Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection of multiple trojans/rootkits


  • This topic is locked This topic is locked
32 replies to this topic

#1 dimesquay

dimesquay

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 May 2012 - 10:14 PM

I ran a scan using Avast and multiple infections were found which cannot be repaired/moved to chest using the program so I was looking for some help to remove them from my system.

I am running Windows Vista Home 64bit.

The following are the infections that were unable to be fixed using Avast:

Win64:ZAccess-E
MSIL:Adware-A
Win32:Crypt-MOT
Win32:Medfos-E


Thanks for the help in advance.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:08 PM

Posted 09 May 2012 - 10:23 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 09 May 2012 - 11:18 PM

Scan results:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 23:24:56
-----------------------------
23:24:56.663 OS Version: Windows x64 6.0.6002 Service Pack 2
23:24:56.664 Number of processors: 2 586 0x1706
23:24:56.664 ComputerName: xxx UserName: xxx
23:24:57.866 Initialize success
23:24:58.665 AVAST engine defs: 12050901
23:26:09.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
23:26:09.701 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
23:26:09.720 Disk 0 MBR read successfully
23:26:09.724 Disk 0 MBR scan
23:26:09.728 Disk 0 Windows VISTA default MBR code
23:26:09.731 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:26:09.760 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
23:26:09.776 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290205 MB offset 30800325
23:26:09.798 Disk 0 scanning C:\Windows\system32\drivers
23:26:24.155 Service scanning
23:26:42.971 Modules scanning
23:26:42.980 Disk 0 trace - called modules:
23:26:43.009 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
23:26:43.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80053b0790]
23:26:43.022 3 CLASSPNP.SYS[fffffa6000bd5c33] -> nt!IofCallDriver -> [0xfffffa8005196340]
23:26:43.029 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8005196850]
23:26:43.622 AVAST engine scan C:\Windows
23:27:04.033 AVAST engine scan C:\Windows\system32
23:28:41.270 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
23:28:43.895 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
23:29:40.460 File: C:\Windows\assembly\temp\U\00000002.@ **INFECTED** Win32:BitCoinMiner-R [Trj]
23:29:41.579 AVAST engine scan C:\Windows\system32\drivers
23:29:52.276 AVAST engine scan C:\Users\xxx
23:58:25.488 AVAST engine scan C:\ProgramData
00:02:12.810 Scan finished successfully
00:15:26.387 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Documents\MBR.dat"
00:15:26.395 The log file has been saved successfully to "C:\Users\xxx\Documents\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:08 PM

Posted 09 May 2012 - 11:22 PM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Run aswmbr once again and post the new log

good luck

Edited by narenxp, 09 May 2012 - 11:22 PM.


#5 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 10 May 2012 - 02:26 PM

ESET found threats:

C:\ProgramData\L5ihCGnY.exe a variant of Win32/Kryptik.AFAM trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\xxx\AppData\Local\MSoft\VerCheck\VerCheck.exe a variant of MSIL/Adware.SanctionedMedia.A application cleaned by deleting - quarantined
C:\Users\xxx\AppData\Local\Temp\mnwceroaxs.exe a variant of MSIL/Kryptik.BE trojan cleaned by deleting - quarantined
C:\Users\xxx\AppData\Local\Temp\NOD862B.tmp a variant of Win32/Kryptik.AFAM trojan cleaned by deleting - quarantined
C:\Users\xxx\AppData\Local\Temp\riple.dll a variant of Win32/Medfos.L trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Windows\system64\napagent.dll Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#6 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 10 May 2012 - 02:28 PM

Avast log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 14:28:38
-----------------------------
14:28:38.030 OS Version: Windows x64 6.0.6002 Service Pack 2
14:28:38.031 Number of processors: 2 586 0x1706
14:28:38.031 ComputerName: xxx UserName: xxx
14:28:40.668 Initialize success
14:41:23.668 AVAST engine defs: 12051000
14:44:24.846 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
14:44:24.850 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
14:44:24.863 Disk 0 MBR read successfully
14:44:24.866 Disk 0 MBR scan
14:44:24.871 Disk 0 Windows VISTA default MBR code
14:44:24.874 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:44:24.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
14:44:24.902 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290205 MB offset 30800325
14:44:24.927 Disk 0 scanning C:\Windows\system32\drivers
14:44:37.401 Service scanning
14:45:04.551 Modules scanning
14:45:04.559 Disk 0 trace - called modules:
14:45:04.618 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
14:45:04.961 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800535f1b0]
14:45:04.967 3 CLASSPNP.SYS[fffffa6001209c33] -> nt!IofCallDriver -> [0xfffffa80051c5e40]
14:45:04.972 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80051c0060]
14:45:06.425 AVAST engine scan C:\Windows
14:45:30.855 AVAST engine scan C:\Windows\system32
14:48:05.281 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
14:48:08.185 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
14:49:39.063 AVAST engine scan C:\Windows\system32\drivers
14:50:00.476 AVAST engine scan C:\Users\xxx
14:55:05.841 File: C:\Users\xxx\AppData\Local\Temp\detpe.dll **INFECTED** Win32:Crypt-MOT [Trj]
14:55:19.774 File: C:\Users\xxx\AppData\Local\Temp\NODB121.tmp **INFECTED** Win32:Medfos-E [Trj]
14:55:19.863 File: C:\Users\xxx\AppData\Local\Temp\NODC4C2.tmp **INFECTED** Win64:ZAccess-E [Rtk]
15:18:48.611 AVAST engine scan C:\ProgramData
15:23:11.517 Scan finished successfully
15:24:41.572 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
15:24:41.647 The log file has been saved successfully to "C:\Users\xxx\Desktop\avastlog2.txt"

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:08 PM

Posted 10 May 2012 - 03:32 PM

We need advanced tools to remove this one.

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#8 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 10 May 2012 - 03:48 PM

After running the scans requested the computer rebooted itself and was unable to startup Windows so it entered into the startup repair tool but was still unable to fix itself and start up windows.

Is there a way I can get it to startup again so that I can run the DDS and GMER programs as specified in the preparation guide

Thanks for your help.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:08 PM

Posted 10 May 2012 - 04:10 PM

This can be easily fixed.Let me ask someone to help you

good luck

#10 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 10 May 2012 - 05:33 PM

Thanks for your help. Should I post anywhere else just yet or sit tight and wait in this thread?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:08 PM

Posted 10 May 2012 - 06:01 PM

No need,You will get a reply here.

good luck

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:08 PM

Posted 11 May 2012 - 12:37 AM

Hello dimesquay and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

You're infected with an infection known as ZeroAccess or Sirefef.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:
Special thanks to quietman7 for providing the above information.


NEXT:


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running FRST

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. FRST log file.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 11 May 2012 - 12:16 PM

1. Thanks so much for helping me out with this ST, much appreciated.

2. FRST log:

Scan result of Farbar Recovery Scan Tool Version: 11-05-2012
Ran by SYSTEM at 11-05-2012 13:05:42
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-11] (Synaptics, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15871520 2009-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2009-04-28] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2008-12-17] (Creative Technology Ltd.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2304904 2009-01-07] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-29] (IDT, Inc.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [237693 2008-12-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe" [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\xxx\...\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [x]
HKU\xxx\...\Run: [Facebook Update] "C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-10-19] (Facebook Inc.)
HKU\xxx\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\xxx\...\Winlogon: [Shell] EXPLORER.EXE
HKU\RA Media Server\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAWgBZAEYAOAAtAEMASwA3AFEARwAtADkAVQBCAFUAUgAtADcAUwBVAEwAUwAtADQANABLAFIAMgA"&"inst=NwA3AC0ANAAxADIAOQAxADMAMgAzADgALQBYAEwAKwAxAC0AVAA1AC0ARgBQADkAMgArADYALQBOADEARgArADEALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADUAMwAwADAAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARABUACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEYAVQBJACsAMgA"&"prod=90"&"ver=9.0.894 [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [89600 2009-03-29] (Andrea Electronics Corporation)
2 Apache2.2; "C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe" -k runservice [15872 2007-09-21] (Apache Software Foundation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [795176 2008-06-05] (Broadcom Corporation.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-04] (Creative Technology Ltd)
4 dlcg_device; C:\Windows\system32\dlcgcoms.exe -service [566152 2006-12-07] ( )
4 dlcg_device; C:\Windows\SysWow64\dlcgcoms.exe -service [537480 2006-12-07] ( )
4 dsl-db; "C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe" "--defaults-file=C:\Program Files (x86)\Common Files\Dell\MySQL\my.ini" dsl-db [9560 2009-12-12] ()
4 dsl-fs-sync; "C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe" [189680 2009-04-13] (SingleClick Systems)
2 gupdate1ca2388b140f870; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-08-22] (Google Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [69632 2005-11-13] (Macrovision Corporation)
4 LicCtrlService; C:\Windows\runservice.exe [2560 2009-11-02] ()
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
2 rpcnet; C:\Windows\SysWOW64\rpcnet.exe [58288 2012-04-12] (Absolute Software Corp.)
3 SCardSvr; C:\Windows\SysWow64\SCardSvr.dll [95232 2009-04-10] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe [268288 2009-03-29] (IDT, Inc.)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 vvdsvc; C:\Windows\SysWow64\Nagasoft\vjocx.dll [1695368 2009-09-23] (NanJing Nagasoft Co, LTD.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [3051520 2008-12-21] (Dell Inc.)
4 hnmsvc; "c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [43864 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 itecir; C:\Windows\System32\Drivers\itecir.sys [67104 2010-03-08] (ITE Tech. Inc. )
3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx64.sys [1495456 2008-10-26] (NVIDIA Corporation)
3 nvsmu; C:\Windows\System32\Drivers\nvsmu.sys [28192 2009-03-17] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\Drivers\nvstor64.sys [170528 2009-03-17] (NVIDIA Corporation)
3 OA001Ufd; C:\Windows\System32\Drivers\OA001Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
3 OA001Vid; C:\Windows\System32\Drivers\OA001Vid.sys [319840 2009-03-08] (Creative Technology Ltd.)
2 Packet; C:\Windows\System32\Drivers\Packet.sys [29184 2008-06-18] (SingleClick Systems)
2 Packet; C:\Windows\SysWow64\Drivers\Packet.sys [22016 2008-06-17] (SingleClick Systems)
3 Point64; C:\Windows\System32\DRIVERS\point64k.sys [33160 2008-12-19] (Microsoft Corporation)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [2488320 2006-11-01] (ATI Technologies Inc.)
1 SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [55040 2007-07-26] ()
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: atmeltpm
NETSVCx32: Themes

============ One Month Created Files and Folders ==============

2012-05-10 11:24 - 2012-05-10 11:32 - 0002502 ____A C:\Users\xxx\Desktop\avastlog2.txt
2012-05-10 11:24 - 2012-05-10 11:24 - 0000512 ____A C:\Users\xxx\Desktop\MBR.dat
2012-05-10 10:26 - 2012-05-10 11:32 - 0000914 ____A C:\Users\xxx\Desktop\ESETSCAN.txt
2012-05-09 20:25 - 2012-05-09 20:25 - 2322184 ____A (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe
2012-05-09 20:25 - 2012-05-09 20:25 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-09 20:15 - 2012-05-09 20:29 - 0002293 ____A C:\Users\xxx\My Documents\aswMBR.txt
2012-05-09 20:15 - 2012-05-09 20:29 - 0002293 ____A C:\Users\xxx\Documents\aswMBR.txt
2012-05-09 20:15 - 2012-05-09 20:15 - 0000512 ____A C:\Users\xxx\My Documents\MBR.dat
2012-05-09 20:15 - 2012-05-09 20:15 - 0000512 ____A C:\Users\xxx\Documents\MBR.dat
2012-05-09 19:24 - 2012-05-09 19:24 - 4731392 ____A (AVAST Software) C:\Users\xxx\Downloads\aswMBR.exe
2012-05-09 18:42 - 2012-05-09 18:42 - 2055783 ____A C:\Users\xxx\Downloads\tdsskiller.zip
2012-05-09 10:19 - 2012-05-09 10:19 - 0572494 ____A C:\Users\xxx\Local Settings\dd_vcredistMSI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0572494 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0572494 ____A C:\Users\xxx\AppData\Local\dd_vcredistMSI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0012384 ____A C:\Users\xxx\Local Settings\dd_vcredistUI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0012384 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistUI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0012384 ____A C:\Users\xxx\AppData\Local\dd_vcredistUI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-09 10:19 - 2012-05-09 10:19 - 0001787 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-05-09 10:19 - 2012-05-09 10:19 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-09 10:19 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-05-09 10:19 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-05-09 10:19 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-05-09 10:19 - 2012-03-06 15:02 - 0043864 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-05-09 10:19 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-05-09 10:19 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-05-09 10:19 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-05-09 10:18 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-05-09 10:18 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-05-09 10:04 - 2012-05-09 10:05 - 0618278 ____A C:\Windows\dd_vcredistMSI7D83.txt
2012-05-09 10:04 - 2012-05-09 10:05 - 0012360 ____A C:\Windows\dd_vcredistUI7D83.txt
2012-05-08 21:04 - 2012-05-08 21:05 - 0574200 ____A C:\Users\xxx\Local Settings\dd_vcredistMSI288C.txt
2012-05-08 21:04 - 2012-05-08 21:05 - 0574200 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI288C.txt
2012-05-08 21:04 - 2012-05-08 21:05 - 0574200 ____A C:\Users\xxx\AppData\Local\dd_vcredistMSI288C.txt
2012-05-08 21:04 - 2012-05-08 21:05 - 0012460 ____A C:\Users\xxx\Local Settings\dd_vcredistUI288C.txt
2012-05-08 21:04 - 2012-05-08 21:05 - 0012460 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistUI288C.txt
2012-05-08 21:04 - 2012-05-08 21:05 - 0012460 ____A C:\Users\xxx\AppData\Local\dd_vcredistUI288C.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0572890 ____A C:\Users\xxx\Local Settings\dd_vcredistMSI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0572890 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0572890 ____A C:\Users\xxx\AppData\Local\dd_vcredistMSI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0012400 ____A C:\Users\xxx\Local Settings\dd_vcredistUI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0012400 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistUI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0012400 ____A C:\Users\xxx\AppData\Local\dd_vcredistUI24F3.txt
2012-05-08 15:24 - 2012-05-09 10:18 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-08 15:24 - 2012-05-09 10:18 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-05-08 15:24 - 2012-05-09 10:18 - 0000000 ____D C:\ProgramData\AVAST Software
2012-05-08 15:24 - 2012-05-09 10:18 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-08 15:22 - 2012-05-08 15:23 - 74761776 ____A C:\Users\xxx\Downloads\avast_free_antivirus_setup.exe
2012-05-08 15:18 - 2012-05-08 15:18 - 3877872 ____A (AVG Technologies) C:\Users\xxx\Downloads\avg_free_stb_all_2012_2171_cnet.exe
2012-05-08 08:42 - 2012-05-09 19:00 - 0000342 ____A C:\Windows\Tasks\At48.job
2012-05-08 08:42 - 2012-05-09 18:00 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-05-08 08:42 - 2012-05-09 17:00 - 0000342 ____A C:\Windows\Tasks\At46.job
2012-05-08 08:42 - 2012-05-09 16:00 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-05-08 08:42 - 2012-05-09 15:00 - 0000342 ____A C:\Windows\Tasks\At44.job
2012-05-08 08:42 - 2012-05-09 14:00 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-05-08 08:42 - 2012-05-09 13:00 - 0000342 ____A C:\Windows\Tasks\At42.job
2012-05-08 08:42 - 2012-05-09 12:00 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-05-08 08:42 - 2012-05-09 11:00 - 0000342 ____A C:\Windows\Tasks\At40.job
2012-05-08 08:42 - 2012-05-09 10:00 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At36.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At34.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At32.job
2012-05-08 08:42 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-05-08 08:42 - 2012-05-08 09:03 - 0000342 ____A C:\Windows\Tasks\At38.job
2012-05-08 08:41 - 2012-05-09 23:00 - 0000342 ____A C:\Windows\Tasks\At28.job
2012-05-08 08:41 - 2012-05-09 22:00 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-05-08 08:41 - 2012-05-09 21:00 - 0000342 ____A C:\Windows\Tasks\At26.job
2012-05-08 08:41 - 2012-05-09 20:34 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-05-08 08:41 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At30.job
2012-05-08 08:41 - 2012-05-08 12:20 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-05-08 08:31 - 2012-05-08 08:31 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-07 08:12 - 2012-05-07 08:12 - 0000387 ____A C:\Users\xxx\Downloads\temp_file-[The.Big.Bang.Theory.S05E22.480p.HDTV.x264-mSD.mkv][vidhog].xspf
2012-05-06 18:43 - 2012-05-06 18:42 - 0000299 ____A C:\Users\xxx\Downloads\temp_file-[video.avi][sharebees].xspf
2012-05-06 18:40 - 2012-05-06 18:39 - 0000370 ____A C:\Users\xxx\Downloads\temp_file-[ice-This.Means.War.2012.DVDRip.x264-scOrp.mkv][180upload].xspf
2012-05-06 18:39 - 2012-05-06 18:39 - 0000330 ____A C:\Users\xxx\Downloads\temp_file-[This.Means.War.2012._.x264-scOrp.mkv][movreel].xspf
2012-05-06 18:38 - 2012-05-06 18:38 - 0000242 ____A C:\Users\xxx\Downloads\temp_file-[zpakn1m6wjwa][jumbofiles].xspf
2012-05-06 14:02 - 2012-05-06 14:02 - 0000241 ____A C:\Users\xxx\Downloads\temp_file-[m17fi6wibmjc][uploadorb].xspf
2012-05-04 23:04 - 2012-05-04 23:04 - 0619860 ____A C:\Windows\dd_vcredistMSI4BA5.txt
2012-05-04 23:04 - 2012-05-04 23:04 - 0013388 ____A C:\Windows\dd_vcredistUI4BA5.txt
2012-05-03 23:02 - 2012-05-03 23:02 - 0619562 ____A C:\Windows\dd_vcredistMSI7BDE.txt
2012-05-03 23:02 - 2012-05-03 23:02 - 0012420 ____A C:\Windows\dd_vcredistUI7BDE.txt
2012-05-01 16:39 - 2012-05-01 18:40 - 0000000 ____D C:\Users\xxx\Downloads\Mad.Men.S04.BDRip.XviD-REWARD
2012-05-01 16:38 - 2012-05-01 16:38 - 0012734 ____A C:\Users\xxx\Downloads\Mad_Men_Season_4_HDTV_+-Demonoid.me-+_8697461.222.torrent
2012-05-01 16:37 - 2012-05-01 16:36 - 0012934 ____A C:\Users\xxx\Downloads\Mad_Men_Season_4_Complete_BDrip_Reward-_=Demonoid.me=__8697461.222.torrent
2012-05-01 13:09 - 2012-05-01 15:36 - 0000000 ____D C:\Users\xxx\Downloads\Mad Men S03 DVDrip-Reward
2012-05-01 13:05 - 2012-05-01 13:05 - 0038622 ____A C:\Users\xxx\Downloads\Mad_Men_Season_3_Complete_DVD_Rip_-Demonoid.me-__8697461.222.torrent
2012-05-01 13:04 - 2012-05-01 13:04 - 0024070 ____A C:\Users\xxx\Downloads\-_Demonoid.me_-Mad_Men_Season_3_Complete_DVDrip_Reward_8697461.222.torrent
2012-05-01 05:03 - 2012-05-01 05:03 - 0618364 ____A C:\Windows\dd_vcredistMSI25D1.txt
2012-05-01 05:03 - 2012-05-01 05:03 - 0012372 ____A C:\Windows\dd_vcredistUI25D1.txt
2012-04-29 21:16 - 2012-04-29 21:16 - 0000353 ____A C:\Users\xxx\Downloads\temp_file-[mad.men.s02e01.dvdrip.xvid-reward.avi].xspf
2012-04-29 20:40 - 2012-04-29 20:42 - 3175832 ____A (Microsoft Corporation) C:\Users\xxx\Desktop\vcredist_x64.EXE
2012-04-29 20:16 - 2012-04-29 20:16 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-29 20:16 - 2012-04-29 20:16 - 0001696 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-29 20:15 - 2012-04-29 20:16 - 0000000 ____D C:\Program Files\iTunes
2012-04-29 20:15 - 2012-04-29 20:16 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-29 20:15 - 2012-04-29 20:15 - 0000000 ____D C:\Program Files\iPod
2012-04-29 20:04 - 2012-04-29 20:05 - 76763504 ____A (Apple Inc.) C:\Users\xxx\Downloads\iTunes64Setup.exe
2012-04-29 19:48 - 2012-04-29 22:46 - 0000000 ____D C:\Users\xxx\Downloads\Mad Men - Season 2 - Complete
2012-04-29 19:45 - 2012-04-29 19:44 - 0023929 ____A C:\Users\xxx\Downloads\Mad_Men_Season_2_Complete-(Demonoid.me)_8697461.222.torrent
2012-04-28 23:03 - 2012-04-28 23:03 - 0616892 ____A C:\Windows\dd_vcredistMSI7642.txt
2012-04-28 23:03 - 2012-04-28 23:03 - 0012308 ____A C:\Windows\dd_vcredistUI7642.txt
2012-04-27 23:04 - 2012-04-27 23:04 - 0619244 ____A C:\Windows\dd_vcredistMSI2868.txt
2012-04-27 23:04 - 2012-04-27 23:04 - 0012404 ____A C:\Windows\dd_vcredistUI2868.txt
2012-04-26 23:04 - 2012-04-26 23:04 - 0618726 ____A C:\Windows\dd_vcredistMSI5A6A.txt
2012-04-26 23:04 - 2012-04-26 23:04 - 0012388 ____A C:\Windows\dd_vcredistUI5A6A.txt
2012-04-26 13:06 - 2012-04-26 13:06 - 0709009 ____A C:\Users\xxx\Downloads\photo.JPG
2012-04-26 09:31 - 2012-04-26 09:31 - 0000369 ____A C:\Users\xxx\Downloads\temp_file-[survivor.s24e11.hdtv.xvid-fqm__180upload.avi].xspf
2012-04-25 18:48 - 2012-04-25 18:48 - 0042317 ____A C:\Users\xxx\Downloads\Mad_Men_Season_2_Complete_DVD_Rip-[[Demonoid.me]]_8697461.222.torrent
2012-04-24 23:04 - 2012-04-24 23:04 - 0619238 ____A C:\Windows\dd_vcredistMSI3E43.txt
2012-04-24 23:04 - 2012-04-24 23:04 - 0012404 ____A C:\Windows\dd_vcredistUI3E43.txt
2012-04-23 23:05 - 2012-04-23 23:05 - 0616892 ____A C:\Windows\dd_vcredistMSI7109.txt
2012-04-23 23:05 - 2012-04-23 23:05 - 0012308 ____A C:\Windows\dd_vcredistUI7109.txt
2012-04-23 18:45 - 2012-04-25 15:11 - 0000000 ____D C:\Users\xxx\Downloads\Season 01
2012-04-23 18:35 - 2012-04-23 18:35 - 0041152 ____A C:\Users\xxx\Downloads\Mad_Men_Season_1_Complete_DVD_Rip-_Demonoid.me_-_8697461.222.torrent
2012-04-23 18:23 - 2012-04-23 18:23 - 0047354 ____A C:\Users\xxx\Downloads\Mad_Men_Season_1_(All_13_Episodes)-((Demonoid.me))_8697461.222.torrent
2012-04-23 18:22 - 2012-04-23 18:22 - 0012457 ____A C:\Users\xxx\Downloads\Mad_Men_Season_1_(All_13_Episodes)_O-Demonoid.me-O_8697461.222.torrent
2012-04-22 20:19 - 2012-05-04 17:19 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-22 19:33 - 2012-05-09 22:19 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-22 19:33 - 2012-05-04 17:19 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-22 19:33 - 2012-04-22 19:33 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-22 19:32 - 2012-04-22 19:32 - 0000000 ____D C:\Windows\system64
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\MSoft
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\Application Data\MSoft
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\Application Data\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\AppData\Local\MSoft
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\AppData\Local\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____A C:\Users\xxx\Application Data\domRK.txt
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____A C:\Users\xxx\AppData\Roaming\domRK.txt
2012-04-21 23:05 - 2012-04-21 23:05 - 0616892 ____A C:\Windows\dd_vcredistMSI54BE.txt
2012-04-21 23:05 - 2012-04-21 23:05 - 0012308 ____A C:\Windows\dd_vcredistUI54BE.txt
2012-04-20 23:01 - 2012-04-20 23:02 - 0617670 ____A C:\Windows\dd_vcredistMSI03EB.txt
2012-04-20 23:01 - 2012-04-20 23:02 - 0012340 ____A C:\Windows\dd_vcredistUI03EB.txt
2012-04-19 23:02 - 2012-04-19 23:02 - 0618454 ____A C:\Windows\dd_vcredistMSI3649.txt
2012-04-19 23:02 - 2012-04-19 23:02 - 0012372 ____A C:\Windows\dd_vcredistUI3649.txt
2012-04-19 20:03 - 2012-04-19 20:03 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-17 13:09 - 2012-05-02 07:45 - 0000000 ____D C:\Users\xxx\Valuations
2012-04-16 23:02 - 2012-04-16 23:03 - 0618846 ____A C:\Windows\dd_vcredistMSI4C0D.txt
2012-04-16 23:02 - 2012-04-16 23:03 - 0012388 ____A C:\Windows\dd_vcredistUI4C0D.txt
2012-04-15 23:02 - 2012-04-15 23:03 - 0618046 ____A C:\Windows\dd_vcredistMSI7DEB.txt
2012-04-15 23:02 - 2012-04-15 23:03 - 0012356 ____A C:\Windows\dd_vcredistUI7DEB.txt
2012-04-14 23:02 - 2012-04-14 23:02 - 0618046 ____A C:\Windows\dd_vcredistMSI2F43.txt
2012-04-14 23:02 - 2012-04-14 23:02 - 0012356 ____A C:\Windows\dd_vcredistUI2F43.txt
2012-04-13 23:02 - 2012-04-13 23:02 - 0618830 ____A C:\Windows\dd_vcredistMSI618A.txt
2012-04-13 23:02 - 2012-04-13 23:02 - 0012388 ____A C:\Windows\dd_vcredistUI618A.txt
2012-04-12 23:13 - 2012-04-12 23:13 - 0618240 ____A C:\Windows\dd_vcredistMSI1BC9.txt
2012-04-12 23:13 - 2012-04-12 23:13 - 0013796 ____A C:\Windows\dd_vcredistUI1BC9.txt
2012-04-12 23:06 - 2012-03-05 22:44 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-12 23:06 - 2012-02-29 07:37 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-12 23:06 - 2012-02-29 07:37 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-12 23:06 - 2012-02-29 07:35 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-12 23:06 - 2012-02-29 07:11 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-12 23:06 - 2012-02-29 07:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-12 23:06 - 2012-02-29 07:09 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-12 23:06 - 2012-02-29 05:52 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys


============ 3 Months Modified Files and Folders =============

2012-05-11 13:05 - 2012-05-11 13:05 - 0000000 ____D C:\FRST
2012-05-10 15:54 - 2009-12-12 08:02 - 0000000 ____D C:\users\RA Media Server
2012-05-10 15:54 - 2006-11-02 04:33 - 84148224 ____A C:\Windows\System32\config\software_previous
2012-05-10 15:53 - 2009-09-17 15:12 - 0000000 ____D C:\Users\xxx\Application Data\stickies
2012-05-10 15:53 - 2009-09-17 15:12 - 0000000 ____D C:\Users\xxx\AppData\Roaming\stickies
2012-05-10 15:53 - 2009-09-05 08:41 - 0000000 ____D C:\Users\xxx\Application Data\vlc
2012-05-10 15:53 - 2009-09-05 08:41 - 0000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2012-05-10 15:53 - 2009-08-17 17:08 - 0000000 ____D C:\users\xxx
2012-05-10 15:53 - 2009-08-05 16:33 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 15:53 - 2009-08-05 16:33 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-10 15:53 - 2009-08-05 16:33 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-10 15:53 - 2009-08-05 16:32 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 15:53 - 2006-11-02 07:07 - 0000000 ____D C:\Windows\ShellNew
2012-05-10 15:53 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2012-05-10 15:53 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-10 15:53 - 2006-11-02 04:33 - 44040192 ____A C:\Windows\System32\config\system_previous
2012-05-10 15:52 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2012-05-10 15:52 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-10 15:38 - 2006-11-02 04:33 - 49283072 ____A C:\Windows\System32\config\components_previous
2012-05-10 15:38 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-05-10 12:20 - 2009-08-18 17:06 - 0000000 ____D C:\Program Files (x86)\mIRC
2012-05-10 12:06 - 2012-01-24 09:46 - 4024811520 __ASH C:\hiberfil.sys
2012-05-10 11:55 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-10 11:37 - 2006-11-02 04:33 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-05-10 11:37 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-05-10 11:35 - 2008-01-20 19:26 - 0561880 ____A C:\Windows\PFRO.log
2012-05-10 11:34 - 2009-08-05 10:41 - 1984299 ____A C:\Windows\WindowsUpdate.log
2012-05-10 11:32 - 2012-05-10 11:24 - 0002502 ____A C:\Users\xxx\Desktop\avastlog2.txt
2012-05-10 11:32 - 2012-05-10 10:26 - 0000914 ____A C:\Users\xxx\Desktop\ESETSCAN.txt
2012-05-10 11:24 - 2012-05-10 11:24 - 0000512 ____A C:\Users\xxx\Desktop\MBR.dat
2012-05-10 09:08 - 2009-08-05 15:52 - 0426573 ____A C:\Users\All Users\nvModes.001
2012-05-10 09:08 - 2009-08-05 15:52 - 0426573 ____A C:\Users\All Users\Application Data\nvModes.001
2012-05-10 09:08 - 2009-08-05 15:52 - 0426573 ____A C:\ProgramData\nvModes.001
2012-05-10 08:24 - 2009-08-18 17:00 - 0000000 ____D C:\Users\xxx\Tracing
2012-05-10 08:24 - 2009-08-05 15:50 - 0426573 ____A C:\Users\All Users\nvModes.dat
2012-05-10 08:24 - 2009-08-05 15:50 - 0426573 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-05-10 08:24 - 2009-08-05 15:50 - 0426573 ____A C:\ProgramData\nvModes.dat
2012-05-09 23:02 - 2011-03-07 08:04 - 0000434 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{B1603A9F-20A2-41A9-B92B-78D8EF1E028F}.job
2012-05-09 23:00 - 2012-05-08 08:41 - 0000342 ____A C:\Windows\Tasks\At28.job
2012-05-09 22:30 - 2009-08-22 16:51 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-09 22:19 - 2012-04-22 19:33 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-09 22:12 - 2011-10-19 19:07 - 0000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400044214-2866311749-911984212-1000UA.job
2012-05-09 22:00 - 2012-05-08 08:41 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-05-09 21:55 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-09 21:55 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-09 21:34 - 2010-08-28 15:08 - 0000000 ____D C:\Users\xxx\Local Settings\Windows Server
2012-05-09 21:34 - 2010-08-28 15:08 - 0000000 ____D C:\Users\xxx\Local Settings\Application Data\Windows Server
2012-05-09 21:34 - 2010-08-28 15:08 - 0000000 ____D C:\Users\xxx\AppData\Local\Windows Server
2012-05-09 21:00 - 2012-05-08 08:41 - 0000342 ____A C:\Windows\Tasks\At26.job
2012-05-09 20:34 - 2012-05-08 08:41 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-05-09 20:29 - 2012-05-09 20:15 - 0002293 ____A C:\Users\xxx\My Documents\aswMBR.txt
2012-05-09 20:29 - 2012-05-09 20:15 - 0002293 ____A C:\Users\xxx\Documents\aswMBR.txt
2012-05-09 20:25 - 2012-05-09 20:25 - 2322184 ____A (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe
2012-05-09 20:25 - 2012-05-09 20:25 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-09 20:15 - 2012-05-09 20:15 - 0000512 ____A C:\Users\xxx\My Documents\MBR.dat
2012-05-09 20:15 - 2012-05-09 20:15 - 0000512 ____A C:\Users\xxx\Documents\MBR.dat
2012-05-09 19:24 - 2012-05-09 19:24 - 4731392 ____A (AVAST Software) C:\Users\xxx\Downloads\aswMBR.exe
2012-05-09 19:12 - 2011-10-19 19:07 - 0000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400044214-2866311749-911984212-1000Core.job
2012-05-09 19:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At48.job
2012-05-09 18:42 - 2012-05-09 18:42 - 2055783 ____A C:\Users\xxx\Downloads\tdsskiller.zip
2012-05-09 18:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-05-09 17:30 - 2009-08-22 16:51 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-09 17:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At46.job
2012-05-09 16:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-05-09 15:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At44.job
2012-05-09 14:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-05-09 13:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At42.job
2012-05-09 12:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-05-09 11:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At40.job
2012-05-09 10:19 - 2012-05-09 10:19 - 0572494 ____A C:\Users\xxx\Local Settings\dd_vcredistMSI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0572494 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0572494 ____A C:\Users\xxx\AppData\Local\dd_vcredistMSI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0012384 ____A C:\Users\xxx\Local Settings\dd_vcredistUI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0012384 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistUI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0012384 ____A C:\Users\xxx\AppData\Local\dd_vcredistUI08CA.txt
2012-05-09 10:19 - 2012-05-09 10:19 - 0001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-09 10:19 - 2012-05-09 10:19 - 0001787 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-05-09 10:19 - 2012-05-09 10:19 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-09 10:18 - 2012-05-08 15:24 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-09 10:18 - 2012-05-08 15:24 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-05-09 10:18 - 2012-05-08 15:24 - 0000000 ____D C:\ProgramData\AVAST Software
2012-05-09 10:18 - 2012-05-08 15:24 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-09 10:05 - 2012-05-09 10:04 - 0618278 ____A C:\Windows\dd_vcredistMSI7D83.txt
2012-05-09 10:05 - 2012-05-09 10:04 - 0012360 ____A C:\Windows\dd_vcredistUI7D83.txt
2012-05-09 10:01 - 2006-11-02 04:46 - 0707520 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-09 10:00 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-05-09 09:55 - 2009-09-01 17:06 - 0058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2012-05-09 09:55 - 2009-09-01 08:03 - 0017408 ____A C:\Windows\System32\rpcnetp.exe
2012-05-09 09:54 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-08 21:05 - 2012-05-08 21:04 - 0574200 ____A C:\Users\xxx\Local Settings\dd_vcredistMSI288C.txt
2012-05-08 21:05 - 2012-05-08 21:04 - 0574200 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI288C.txt
2012-05-08 21:05 - 2012-05-08 21:04 - 0574200 ____A C:\Users\xxx\AppData\Local\dd_vcredistMSI288C.txt
2012-05-08 21:05 - 2012-05-08 21:04 - 0012460 ____A C:\Users\xxx\Local Settings\dd_vcredistUI288C.txt
2012-05-08 21:05 - 2012-05-08 21:04 - 0012460 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistUI288C.txt
2012-05-08 21:05 - 2012-05-08 21:04 - 0012460 ____A C:\Users\xxx\AppData\Local\dd_vcredistUI288C.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0572890 ____A C:\Users\xxx\Local Settings\dd_vcredistMSI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0572890 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0572890 ____A C:\Users\xxx\AppData\Local\dd_vcredistMSI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0012400 ____A C:\Users\xxx\Local Settings\dd_vcredistUI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0012400 ____A C:\Users\xxx\Local Settings\Application Data\dd_vcredistUI24F3.txt
2012-05-08 15:25 - 2012-05-08 15:25 - 0012400 ____A C:\Users\xxx\AppData\Local\dd_vcredistUI24F3.txt
2012-05-08 15:23 - 2012-05-08 15:22 - 74761776 ____A C:\Users\xxx\Downloads\avast_free_antivirus_setup.exe
2012-05-08 15:18 - 2012-05-08 15:18 - 3877872 ____A (AVG Technologies) C:\Users\xxx\Downloads\avg_free_stb_all_2012_2171_cnet.exe
2012-05-08 15:12 - 2009-08-05 16:09 - 0000012 ____A C:\Windows\bthservsdp.dat
2012-05-08 15:12 - 2006-11-02 07:42 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At36.job
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At34.job
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At32.job
2012-05-08 12:20 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-05-08 12:20 - 2012-05-08 08:41 - 0000342 ____A C:\Windows\Tasks\At30.job
2012-05-08 12:20 - 2012-05-08 08:41 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-05-08 09:03 - 2012-05-08 08:42 - 0000342 ____A C:\Windows\Tasks\At38.job
2012-05-08 09:01 - 2010-10-27 05:49 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-08 08:49 - 2012-03-31 13:11 - 0000771 ____A C:\Users\xxx\Desktop\Valuation Targets.txt
2012-05-08 08:31 - 2012-05-08 08:31 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-07 08:12 - 2012-05-07 08:12 - 0000387 ____A C:\Users\xxx\Downloads\temp_file-[The.Big.Bang.Theory.S05E22.480p.HDTV.x264-mSD.mkv][vidhog].xspf
2012-05-06 18:42 - 2012-05-06 18:43 - 0000299 ____A C:\Users\xxx\Downloads\temp_file-[video.avi][sharebees].xspf
2012-05-06 18:39 - 2012-05-06 18:40 - 0000370 ____A C:\Users\xxx\Downloads\temp_file-[ice-This.Means.War.2012.DVDRip.x264-scOrp.mkv][180upload].xspf
2012-05-06 18:39 - 2012-05-06 18:39 - 0000330 ____A C:\Users\xxx\Downloads\temp_file-[This.Means.War.2012._.x264-scOrp.mkv][movreel].xspf
2012-05-06 18:38 - 2012-05-06 18:38 - 0000242 ____A C:\Users\xxx\Downloads\temp_file-[zpakn1m6wjwa][jumbofiles].xspf
2012-05-06 14:02 - 2012-05-06 14:02 - 0000241 ____A C:\Users\xxx\Downloads\temp_file-[m17fi6wibmjc][uploadorb].xspf
2012-05-04 23:04 - 2012-05-04 23:04 - 0619860 ____A C:\Windows\dd_vcredistMSI4BA5.txt
2012-05-04 23:04 - 2012-05-04 23:04 - 0013388 ____A C:\Windows\dd_vcredistUI4BA5.txt
2012-05-04 17:19 - 2012-04-22 20:19 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 17:19 - 2012-04-22 19:33 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 17:19 - 2011-07-04 09:18 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-03 23:02 - 2012-05-03 23:02 - 0619562 ____A C:\Windows\dd_vcredistMSI7BDE.txt
2012-05-03 23:02 - 2012-05-03 23:02 - 0012420 ____A C:\Windows\dd_vcredistUI7BDE.txt
2012-05-02 17:37 - 2009-08-18 17:06 - 0000000 ____D C:\Users\xxx\Application Data\mIRC
2012-05-02 17:37 - 2009-08-18 17:06 - 0000000 ____D C:\Users\xxx\AppData\Roaming\mIRC
2012-05-02 16:38 - 2009-09-01 20:39 - 0000623 ____A C:\Users\xxx\untitled.txt
2012-05-02 07:45 - 2012-04-17 13:09 - 0000000 ____D C:\Users\xxx\Valuations
2012-05-01 19:01 - 2009-09-19 12:05 - 0000000 ____D C:\Users\xxx\Application Data\uTorrent
2012-05-01 19:01 - 2009-09-19 12:05 - 0000000 ____D C:\Users\xxx\AppData\Roaming\uTorrent
2012-05-01 18:58 - 2009-08-17 18:33 - 0064512 ____A C:\Users\xxx\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 18:58 - 2009-08-17 18:33 - 0064512 ____A C:\Users\xxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 18:58 - 2009-08-17 18:33 - 0064512 ____A C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 18:40 - 2012-05-01 16:39 - 0000000 ____D C:\Users\xxx\Downloads\Mad.Men.S04.BDRip.XviD-REWARD
2012-05-01 16:38 - 2012-05-01 16:38 - 0012734 ____A C:\Users\xxx\Downloads\Mad_Men_Season_4_HDTV_+-Demonoid.me-+_8697461.222.torrent
2012-05-01 16:36 - 2012-05-01 16:37 - 0012934 ____A C:\Users\xxx\Downloads\Mad_Men_Season_4_Complete_BDrip_Reward-_=Demonoid.me=__8697461.222.torrent
2012-05-01 15:36 - 2012-05-01 13:09 - 0000000 ____D C:\Users\xxx\Downloads\Mad Men S03 DVDrip-Reward
2012-05-01 13:05 - 2012-05-01 13:05 - 0038622 ____A C:\Users\xxx\Downloads\Mad_Men_Season_3_Complete_DVD_Rip_-Demonoid.me-__8697461.222.torrent
2012-05-01 13:04 - 2012-05-01 13:04 - 0024070 ____A C:\Users\xxx\Downloads\-_Demonoid.me_-Mad_Men_Season_3_Complete_DVDrip_Reward_8697461.222.torrent
2012-05-01 05:03 - 2012-05-01 05:03 - 0618364 ____A C:\Windows\dd_vcredistMSI25D1.txt
2012-05-01 05:03 - 2012-05-01 05:03 - 0012372 ____A C:\Windows\dd_vcredistUI25D1.txt
2012-04-29 22:46 - 2012-04-29 19:48 - 0000000 ____D C:\Users\xxx\Downloads\Mad Men - Season 2 - Complete
2012-04-29 21:16 - 2012-04-29 21:16 - 0000353 ____A C:\Users\xxx\Downloads\temp_file-[mad.men.s02e01.dvdrip.xvid-reward.avi].xspf
2012-04-29 20:42 - 2012-04-29 20:40 - 3175832 ____A (Microsoft Corporation) C:\Users\xxx\Desktop\vcredist_x64.EXE
2012-04-29 20:16 - 2012-04-29 20:16 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-29 20:16 - 2012-04-29 20:16 - 0001696 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-29 20:16 - 2012-04-29 20:15 - 0000000 ____D C:\Program Files\iTunes
2012-04-29 20:16 - 2012-04-29 20:15 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-29 20:15 - 2012-04-29 20:15 - 0000000 ____D C:\Program Files\iPod
2012-04-29 20:05 - 2012-04-29 20:04 - 76763504 ____A (Apple Inc.) C:\Users\xxx\Downloads\iTunes64Setup.exe
2012-04-29 19:44 - 2012-04-29 19:45 - 0023929 ____A C:\Users\xxx\Downloads\Mad_Men_Season_2_Complete-(Demonoid.me)_8697461.222.torrent
2012-04-28 23:03 - 2012-04-28 23:03 - 0616892 ____A C:\Windows\dd_vcredistMSI7642.txt
2012-04-28 23:03 - 2012-04-28 23:03 - 0012308 ____A C:\Windows\dd_vcredistUI7642.txt
2012-04-27 23:04 - 2012-04-27 23:04 - 0619244 ____A C:\Windows\dd_vcredistMSI2868.txt
2012-04-27 23:04 - 2012-04-27 23:04 - 0012404 ____A C:\Windows\dd_vcredistUI2868.txt
2012-04-26 23:04 - 2012-04-26 23:04 - 0618726 ____A C:\Windows\dd_vcredistMSI5A6A.txt
2012-04-26 23:04 - 2012-04-26 23:04 - 0012388 ____A C:\Windows\dd_vcredistUI5A6A.txt
2012-04-26 13:06 - 2012-04-26 13:06 - 0709009 ____A C:\Users\xxx\Downloads\photo.JPG
2012-04-26 09:31 - 2012-04-26 09:31 - 0000369 ____A C:\Users\xxx\Downloads\temp_file-[survivor.s24e11.hdtv.xvid-fqm__180upload.avi].xspf
2012-04-25 18:48 - 2012-04-25 18:48 - 0042317 ____A C:\Users\xxx\Downloads\Mad_Men_Season_2_Complete_DVD_Rip-[[Demonoid.me]]_8697461.222.torrent
2012-04-25 15:11 - 2012-04-23 18:45 - 0000000 ____D C:\Users\xxx\Downloads\Season 01
2012-04-25 07:13 - 2010-08-17 19:26 - 0000000 ____D C:\Users\xxx\Application Data\Dropbox
2012-04-25 07:13 - 2010-08-17 19:26 - 0000000 ____D C:\Users\xxx\AppData\Roaming\Dropbox
2012-04-24 23:04 - 2012-04-24 23:04 - 0619238 ____A C:\Windows\dd_vcredistMSI3E43.txt
2012-04-24 23:04 - 2012-04-24 23:04 - 0012404 ____A C:\Windows\dd_vcredistUI3E43.txt
2012-04-24 20:04 - 2009-10-01 20:53 - 0000000 ____D C:\Users\xxx\Application Data\Skype
2012-04-24 20:04 - 2009-10-01 20:53 - 0000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2012-04-23 23:05 - 2012-04-23 23:05 - 0616892 ____A C:\Windows\dd_vcredistMSI7109.txt
2012-04-23 23:05 - 2012-04-23 23:05 - 0012308 ____A C:\Windows\dd_vcredistUI7109.txt
2012-04-23 23:00 - 2009-08-17 18:12 - 0007592 ____A C:\Users\xxx\Local Settings\d3d9caps.dat
2012-04-23 23:00 - 2009-08-17 18:12 - 0007592 ____A C:\Users\xxx\Local Settings\Application Data\d3d9caps.dat
2012-04-23 23:00 - 2009-08-17 18:12 - 0007592 ____A C:\Users\xxx\AppData\Local\d3d9caps.dat
2012-04-23 18:35 - 2012-04-23 18:35 - 0041152 ____A C:\Users\xxx\Downloads\Mad_Men_Season_1_Complete_DVD_Rip-_Demonoid.me_-_8697461.222.torrent
2012-04-23 18:23 - 2012-04-23 18:23 - 0047354 ____A C:\Users\xxx\Downloads\Mad_Men_Season_1_(All_13_Episodes)-((Demonoid.me))_8697461.222.torrent
2012-04-23 18:22 - 2012-04-23 18:22 - 0012457 ____A C:\Users\xxx\Downloads\Mad_Men_Season_1_(All_13_Episodes)_O-Demonoid.me-O_8697461.222.torrent
2012-04-23 12:09 - 2010-08-17 19:28 - 0000000 ___RD C:\Users\xxx\My Documents\My Dropbox
2012-04-23 12:09 - 2010-08-17 19:28 - 0000000 ___RD C:\Users\xxx\Documents\My Dropbox
2012-04-22 19:33 - 2012-04-22 19:33 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-22 19:32 - 2012-04-22 19:32 - 0000000 ____D C:\Windows\system64
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\MSoft
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\Application Data\MSoft
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\Application Data\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\Local Settings\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\AppData\Local\MSoft
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____D C:\Users\xxx\AppData\Local\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____A C:\Users\xxx\Application Data\domRK.txt
2012-04-22 18:32 - 2012-04-22 18:32 - 0000000 ____A C:\Users\xxx\AppData\Roaming\domRK.txt
2012-04-21 23:05 - 2012-04-21 23:05 - 0616892 ____A C:\Windows\dd_vcredistMSI54BE.txt
2012-04-21 23:05 - 2012-04-21 23:05 - 0012308 ____A C:\Windows\dd_vcredistUI54BE.txt
2012-04-21 19:15 - 2009-09-10 15:17 - 0000000 ____D C:\Users\xxx\My Courses
2012-04-20 23:02 - 2012-04-20 23:01 - 0617670 ____A C:\Windows\dd_vcredistMSI03EB.txt
2012-04-20 23:02 - 2012-04-20 23:01 - 0012340 ____A C:\Windows\dd_vcredistUI03EB.txt
2012-04-19 23:02 - 2012-04-19 23:02 - 0618454 ____A C:\Windows\dd_vcredistMSI3649.txt
2012-04-19 23:02 - 2012-04-19 23:02 - 0012372 ____A C:\Windows\dd_vcredistUI3649.txt
2012-04-19 20:03 - 2012-04-19 20:03 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-16 23:03 - 2012-04-16 23:02 - 0618846 ____A C:\Windows\dd_vcredistMSI4C0D.txt
2012-04-16 23:03 - 2012-04-16 23:02 - 0012388 ____A C:\Windows\dd_vcredistUI4C0D.txt
2012-04-15 23:03 - 2012-04-15 23:02 - 0618046 ____A C:\Windows\dd_vcredistMSI7DEB.txt
2012-04-15 23:03 - 2012-04-15 23:02 - 0012356 ____A C:\Windows\dd_vcredistUI7DEB.txt
2012-04-14 23:02 - 2012-04-14 23:02 - 0618046 ____A C:\Windows\dd_vcredistMSI2F43.txt
2012-04-14 23:02 - 2012-04-14 23:02 - 0012356 ____A C:\Windows\dd_vcredistUI2F43.txt
2012-04-13 23:02 - 2012-04-13 23:02 - 0618830 ____A C:\Windows\dd_vcredistMSI618A.txt
2012-04-13 23:02 - 2012-04-13 23:02 - 0012388 ____A C:\Windows\dd_vcredistUI618A.txt
2012-04-12 23:41 - 2009-09-01 17:06 - 0058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2012-04-12 23:38 - 2009-09-01 08:03 - 0017408 ____A C:\Windows\SysWOW64\rpcnetp.dll
2012-04-12 23:37 - 2009-09-01 08:03 - 0017408 ____A C:\Windows\SysWOW64\rpcnetp.exe
2012-04-12 23:13 - 2012-04-12 23:13 - 0618240 ____A C:\Windows\dd_vcredistMSI1BC9.txt
2012-04-12 23:13 - 2012-04-12 23:13 - 0013796 ____A C:\Windows\dd_vcredistUI1BC9.txt
2012-04-12 23:03 - 2006-11-02 04:35 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-04-10 23:02 - 2012-04-10 23:02 - 0619150 ____A C:\Windows\dd_vcredistMSI771A.txt
2012-04-10 23:02 - 2012-04-10 23:02 - 0013828 ____A C:\Windows\dd_vcredistUI771A.txt
2012-04-10 05:05 - 2012-04-10 05:05 - 0619934 ____A C:\Windows\dd_vcredistMSI3E67.txt
2012-04-10 05:05 - 2012-04-10 05:05 - 0013860 ____A C:\Windows\dd_vcredistUI3E67.txt
2012-04-07 23:02 - 2012-04-07 23:02 - 0617190 ____A C:\Windows\dd_vcredistMSI0C51.txt
2012-04-07 23:02 - 2012-04-07 23:02 - 0013748 ____A C:\Windows\dd_vcredistUI0C51.txt
2012-04-06 23:03 - 2012-04-06 23:03 - 0618366 ____A C:\Windows\dd_vcredistMSI3F48.txt
2012-04-06 23:03 - 2012-04-06 23:03 - 0013796 ____A C:\Windows\dd_vcredistUI3F48.txt
2012-04-05 23:03 - 2012-04-05 23:03 - 0619150 ____A C:\Windows\dd_vcredistMSI70FC.txt
2012-04-05 23:03 - 2012-04-05 23:03 - 0013828 ____A C:\Windows\dd_vcredistUI70FC.txt
2012-04-05 12:40 - 2012-04-05 11:16 - 0000000 ____D C:\Users\xxx\Downloads\Friends.with.Kids.2012.DVDSCR.XviD-MC8
2012-04-05 11:42 - 2010-07-31 07:09 - 0000000 ____D C:\Users\xxx\Application Data\PrimoPDF
2012-04-05 11:42 - 2010-07-31 07:09 - 0000000 ____D C:\Users\xxx\AppData\Roaming\PrimoPDF
2012-04-05 11:13 - 2012-04-05 11:14 - 0014633 ____A C:\Users\xxx\Downloads\++Demonoid.me++-Friends_with_Kids_2012_DVDSCR_XviD_MC8_8697461.222.torrent
2012-04-05 09:55 - 2012-04-05 09:55 - 0000162 ___AH C:\Users\xxx\Desktop\~$icing and Promotion Analyst.doc
2012-04-05 09:54 - 2012-04-05 09:55 - 0196608 ____A C:\Users\xxx\Desktop\Pricing and Promotion Analyst.doc
2012-04-04 23:03 - 2012-04-04 23:03 - 0619934 ____A C:\Windows\dd_vcredistMSI22D3.txt
2012-04-04 23:03 - 2012-04-04 23:03 - 0013860 ____A C:\Windows\dd_vcredistUI22D3.txt
2012-04-04 11:56 - 2010-10-27 05:49 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 07:28 - 2009-08-18 17:52 - 0000000 ____D C:\Users\xxx\Work Tings
2012-04-03 23:04 - 2012-04-03 23:04 - 0619542 ____A C:\Windows\dd_vcredistMSI558F.txt
2012-04-03 23:04 - 2012-04-03 23:04 - 0013844 ____A C:\Windows\dd_vcredistUI558F.txt
2012-04-03 21:53 - 2012-04-03 19:37 - 0012501 ____A C:\Users\xxx\Q.xlsx
2012-04-03 20:55 - 2012-04-03 20:49 - 0000000 ____D C:\Users\xxx\Downloads\21.Jump.Street.2012.TS.XViD.AC3-26K
2012-04-03 20:44 - 2012-04-03 20:44 - 0127258 ____A C:\Users\xxx\Downloads\+-Demonoid.me-+_The_Sitter_2011_720p_BRRip_x264_vice_8697461.222.torrent
2012-04-03 20:44 - 2012-04-03 20:44 - 0008049 ____A C:\Users\xxx\Downloads\21_Jump_Street_2012_TS_XViD_AC3_26K-(Demonoid.me)_8697461.222.torrent
2012-04-02 23:03 - 2012-04-02 23:03 - 0618758 ____A C:\Windows\dd_vcredistMSI0699.txt
2012-04-02 23:03 - 2012-04-02 23:03 - 0013812 ____A C:\Windows\dd_vcredistUI0699.txt
2012-04-02 20:42 - 2012-04-02 20:06 - 0000000 ____D C:\Users\xxx\Downloads\The.Vow.2012.R5.LiNE.XViD.AC3-26K
2012-04-02 20:02 - 2012-04-02 20:02 - 0009883 ____A C:\Users\xxx\Downloads\(Demonoid.me)-The_Vow_2012_R5_LiNE_XViD_AC3_26K_8697461.222.torrent
2012-04-02 19:59 - 2012-04-02 19:59 - 0009883 ____A C:\Users\xxx\Downloads\x-Demonoid.me-x_The_Vow_2012_R5_LiNE_XViD_AC3_26K_8697461.222.torrent
2012-04-02 19:58 - 2012-04-02 19:58 - 0015359 ____A C:\Users\xxx\Downloads\The_Vow_(2012)_R5_NL_subs_DutchReleaseTeam_O-Demonoid.me-O_8697461.222.torrent
2012-04-01 23:03 - 2012-04-01 23:02 - 0618366 ____A C:\Windows\dd_vcredistMSI3815.txt
2012-04-01 23:03 - 2012-04-01 23:02 - 0013796 ____A C:\Windows\dd_vcredistUI3815.txt
2012-03-31 23:03 - 2012-03-31 23:03 - 0619934 ____A C:\Windows\dd_vcredistMSI6A24.txt
2012-03-31 23:03 - 2012-03-31 23:03 - 0013860 ____A C:\Windows\dd_vcredistUI6A24.txt
2012-03-30 23:04 - 2012-03-30 23:04 - 0617974 ____A C:\Windows\dd_vcredistMSI1CD0.txt
2012-03-30 23:04 - 2012-03-30 23:04 - 0013780 ____A C:\Windows\dd_vcredistUI1CD0.txt
2012-03-29 23:03 - 2012-03-29 23:03 - 0619150 ____A C:\Windows\dd_vcredistMSI4E14.txt
2012-03-29 23:03 - 2012-03-29 23:03 - 0013828 ____A C:\Windows\dd_vcredistUI4E14.txt
2012-03-29 09:36 - 2012-03-29 09:35 - 0619482 ____A C:\Windows\dd_vcredistMSI6401.txt
2012-03-29 09:36 - 2012-03-29 09:35 - 0013832 ____A C:\Windows\dd_vcredistUI6401.txt
2012-03-28 21:14 - 2012-03-28 21:15 - 0046957 ____A C:\Users\xxx\Desktop\420356_187834977988245_149842465120830_275515_831104253_n.jpg
2012-03-27 23:04 - 2012-03-27 23:04 - 0617582 ____A C:\Windows\dd_vcredistMSI3242.txt
2012-03-27 23:04 - 2012-03-27 23:03 - 0013764 ____A C:\Windows\dd_vcredistUI3242.txt
2012-03-26 23:03 - 2012-03-26 23:03 - 0619934 ____A C:\Windows\dd_vcredistMSI63C5.txt
2012-03-26 23:03 - 2012-03-26 23:03 - 0013860 ____A C:\Windows\dd_vcredistUI63C5.txt
2012-03-26 22:27 - 2012-03-26 22:27 - 0000026 ____A C:\Users\xxx\Desktop\c.txt
2012-03-25 21:54 - 2012-03-25 21:55 - 0436810 ____A C:\Users\xxx\Desktop\205-of-237.jpg
2012-03-25 07:55 - 2012-03-25 07:55 - 0617908 ____A C:\Windows\dd_vcredistMSI5EDC.txt
2012-03-25 07:55 - 2012-03-25 07:55 - 0013768 ____A C:\Windows\dd_vcredistUI5EDC.txt
2012-03-22 11:44 - 2012-03-22 11:44 - 0857041 ____A C:\Users\xxx\Desktop\template MAX .xlsx
2012-03-21 23:02 - 2012-03-21 23:02 - 0617952 ____A C:\Windows\dd_vcredistMSI5C77.txt
2012-03-21 23:02 - 2012-03-21 23:02 - 0013780 ____A C:\Windows\dd_vcredistUI5C77.txt
2012-03-21 09:44 - 2006-11-02 07:27 - 0187606 ____A C:\Windows\setupact.log
2012-03-20 15:41 - 2006-11-02 07:21 - 0391776 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-19 23:27 - 2012-03-19 23:27 - 0617848 ____A C:\Windows\dd_vcredistMSI5363.txt
2012-03-19 23:27 - 2012-03-19 23:27 - 0027824 ____A C:\Windows\dd_vcredistUI5363.txt
2012-03-19 23:14 - 2006-11-02 04:34 - 0000219 ____A C:\Windows\win.ini
2012-03-19 21:19 - 2012-03-19 21:19 - 0337007 ____A C:\Users\xxx\Desktop\RentReceipts.jpg
2012-03-18 15:43 - 2012-03-18 15:43 - 0240624 ____A C:\Users\xxx\Desktop\KPMG T4.pdf
2012-03-14 17:43 - 2012-03-14 17:43 - 2417515 ____A C:\Users\xxx\Desktop\Tuition.pdf
2012-03-11 22:07 - 2010-05-19 06:48 - 0001460 ____A C:\Users\xxx\Local Settings\d3d9caps64.dat
2012-03-11 22:07 - 2010-05-19 06:48 - 0001460 ____A C:\Users\xxx\Local Settings\Application Data\d3d9caps64.dat
2012-03-11 22:07 - 2010-05-19 06:48 - 0001460 ____A C:\Users\xxx\AppData\Local\d3d9caps64.dat
2012-03-11 18:58 - 2012-02-28 20:35 - 0025440 ____A C:\Users\xxx\Desktop\Weekend Plan.docx
2012-03-11 00:03 - 2012-03-11 00:02 - 0617582 ____A C:\Windows\dd_vcredistMSI2F1B.txt
2012-03-11 00:03 - 2012-03-11 00:02 - 0017440 ____A C:\Windows\dd_vcredistUI2F1B.txt
2012-03-10 00:02 - 2012-03-10 00:02 - 0617190 ____A C:\Windows\dd_vcredistMSI60DE.txt
2012-03-10 00:02 - 2012-03-10 00:02 - 0017424 ____A C:\Windows\dd_vcredistUI60DE.txt
2012-03-09 00:02 - 2012-03-09 00:02 - 0617456 ____A C:\Windows\dd_vcredistMSI129F.txt
2012-03-09 00:02 - 2012-03-09 00:02 - 0017440 ____A C:\Windows\dd_vcredistUI129F.txt
2012-03-08 00:03 - 2012-03-08 00:03 - 0617580 ____A C:\Windows\dd_vcredistMSI4513.txt
2012-03-08 00:03 - 2012-03-08 00:03 - 0017440 ____A C:\Windows\dd_vcredistUI4513.txt
2012-03-07 20:52 - 2012-03-07 20:52 - 0003961 ____A C:\Users\xxx\Downloads\+-Demonoid.me-+_Survivor_S24E04_Bum_Puzzled_HDTV_XviD_FQM_8697461.222.torrent
2012-03-07 20:49 - 2012-03-07 20:49 - 0014442 ____A C:\Users\xxx\Downloads\Survivor.S24E04.Bum-Puzzled.HDTV.XviD-FQM.[eztv].torrent
2012-03-06 15:15 - 2012-05-09 10:19 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-05-09 10:18 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-05-09 10:18 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-05-09 10:19 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-05-09 10:19 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-05-09 10:19 - 0043864 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-03-06 15:01 - 2012-05-09 10:19 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-05-09 10:19 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-05-09 10:19 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-06 00:52 - 2012-02-19 22:55 - 0000607 ____A C:\Users\xxx\Desktop\00.txt
2012-03-06 00:02 - 2012-03-06 00:02 - 0618758 ____A C:\Windows\dd_vcredistMSI27EE.txt
2012-03-06 00:02 - 2012-03-06 00:02 - 0017488 ____A C:\Windows\dd_vcredistUI27EE.txt
2012-03-05 22:44 - 2012-04-12 23:06 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 07:10 - 2012-03-05 07:08 - 29167441 ____A C:\Users\xxx\Desktop\IveyPrintersInstallerXPV7.exe
2012-03-05 05:29 - 2012-03-05 05:29 - 7520077 ____A C:\Users\xxx\Desktop\mercedes.zip
2012-03-05 00:03 - 2012-03-05 00:03 - 0616892 ____A C:\Windows\dd_vcredistMSI5A96.txt
2012-03-05 00:03 - 2012-03-05 00:03 - 0012308 ____A C:\Windows\dd_vcredistUI5A96.txt
2012-03-04 00:05 - 2012-03-04 00:04 - 0619636 ____A C:\Windows\dd_vcredistMSI0DB4.txt
2012-03-04 00:05 - 2012-03-04 00:04 - 0012420 ____A C:\Windows\dd_vcredistUI0DB4.txt
2012-03-03 00:04 - 2012-03-03 00:04 - 0618852 ____A C:\Windows\dd_vcredistMSI3F2D.txt
2012-03-03 00:04 - 2012-03-03 00:04 - 0012388 ____A C:\Windows\dd_vcredistUI3F2D.txt
2012-03-02 00:02 - 2012-03-02 00:02 - 0618068 ____A C:\Windows\dd_vcredistMSI6FC1.txt
2012-03-02 00:02 - 2012-03-02 00:02 - 0012356 ____A C:\Windows\dd_vcredistUI6FC1.txt
2012-02-29 07:37 - 2012-04-12 23:06 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 07:37 - 2012-04-12 23:06 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 07:35 - 2012-04-12 23:06 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 07:11 - 2012-04-12 23:06 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 07:11 - 2012-04-12 23:06 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 07:09 - 2012-04-12 23:06 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 05:52 - 2012-04-12 23:06 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-27 05:04 - 2012-02-27 05:04 - 0619244 ____A C:\Windows\dd_vcredistMSI1E29.txt
2012-02-27 05:04 - 2012-02-27 05:04 - 0012404 ____A C:\Windows\dd_vcredistUI1E29.txt
2012-02-26 00:02 - 2012-02-26 00:02 - 0619636 ____A C:\Windows\dd_vcredistMSI692B.txt
2012-02-26 00:02 - 2012-02-26 00:02 - 0012420 ____A C:\Windows\dd_vcredistUI692B.txt
2012-02-23 06:18 - 2009-10-21 11:09 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-19 20:28 - 2012-02-19 20:29 - 0072968 ____A C:\Users\xxx\Desktop\pic1.jpg
2012-02-19 00:03 - 2012-02-19 00:03 - 0618046 ____A C:\Windows\dd_vcredistMSI4670.txt
2012-02-19 00:03 - 2012-02-19 00:03 - 0012356 ____A C:\Windows\dd_vcredistUI4670.txt
2012-02-18 00:02 - 2012-02-18 00:02 - 0619222 ____A C:\Windows\dd_vcredistMSI77E2.txt
2012-02-18 00:02 - 2012-02-18 00:02 - 0012404 ____A C:\Windows\dd_vcredistUI77E2.txt
2012-02-17 11:18 - 2012-02-17 11:18 - 0042678 ____A C:\Users\xxx\Desktop\Surgeon Form.pdf
2012-02-16 00:15 - 2012-02-16 00:15 - 0618632 ____A C:\Windows\dd_vcredistMSI65D6.txt
2012-02-16 00:15 - 2012-02-16 00:15 - 0226276 ____A C:\Windows\dd_vcredistUI65D6.txt
2012-02-14 08:49 - 2012-03-13 13:25 - 0327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-14 08:49 - 2012-03-13 13:25 - 0196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-14 07:45 - 2012-03-13 13:25 - 0219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-14 07:45 - 2012-03-13 13:25 - 0160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-13 06:38 - 2012-03-13 13:25 - 2002944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-13 06:12 - 2012-03-13 13:25 - 1172480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-13 06:06 - 2012-03-13 13:25 - 0834048 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-13 06:03 - 2012-03-13 13:25 - 1555968 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-13 05:47 - 2012-03-13 13:25 - 0683008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-13 05:44 - 2012-03-13 13:25 - 1068544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-12 19:10 - 2012-02-12 19:10 - 0000000 ____D C:\Users\xxx\Application Data\webex
2012-02-12 19:10 - 2012-02-12 19:10 - 0000000 ____D C:\Users\xxx\AppData\Roaming\webex
2012-02-12 18:59 - 2012-02-12 18:59 - 0000000 ____D C:\Users\All Users\WebEx
2012-02-12 18:59 - 2012-02-12 18:59 - 0000000 ____D C:\Users\All Users\Application Data\WebEx
2012-02-12 18:59 - 2012-02-12 18:59 - 0000000 ____D C:\ProgramData\WebEx
2012-02-12 18:59 - 2009-08-18 16:24 - 0000000 ____D C:\Users\xxx\Application Data\Mozilla
2012-02-12 18:59 - 2009-08-18 16:24 - 0000000 ____D C:\Users\xxx\AppData\Roaming\Mozilla
2012-02-12 18:59 - 2009-08-17 17:08 - 0000000 ____D C:\Users\xxx\AppData\LocalLow
2012-02-12 12:09 - 2012-02-12 12:09 - 1085509 ____A C:\Users\xxx\Desktop\V23 - xxx edits v2.docx
2012-02-12 11:50 - 2012-02-12 11:42 - 1085391 ____A C:\Users\xxx\Desktop\V23 - xxx edits.docx
2012-02-12 11:20 - 2012-02-12 11:40 - 1138734 ____A C:\Users\xxx\Desktop\V23.docx
2012-02-12 09:13 - 2012-02-12 09:19 - 1021952 ____A C:\Users\xxx\Desktop\Draft V20 (xxx ccc's conflicted copy 2012-02-12).doc

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\Windows\SysWOW64\userinit.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0025088 ____A (Microsoft Corporation) 0E135526E9785D085BCD9AEDE6FBCBF9

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 3837.43 MB
Available physical RAM: 3386.62 MB
Total Pagefile: 3717.32 MB
Available Pagefile: 3365.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:17.34 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: () (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.33 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 39 MB
Partition 3 Primary 283 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 244 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-10 10:20

======================= End Of Log ==========================


3. Status of the infected PC is still the same, haven't been able to boot it up or restore windows after the last set of removal scans that were done a few days ago. There was a button "fix" on the FRST tool that was there after I did the scan however I didn't click it as it wasn't under the instructions you specified.

Thanks again.

Edited by dimesquay, 11 May 2012 - 12:17 PM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:08 PM

Posted 12 May 2012 - 08:18 AM

Hi dimesquay!

Not a problem! Glad to be able to help!

You have a bunch of files with names like this on your computer:

C:\Users\xxx\Local Settings\Application Data\dd_vcredistMSI08CA.txt

Do you recognize these files?



Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAWgBZAEYAOAAtAEMASwA3AFEARwAtADkAVQBCAFUAUgAtADcAUwBVAEwAUwAtADQANABLAFIAMgA"&"inst=NwA3AC0ANAAxADIAOQAxADMAMgAzADgALQBYAEwAKwAxAC0AVAA1AC0ARgBQADkAMgArADYALQBOADEARgArADEALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADUAMwAwADAAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARABUACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEYAVQBJACsAMgA"&"prod=90"&"ver=9.0.894 [x]
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
NETSVC: atmeltpm
NETSVCx32: Themes
cmd: del /s /f /q C:\Windows\Tasks\At*.job
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. FRST fix log.
3. ComboFix.txt
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 dimesquay

dimesquay
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 12 May 2012 - 11:15 AM

Hi ST, below are the results of all the requested scans.

1. I do not recognize all the vcredist files in the user directory, I am not sure where they came from.

2. FRST Fix log:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 11-05-2012
Ran by SYSTEM at 2012-05-12 10:47:58 Run:1
Running from E:\

==============================================

HKLM-x32\\\.\.\.\\Run\\FAStartup Value deleted successfully.
HKLM-x32\\\.\.\.\\RunOnce\\AvgUninstallURL Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atmeltpm Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Themes Deleted successfully.

========= del /s /f /q C:\Windows\Tasks\At*.job =========

Deleted file - C:\Windows\Tasks\At25.job
Deleted file - C:\Windows\Tasks\At26.job
Deleted file - C:\Windows\Tasks\At27.job
Deleted file - C:\Windows\Tasks\At28.job
Deleted file - C:\Windows\Tasks\At29.job
Deleted file - C:\Windows\Tasks\At30.job
Deleted file - C:\Windows\Tasks\At31.job
Deleted file - C:\Windows\Tasks\At32.job
Deleted file - C:\Windows\Tasks\At33.job
Deleted file - C:\Windows\Tasks\At34.job
Deleted file - C:\Windows\Tasks\At35.job
Deleted file - C:\Windows\Tasks\At36.job
Deleted file - C:\Windows\Tasks\At37.job
Deleted file - C:\Windows\Tasks\At38.job
Deleted file - C:\Windows\Tasks\At39.job
Deleted file - C:\Windows\Tasks\At40.job
Deleted file - C:\Windows\Tasks\At41.job
Deleted file - C:\Windows\Tasks\At42.job
Deleted file - C:\Windows\Tasks\At43.job
Deleted file - C:\Windows\Tasks\At44.job
Deleted file - C:\Windows\Tasks\At45.job
Deleted file - C:\Windows\Tasks\At46.job
Deleted file - C:\Windows\Tasks\At47.job
Deleted file - C:\Windows\Tasks\At48.job

========= End of CMD: =========


==== End of Fixlog ====


3. Combofix log:

ComboFix 12-05-12.01 - xxx 12/05/2012 11:11:45.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3837.1554 [GMT -4:00]
Running from: c:\users\xxx\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\xxx\AppData\Local\{11F2A664-4640-49ED-B39D-E20B35593DED}
c:\users\xxx\AppData\Local\{11F2A664-4640-49ED-B39D-E20B35593DED}\chrome.manifest
c:\users\xxx\AppData\Local\{11F2A664-4640-49ED-B39D-E20B35593DED}\chrome\content\_cfg.js
c:\users\xxx\AppData\Local\{11F2A664-4640-49ED-B39D-E20B35593DED}\chrome\content\overlay.xul
c:\users\xxx\AppData\Local\{11F2A664-4640-49ED-B39D-E20B35593DED}\install.rdf
c:\users\xxx\AppData\Local\Windows Server
c:\users\xxx\AppData\Local\Windows Server\server.dat
c:\users\xxx\AppData\Roaming\Bitrix Security
c:\users\xxx\AppData\Roaming\Bitrix Security\fg.txt
c:\users\xxx\AppData\Roaming\Bitrix Security\jje.txt
c:\users\xxx\AppData\Roaming\Bitrix Security\ljgh.txt
c:\users\xxx\AppData\Roaming\Bitrix Security\mxd1.txt
c:\users\xxx\AppData\Roaming\Bitrix Security\omusgg24_shrd
c:\users\xxx\AppData\Roaming\Bitrix Security\qnf.txt
c:\users\xxx\AppData\Roaming\Bitrix Security\rnb
c:\users\xxx\AppData\Roaming\Bitrix Security\uzvvchqz_shrd
c:\users\xxx\vcredist.exe
c:\users\xxx\WINDOWS
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\FFVJPlayer.exe
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\Uninstall.exe
c:\windows\SysWow64\Nagasoft\vjocx.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 15:37 . 2012-05-12 15:37 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-05-12 15:37 . 2012-05-12 15:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 21:05 . 2012-05-11 21:06 -------- d-----w- C:\FRST
2012-05-10 04:25 . 2012-05-10 04:25 -------- d-----w- c:\program files (x86)\ESET
2012-05-09 18:19 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-09 18:19 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-09 18:19 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-09 18:19 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-09 18:19 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-09 18:19 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-09 18:19 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-09 18:18 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-09 18:18 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-08 23:24 . 2012-05-09 18:18 -------- d-----w- c:\programdata\AVAST Software
2012-05-08 23:24 . 2012-05-09 18:18 -------- d-----w- c:\program files\AVAST Software
2012-04-30 04:15 . 2012-04-30 04:15 -------- d-----w- c:\program files\iPod
2012-04-30 04:15 . 2012-04-30 04:16 -------- d-----w- c:\program files\iTunes
2012-04-30 04:15 . 2012-04-30 04:16 -------- d-----w- c:\program files (x86)\iTunes
2012-04-23 04:19 . 2012-05-05 01:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-23 03:33 . 2012-05-05 01:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-23 03:33 . 2012-04-23 03:33 -------- d-----w- c:\windows\system32\Macromed
2012-04-23 03:32 . 2012-04-23 03:32 -------- d-----we c:\windows\system64
2012-04-23 02:32 . 2012-04-23 02:32 -------- d-----w- c:\users\xxx\AppData\Local\{9D0F945C-8CEC-11E1-826D-B8AC6F996F26}
2012-04-23 02:32 . 2012-04-23 02:32 -------- d-----w- c:\users\xxx\AppData\Local\MSoft
2012-04-17 21:09 . 2012-05-02 15:45 -------- d-----w- c:\users\xxx\Valuations
2012-04-13 07:06 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 07:06 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 07:06 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 07:06 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 07:06 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 07:06 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 07:06 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 07:06 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 15:43 . 2009-09-01 16:03 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-12 15:43 . 2009-09-02 01:06 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-05-05 01:19 . 2011-07-04 17:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2012-04-20 06:10 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08FC354C-3732-4949-8E17-5AA28F26A525}\mpengine.dll
2012-04-13 07:41 . 2009-09-02 01:06 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-04-13 07:38 . 2009-09-01 16:03 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-04-13 07:37 . 2009-09-01 16:03 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-04-04 19:56 . 2010-10-27 13:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:18 . 2009-10-21 19:09 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 16:49 . 2012-03-13 21:25 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-13 21:25 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-13 21:25 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 21:25 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-13 21:25 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-13 21:25 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-13 21:25 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-13 21:25 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-13 21:25 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-13 21:25 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2000-08-30 20:46 . 2000-08-30 20:46 1807072 ------w- c:\program files\vcredist.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-20 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-12-09 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2008-8-28 765952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-8-5 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 15:43 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 01:19]
.
2012-05-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400044214-2866311749-911984212-1000Core.job
- c:\users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 03:07]
.
2012-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400044214-2866311749-911984212-1000UA.job
- c:\users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 03:07]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 00:28]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 00:28]
.
2012-05-12 c:\windows\Tasks\User_Feed_Synchronization-{B1603A9F-20A2-41A9-B92B-78D8EF1E028F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-17 04:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1657128]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-28 15871520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-28 82464]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 2304904]
"combofix"="c:\combofix\CF24290.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\0sm0pic0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-VexcastPlayer2.0 - c:\windows\system32\Nagasoft\Uninstall.exe
AddRemove-VerCheck - c:\users\xxx\AppData\Local\MSoft\VerCheck\VerCheck.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,4d,5a,51,41,f4,33,46,99,6a,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,4d,5a,51,41,f4,33,46,99,6a,2e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:29,fd,7e,51,3e,02,54,ae,b5,28,be,5f,b0,da,92,ff,36,dc,c4,ac,68,85,7e,
2d,2c,f4,1e,18,e0,98,85,6e,5d,5d,7e,92,2c,b2,8b,45,26,9e,7b,62,13,32,d8,b5,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
50,2b,1c,ff,85,f9,25,5d,d1,86,c0,fc,86,45,9a,37,3b,bf,c9,a2,56,27,d9,b3,e5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:59,c8,db,4e,44,81,2c,dd
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-05-12 11:54:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 15:54
.
Pre-Run: 40,150,368,256 bytes free
Post-Run: 40,390,975,488 bytes free
.
- - End Of File - - 2294591219ECCB4F366C46089D8C7E86



4. After running the FRST fix tool the computer was able to successfully startup and load into Windows without any problems. At first the computer was very slow, the desktop was all black, and the computer kept freezing but so far after rebooting after running the ComboFix seems to be running okay. I think we are making progress?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users