-06 14:39 - 0000000 ____D C:\Users\Hunze\AppData\Local\{9B8070F2-1A42-45D2-9C33-9D48F87D71A9}
2012-04-06 14:37 - 2012-04-06 14:37 - 0112400 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-06 14:37 - 2012-04-06 14:37 - 0000398 ____A C:\Users\Guest\Desktop\pc app.appref-ms
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Roxio
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Real
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Leader Technologies
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Epson
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Local\Deployment
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Local\ATI
2012-04-06 14:37 - 2012-04-06 14:37 - 0000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2012-04-06 14:37 - 2012-04-06 14:36 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2012-04-06 14:37 - 2012-04-06 14:36 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-06 14:36 - 2012-04-06 14:36 - 0000020 ___SH C:\Users\Guest\ntuser.ini
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Templates
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\NetHood
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\My Documents
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-04-06 14:36 - 2012-04-06 14:36 - 0000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-04-05 14:34 - 2012-04-05 14:34 - 0001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-05 14:34 - 2012-04-05 14:34 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-05 14:33 - 2012-04-05 14:31 - 0128170 ____A C:\TDSSKiller.2.7.25.0_05.04.2012_18.31.13_log.txt
2012-04-05 14:30 - 2012-04-05 14:30 - 0000156 ____A C:\TDSSKiller.2.7.25.0_05.04.2012_18.30.29_log.txt
2012-04-05 14:30 - 2012-04-05 14:29 - 0000156 ____A C:\TDSSKiller.2.7.25.0_05.04.2012_18.29.59_log.txt
2012-04-05 14:29 - 2012-04-05 14:29 - 0000000 ____D C:\Users\Hunze\AppData\Local\Little_Apps
2012-04-05 14:10 - 2012-04-04 06:35 - 0001969 ____A C:\Users\Hunze\Desktop\Little Registry Cleaner.lnk
2012-04-05 14:03 - 2012-04-05 14:03 - 0000000 ____D C:\Users\Hunze\AppData\Local\{79BC58B6-20FF-429C-9477-BA7DEC37FC8D}
2012-04-05 08:49 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Local\Deployment
2012-04-05 08:47 - 2012-04-05 08:47 - 0000000 ____D C:\Users\Gem\AppData\Local\Best Buy pc app
2012-04-04 11:56 - 2012-04-03 09:40 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 06:50 - 2012-04-02 22:53 - 2129920 ____A C:\Windows\ntbtlog.txt
2012-04-04 06:49 - 2012-04-04 06:35 - 0000000 ____D C:\Program Files (x86)\hpmonitor
2012-04-04 06:41 - 2012-04-04 06:40 - 0000000 ____D C:\Program Files\Common Files\Little Registry Cleaner
2012-04-04 06:35 - 2012-04-04 06:35 - 0000000 ____D C:\Program Files\Little Registry Cleaner
2012-04-04 05:57 - 2012-04-04 05:57 - 0000000 ____D C:\Users\Hunze\AppData\Local\ElevatedDiagnostics
2012-04-04 05:55 - 2009-10-29 12:22 - 0000000 ____D C:\Program Files\Google
2012-04-04 05:55 - 2009-10-29 12:21 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-04 05:21 - 2012-03-02 07:05 - 0000000 ____D C:\Users\Michael\AppData\Local\Google
2012-04-04 05:10 - 2012-04-04 05:10 - 0112400 ____A C:\Users\Gem\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-04 05:10 - 2012-04-04 05:10 - 0000398 ____A C:\Users\Gem\Desktop\pc app.appref-ms
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Roxio
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Real
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Macromedia
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Leader Technologies
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Epson
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\ATI
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Apple Computer
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Roaming\Adobe
2012-04-04 05:10 - 2012-04-04 05:10 - 0000000 ____D C:\Users\Gem\AppData\Local\ATI
2012-04-04 05:09 - 2012-04-04 05:09 - 0000174 ___SH C:\Users\Gem\Start Menu\Programs\Startup\desktop.ini
2012-04-04 05:09 - 2012-04-04 05:09 - 0000174 ___SH C:\Users\Gem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-04 05:09 - 2012-04-04 05:09 - 0000020 ___SH C:\Users\Gem\ntuser.ini
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Templates
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Start Menu
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\PrintHood
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\NetHood
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\My Documents
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Documents\My Videos
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Documents\My Pictures
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\Documents\My Music
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\AppData\Local\Temporary Internet Files
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 __SHD C:\Users\Gem\AppData\Local\History
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\LocalLow
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Local\VirtualStore
2012-04-04 05:09 - 2012-04-04 05:09 - 0000000 ____D C:\Users\Gem\AppData\Local\Apps\2.0
2012-04-04 05:07 - 2012-04-04 05:07 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-04 05:07 - 2009-10-29 12:20 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-04 05:07 - 2009-10-29 12:20 - 0000000 ____D C:\ProgramData\Adobe
2012-04-04 05:07 - 2009-10-29 12:20 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-04 05:06 - 2011-01-03 07:11 - 0000000 ____D C:\Users\Hunze\AppData\Local\Deployment
2012-04-04 04:59 - 2010-02-09 11:24 - 0000000 ____D C:\Users\Hunze\AppData\Local\Google
2012-04-04 04:59 - 2009-10-29 12:21 - 0000000 ____D C:\Users\All Users\Google
2012-04-04 04:59 - 2009-10-29 12:21 - 0000000 ____D C:\ProgramData\Google
2012-04-04 04:55 - 2012-04-04 04:54 - 0128998 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_08.54.27_log.txt
2012-04-04 04:55 - 2012-04-03 16:03 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-03 23:08 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-03 16:31 - 2009-07-13 21:08 - 0032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-03 16:28 - 2012-04-03 16:28 - 0000000 ____D C:\5bfbba4d5b61a55ce2e7468b
2012-04-03 16:06 - 2012-04-03 07:20 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-03 16:04 - 2012-04-03 16:01 - 0131608 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_20.01.47_log.txt
2012-04-03 15:59 - 2012-04-03 15:59 - 2052880 ____A C:\Users\Hunze\Downloads\tdsskiller (2).zip
2012-04-03 15:59 - 2012-04-03 15:57 - 2052868 ____A C:\Users\Hunze\Desktop\tdsskiller.zip
2012-04-03 15:55 - 2012-04-03 15:55 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\DivX
2012-04-03 15:22 - 2012-04-03 15:22 - 0270544 ____A C:\Windows\Minidump\040312-25849-01.dmp
2012-04-03 15:22 - 2010-09-23 10:03 - 283820153 ____A C:\Windows\MEMORY.DMP
2012-04-03 15:22 - 2010-09-23 10:03 - 0000000 ____D C:\Windows\Minidump
2012-04-03 14:59 - 2012-04-03 14:59 - 0274784 ____A C:\Windows\Minidump\040312-26067-01.dmp
2012-04-03 14:54 - 2012-04-03 14:54 - 0270544 ____A C:\Windows\Minidump\040312-34164-01.dmp
2012-04-03 14:50 - 2012-04-03 14:50 - 0270544 ____A C:\Windows\Minidump\040312-25740-01.dmp
2012-04-03 14:47 - 2012-04-03 14:47 - 0274784 ____A C:\Windows\Minidump\040312-25833-01.dmp
2012-04-03 14:41 - 2012-04-03 14:41 - 0274784 ____A C:\Windows\Minidump\040312-48500-01.dmp
2012-04-03 13:58 - 2012-04-03 09:40 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 13:56 - 2012-04-03 13:56 - 0000000 ____D C:\Users\Hunze\AppData\Local\{78C2540C-CB24-48B4-B9B9-47E9777C1F37}
2012-04-03 13:51 - 2011-10-07 18:27 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-03 13:51 - 2011-10-07 18:27 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-03 13:50 - 2011-11-25 08:20 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-04-03 13:50 - 2011-04-21 14:32 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-03 13:50 - 2011-04-21 14:32 - 0000000 ____D C:\ProgramData\MFAData
2012-04-03 13:49 - 2010-02-09 11:02 - 0000000 ____D C:\Users\Hunze\AppData\LocalLow
2012-04-03 13:32 - 2012-04-03 13:32 - 5245392 ____A (ParetoLogic Inc.) C:\Users\Hunze\Downloads\ParetoLogic PC Health Advisor (1).exe
2012-04-03 13:30 - 2012-04-03 13:30 - 5245392 ____A (ParetoLogic Inc.) C:\Users\Hunze\Downloads\ParetoLogic PC Health Advisor.exe
2012-04-03 13:12 - 2012-04-03 13:12 - 0270544 ____A C:\Windows\Minidump\040312-31403-01.dmp
2012-04-03 13:11 - 2012-04-03 13:11 - 0065536 __ASH C:\Windows\System32\config\components{d7da8f31-7dd0-11e1-9dab-00262d754cc0}.TxR.blf
2012-04-03 12:26 - 2012-04-03 12:26 - 0101888 ____A (Kaspersky Lab) C:\Windows\System32\compgMgr64.dll
2012-04-03 12:25 - 2012-03-25 13:45 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-04-03 12:25 - 2012-03-15 19:39 - 0000000 ____D C:\Program Files\DivX
2012-04-03 12:25 - 2012-03-15 19:38 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-03 12:25 - 2012-03-15 19:37 - 0000000 ____D C:\Users\All Users\DivX
2012-04-03 12:25 - 2012-03-15 19:37 - 0000000 ____D C:\ProgramData\DivX
2012-04-03 12:25 - 2012-03-12 14:06 - 0000000 ____D C:\Program Files\iTunes
2012-04-03 12:25 - 2012-03-12 14:06 - 0000000 ____D C:\Program Files\iPod
2012-04-03 12:25 - 2012-03-12 14:06 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-03 12:25 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\AVG2012
2012-04-03 12:25 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\038A524F58DB438A83918F7F0CA14B9E.TMP
2012-04-03 12:25 - 2012-03-01 21:33 - 0000000 ____D C:\Users\Michael\AppData\LocalLow
2012-04-03 12:25 - 2012-02-17 14:45 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-03 12:25 - 2012-02-17 14:45 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-03 12:25 - 2012-02-17 14:43 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-03 12:25 - 2012-02-17 14:42 - 0000000 ____D C:\Users\All Users\Apple
2012-04-03 12:25 - 2012-02-17 14:42 - 0000000 ____D C:\ProgramData\Apple
2012-04-03 12:25 - 2012-02-17 14:42 - 0000000 ____D C:\Program Files\Bonjour
2012-04-03 12:25 - 2012-02-09 18:53 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-04-03 12:25 - 2012-02-07 18:10 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-04-03 12:25 - 2012-02-07 18:09 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-04-03 12:25 - 2012-01-07 19:13 - 0000000 ____D C:\Program Files (x86)\EasyBurner
2012-04-03 12:25 - 2011-12-11 14:25 - 0000000 ____D C:\Users\All Users\Easybits GO
2012-04-03 12:25 - 2011-12-11 14:25 - 0000000 ____D C:\ProgramData\Easybits GO
2012-04-03 12:25 - 2011-11-28 11:51 - 0000000 ____D C:\Users\Hunze\AppData\Local\PC_Drivers_Headquarters
2012-04-03 12:25 - 2011-11-28 10:39 - 0000000 ____D C:\Users\Hunze\AppData\Local\Tific
2012-04-03 12:25 - 2011-11-28 07:39 - 0000000 ____D C:\Users\All Users\PC Drivers HeadQuarters
2012-04-03 12:25 - 2011-11-28 07:39 - 0000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2012-04-03 12:25 - 2011-10-07 18:27 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\AVG2012
2012-04-03 12:25 - 2011-04-22 04:09 - 0000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-04-03 12:25 - 2011-04-22 04:09 - 0000000 ____D C:\ProgramData\AVG Security Toolbar
2012-04-03 12:25 - 2011-03-15 13:36 - 0000000 ____D C:\Program Files\Windows Live
2012-04-03 12:25 - 2011-03-15 13:02 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Real
2012-04-03 12:25 - 2011-03-15 13:02 - 0000000 ____D C:\Program Files (x86)\Real
2012-04-03 12:25 - 2011-01-03 07:11 - 0000000 ___DC C:\Users\All Users\{490DF262-AAC9-4596-9027-145286488424}
2012-04-03 12:25 - 2011-01-03 07:11 - 0000000 ___DC C:\ProgramData\{490DF262-AAC9-4596-9027-145286488424}
2012-04-03 12:25 - 2011-01-03 07:11 - 0000000 ____D C:\Users\Hunze\AppData\Local\Apps\2.0
2012-04-03 12:25 - 2011-01-03 07:11 - 0000000 ____D C:\Users\All Users\Best Buy pc app
2012-04-03 12:25 - 2011-01-03 07:11 - 0000000 ____D C:\ProgramData\Best Buy pc app
2012-04-03 12:25 - 2010-11-24 22:16 - 0000000 ____D C:\Users\Public\CyberLink
2012-04-03 12:25 - 2010-11-24 20:50 - 0000000 ____D C:\Program Files (x86)\Easy DVD Creator
2012-04-03 12:25 - 2010-08-20 08:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-04-03 12:25 - 2010-08-20 08:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-03 12:25 - 2010-08-02 04:50 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\mjusbsp
2012-04-03 12:25 - 2010-06-02 15:48 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\AVG9
2012-04-03 12:25 - 2010-05-31 22:34 - 0000000 ____D C:\Users\Hunze\AppData\Local\Microsoft Help
2012-04-03 12:25 - 2010-05-31 10:18 - 0000000 ____D C:\Users\All Users\avg9
2012-04-03 12:25 - 2010-05-31 10:18 - 0000000 ____D C:\ProgramData\avg9
2012-04-03 12:25 - 2010-03-05 18:50 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Vivox
2012-04-03 12:25 - 2010-02-17 20:58 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Facebook
2012-04-03 12:25 - 2010-02-16 15:57 - 0000000 ____D C:\Users\Hunze\AppData\Local\Best_Buy®
2012-04-03 12:25 - 2010-02-12 09:27 - 0000000 ____D C:\Program Files (x86)\Winter Fun Pack 2004 for Windows XP
2012-04-03 12:25 - 2010-02-12 05:33 - 0000000 ____D C:\Program Files (x86)\LTCM Client
2012-04-03 12:25 - 2010-02-12 05:20 - 0000000 ____D C:\Users\All Users\EPSON
2012-04-03 12:25 - 2010-02-12 05:20 - 0000000 ____D C:\ProgramData\EPSON
2012-04-03 12:25 - 2010-02-12 05:20 - 0000000 ____D C:\Program Files (x86)\epson
2012-04-03 12:25 - 2010-02-09 12:16 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-03 12:25 - 2010-02-09 12:16 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Skype
2012-04-03 12:25 - 2010-02-09 12:16 - 0000000 ____D C:\Users\All Users\Skype
2012-04-03 12:25 - 2010-02-09 12:16 - 0000000 ____D C:\ProgramData\Skype
2012-04-03 12:25 - 2010-01-11 04:22 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-03 12:25 - 2010-01-11 04:16 - 0000000 ____D C:\Program Files (x86)\Video Web Camera
2012-04-03 12:25 - 2010-01-11 04:16 - 0000000 ____D C:\Program Files (x86)\Launch Manager
2012-04-03 12:25 - 2010-01-11 04:15 - 0000000 ____D C:\Program Files\Apoint2K
2012-04-03 12:25 - 2010-01-11 04:06 - 0000000 ____D C:\Program Files\CONEXANT
2012-04-03 12:25 - 2009-11-11 22:37 - 0000000 ____D C:\Users\All Users\InstallShield
2012-04-03 12:25 - 2009-11-11 22:37 - 0000000 ____D C:\ProgramData\InstallShield
2012-04-03 12:25 - 2009-11-11 22:37 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-04-03 12:25 - 2009-11-11 22:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-04-03 12:25 - 2009-11-11 22:31 - 0000000 ___RD C:\Users\Hunze\Desktop\Microsoft Office
2012-04-03 12:25 - 2009-11-11 22:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-03 12:25 - 2009-11-11 22:28 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-03 12:25 - 2009-10-29 12:22 - 0000000 ____D C:\Program Files\Gateway
2012-04-03 12:25 - 2009-10-29 12:18 - 0000000 ____D C:\Users\All Users\Norton
2012-04-03 12:25 - 2009-10-29 12:18 - 0000000 ____D C:\ProgramData\Norton
2012-04-03 12:25 - 2009-10-29 12:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-03 12:25 - 2009-10-29 12:14 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-03 12:25 - 2009-10-05 12:30 - 0000000 ___AD C:\Windows\DeployWinRE2
2012-04-03 12:25 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-03 12:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-03 12:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-03 12:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-03 12:25 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-03 12:24 - 2011-04-22 04:07 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-03 12:24 - 2010-06-07 17:43 - 0000000 ____D C:\Windows\SysWOW64\Samsung_USB_Drivers
2012-04-03 12:24 - 2010-05-31 22:32 - 0000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-04-03 12:24 - 2010-01-11 03:59 - 0000000 ____D C:\Windows\NAPP_Dism_Log
2012-04-03 12:24 - 2009-11-11 22:27 - 0000000 ____D C:\Windows\SysWOW64\Drivers\nti
2012-04-03 12:24 - 2009-10-29 13:02 - 0000000 ____D C:\Windows\ShellNew
2012-04-03 12:24 - 2009-10-29 12:27 - 0000000 ____D C:\Windows\OOBEOffer
2012-04-03 12:24 - 2009-10-29 12:22 - 0000000 ____D C:\Windows\oem
2012-04-03 12:24 - 2009-10-29 12:15 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-03 12:24 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-03 12:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-03 12:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-03 12:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-03 12:24 - 2009-03-12 01:30 - 0000000 ____D C:\Windows\LP
2012-04-03 11:14 - 2012-02-17 14:44 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-03 11:14 - 2012-02-17 14:42 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-03 11:14 - 2011-09-12 17:23 - 0000000 ____D C:\Program Files (x86)\Advanced Grapher
2012-04-03 11:14 - 2011-03-10 04:07 - 0000000 ____D C:\394c1a0a01930a1509a6
2012-04-03 11:14 - 2011-02-10 04:46 - 0000000 ____D C:\491ad861b37aaf99e9ad
2012-04-03 11:14 - 2011-01-13 07:11 - 0000000 ____D C:\ca7d04031d7bcf834fc20b
2012-04-03 11:14 - 2010-12-16 03:50 - 0000000 ____D C:\e3504a2e3c6be650b89daddf
2012-04-03 11:14 - 2010-11-11 00:00 - 0000000 ____D C:\ede0d8849675c1fb538e16ecf0a2
2012-04-03 11:14 - 2010-01-11 04:12 - 0000000 ____D C:\Program Files (x86)\AMD
2012-04-03 11:14 - 2009-10-29 12:59 - 0000000 ____D C:\OEM
2012-04-03 10:08 - 2012-04-03 10:08 - 0270488 ____A C:\Windows\Minidump\040312-32713-01.dmp
2012-04-03 09:40 - 2012-04-03 09:40 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2012-04-03 09:40 - 2012-04-03 09:40 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-03 09:40 - 2012-04-03 09:40 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-03 09:39 - 2012-04-03 09:39 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.60.1.1000(new).exe
2012-04-03 09:35 - 2012-04-03 09:35 - 0080456 ____A (Malwarebytes Corporation) C:\Users\Michael\Downloads\mbam-clean.exe
2012-04-03 09:33 - 2012-04-03 09:32 - 0000400 ____A C:\rkill.log
2012-04-03 09:31 - 2012-04-03 09:31 - 1008141 ____A C:\Users\Michael\Downloads\rkill.exe
2012-04-03 09:26 - 2012-04-03 09:00 - 0000000 ____D C:\Users\All Users\ParetoLogic
2012-04-03 09:26 - 2012-04-03 09:00 - 0000000 ____D C:\ProgramData\ParetoLogic
2012-04-03 09:07 - 2011-04-21 13:46 - 0001463 ____A C:\Users\Hunze\Desktop\LOA Request - Shortcut.lnk
2012-04-03 09:07 - 2010-08-02 04:51 - 0001161 ____A C:\Users\Hunze\Desktop\magicJack.lnk
2012-04-03 09:07 - 2010-03-22 04:00 - 0001198 ____A C:\Users\Hunze\Desktop\Microsoft Office - Shortcut.lnk
2012-04-03 09:00 - 2012-04-03 09:00 - 0000000 ____D C:\Users\Michael\AppData\Roaming\ParetoLogic
2012-04-03 09:00 - 2012-04-03 09:00 - 0000000 ____D C:\Users\Michael\AppData\Roaming\DriverCure
2012-04-03 08:59 - 2012-04-03 09:00 - 5245392 ____A (ParetoLogic Inc.) C:\Users\Michael\Downloads\ParetoLogic PC Health Advisor.exe
2012-04-03 08:57 - 2012-04-03 08:57 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam--setup-1.60.1.1000.exe
2012-04-03 07:41 - 2012-04-03 07:41 - 0270544 ____A C:\Windows\Minidump\040312-29125-01.dmp
2012-04-03 07:21 - 2012-04-03 07:21 - 0270544 ____A C:\Windows\Minidump\040312-28594-01.dmp
2012-04-03 02:41 - 2011-03-15 13:41 - 0000000 ____D C:\Windows\en
2012-04-03 02:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-03 02:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-03 02:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-03 02:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-03 02:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-03 02:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-03 02:20 - 2012-03-01 21:40 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Adobe
2012-04-03 02:20 - 2012-03-01 21:38 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2012-04-03 02:20 - 2012-03-01 21:38 - 0000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2012-04-03 02:20 - 2012-03-01 21:35 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Macromedia
2012-04-03 02:20 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Epson
2012-04-03 02:19 - 2012-03-25 13:49 - 0000000 ____D C:\Users\Michael\AppData\Local\Babylon
2012-04-03 02:19 - 2011-04-28 07:45 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\SUPERAntiSpyware.com
2012-04-03 02:19 - 2010-11-24 23:31 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Nero
2012-04-03 02:19 - 2010-11-24 22:28 - 0000000 ____D C:\Users\Hunze\Documents\DVDFab
2012-04-03 02:19 - 2010-04-24 13:47 - 0000000 ____D C:\Users\Hunze\Documents\Fax
2012-04-03 02:19 - 2010-03-23 04:01 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\U3
2012-04-03 02:19 - 2010-03-05 18:45 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Mozilla
2012-04-03 02:19 - 2010-02-14 12:51 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Epson
2012-04-03 02:19 - 2010-02-09 11:24 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Adobe
2012-04-03 02:19 - 2010-02-09 11:03 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Roxio
2012-04-03 02:19 - 2010-02-09 11:03 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Macromedia
2012-04-03 02:19 - 2010-02-09 11:03 - 0000000 ____D C:\Users\Hunze\AppData\Local\VirtualStore
2012-04-03 02:18 - 2010-03-28 08:37 - 0000000 ____D C:\Users\Hunze\AppData\Local\Mozilla
2012-04-03 02:17 - 2012-02-17 14:45 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-03 02:17 - 2012-02-17 14:45 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-03 02:17 - 2012-01-07 19:12 - 0000000 ____D C:\Users\Hunze\AppData\Local\Babylon
2012-04-03 02:17 - 2010-09-12 16:24 - 0000000 ____D C:\Users\Hunze\AppData\Local\Microsoft Games
2012-04-03 02:17 - 2010-02-10 16:35 - 0000000 ____D C:\Users\All Users\Symantec
2012-04-03 02:17 - 2010-02-10 16:35 - 0000000 ____D C:\ProgramData\Symantec
2012-04-03 02:17 - 2009-11-11 22:37 - 0000000 ____D C:\Users\All Users\Uninstall
2012-04-03 02:17 - 2009-11-11 22:37 - 0000000 ____D C:\ProgramData\Uninstall
2012-04-03 02:16 - 2012-03-25 13:49 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-03 02:16 - 2012-03-25 13:49 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-03 02:16 - 2010-11-24 23:30 - 0000000 ____D C:\Users\All Users\Nero
2012-04-03 02:16 - 2010-11-24 23:30 - 0000000 ____D C:\ProgramData\Nero
2012-04-03 02:16 - 2010-11-24 22:10 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-03 02:16 - 2010-11-24 22:10 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-03 02:16 - 2010-04-30 19:44 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-03 02:16 - 2010-04-30 19:44 - 0000000 ____D C:\ProgramData\McAfee
2012-04-03 02:16 - 2010-01-11 04:17 - 0000000 ____D C:\Users\All Users\OEM
2012-04-03 02:16 - 2010-01-11 04:17 - 0000000 ____D C:\ProgramData\OEM
2012-04-03 02:16 - 2009-11-11 22:29 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-03 02:16 - 2009-10-29 12:22 - 0000000 ____D C:\Users\All Users\Gateway
2012-04-03 02:16 - 2009-10-29 12:22 - 0000000 ____D C:\ProgramData\Gateway
2012-04-03 02:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-03 02:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-03 02:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-03 02:16 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-03 02:15 - 2010-01-11 04:09 - 0000000 ____D C:\Program Files\ATI
2012-04-03 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-03 02:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-03 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-03 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-03 02:15 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-03 02:14 - 2010-06-07 17:43 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-04-03 02:14 - 2010-01-11 04:24 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-03 02:14 - 2009-11-11 22:27 - 0000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-04-03 02:14 - 2009-10-29 12:14 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-03 02:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-03 02:12 - 2010-11-29 06:51 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-03 02:12 - 2009-10-29 12:22 - 0000000 ____D C:\Program Files (x86)\Gateway
2012-04-03 02:11 - 2011-11-28 08:47 - 0000000 ____D C:\Program Files (x86)\DevGuru
2012-04-03 02:11 - 2010-02-12 05:21 - 0000000 ____D C:\Program Files (x86)\Epson Software
2012-04-03 02:09 - 2010-05-31 10:18 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-03 02:09 - 2010-01-11 04:09 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-04-02 22:53 - 2012-04-02 22:53 - 0274784 ____A C:\Windows\Minidump\040312-29530-01.dmp
2012-04-02 22:49 - 2012-04-02 22:49 - 0274784 ____A C:\Windows\Minidump\040312-36207-01.dmp
2012-04-02 22:46 - 2012-04-02 22:45 - 0274784 ____A C:\Windows\Minidump\040312-39249-01.dmp
2012-04-02 18:01 - 2012-04-02 18:01 - 0000000 ____D C:\Windows\Sun
2012-04-02 15:17 - 2012-04-02 15:17 - 0000000 ____D C:\Users\Hunze\AppData\Local\{2F4DA43E-31EC-4936-9C29-1E1BAEAA2F13}
2012-04-02 13:53 - 2012-03-25 12:11 - 0000000 ____D C:\Users\Michael\AppData\Local\Adobe
2012-04-02 10:43 - 2012-04-02 10:43 - 0001583 ____A C:\Users\Michael\Documents\notes.txt
2012-04-01 19:36 - 2012-04-01 19:35 - 0000000 ____D C:\Users\Hunze\AppData\Local\{1BDB0BD0-ACC1-4DCC-8BC7-EB85604E2AED}
2012-03-31 17:55 - 2012-03-31 05:26 - 0000000 ____D C:\Users\Hunze\AppData\Local\{9ABC367B-4B89-45E3-A624-7B8F9F6CBEF4}
2012-03-29 01:42 - 2012-03-29 01:42 - 0000000 ____D C:\Users\Hunze\AppData\Local\{0A18BE17-6E3D-461E-AF73-9C95E0869F31}
2012-03-26 18:25 - 2012-03-26 18:24 - 5018909 ____A C:\Users\Hunze\Downloads\I Will Be- Christina Aguilera Instrumental Karaoke.mp3
2012-03-25 23:25 - 2012-03-25 23:25 - 0000000 ____D C:\Users\Hunze\AppData\Local\{FEDA7ADD-EF1A-4075-8734-352DB18E6C15}
2012-03-25 23:25 - 2012-03-25 23:25 - 0000000 ____D C:\Users\Hunze\AppData\Local\{87E44041-ED3B-40B9-8CAA-EE456B09516E}
2012-03-25 17:07 - 2012-03-25 13:45 - 0000000 ____D C:\Users\Michael\AppData\Local\Conduit
2012-03-25 16:59 - 2012-03-25 16:59 - 0000000 ____D C:\AI_RecycleBin
2012-03-25 16:59 - 2011-08-21 14:03 - 0000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-03-25 16:19 - 2012-03-25 13:53 - 0000000 ____D C:\Users\Michael\Downloads\Beachbody.com - Shaun T - Insanity Deluxe
2012-03-25 16:16 - 2012-03-25 16:16 - 0001354 ____A C:\Users\Michael\Desktop\Beachbody.com - Shaun T - Insanity Deluxe - Shortcut.lnk
2012-03-25 14:27 - 2012-03-25 14:27 - 0041989 ____A C:\Users\Michael\Documents\Beachbody.com_-_Insanity_Fitness_Programm_Deluxe.torrent
2012-03-25 14:19 - 2012-03-25 14:19 - 0041377 ____A C:\Users\Michael\Documents\5A962706F79D90943C0C54FCFB50BA34C94F04DA.torrent
2012-03-25 13:52 - 2012-03-25 13:52 - 0042101 ____A C:\Users\Michael\Documents\3979203.torrent
2012-03-25 13:49 - 2012-03-25 13:49 - 0000237 ____A C:\user.js
2012-03-25 13:49 - 2012-03-25 13:49 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Babylon
2012-03-25 13:49 - 2012-03-25 13:49 - 0000000 ____D C:\Users\All Users\Premium
2012-03-25 13:49 - 2012-03-25 13:49 - 0000000 ____D C:\ProgramData\Premium
2012-03-25 13:43 - 2012-03-25 13:43 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Michael\Documents\uTorrent.exe
2012-03-25 12:28 - 2012-03-25 12:28 - 4872312 ____A (http://www.express-files.com/) C:\Users\Michael\Documents\watch_insanity_workout_online_free_megavideo_downloader_142.exe
2012-03-25 12:09 - 2012-03-25 12:08 - 7337259 ____A C:\Users\Michael\Documents\Insanity Docs.zip
2012-03-25 11:03 - 2012-03-15 19:40 - 0000000 ____D C:\Users\Michael\AppData\Roaming\DivX
2012-03-22 15:50 - 2012-03-22 15:50 - 0000000 ____D C:\Users\Hunze\AppData\Local\{69670D26-D5CE-45FD-BC65-B1BBBC48A558}
2012-03-22 15:50 - 2012-03-22 15:50 - 0000000 ____D C:\Users\Hunze\AppData\Local\{1B2841D5-C0B5-4FED-A90D-D9F89C3E8D7F}
2012-03-22 12:44 - 2012-03-22 12:44 - 0000000 ____D C:\Users\Hunze\AppData\Local\{E8E5756C-8BE5-4812-AF80-9C1978BF5793}
2012-03-22 12:44 - 2012-03-22 12:44 - 0000000 ____D C:\Users\Hunze\AppData\Local\{5CCFCC06-4C08-4C44-85E3-D98989DCBE34}
2012-03-21 15:01 - 2012-03-21 15:01 - 0017624 ____A C:\Users\Hunze\Downloads\Freshman Center Letter.docx
2012-03-20 23:40 - 2012-03-20 23:40 - 0000000 ____D C:\Users\Hunze\AppData\Local\{E338BBB5-01F2-44C2-AE1A-8AEEBF4792CF}
2012-03-20 23:05 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Apple Computer
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Users\Hunze\AppData\Local\{7AF6F09F-00F7-41AF-A52B-6D2268B7263B}
2012-03-18 22:41 - 2012-03-18 22:40 - 0000000 ____D C:\Users\Hunze\AppData\Local\{B79D3102-5902-4716-A11F-E35B176452CD}
2012-03-15 19:42 - 2012-03-15 19:42 - 0000000 ____D C:\Users\Michael\AppData\Local\DDMSettings
2012-03-15 19:40 - 2012-04-30 17:53 - 0002123 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-03-15 19:40 - 2012-04-30 17:53 - 0001119 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-03-15 19:40 - 2012-03-15 19:40 - 0001619 ____A C:\Users\Michael\Desktop\DivX Movies.lnk
2012-03-15 19:37 - 2012-03-15 19:37 - 4780600 ____A (DivX, Inc.) C:\Users\Michael\Desktop\DivXWebPlayerInstaller.exe
2012-03-15 19:37 - 2012-03-15 19:37 - 2886784 ____A C:\Users\Michael\Desktop\Toolbar_production_100709.exe
2012-03-15 17:06 - 2012-03-15 17:06 - 6922812 ____A C:\Users\Hunze\Downloads\Lana Del Rey-Video Games.mp3
2012-03-15 16:58 - 2012-03-15 16:58 - 5989179 ____A C:\Users\Hunze\Downloads\I Will Be - Christina Aguilera.mp3
2012-03-15 16:57 - 2012-03-15 16:57 - 4868212 ____A C:\Users\Hunze\Downloads\Chicago- Roxie.mp3
2012-03-15 16:57 - 2012-03-15 16:56 - 7585992 ____A C:\Users\Hunze\Downloads\Zorba - Life Is.mp3
2012-03-15 16:55 - 2012-03-15 16:55 - 4479510 ____A C:\Users\Hunze\Downloads\Spring Awakening-Dark I Know Well.mp3
2012-03-15 14:04 - 2012-03-15 14:04 - 0000000 ____D C:\Users\Hunze\AppData\Local\{85026BA4-E187-4F76-903D-D6934E7FE51E}
2012-03-15 14:04 - 2012-03-15 14:03 - 0000000 ____D C:\Users\Hunze\AppData\Local\{69CFCDC8-AF0C-4588-AE3C-BEE8C8FE03F6}
2012-03-15 08:56 - 2009-07-13 20:45 - 0430584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 16:05 - 2012-03-14 16:05 - 0124416 ____A C:\Users\Hunze\Downloads\random-variables-take-home-test (1).doc
2012-03-14 14:46 - 2012-03-14 14:46 - 0124416 ____A C:\Users\Hunze\Downloads\random-variables-take-home-test.doc
2012-03-14 13:23 - 2012-03-14 13:23 - 0000000 ____D C:\Users\Hunze\AppData\Local\{D293C961-FFAE-49D5-9BD6-7ED23044BEC7}
2012-03-14 13:23 - 2012-03-14 13:23 - 0000000 ____D C:\Users\Hunze\AppData\Local\{C7A0EB1C-B4B0-4AD5-B4F2-808F945D8CE0}
2012-03-12 15:22 - 2012-03-12 15:22 - 0000000 ____D C:\Users\Hunze\AppData\Local\{E44BC1F0-6C3A-486A-B4E5-D18CDCF25913}
2012-03-12 15:22 - 2012-03-12 15:22 - 0000000 ____D C:\Users\Hunze\AppData\Local\{87F13D0A-A96E-490B-95B3-8D5C4A36B5BD}
2012-03-12 14:08 - 2012-04-30 17:53 - 0001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-12 03:16 - 2012-03-12 03:16 - 0000000 ____D C:\Users\Hunze\AppData\Local\{FA7DF062-E43C-4287-A36E-98B3A42D7878}
2012-03-12 03:16 - 2012-03-12 03:16 - 0000000 ____D C:\Users\Hunze\AppData\Local\{35DE3458-72BA-4E66-9A0F-8DA162C0FA52}
2012-03-09 23:34 - 2012-03-09 23:34 - 0001758 ____A C:\Users\Michael\Desktop\Video Web Camera.lnk
2012-03-09 19:39 - 2012-03-09 19:39 - 0000000 ____D C:\Users\Michael\AppData\Local\Apple
2012-03-09 11:41 - 2012-03-09 11:40 - 0000000 ____D C:\Users\Hunze\AppData\Local\{256DF545-5EDC-4D61-8621-CD60470C007C}
2012-03-09 11:40 - 2012-03-09 11:40 - 0000000 ____D C:\Users\Hunze\AppData\Local\{C86C40AB-2379-432A-A509-D5F4E698E231}
2012-03-09 09:22 - 2012-03-04 20:33 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Google
2012-03-08 22:21 - 2012-03-08 22:21 - 0099384 ____A C:\Users\Michael\AppData\Roaming\inst.exe
2012-03-08 22:21 - 2012-03-08 22:21 - 0082816 ____A (VSO Software) C:\Users\Michael\AppData\Roaming\pcouffin.sys
2012-03-08 22:21 - 2012-03-08 22:21 - 0007859 ____A C:\Users\Michael\AppData\Roaming\pcouffin.cat
2012-03-08 22:21 - 2012-03-08 22:21 - 0001167 ____A C:\Users\Michael\AppData\Roaming\pcouffin.inf
2012-03-08 22:21 - 2012-03-08 22:21 - 0000033 ____A C:\Users\Michael\AppData\Roaming\pcouffin.log
2012-03-08 22:21 - 2012-03-08 22:21 - 0000000 ____D C:\Users\Michael\Documents\PcSetup
2012-03-08 22:21 - 2012-03-08 22:21 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Vso
2012-03-08 22:19 - 2012-03-01 21:35 - 0000000 ____D C:\Users\Michael\AppData\Local\Deployment
2012-03-08 22:18 - 2010-11-24 23:26 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-03-08 19:01 - 2011-06-27 13:21 - 1493504 __ASH C:\Users\Hunze\Documents\Thumbs.db
2012-03-07 13:06 - 2010-02-09 12:23 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\skypePM
2012-03-05 22:53 - 2012-05-01 23:07 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-05-01 23:07 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-05-01 23:07 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-04 20:35 - 2012-03-04 20:35 - 0010918 ____A C:\Users\Michael\Documents\Emma Lit Paper-Stephanie Wainaina.docx
2012-03-03 21:33 - 2012-03-03 21:33 - 0000000 ____D C:\Users\Michael\AppData\Local\PackageAware
2012-03-03 21:19 - 2012-03-01 21:33 - 0000000 ____D C:\Users\Michael\AppData\Local\VirtualStore
2012-03-03 10:52 - 2012-03-03 10:52 - 0000000 ____D C:\Users\Hunze\AppData\Local\{C323B6E8-8E6F-469D-AEDB-334A89323257}
2012-03-03 10:52 - 2012-03-03 10:51 - 0000000 ____D C:\Users\Hunze\AppData\Local\{8BD00593-4CC5-456E-898E-44202FE75B02}
2012-03-02 23:22 - 2012-03-02 23:22 - 0000000 ____D C:\Users\Michael\AppData\Local\Best Buy pc app
2012-03-02 19:17 - 2012-03-02 19:16 - 0077888 ____A C:\Users\Michael\Documents\InstallIMVU_469.0_st_c.exe
2012-03-02 13:13 - 2012-03-02 13:13 - 0000000 ____D C:\Users\Michael\AppData\Local\Apple Computer
2012-03-01 21:46 - 2012-03-01 21:45 - 0000000 ____D C:\Users\Hunze\AppData\Local\{28B860D8-54A7-4A4F-8A9C-E1FBE987E314}
2012-03-01 21:45 - 2012-03-01 21:45 - 0000000 ____D C:\Users\Hunze\AppData\Local\{AC093CD2-7FB6-4898-814F-A94325132981}
2012-03-01 21:36 - 2012-03-01 21:36 - 0013845 ____A C:\Users\Michael\Desktop\firefox.lnk
2012-03-01 21:36 - 2012-03-01 21:36 - 0000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
2012-03-01 21:35 - 2012-03-01 21:35 - 0000000 ____D C:\Users\Michael\AppData\Roaming\ATI
2012-03-01 21:35 - 2012-03-01 21:35 - 0000000 ____D C:\Users\Michael\AppData\Local\ATI
2012-03-01 21:35 - 2012-03-01 21:35 - 0000000 ____D C:\Users\Michael\AppData\Local\Apps\2.0
2012-03-01 21:34 - 2012-03-01 21:34 - 0112400 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-01 21:34 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Roxio
2012-03-01 21:34 - 2012-03-01 21:34 - 0000000 ____D C:\Users\Michael\AppData\Roaming\Leader Technologies
2012-03-01 21:34 - 2012-03-01 21:33 - 0000174 ___SH C:\Users\Michael\Start Menu\Programs\Startup\desktop.ini
2012-03-01 21:34 - 2012-03-01 21:33 - 0000174 ___SH C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-01 21:33 - 2012-03-01 21:33 - 0000020 ___SH C:\Users\Michael\ntuser.ini
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\Templates
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\Start Menu
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\PrintHood
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\NetHood
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\My Documents
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\Documents\My Videos
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\Documents\My Pictures
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\Documents\My Music
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\AppData\Local\Temporary Internet Files
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 __SHD C:\Users\Michael\AppData\Local\History
2012-03-01 21:33 - 2012-03-01 21:33 - 0000000 ____D C:\Users\Michael\AppData\Local\Symantec
2012-03-01 17:33 - 2012-03-01 17:32 - 0000000 ____D C:\Users\Hunze\AppData\Local\{085DFCAC-F8C4-4C59-BF61-A5F50C01F5AC}
2012-03-01 17:32 - 2012-03-01 17:32 - 0000000 ____D C:\Users\Hunze\AppData\Local\{F1581065-9E12-41D1-A145-8712613284FF}
2012-02-29 22:46 - 2012-05-01 23:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-05-01 23:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-05-01 23:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-05-01 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-05-01 23:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-05-01 23:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-05-01 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-05-01 23:09 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-05-01 23:09 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-05-01 23:09 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-05-01 23:09 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-05-01 23:09 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-05-01 23:09 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-05-01 23:09 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-05-01 23:09 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-05-01 23:09 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-05-01 23:09 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-05-01 23:09 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-05-01 23:09 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-05-01 23:09 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 21:11 - 2012-02-27 21:11 - 6065772 ____A C:\Users\Hunze\Downloads\Estelle - Thank You-[www_flvto_com] (1).mp3
2012-02-27 21:11 - 2012-02-27 21:11 - 6065772 ____A C:\Users\Hunze\Downloads\Estelle - Thank You.mp3
2012-02-27 21:10 - 2012-02-27 21:10 - 5520987 ____A C:\Users\Hunze\Downloads\Lil Wayne ft Bruno Mars - Mirror.mp3
2012-02-27 20:19 - 2012-02-27 20:19 - 0000000 ____D C:\Users\Hunze\AppData\Local\{36B16A74-BB21-446A-BEFC-B51D55636B24}
2012-02-27 20:19 - 2012-02-27 20:18 - 0000000 ____D C:\Users\Hunze\AppData\Local\{C22A30BB-AF7B-4692-9DD4-CE2A76BC25DA}
2012-02-27 18:54 - 2012-02-27 18:54 - 0000000 ____D C:\Users\Hunze\AppData\Local\{EFF460B4-9244-47E5-9243-DF594A0C4241}
2012-02-27 18:16 - 2012-02-27 18:16 - 5727275 ____A C:\Users\Hunze\Downloads\Safe and Sound - Taylor Swift ft The Civil Wars.mp3
2012-02-27 18:10 - 2012-02-27 18:10 - 0000000 ____D C:\Users\Hunze\AppData\Local\{152058D8-C8FE-4AA2-99AF-DCD90805C211}
2012-02-27 18:09 - 2012-02-27 18:08 - 0000000 ____D C:\Users\Hunze\AppData\Local\{3538AFE2-5CED-46B7-9411-59752E78058B}
2012-02-27 17:52 - 2012-05-01 23:09 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-05-01 23:09 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-05-01 23:09 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-05-01 23:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-05-01 23:09 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-05-01 23:09 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-05-01 23:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-05-01 23:09 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-05-01 23:09 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-05-01 23:09 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-05-01 23:09 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-05-01 23:09 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-05-01 23:09 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-25 05:59 - 2012-02-25 05:59 - 0000000 ____D C:\Users\Hunze\AppData\Local\{83A4DDFF-DB63-4B87-B7AF-ED56A5D2D4F1}
2012-02-25 05:26 - 2012-02-25 05:26 - 0000000 ____D C:\Users\Hunze\AppData\Local\{961F45EF-2354-45E0-A947-DC6F12D3C350}
2012-02-24 01:27 - 2012-02-24 01:27 - 0000000 ____D C:\Users\Hunze\AppData\Local\{DEFFB900-F8A8-4A25-8D5B-8C1FE0A60ACF}
2012-02-24 01:27 - 2012-02-24 01:27 - 0000000 ____D C:\Users\Hunze\AppData\Local\{BDA6ABBB-E28A-484D-A1E9-F77607BD767A}
2012-02-23 23:18 - 2012-02-23 23:18 - 4191904 ____A (Adobe Systems Incorporated) C:\Users\Hunze\Downloads\flashplayer11-2_p5_install_win_pi32_013112.exe
2012-02-23 23:18 - 2012-02-23 23:18 - 4191904 ____A (Adobe Systems Incorporated) C:\Users\Hunze\Downloads\flashplayer11-2_p5_install_win_pi32_013112 (1).exe
2012-02-23 06:18 - 2010-04-11 16:23 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 20:40 - 2012-02-21 20:40 - 15792320 ____A (Mozilla) C:\Users\Hunze\Downloads\Firefox Setup 10.0.2.exe
2012-02-17 19:21 - 2012-02-17 14:47 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\Apple Computer
2012-02-17 14:47 - 2012-02-17 14:47 - 0000000 ____D C:\Users\Hunze\AppData\Local\Apple Computer
2012-02-17 14:44 - 2012-02-17 14:44 - 0000000 ____D C:\Users\Hunze\AppData\Local\Apple
2012-02-17 14:40 - 2012-02-17 14:39 - 71279472 ____A (Apple Inc.) C:\Users\Hunze\Downloads\iTunes64Setup.exe
2012-02-17 03:48 - 2012-02-17 03:48 - 0000000 ____D C:\Users\Hunze\AppData\Local\{F3A10DD3-845A-4B9F-9F82-6DA7B4045C59}
2012-02-17 03:48 - 2012-02-17 03:47 - 0000000 ____D C:\Users\Hunze\AppData\Local\{BEC9F774-52DF-4311-B873-674029B1684A}
2012-02-17 03:45 - 2010-02-09 11:03 - 0000174 ___SH C:\Users\Hunze\Start Menu\Programs\Startup\desktop.ini
2012-02-17 03:45 - 2010-02-09 11:03 - 0000174 ___SH C:\Users\Hunze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 22:38 - 2012-03-13 15:06 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 15:06 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 15:06 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 15:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 10:12 - 2012-02-10 16:39 - 0000593 ____A C:\Users\Michael\Documents\fall 2012 womenswear.txt
2012-02-15 07:01 - 2012-02-15 07:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 07:01 - 2012-02-15 07:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-10 18:16 - 2012-02-10 18:15 - 0000000 ____D C:\Users\Hunze\AppData\Local\{B9AFB3DC-861F-4609-B7A9-2464DC6B154D}
2012-02-10 18:15 - 2012-02-10 18:15 - 0000000 ____D C:\Users\Hunze\AppData\Local\{67D6CC6C-3C61-4B10-AED5-42599F5922ED}
2012-02-10 08:39 - 2010-02-09 11:02 - 0112400 ____A C:\Users\Hunze\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-09 22:36 - 2012-03-13 15:07 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 15:07 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 19:08 - 2012-02-09 19:08 - 0078432 ____A C:\Users\Hunze\Downloads\tagettes.zip
2012-02-09 18:59 - 2012-02-09 18:59 - 0036079 ____A C:\Users\Hunze\Downloads\jane_austen.zip
2012-02-09 18:55 - 2012-02-09 18:55 - 0041966 ____A C:\Users\Hunze\Downloads\vtc_bad_tattoo_hand_one.zip
2012-02-09 18:55 - 2012-02-09 18:54 - 0000000 ____D C:\Users\Hunze\AppData\Roaming\WinRAR
2012-02-09 18:52 - 2012-02-09 18:52 - 1506149 ____A C:\Users\Hunze\Downloads\wrar410.exe
2012-02-09 18:34 - 2012-02-09 18:33 - 54703432 ____A C:\Users\Hunze\Downloads\winzip160 (1).exe
2012-02-09 18:25 - 2012-02-09 18:25 - 54703432 ____A C:\Users\Hunze\Downloads\winzip160.exe
2012-02-09 17:00 - 2012-02-09 17:00 - 0493520 ____A (Facebook Inc.) C:\Users\Hunze\Downloads\FacebookVideoCallSetup_v1.2.203.0 (1).exe
2012-02-08 20:00 - 2012-02-08 20:00 - 0000000 ____D C:\Users\Hunze\AppData\Local\{1560D2DA-E4E0-4743-88E1-CA8E16B60ED4}
2012-02-08 19:59 - 2012-02-08 19:59 - 0000000 ____D C:\Users\Hunze\AppData\Local\{A766E43A-AA0A-4B33-A82E-EE282240BFFC}
2012-02-07 18:18 - 2012-02-07 18:18 - 0000000 ____D C:\Users\Hunze\AppData\Local\{C6AF0E4D-2D78-47B7-BC0C-C67CA7533A60}
2012-02-07 18:18 - 2012-02-07 18:18 - 0000000 ____D C:\Users\Hunze\AppData\Local\{A3ABDEDD-E32C-42FA-BF31-FE7785F3A46D}
2012-02-07 18:00 - 2012-02-07 18:00 - 0000000 ____D C:\Users\Hunze\AppData\Local\{CEC069A7-CAC5-45E7-A024-A5C15D0151E1}
2012-02-07 18:00 - 2012-02-07 18:00 - 0000000 ____D C:\Users\Hunze\AppData\Local\{5B28E131-3425-4CEA-8C9F-EB3978FAD3BD}
2012-02-07 07:02 - 2012-02-07 07:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-06 16:46 - 2012-02-06 16:46 - 0560492 ____A C:\Users\Hunze\Downloads\Sales_Order_1261939.pdf
2012-02-05 10:41 - 2012-02-05 08:27 - 0019688 ____A C:\Users\Hunze\Documents\HLTH400-UNIT1IP.docx
2012-02-05 09:07 - 2012-01-31 17:16 - 0024345 ____A C:\Users\Hunze\Documents\HLTH400-UNIT2IP.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3838.36 MB
Available physical RAM: 3139.63 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3130.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:453.93 GB) (Free:355.73 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:4.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (May 04 2012) (CDROM) (Total:4.38 GB) (Free:4.24 GB) UDF
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 453 GB 11 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 453 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-29 13:04

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 04 May 2012 - 09:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM

File::
C:\Windows\system32\afd.dll
C:\Windows\system32\TICalc.dll
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 06 May 2012 - 11:50 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 StainedChrome

StainedChrome
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 07 May 2012 - 11:29 AM

I'm sorry, its been a really busy week/weekend. Once again, thankyou for being patient.

So far we haven't had any problems that we can see, the computer seems to be running smoother and a bit faster, but not much has(visually) changed.

ComboFix 12-05-07.02 - Hunze 05/07/2012 11:43:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2255 [GMT -4:00]
Running from: c:\users\Hunze\Downloads\ComboFix.exe
Command switches used :: c:\users\Hunze\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\afd.dll"
"c:\windows\system32\TICalc.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\2232.tmp.dat
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-2942420572-1164936296-241836748-1000\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-2942420572-1164936296-241836748-1003\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 16:20 . 2012-05-07 16:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 16:20 . 2012-05-07 16:20 -------- d-----w- c:\users\Gem\AppData\Local\temp
2012-05-07 16:20 . 2012-05-07 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 01:24 . 2012-05-05 01:26 -------- d-----w- C:\FRST
2012-05-04 13:11 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D12BA5B-8849-4B5B-AC43-A07633546F9C}\mpengine.dll
2012-05-03 20:52 . 2012-05-06 15:21 -------- d-----w- c:\users\Michael\AppData\Roaming\IMVU
2012-05-02 07:07 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 07:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-02 07:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-02 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-02 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-02 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-02 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-02 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-02 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-01 02:09 . 2012-05-07 16:20 -------- d-----w- c:\users\Michael\AppData\Local\temp
2012-04-27 07:24 . 2012-04-27 07:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-27 07:24 . 2012-04-27 07:24 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 07:24 . 2012-04-27 07:24 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-26 23:21 . 2012-04-26 23:22 -------- d-----w- c:\users\Michael\AppData\Local\Microsoft Games
2012-04-23 21:29 . 2012-05-04 20:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-23 21:29 . 2012-05-04 20:51 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-21 04:00 . 2012-04-23 06:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-17 21:29 . 2012-04-28 04:09 -------- d-----w- c:\users\Michael\AppData\Roaming\skypePM
2012-04-17 21:28 . 2012-04-28 07:25 -------- d-----w- c:\users\Michael\AppData\Roaming\Skype
2012-04-08 02:51 . 2012-04-08 02:51 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:51 . 2012-04-05 22:47 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-23 13:45 . 2011-12-12 22:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2012-04-03 17:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 00:06 . 2012-04-03 15:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-03 20:26 . 2012-04-03 20:26 101888 ----a-w- c:\windows\system32\compgMgr64.dll
2012-03-09 06:21 . 2012-03-09 06:21 99384 ----a-w- c:\users\Michael\AppData\Roaming\inst.exe
2012-03-09 06:21 . 2012-03-09 06:21 82816 ----a-w- c:\users\Michael\AppData\Roaming\pcouffin.sys
2012-02-23 14:18 . 2010-04-12 00:23 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 23:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 23:07 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-01_02.00.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-02 07:09 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-02-17 08:25 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-05-02 07:09 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-02-17 08:25 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-05-02 07:09 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-02-17 08:25 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-10-29 20:15 . 2012-05-04 21:32 62024 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-04 21:32 57550 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-11 00:27 . 2012-05-04 21:32 22140 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2942420572-1164936296-241836748-1000_UserData.bin
- 2012-02-17 08:25 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
+ 2012-05-02 07:09 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll
- 2012-02-17 08:25 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-05-02 07:09 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-02-17 08:25 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
+ 2012-05-02 07:09 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2010-01-11 12:13 . 2012-05-04 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 12:13 . 2012-05-01 01:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 12:13 . 2012-05-01 01:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 12:13 . 2012-05-04 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-01 01:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-03 23:59 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-04-05 12:19 . 2012-04-05 12:19 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 98152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 98152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-05-02 07:02 . 2012-05-02 07:02 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-05-02 07:02 . 2012-05-02 07:02 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2010-08-20 16:04 . 2012-05-02 07:12 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 26464 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WkBoLink.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 26464 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WkBoLink.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 25214 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\MSWorks.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 25214 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\MSWorks.exe
+ 2011-04-22 12:00 . 2012-05-02 07:28 3438 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-03 07:22 . 2012-05-03 23:53 5670 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2942420572-1164936296-241836748-1003_UserData.bin
- 2012-05-01 02:00 . 2012-05-01 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 21:28 . 2012-05-04 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 21:28 . 2012-05-04 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-01 02:00 . 2012-05-01 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-17 08:25 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
+ 2012-05-02 07:09 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
+ 2012-05-04 20:51 . 2012-05-04 20:51 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-04 20:00 . 2012-05-04 20:00 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-04 20:00 . 2012-05-04 20:00 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-23 21:29 . 2012-05-04 20:51 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-02 07:09 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-17 08:25 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-17 08:25 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-05-02 07:09 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2009-07-14 04:54 . 2012-05-04 20:51 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-23 09:39 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-26 12:34 . 2012-05-06 14:34 312846 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-02-13 13:19 . 2012-05-07 16:19 244590 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-02-17 08:25 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2012-05-02 07:09 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-04-05 12:19 660546 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-02 07:02 660546 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-05 12:19 121442 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-02 07:02 121442 c:\windows\system32\perfc009.dat
+ 2012-05-04 20:51 . 2012-05-04 20:51 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2012-05-04 20:00 . 2012-05-04 20:00 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-04 20:00 . 2012-05-04 20:00 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
- 2012-02-17 08:25 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
+ 2012-05-02 07:09 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-05-02 07:09 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
- 2012-02-17 08:25 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 05:01 . 2012-05-04 21:12 405452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-03 01:27 405452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-09 19:36 . 2012-04-03 01:27 527736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942420572-1164936296-241836748-1003-8192.dat
+ 2012-03-09 19:36 . 2012-05-02 07:28 527736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942420572-1164936296-241836748-1003-8192.dat
- 2012-04-05 12:19 . 2012-04-05 12:19 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 326000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 326000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 175992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 175992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 810352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 810352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-20 16:04 . 2012-05-02 07:12 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 709984 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 709984 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 947552 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 947552 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 722272 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 722272 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe
+ 2012-05-02 07:07 . 2012-05-02 07:07 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\5a490156ae434d704b39404e9647f08f\System.Web.DataVisualization.Design.ni.dll
+ 2012-05-02 07:10 . 2012-05-02 07:10 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\e0738a758f95ad36a1ca4ea4fe014383\System.Web.DataVisualization.Design.ni.dll
+ 2012-05-02 07:09 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
- 2012-02-17 08:25 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-05-02 07:09 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
- 2012-02-17 08:25 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-05-04 20:51 . 2012-05-04 20:51 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2012-05-02 07:09 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
+ 2012-05-02 07:09 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
- 2012-02-17 08:25 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-05-02 07:09 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 04:54 . 2012-04-23 09:39 2998272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 20:51 2998272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 09:39 3227648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 20:51 3227648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-02 07:09 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
- 2012-02-17 08:25 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-05-02 07:09 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
- 2012-02-17 08:25 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-05-02 07:09 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
- 2012-02-17 08:25 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
+ 2012-05-02 07:09 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-05-02 07:32 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-26 02:07 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-03-31 12:02 . 2012-05-04 21:12 5087592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942420572-1164936296-241836748-1000-8192.dat
+ 2011-04-28 15:06 . 2011-04-28 15:06 1749880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll
+ 2011-04-28 15:06 . 2011-04-28 15:06 1749880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 5097816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 5097816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 1069936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 1069936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 5200656 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 5200656 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-05 12:19 . 2012-04-05 12:19 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-02 07:02 . 2012-05-02 07:02 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-03-27 04:28 . 2012-03-27 04:28 5009920 c:\windows\Installer\63a416a.msp
+ 2012-02-22 19:17 . 2012-02-22 19:17 2221568 c:\windows\Installer\63a4155.msp
+ 2012-03-23 18:59 . 2012-03-23 18:59 7899648 c:\windows\Installer\63a4136.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 1169920 c:\windows\Installer\63a4111.msp
+ 2011-04-28 21:35 . 2011-04-28 21:35 1375744 c:\windows\Installer\63a40fc.msp
- 2010-08-20 16:04 . 2012-04-04 07:10 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-08-20 16:04 . 2012-04-04 07:10 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-08-20 16:04 . 2012-05-02 07:12 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-12 06:31 . 2012-05-02 07:10 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-12 06:31 . 2012-04-04 07:11 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 1099104 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksSb.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 1099104 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksSb.exe
- 2010-01-11 12:26 . 2010-12-16 11:50 1242464 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe
+ 2010-01-11 12:26 . 2012-05-02 07:12 1242464 c:\windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe
+ 2012-05-02 07:07 . 2012-05-02 07:07 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\f119a8e910ca7aee618c10112191db26\System.Web.DataVisualization.ni.dll
+ 2012-05-02 07:10 . 2012-05-02 07:10 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\b18af03d37654b9593c660d0ba6968c6\System.Web.DataVisualization.ni.dll
+ 2012-05-02 07:09 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-05-02 07:28 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-15 16:54 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-05-02 07:09 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
+ 2010-02-14 20:54 . 2012-05-02 07:03 57249312 c:\windows\system32\MRT.exe
+ 2012-05-04 20:51 . 2012-05-04 20:51 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
+ 2012-05-02 07:09 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Hunze\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2012-01-15 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2012-01-15 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2012-01-15 347008]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2008-12-24 1540288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-29 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-1 113664]
Winter Fun Wallpaper Changer.lnk - c:\windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe [2010-2-12 14336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-11-19 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axsefda]
2012-04-04 00:04 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\axsefda.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 20:51]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000Core.job
- c:\users\Hunze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 13:06]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1000UA.job
- c:\users\Hunze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 13:06]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:22]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942420572-1164936296-241836748-1003UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360210n6b6l0450z1l5a4471x537
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Hunze\AppData\Roaming\Mozilla\Firefox\Profiles\5wo1f2en.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B481db4e8-ab8b-4a4b-bded-42dca2771b60%7D&mid=2618f527b0bb331c9c4f47f55e3051bc-5827e324dcf75e7ce8801804d7a08db77e7aa671&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-11-25%2011%3A20%3A57&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,
35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,
62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5b,4c,94,96,bd,fd,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,91,3c,5f,8a,a2,77,48,ae,04,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,91,3c,5f,8a,a2,77,48,ae,04,fd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-07 12:25:18
ComboFix-quarantined-files.txt 2012-05-07 16:25
ComboFix2.txt 2012-05-01 02:09
.
Pre-Run: 382,514,475,008 bytes free
Post-Run: 389,651,542,016 bytes free
.
- - End Of File - - 036D380BD383D144D3FF773FB9C5EA3C

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 07 May 2012 - 12:24 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Ask Toolbar Updater
J2SE Runtime Environment 5.0 Update 17
Java™ 6 Update 31
Little Registry Cleaner
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users