Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 infinite restart loop , no safe mode


  • This topic is locked This topic is locked
15 replies to this topic

#1 moomoo2u

moomoo2u

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 May 2012 - 02:52 PM

Hi all,


I'm running an ASUS g60JX laptop with windows 7.

I was recently infected with a virus that froze my startup screen. I went into safe mode and ran & insalled ta bunchl of anti-virus programs (avg,avast,drcureit, etc etc).

They found an infected dll & some tmp files that were "infected" in ie5 landing or something.


Now however, I cannot boot past the windows 7 logo and it auto-restarts. Safemode gives me a c0000135 xhs not found error.

Here's 'what I've tried:

startup repair cannot fix it and originally gave me a root cause but none now. All I get is:

Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.760.16385
Problem Signature 2: 6.1.760.16385
Problem Signature 3: unknown
Problem Signature 4: 2120799
Problem Signature 5: AutoFailOver
Problem Signature 6: 19
Problem Signature 7: No Root Cause
OS Version: 6.1.700.2.00.2561
Local ID: K33

I've tried running sfc /scannow offbotdir=c:\ offwindir=c:\ (as well as D) & it finds no issues

I've run chkdsk /r and /f on both drives with no problems

I've renamed all of the avg folders and drivers

I don't have a windows 7 CD and am doing this though the f8 repair console (would that change the results?)

I've also tried to read the windows cbs.log to check for problem but couldnt make sense of it.

I am at my wits end! someone save me!

Thanks!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:30 AM

Posted 29 May 2012 - 03:09 PM

Please be patient, I have reported this topic to the people who deal with this type of issue.

Can you get access to a Windows 7 CD? It can be OEM or Retail, you may need files off of it.

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 AM

Posted 29 May 2012 - 05:29 PM

Hi,

Please run the following:


For x32 (x86) bit systems download [Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 29 May 2012 - 06:04 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 moomoo2u

moomoo2u
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 May 2012 - 09:41 PM

Ok, sorrry for the misplacement of the post, wasn't sure where to put it :o

I'll do the farbar stuff tomorrow ASAP & come back with an update.

Thank you all so much!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 30 May 2012 - 01:42 PM

No problem... See you then.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 moomoo2u

moomoo2u
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 30 May 2012 - 04:41 PM

Sorry I haven't been able to post a log I'm currently moving back home from abroad and since I can only access the internet through asus' bleepty express gate OS I can't download the .exe and make a flash disk on my PC. I'll try my best to have a log up tomorrow.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 AM

Posted 30 May 2012 - 05:07 PM

no problem, :thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 moomoo2u

moomoo2u
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 31 May 2012 - 09:16 AM

ok here is the log, sorry it took so long:

Scan result of Farbar Recovery Scan Tool Version: 29-05-2012 02
Ran by SYSTEM at 31-05-2012 16:08:46
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\abc\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\abc\...\Run: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\Evan\AppData\Local\Temp\Rpcqt.dll,Sets [x]
HKU\abc\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
HKLM-x32\...\Runonce: [GrpConv] grpconv -o [x]
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ======

2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 Image Protection; C:\Windows\ImageSAFERSvc.exe [242648 2010-08-16] (MarkAny)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-22] (Lavasoft Limited)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 vToolbarUpdater11.0.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [932736 2012-05-28] ()
2 WMDM PMSP Service; C:\Windows\SysWow64\MsPMSPSv.exe [53248 2001-05-01] (Microsoft Corporation)
2 Abel; C:\Program Files (x86)\Cain\Abel.exe [x]
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [x]
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [x]
3 DAUpdaterSvc; C:\Dragon Age I\bin_ship\DAUpdaterSvc.Service.exe [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [310728 2010-11-21] ()
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
3 ISMgr; \??\C:\Windows\system32\ImageSAFERDrv64.sys [11256 2009-11-25] ()
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-12-22] (Lavasoft AB)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2010-11-21] ()
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45432 2011-04-13] (Microsoft Corporation)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1799680 2009-05-20] ()
0 speedfan; C:\Windows\SysWow64\speedfan.sys [25280 2010-12-18] (Almico Software)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-01-29] (Duplex Secure Ltd.)
1 WMDrive; C:\Windows\SysWow64\Drivers\WMDrive.sys [92536 2010-11-01] (WinMount International Inc)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [x]
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [x]
0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [x]
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [x]
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [x]
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [x]
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [x]
3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-31 16:08 - 2012-05-31 16:09 - 0000000 ____D C:\FRST
2012-05-29 17:15 - 2012-05-28 05:41 - 0013479 ____A C:\test
2012-05-29 17:15 - 2012-05-28 05:41 - 0013479 ____A C:\abc.txt
2012-05-29 17:12 - 2012-05-28 05:41 - 0013479 ____A C:\abc
2012-05-28 07:31 - 2012-05-28 07:31 - 0001096 ____A C:\Windows\PFRO.log
2012-05-28 07:28 - 2012-05-28 07:28 - 0000365 ____A C:\Users\Evan\Documents\DrWeb.csv
2012-05-28 06:10 - 2012-05-28 07:12 - 0000000 ____D C:\Users\Evan\DoctorWeb
2012-05-28 06:08 - 2012-05-28 06:09 - 85964416 ____A C:\Users\Evan\Desktop\qxtt95au.exe
2012-05-28 05:49 - 2012-05-28 05:49 - 0001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-28 05:49 - 2012-05-28 05:49 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-28 05:49 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-05-28 05:49 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-05-28 05:49 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-05-28 05:49 - 2012-03-06 15:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-05-28 05:49 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-05-28 05:49 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-05-28 05:49 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-05-28 05:48 - 2012-05-28 05:48 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-28 05:48 - 2012-05-28 05:48 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-28 05:48 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-05-28 05:48 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-05-28 05:46 - 2012-05-28 05:47 - 74761776 ____A C:\Users\Evan\Desktop\avast_free_antivirus_setup.exe
2012-05-28 05:33 - 2012-05-28 07:13 - 0044771 ____A C:\Users\Evan\Desktop\avgrep.txt
2012-05-28 05:32 - 2012-05-28 05:32 - 0000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-05-28 05:32 - 2012-05-28 05:32 - 0000216 ____A C:\Windows\Tasks\SidebarExecute.job
2012-05-28 05:32 - 2012-05-28 05:32 - 0000000 ____D C:\Users\Evan\AppData\Roaming\AVG2012
2012-05-28 05:32 - 2012-05-28 05:32 - 0000000 ____D C:\Users\Evan\AppData\Local\AVG Secure Search
2012-05-28 05:32 - 2012-05-28 05:32 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-28 05:31 - 2012-05-28 06:44 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-28 05:31 - 2012-05-28 05:34 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ___HD C:\$AVG
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ____D C:\Program Files (x86)\bleep search
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ____D C:\Program Files (x86)\bleep
2012-05-28 05:26 - 2012-05-28 05:34 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-28 05:26 - 2012-05-28 05:26 - 3878424 ____A (AVG Technologies) C:\Users\Evan\Desktop\avg_free_stb_all_2012_2176_cnet.exe
2012-05-28 05:09 - 2012-05-28 05:26 - 0002243 ____A C:\Windows\epplauncher.mif
2012-05-28 05:08 - 2012-05-28 05:08 - 12621696 ____A (Microsoft Corporation) C:\Users\Evan\Desktop\mseinstall.exe
2012-05-28 05:05 - 2012-05-28 05:05 - 1263344 ____A (ESET) C:\Users\Evan\Desktop\eset_nod32_antivirus_live_installer.exe
2012-05-28 05:03 - 2012-05-28 05:03 - 1012656 ____A C:\Users\Evan\Desktop\rkill.exe
2012-05-28 05:00 - 2012-05-29 11:31 - 1445214 ____A C:\Windows\ntbtlog.txt
2012-05-28 04:58 - 2012-05-28 04:58 - 0000056 ____A C:\Windows\setupact.log
2012-05-28 04:58 - 2012-05-28 04:58 - 0000000 ____A C:\Windows\setuperr.log
2012-05-28 04:22 - 2012-05-28 05:24 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-05-25 05:26 - 2012-05-25 05:27 - 0000704 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-25 05:13 - 2012-05-15 02:48 - 8139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 8105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 5982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 2881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 2681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 2524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 2445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-25 05:13 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-25 05:13 - 2012-04-18 09:08 - 0188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-05-25 05:13 - 2012-04-18 09:08 - 0031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-05-22 17:43 - 2012-05-22 17:43 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-20 04:38 - 2012-05-20 04:38 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-19 19:24 - 2012-05-19 19:24 - 0021019 ____A C:\[isoHunt] Blink-182_-_Neighborhoods_(Deluxe_Version)_[Official_Retail].6700598.TPB.torrent
2012-05-14 16:21 - 2012-05-14 16:21 - 0423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 15:02 - 2012-05-14 15:02 - 0009216 ____A C:\Users\Evan\Documents\hours thinkmap May.doc
2012-05-14 07:25 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-14 07:25 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-14 07:25 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-14 07:25 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-14 07:25 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-14 07:25 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-14 07:25 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-11 17:50 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 17:50 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 17:50 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 17:50 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 17:50 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 17:50 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 17:48 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 17:47 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 10:42 - 2012-05-11 10:42 - 0409972 ____A C:\Users\Evan\Desktop\e95cc98f612b6e169911fbeeb2bf76d8.gif
2012-05-09 04:06 - 2012-05-09 04:06 - 0001952 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-05-09 04:06 - 2012-05-09 04:06 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-07 18:10 - 2012-05-07 18:11 - 0000115 ____A C:\Users\Evan\Desktop\New Text Document (3).txt
2012-05-02 12:22 - 2012-05-02 12:22 - 0000000 ____D C:\Users\Evan\Desktop\Groovedown 0.66
2012-05-01 12:05 - 2012-05-02 12:57 - 0000000 ____D C:\Users\Evan\Desktop\GrooveDown_Downloads
2012-05-01 12:04 - 2012-05-01 12:05 - 0000000 ____D C:\Users\Evan\AppData\Roaming\Groovedown
2012-05-01 08:03 - 2012-05-01 08:03 - 0000000 ____D C:\Users\Evan\AppData\Local\{DAB5DFA5-29F0-4FD9-93D6-2D951F25C382}
2012-05-01 08:03 - 2012-05-01 08:03 - 0000000 ____D C:\Users\Evan\AppData\Local\{93F412E5-8EC1-4CF6-A98B-B5B237233545}

============ 3 Months Modified Files and Folders =============

2012-05-31 16:09 - 2012-05-31 16:08 - 0000000 ____D C:\FRST
2012-05-30 06:35 - 2010-11-13 16:28 - 0119869 ____A C:\aaw7boot.log
2012-05-30 06:35 - 2010-07-10 22:14 - 3112058880 __ASH C:\hiberfil.sys
2012-05-29 11:31 - 2012-05-28 05:00 - 1445214 ____A C:\Windows\ntbtlog.txt
2012-05-28 07:31 - 2012-05-28 07:31 - 0001096 ____A C:\Windows\PFRO.log
2012-05-28 07:28 - 2012-05-28 07:28 - 0000365 ____A C:\Users\Evan\Documents\DrWeb.csv
2012-05-28 07:13 - 2012-05-28 05:33 - 0044771 ____A C:\Users\Evan\Desktop\avgrep.txt
2012-05-28 07:12 - 2012-05-28 06:10 - 0000000 ____D C:\Users\Evan\DoctorWeb
2012-05-28 06:44 - 2012-05-28 05:31 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-28 06:10 - 2010-09-23 13:04 - 0000000 ____D C:\users\Evan
2012-05-28 06:09 - 2012-05-28 06:08 - 85964416 ____A C:\Users\Evan\Desktop\qxtt95au.exe
2012-05-28 05:49 - 2012-05-28 05:49 - 0001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-28 05:49 - 2012-05-28 05:49 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-28 05:48 - 2012-05-28 05:48 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-28 05:48 - 2012-05-28 05:48 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-28 05:47 - 2012-05-28 05:46 - 74761776 ____A C:\Users\Evan\Desktop\avast_free_antivirus_setup.exe
2012-05-28 05:41 - 2012-05-29 17:15 - 0013479 ____A C:\test
2012-05-28 05:41 - 2012-05-29 17:15 - 0013479 ____A C:\abc.txt
2012-05-28 05:41 - 2012-05-29 17:12 - 0013479 ____A C:\abc
2012-05-28 05:39 - 2010-11-03 00:34 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-28 05:34 - 2012-05-28 05:31 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-05-28 05:34 - 2012-05-28 05:26 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-28 05:32 - 2012-05-28 05:32 - 0000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-05-28 05:32 - 2012-05-28 05:32 - 0000216 ____A C:\Windows\Tasks\SidebarExecute.job
2012-05-28 05:32 - 2012-05-28 05:32 - 0000000 ____D C:\Users\Evan\AppData\Roaming\AVG2012
2012-05-28 05:32 - 2012-05-28 05:32 - 0000000 ____D C:\Users\Evan\AppData\Local\AVG Secure Search
2012-05-28 05:32 - 2012-05-28 05:32 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ___HD C:\$AVG
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ____D C:\Program Files (x86)\bleep search
2012-05-28 05:31 - 2012-05-28 05:31 - 0000000 ____D C:\Program Files (x86)\bleep
2012-05-28 05:31 - 2010-09-23 13:04 - 0000000 ____D C:\Users\Evan\AppData\LocalLow
2012-05-28 05:29 - 2012-01-28 18:48 - 0000479 ____A C:\rkill.log
2012-05-28 05:26 - 2012-05-28 05:26 - 3878424 ____A (AVG Technologies) C:\Users\Evan\Desktop\avg_free_stb_all_2012_2176_cnet.exe
2012-05-28 05:26 - 2012-05-28 05:09 - 0002243 ____A C:\Windows\epplauncher.mif
2012-05-28 05:24 - 2012-05-28 04:22 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-05-28 05:08 - 2012-05-28 05:08 - 12621696 ____A (Microsoft Corporation) C:\Users\Evan\Desktop\mseinstall.exe
2012-05-28 05:05 - 2012-05-28 05:05 - 1263344 ____A (ESET) C:\Users\Evan\Desktop\eset_nod32_antivirus_live_installer.exe
2012-05-28 05:03 - 2012-05-28 05:03 - 1012656 ____A C:\Users\Evan\Desktop\rkill.exe
2012-05-28 04:59 - 2011-04-26 08:02 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-05-28 04:59 - 2011-04-26 08:02 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-05-28 04:58 - 2012-05-28 04:58 - 0000056 ____A C:\Windows\setupact.log
2012-05-28 04:58 - 2012-05-28 04:58 - 0000000 ____A C:\Windows\setuperr.log
2012-05-28 04:58 - 2010-11-28 12:00 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-28 04:58 - 2010-02-23 08:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-05-28 04:58 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-28 04:43 - 2010-09-26 15:41 - 0000000 ____D C:\Users\Evan\AppData\Roaming\Skype
2012-05-28 04:43 - 2010-09-24 14:38 - 0000000 ____D C:\Users\Evan\AppData\Roaming\uTorrent
2012-05-28 04:39 - 2010-09-25 12:18 - 0000000 ___HD C:\Users\Evan\Desktop\New Folder (2)
2012-05-28 04:22 - 2012-02-12 17:03 - 0000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-05-28 04:22 - 2010-02-23 07:50 - 0001970 ____A C:\Windows\System32\AutoRunFilter.ini
2012-05-28 04:02 - 2010-11-28 12:00 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-26 06:50 - 2012-04-21 05:10 - 0000000 ____D C:\Users\Evan\Documents\Diablo III
2012-05-26 04:50 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-26 04:50 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-25 17:39 - 2011-11-11 10:04 - 0000000 ____D C:\Users\Evan\AppData\Local\dxhr
2012-05-25 05:27 - 2012-05-25 05:26 - 0000704 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-25 05:15 - 2012-04-15 15:37 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-25 05:14 - 2012-04-15 15:34 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-22 17:43 - 2012-05-22 17:43 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-22 17:43 - 2011-11-12 19:02 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-21 03:27 - 2010-09-24 14:38 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-20 04:44 - 2010-09-25 12:18 - 0000000 ____D C:\Users\Evan\Desktop\??
2012-05-20 04:43 - 2012-04-15 14:54 - 0000000 ____D C:\Users\Evan\AppData\Local\LogMeIn Hamachi
2012-05-20 04:43 - 2010-09-23 21:13 - 0000000 ____D C:\Users\Evan\Tracing
2012-05-20 04:43 - 2010-09-23 14:58 - 0000000 ____D C:\Users\Evan\AppData\Roaming\DAEMON Tools Lite
2012-05-20 04:43 - 2010-02-23 08:09 - 0000000 ____D C:\Windows\Minidump
2012-05-20 04:43 - 2009-07-28 22:03 - 0000000 ____D C:\Windows\Panther
2012-05-20 04:38 - 2012-05-20 04:38 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-20 04:38 - 2011-08-29 19:17 - 0000000 ____D C:\Program Files\CCleaner
2012-05-20 04:38 - 2011-08-29 19:13 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-20 04:35 - 2012-04-13 14:12 - 0000000 ____D C:\Program Files\PeerBlock
2012-05-19 19:24 - 2012-05-19 19:24 - 0021019 ____A C:\[isoHunt] Blink-182_-_Neighborhoods_(Deluxe_Version)_[Official_Retail].6700598.TPB.torrent
2012-05-18 13:27 - 2010-09-23 14:57 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-15 02:48 - 2012-05-25 05:13 - 8139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 8105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 5982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 2881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 2681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 2524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 2445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-25 05:13 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-04-15 15:35 - 1738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-04-15 15:35 - 1468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-04-15 15:35 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-04-15 15:35 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-04-15 15:35 - 0014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2009-10-03 06:32 - 2741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2009-10-03 06:32 - 2368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2009-10-03 06:32 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2009-10-03 06:32 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 01:29 - 2009-10-03 12:02 - 0889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2009-10-03 12:01 - 3149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2009-10-03 12:01 - 2561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:29 - 2009-10-03 12:01 - 0118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2009-10-03 12:01 - 0063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2009-10-03 12:01 - 6151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 16:21 - 2012-05-14 16:21 - 0423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 15:02 - 2012-05-14 15:02 - 0009216 ____A C:\Users\Evan\Documents\hours thinkmap May.doc
2012-05-14 09:09 - 2012-04-15 15:37 - 0000000 ____D C:\users\UpdatusUser
2012-05-14 09:06 - 2009-07-13 20:45 - 0361984 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-14 07:41 - 2009-07-13 21:13 - 0740814 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-14 07:38 - 2010-02-23 07:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-14 07:24 - 2011-04-22 17:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 10:42 - 2012-05-11 10:42 - 0409972 ____A C:\Users\Evan\Desktop\e95cc98f612b6e169911fbeeb2bf76d8.gif
2012-05-09 04:06 - 2012-05-09 04:06 - 0001952 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-05-09 04:06 - 2012-05-09 04:06 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-07 18:11 - 2012-05-07 18:10 - 0000115 ____A C:\Users\Evan\Desktop\New Text Document (3).txt
2012-05-02 12:57 - 2012-05-01 12:05 - 0000000 ____D C:\Users\Evan\Desktop\GrooveDown_Downloads
2012-05-02 12:22 - 2012-05-02 12:22 - 0000000 ____D C:\Users\Evan\Desktop\Groovedown 0.66
2012-05-01 12:05 - 2012-05-01 12:04 - 0000000 ____D C:\Users\Evan\AppData\Roaming\Groovedown
2012-05-01 08:03 - 2012-05-01 08:03 - 0000000 ____D C:\Users\Evan\AppData\Local\{DAB5DFA5-29F0-4FD9-93D6-2D951F25C382}
2012-05-01 08:03 - 2012-05-01 08:03 - 0000000 ____D C:\Users\Evan\AppData\Local\{93F412E5-8EC1-4CF6-A98B-B5B237233545}
2012-04-30 23:52 - 2009-07-13 21:08 - 0032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-26 10:03 - 2010-11-01 08:23 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-21 03:05 - 2012-04-21 03:04 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-19 05:07 - 2012-04-19 05:07 - 0000000 ____D C:\Users\Evan\AppData\Local\{5FE2E14B-B4BB-44CC-958B-1FEA4C677E27}
2012-04-19 05:07 - 2012-04-19 05:07 - 0000000 ____D C:\Users\Evan\AppData\Local\{0D29F5B1-8FBE-4EBC-BD61-DCE7F526F6DE}
2012-04-18 18:50 - 2012-04-18 18:50 - 0028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\dieavg.bak
2012-04-18 09:08 - 2012-05-25 05:13 - 0188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 09:08 - 2012-05-25 05:13 - 0031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-18 09:08 - 2012-04-15 15:35 - 1451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-18 04:50 - 2012-04-13 01:20 - 0000608 ____A C:\Users\Evan\Desktop\New Text Document (2).txt
2012-04-17 22:40 - 2012-04-17 22:39 - 0000000 ____D C:\Users\Evan\AppData\Local\{B4ADFC20-21AC-4FE7-83D5-B51E30D5ACDA}
2012-04-17 22:39 - 2012-04-17 22:39 - 0000000 ____D C:\Users\Evan\AppData\Local\{646B7699-90C7-4E4D-B17D-D5A46705E85E}
2012-04-17 22:39 - 2010-02-23 07:50 - 0001733 ____A C:\Windows\System32\ServiceFilter.ini
2012-04-15 15:37 - 2012-04-15 15:37 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-04-15 15:37 - 2012-04-15 15:37 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-04-15 15:37 - 2012-04-15 15:33 - 0000000 ____D C:\NVIDIA
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-15 15:07 - 2011-07-22 09:20 - 0000000 ____D C:\Users\Evan\Desktop\Random Files
2012-04-15 14:53 - 2012-04-15 14:53 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-04-15 14:51 - 2012-04-15 14:51 - 0009216 ____A C:\Users\Evan\Documents\Invoice Evan Zatorre April 14th SAT example sentences.doc
2012-04-15 14:50 - 2012-04-06 22:57 - 0009216 ____A C:\Users\Evan\Documents\Hours Vocabulary stuff April 2012.doc
2012-04-15 06:01 - 2012-04-15 06:01 - 0000000 ____D C:\Users\Evan\AppData\Local\Last.fm
2012-04-15 06:01 - 2012-04-15 06:01 - 0000000 ____D C:\Users\All Users\Last.fm
2012-04-15 06:01 - 2012-04-15 06:00 - 0000000 ____D C:\Program Files (x86)\Last.fm
2012-04-15 06:01 - 2012-03-21 03:35 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-14 10:33 - 2012-04-14 10:33 - 0000000 ____D C:\Users\Evan\AppData\Local\{571FCC4F-9FC8-4F36-859F-12C37FF94CCE}
2012-04-14 10:33 - 2010-11-01 08:25 - 0000000 ____D C:\Users\Evan\AppData\Local\Windows Live
2012-04-13 11:57 - 2011-11-12 08:38 - 0000000 ____D C:\Users\Evan\AppData\Local\Skyrim
2012-04-13 01:17 - 2012-04-13 01:17 - 0000000 ____D C:\Users\Evan\AppData\Local\{891C4140-9584-45B9-88DA-0ABBB039CAC4}
2012-04-10 22:53 - 2011-03-23 06:01 - 0000000 ____D C:\Users\Evan\Desktop\English Stuff
2012-04-10 10:48 - 2012-04-09 22:47 - 0000000 ____D C:\Users\Evan\AppData\Local\{5CF75CA5-2505-4B30-94DD-B83FD5F03A09}
2012-04-09 05:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-08 11:50 - 2012-04-08 11:50 - 0000000 ____D C:\Users\Evan\AppData\Local\{B585FF9F-7300-4FEC-91FC-D4D1F4BD9B0C}
2012-04-07 09:43 - 2012-04-07 09:43 - 0000000 ____D C:\Users\Evan\AppData\Local\{E9CBB93A-41B1-44A3-AD33-DA3BACD33E42}
2012-04-07 09:20 - 2012-04-07 09:20 - 0000000 ____D C:\Users\Evan\AppData\Local\{034D8FC2-FDFD-4471-A514-94B3C8C7293E}
2012-04-07 09:00 - 2012-04-07 09:00 - 0000000 ____D C:\Users\Evan\AppData\Local\{7A7A8C7A-DCCA-4E3F-99F8-E1A808F7F80F}
2012-04-06 12:50 - 2012-04-06 12:50 - 0000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2012-04-06 09:31 - 2012-04-06 09:31 - 0068727 ____A C:\Users\Evan\Desktop\bookmarx.html
2012-04-06 05:34 - 2012-04-06 05:34 - 0000000 ____D C:\Users\Evan\AppData\Local\{E1F8908C-AD7C-43E5-82D2-8361BE66DD91}
2012-04-05 12:11 - 2012-04-05 12:10 - 0000000 ____D C:\Users\Evan\AppData\Local\{FCA9813C-E55F-4E6F-8359-470018A192E4}
2012-04-04 05:56 - 2011-08-29 19:13 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 22:05 - 2012-05-11 17:50 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 17:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 17:50 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 17:50 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-11 17:47 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 22:01 - 2012-03-28 22:01 - 0000000 ____D C:\Users\Evan\AppData\Local\{067FE3FA-4642-4849-9570-3E6F5BC5206B}
2012-03-27 12:13 - 2012-03-27 12:13 - 0000000 ____D C:\Users\Evan\AppData\Local\{6A79DF26-3E41-40BB-942D-BDF47D848ABA}
2012-03-27 12:13 - 2012-03-27 00:12 - 0000000 ____D C:\Users\Evan\AppData\Local\{20B77D9D-41B3-4833-97DE-CC599ED9323F}
2012-03-27 09:20 - 2012-03-27 09:20 - 0020480 ____A C:\Users\Evan\Documents\a la nacion.doc
2012-03-27 00:13 - 2012-03-27 00:13 - 0000000 ____D C:\Users\Evan\AppData\Local\{E26E298D-E57E-429F-948D-87439A4EF1B4}
2012-03-26 18:44 - 2012-03-26 18:44 - 22259528 ____A C:\Users\Evan\Documents\vlc-2.0.1-win32.exe
2012-03-26 05:41 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-25 13:54 - 2011-08-04 18:17 - 0015360 ____A C:\Users\Evan\Documents\Pokelist.doc
2012-03-25 13:28 - 2012-03-25 11:51 - 0019456 ____A C:\Users\Evan\Documents\la nacion.doc
2012-03-25 09:38 - 2012-03-25 09:38 - 0000000 ____A C:\Users\Evan\Downloads\CA.tmp
2012-03-25 04:46 - 2012-03-25 04:46 - 0000000 ____D C:\Users\Evan\AppData\Local\{5015B037-7348-4C3E-A49F-F66E513015FE}
2012-03-25 04:46 - 2012-03-25 04:45 - 0000000 ____D C:\Users\Evan\AppData\Local\{6E01E732-220D-4B33-A9A1-C0134928CDD0}
2012-03-25 03:14 - 2011-08-05 17:50 - 0032816 ____A C:\Users\Evan\Pokemon Gold.sav
2012-03-25 03:14 - 2011-08-04 14:12 - 0000012 ____A C:\Users\Evan\Pokemon Gold.rtc
2012-03-24 16:45 - 2012-03-24 16:45 - 0000000 ____D C:\Users\Evan\AppData\Local\{DC4E4C02-1C4B-477B-A157-824BC50A8557}
2012-03-24 16:45 - 2012-03-24 16:45 - 0000000 ____D C:\Users\Evan\AppData\Local\{5CA68460-665F-4482-8F9A-56EE5F1DC809}
2012-03-24 13:09 - 2011-08-04 14:07 - 0004289 ____A C:\Users\Evan\bgb.ini
2012-03-24 13:08 - 2011-08-05 14:09 - 0102726 ____A C:\Users\Evan\Pokemon Gold.sn1
2012-03-24 12:46 - 2012-03-23 06:24 - 0000000 ____D C:\Users\Evan\Desktop\104NIKON
2012-03-24 04:45 - 2012-03-24 04:45 - 0000000 ____D C:\Users\Evan\AppData\Local\{B71B0F4A-ADC3-4E7A-BDB5-E7320AC0C483}
2012-03-24 04:45 - 2012-03-24 04:44 - 0000000 ____D C:\Users\Evan\AppData\Local\{E90DD159-79D4-45AD-A476-34EBDBF11DB6}
2012-03-23 13:23 - 2012-03-23 08:06 - 0000000 ____D C:\Users\Evan\Pokemon Online
2012-03-23 11:36 - 2010-09-26 19:23 - 0000000 ____D C:\Users\Evan\AppData\Roaming\vlc
2012-03-23 08:08 - 2012-03-23 08:08 - 0000000 ____D C:\Users\Evan\Documents\Pokemon-Online Logs
2012-03-23 07:38 - 2012-03-23 07:34 - 0005445 ____A C:\Users\Evan\kigb.cfg
2012-03-23 07:35 - 2012-03-23 07:30 - 0000000 ____D C:\Users\Evan\kigb_win
2012-03-23 05:47 - 2012-03-23 05:47 - 0000000 ____D C:\Users\Evan\AppData\Local\{8D645AB1-9E98-4CCC-A366-2444C91C33C5}
2012-03-23 05:47 - 2012-03-23 05:47 - 0000000 ____D C:\Users\Evan\AppData\Local\{4ECBCF94-0685-4E41-AB12-6C82C448AC75}
2012-03-22 17:31 - 2012-03-22 17:30 - 0000000 ____D C:\Users\Evan\AppData\Local\{20D46489-6E81-4AC9-B936-7EBB5AC7EB2B}
2012-03-22 17:30 - 2012-03-22 17:30 - 0000000 ____D C:\Users\Evan\AppData\Local\{F7163D53-142E-4CF3-B40E-A0A16616C31D}
2012-03-22 05:30 - 2012-03-22 05:30 - 0000000 ____D C:\Users\Evan\AppData\Local\{D34B00F5-A09A-4E96-948A-71305280C5C0}
2012-03-22 05:30 - 2012-03-22 05:30 - 0000000 ____D C:\Users\Evan\AppData\Local\{4ABA0374-92FC-457A-B610-5B717A694B40}
2012-03-21 16:50 - 2012-03-23 07:34 - 0032816 ____A C:\Users\Evan\Pokemon Gold - Copy (2).sav
2012-03-21 15:32 - 2012-03-21 15:31 - 0000000 ____D C:\Users\Evan\AppData\Local\{1A6656D5-BDF3-424D-8C78-C41AA88A8577}
2012-03-21 15:31 - 2012-03-21 15:31 - 0000000 ____D C:\Users\Evan\AppData\Local\{092B4FA6-F41D-4A80-9ECF-90064DBBDFB9}
2012-03-21 07:05 - 2012-03-21 07:05 - 0032816 ____A C:\Users\Evan\Pokemon Gold (2).sav
2012-03-21 07:05 - 2012-03-21 07:05 - 0000012 ____A C:\Users\Evan\Pokemon Gold (2).rtc
2012-03-21 04:02 - 2012-03-21 04:05 - 0032816 ____A C:\Users\Evan\Pokemon Gold - Copy.sav
2012-03-21 03:35 - 2012-03-21 03:35 - 0000000 ____D C:\Program Files\iTunes
2012-03-21 03:35 - 2012-03-21 03:35 - 0000000 ____D C:\Program Files\iPod
2012-03-19 08:50 - 2012-03-19 08:19 - 0000038 ____A C:\Users\Evan\cheats.cht
2012-03-19 07:45 - 2012-01-24 08:09 - 1030544 ____A C:\Users\Evan\pokemon+gbemulator.rar
2012-03-18 19:17 - 2012-03-18 19:17 - 0383808 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\eatbleepanddieavg.bak
2012-03-18 14:42 - 2010-09-26 15:39 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-18 10:05 - 2012-03-18 10:05 - 0011776 ____A C:\Users\Evan\Documents\promotion of multilingualism.doc
2012-03-16 23:58 - 2012-05-11 17:48 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-14 14:05 - 2011-01-04 09:04 - 0000000 ____D C:\Users\Evan\Documents\SimCity 4
2012-03-13 15:30 - 2011-11-01 10:55 - 0000000 ____D C:\Users\Evan\Desktop\Lyon 2011
2012-03-11 17:57 - 2010-10-04 05:25 - 0000000 ___HD C:\Users\Evan\Desktop\Photos II
2012-03-10 14:33 - 2012-03-10 14:33 - 0000000 ____D C:\Program Files (x86)\plaync
2012-03-09 07:59 - 2012-03-09 07:59 - 0000000 ____D C:\Users\Evan\Documents\Nexus Mod Manager
2012-03-09 07:59 - 2012-03-09 07:59 - 0000000 ____D C:\Users\Evan\AppData\Local\Black_Tree_Gaming
2012-03-09 07:59 - 2012-03-09 07:59 - 0000000 ____D C:\Program Files\Nexus Mod Manager
2012-03-06 15:15 - 2012-05-28 05:49 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-05-28 05:48 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-05-28 05:48 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-05-28 05:49 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-05-28 05:49 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-05-28 05:49 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-05-28 05:49 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-05-28 05:49 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-05-28 05:49 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-06 06:21 - 2012-03-06 06:19 - 0024064 ____A C:\Users\Evan\Documents\finalversion of the bleep state dude.doc
2012-03-04 16:56 - 2012-03-04 16:56 - 0009641 ____A C:\Users\Evan\Documents\Untitled 1.odt
2012-03-04 16:16 - 2012-03-04 12:20 - 0029184 ____A C:\Users\Evan\Documents\Bourdieu.doc
2012-03-04 13:22 - 2012-03-04 12:50 - 0009216 ____A C:\Users\Evan\Documents\Q writing hours march.doc

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3957.19 MB
Available physical RAM: 3376.17 MB
Total Pagefile: 3955.34 MB
Available Pagefile: 3366.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:1.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:16.11 GB) NTFS
4 Drive f: () (Removable) (Total:3.77 GB) (Free:3.05 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 19 GB 1024 KB
Partition 2 Primary 116 GB 19 GB
Partition 0 Extended 329 GB 135 GB
Partition 3 Logical 329 GB 135 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 116 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 329 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 492 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3863 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2010-10-16 14:20

======================= End Of Log ==========================

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 AM

Posted 31 May 2012 - 02:24 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 03 July 2012 - 08:48 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 moomoo2u

moomoo2u
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 03 June 2012 - 02:18 PM

I cant find the combofix log and the other one is hidden on my USB drive which is still packed away. I'll get back with a response tomorrow or the day after.

I am able to boot now and am using my normal OS (although flash is messed up somehow)

Thanks!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 AM

Posted 03 June 2012 - 02:55 PM

the ComboFix log will be located at C:\ComboFix.txt

if there is no log, then please run combofix again and wait for it to produce a log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 moomoo2u

moomoo2u
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 03 June 2012 - 03:50 PM

heres the combofix, I'll get the other one up tomorrow:


ComboFix 12-05-31.02 - Evan 05/31/2012 22:22:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2559 [GMT 2:00]
Running from: c:\users\Evan\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\bleep
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\ace.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\arabica.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\boost.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\bsdiff.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\bzip.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\carp.html
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\cryptopp.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\curl.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\dazukofs.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\expat.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\imagemagick.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\infozip.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\lua.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\md4_md5_license.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\milter.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\minizip.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\openssl_license.html
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\sasl.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\tinyxml.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\unrar.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\untar.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\xalan_xerces.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\licenses\zlib.txt
c:\program files (x86)\bleep\AVG2012\3rd_party\readme.txt
c:\program files (x86)\bleep\AVG2012\avg.snu
c:\program files (x86)\bleep\AVG2012\avg_us.lng
c:\program files (x86)\bleep\AVG2012\avgabout.dll
c:\program files (x86)\bleep\AVG2012\avgadvisorx.dll
c:\program files (x86)\bleep\AVG2012\avgamnot.dll
c:\program files (x86)\bleep\AVG2012\avgapia.dll
c:\program files (x86)\bleep\AVG2012\avgapix.dll
c:\program files (x86)\bleep\AVG2012\avgapps.dll
c:\program files (x86)\bleep\AVG2012\avgar_us.chm
c:\program files (x86)\bleep\AVG2012\avgatend.stp
c:\program files (x86)\bleep\AVG2012\avgatupd.stp
c:\program files (x86)\bleep\AVG2012\avgcclia.dll
c:\program files (x86)\bleep\AVG2012\avgcclix.dll
c:\program files (x86)\bleep\AVG2012\avgcerta.dll
c:\program files (x86)\bleep\AVG2012\avgcertx.dll
c:\program files (x86)\bleep\AVG2012\avgcfga.dll
c:\program files (x86)\bleep\AVG2012\avgcfgex.exe
c:\program files (x86)\bleep\AVG2012\avgcfgx.dll
c:\program files (x86)\bleep\AVG2012\avgchcla.dll
c:\program files (x86)\bleep\AVG2012\avgchclx.dll
c:\program files (x86)\bleep\AVG2012\avgchjwa.dll
c:\program files (x86)\bleep\AVG2012\avgclita.dll
c:\program files (x86)\bleep\AVG2012\avgclitx.dll
c:\program files (x86)\bleep\AVG2012\avgcmgr.exe
c:\program files (x86)\bleep\AVG2012\avgcorea.dll
c:\program files (x86)\bleep\AVG2012\avgcorex.dll
c:\program files (x86)\bleep\AVG2012\avgcrema.exe
c:\program files (x86)\bleep\AVG2012\avgcsla.dll
c:\program files (x86)\bleep\AVG2012\avgcslx.dll
c:\program files (x86)\bleep\AVG2012\avgcsrva.exe
c:\program files (x86)\bleep\AVG2012\avgcsrvx.exe
c:\program files (x86)\bleep\AVG2012\avgdecider.dll
c:\program files (x86)\bleep\AVG2012\avgdg_us.chm
c:\program files (x86)\bleep\AVG2012\avgdiagex.exe
c:\program files (x86)\bleep\AVG2012\avgdtiea.dll
c:\program files (x86)\bleep\AVG2012\avgdtiex.dll
c:\program files (x86)\bleep\AVG2012\avgdumpa.exe
c:\program files (x86)\bleep\AVG2012\avgdumpx.exe
c:\program files (x86)\bleep\AVG2012\avgemca.exe
c:\program files (x86)\bleep\AVG2012\avgf_us.chm
c:\program files (x86)\bleep\AVG2012\avgfree_us.mht
c:\program files (x86)\bleep\AVG2012\avgidp_us.chm
c:\program files (x86)\bleep\AVG2012\avgidpmx.dll
c:\program files (x86)\bleep\AVG2012\avgidpsdkx.dll
c:\program files (x86)\bleep\AVG2012\avgidsagent.exe
c:\program files (x86)\bleep\AVG2012\avglnga.dll
c:\program files (x86)\bleep\AVG2012\avglngx.dll
c:\program files (x86)\bleep\AVG2012\avgloga.dll
c:\program files (x86)\bleep\AVG2012\avglogx.dll
c:\program files (x86)\bleep\AVG2012\avgls_us.chm
c:\program files (x86)\bleep\AVG2012\avglscanx.exe
c:\program files (x86)\bleep\AVG2012\avgmfapx.exe
c:\program files (x86)\bleep\AVG2012\avgmfarx.dll
c:\program files (x86)\bleep\AVG2012\avgmvfla.dll
c:\program files (x86)\bleep\AVG2012\avgmvflx.dll
c:\program files (x86)\bleep\AVG2012\avgmwdef_us.mht
c:\program files (x86)\bleep\AVG2012\avgnsa.exe
c:\program files (x86)\bleep\AVG2012\avgntdumpa.exe
c:\program files (x86)\bleep\AVG2012\avgntdumpx.exe
c:\program files (x86)\bleep\AVG2012\avgntopenssla.dll
c:\program files (x86)\bleep\AVG2012\avgntopensslx.dll
c:\program files (x86)\bleep\AVG2012\avgntsqlitea.dll
c:\program files (x86)\bleep\AVG2012\avgntsqlitex.dll
c:\program files (x86)\bleep\AVG2012\avgopenssla.dll
c:\program files (x86)\bleep\AVG2012\avgopensslx.dll
c:\program files (x86)\bleep\AVG2012\avgpostinstx.dll
c:\program files (x86)\bleep\AVG2012\avgpp.dll
c:\program files (x86)\bleep\AVG2012\avgppa.dll
c:\program files (x86)\bleep\AVG2012\avgresf.dll
c:\program files (x86)\bleep\AVG2012\avgrkta.dll
c:\program files (x86)\bleep\AVG2012\avgrsa.exe
c:\program files (x86)\bleep\AVG2012\avgsals_us.mht
c:\program files (x86)\bleep\AVG2012\avgsbfree_us.mht
c:\program files (x86)\bleep\AVG2012\avgsbga.dll
c:\program files (x86)\bleep\AVG2012\avgscana.dll
c:\program files (x86)\bleep\AVG2012\avgscana.exe
c:\program files (x86)\bleep\AVG2012\avgscanx.dll
c:\program files (x86)\bleep\AVG2012\avgscanx.exe
c:\program files (x86)\bleep\AVG2012\avgsched.dll
c:\program files (x86)\bleep\AVG2012\avgse.dll
c:\program files (x86)\bleep\AVG2012\avgsea.dll
c:\program files (x86)\bleep\AVG2012\avgsrma.dll
c:\program files (x86)\bleep\AVG2012\avgsrmaa.exe
c:\program files (x86)\bleep\AVG2012\avgsrmax.exe
c:\program files (x86)\bleep\AVG2012\avgsrmx.dll
c:\program files (x86)\bleep\AVG2012\avgssie.dll
c:\program files (x86)\bleep\AVG2012\avgssiea.dll
c:\program files (x86)\bleep\AVG2012\avgsysa.dll
c:\program files (x86)\bleep\AVG2012\avgsysx.dll
c:\program files (x86)\bleep\AVG2012\AVGTBInstall.exe
c:\program files (x86)\bleep\AVG2012\avgtray.exe
c:\program files (x86)\bleep\AVG2012\avgtrial_us.mht
c:\program files (x86)\bleep\AVG2012\avgui.exe
c:\program files (x86)\bleep\AVG2012\avguiadv.dll
c:\program files (x86)\bleep\AVG2012\avguires.dll
c:\program files (x86)\bleep\AVG2012\avguirux.exe
c:\program files (x86)\bleep\AVG2012\avgupd.sig
c:\program files (x86)\bleep\AVG2012\avgupdx.dll
c:\program files (x86)\bleep\AVG2012\avgutila.dll
c:\program files (x86)\bleep\AVG2012\avgutilx.dll
c:\program files (x86)\bleep\AVG2012\avgvva.dll
c:\program files (x86)\bleep\AVG2012\avgvvx.dll
c:\program files (x86)\bleep\AVG2012\avgwd.dll
c:\program files (x86)\bleep\AVG2012\avgwdsvc.exe
c:\program files (x86)\bleep\AVG2012\avgwdwsc.dll
c:\program files (x86)\bleep\AVG2012\avgwebui.dll
c:\program files (x86)\bleep\AVG2012\avgwsc.exe
c:\program files (x86)\bleep\AVG2012\avgxpl.dll
c:\program files (x86)\bleep\AVG2012\avgxpla.dll
c:\program files (x86)\bleep\AVG2012\awacs\dav\component\content.dat
c:\program files (x86)\bleep\AVG2012\awacs\dav\component\image.bmp
c:\program files (x86)\bleep\AVG2012\awacs\dav\sign.bin
c:\program files (x86)\bleep\AVG2012\awacs\fas\component\content.dat
c:\program files (x86)\bleep\AVG2012\awacs\fas\component\image.bmp
c:\program files (x86)\bleep\AVG2012\awacs\fas\sign.bin
c:\program files (x86)\bleep\AVG2012\awacs\obx\component\content.dat
c:\program files (x86)\bleep\AVG2012\awacs\obx\component\image.bmp
c:\program files (x86)\bleep\AVG2012\awacs\obx\sign.bin
c:\program files (x86)\bleep\AVG2012\awacs\pct\component\content.dat
c:\program files (x86)\bleep\AVG2012\awacs\pct\component\image.bmp
c:\program files (x86)\bleep\AVG2012\awacs\pct\sign.bin
c:\program files (x86)\bleep\AVG2012\awacs\rules.cat
c:\program files (x86)\bleep\AVG2012\awacs\rules.js
c:\program files (x86)\bleep\AVG2012\axioo.dll
c:\program files (x86)\bleep\AVG2012\cf.dat
c:\program files (x86)\bleep\AVG2012\Chrome\donottrack.crx
c:\program files (x86)\bleep\AVG2012\Chrome\safesearch.crx
c:\program files (x86)\bleep\AVG2012\compat.ini
c:\program files (x86)\bleep\AVG2012\contacts_us.html
c:\program files (x86)\bleep\AVG2012\dfncfg.dat
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsdriver.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsdriver.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsdrivera.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsdriverx.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsfilter.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsfilter.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsfiltera.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsfilterx.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsh.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsh.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsha.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgidshx.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgidsuniversaldda.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgld.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgld.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgldx64.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgldx86.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgmf.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgmf.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgmfx64.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgmfx86.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgrk.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgrk.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgrkx64.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgrkx86.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgtdi.cat
c:\program files (x86)\bleep\AVG2012\Drivers\avgtdi.inf
c:\program files (x86)\bleep\AVG2012\Drivers\avgtdia.sys
c:\program files (x86)\bleep\AVG2012\Drivers\avgtdix.sys
c:\program files (x86)\bleep\AVG2012\dt.dat
c:\program files (x86)\bleep\AVG2012\eus.dat
c:\program files (x86)\bleep\AVG2012\Firefox\Chrome\searchshield.jar
c:\program files (x86)\bleep\AVG2012\Firefox\DoNotTrack\chrome.manifest
c:\program files (x86)\bleep\AVG2012\Firefox\DoNotTrack\Chrome\donottrack.jar
c:\program files (x86)\bleep\AVG2012\Firefox\DoNotTrack\components\avg-dnt-policy.js
c:\program files (x86)\bleep\AVG2012\Firefox\DoNotTrack\components\avg-dnt-protocol.js
c:\program files (x86)\bleep\AVG2012\Firefox\DoNotTrack\defaults\preferences\defaults.js
c:\program files (x86)\bleep\AVG2012\Firefox\DoNotTrack\install.rdf
c:\program files (x86)\bleep\AVG2012\Firefox4\chrome.manifest
c:\program files (x86)\bleep\AVG2012\Firefox4\Chrome\searchshield.jar
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff10.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff11.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff12.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff5.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff6.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff7.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff8.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\avgssff9.dll
c:\program files (x86)\bleep\AVG2012\Firefox4\Components\ISearchShield4.xpt
c:\program files (x86)\bleep\AVG2012\Firefox4\install.rdf
c:\program files (x86)\bleep\AVG2012\fixcfg.exe
c:\program files (x86)\bleep\AVG2012\html\reportcard\avg_logo.png
c:\program files (x86)\bleep\AVG2012\html\reportcard\awards.png
c:\program files (x86)\bleep\AVG2012\html\reportcard\index.html
c:\program files (x86)\bleep\AVG2012\html\reportcard\menu-bg.png
c:\program files (x86)\bleep\AVG2012\html\reportcard\menu-content-bg.png
c:\program files (x86)\bleep\AVG2012\html\reportcard\menu-footer-bg.png
c:\program files (x86)\bleep\AVG2012\html\reportcard\reportcard.css
c:\program files (x86)\bleep\AVG2012\html\reportcard\table_bg.png
c:\program files (x86)\bleep\AVG2012\HtmLayout.dll
c:\program files (x86)\bleep\AVG2012\Icons\128x128.png
c:\program files (x86)\bleep\AVG2012\Icons\16x16.png
c:\program files (x86)\bleep\AVG2012\Icons\48x48.png
c:\program files (x86)\bleep\AVG2012\Icons\64x64.png
c:\program files (x86)\bleep\AVG2012\Icons\alert_mask.png
c:\program files (x86)\bleep\AVG2012\Icons\avg_icon_128.png
c:\program files (x86)\bleep\AVG2012\Icons\avg_icon_16.png
c:\program files (x86)\bleep\AVG2012\Icons\avg_icon_32.png
c:\program files (x86)\bleep\AVG2012\Icons\avg_icon_48.png
c:\program files (x86)\bleep\AVG2012\Icons\avg_icon_64.png
c:\program files (x86)\bleep\AVG2012\Icons\background_middle_gray.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_middle_green.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_middle_orange.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_middle_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_middle_yellow.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_top_gray.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_top_green.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_top_orange.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_top_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\background_top_yellow.gif
c:\program files (x86)\bleep\AVG2012\Icons\bg_bottom_container.png
c:\program files (x86)\bleep\AVG2012\Icons\bg_bottom_tracking.png
c:\program files (x86)\bleep\AVG2012\Icons\bg_close.gif
c:\program files (x86)\bleep\AVG2012\Icons\bg_expand.gif
c:\program files (x86)\bleep\AVG2012\Icons\bg_mid_container.png
c:\program files (x86)\bleep\AVG2012\Icons\bg_mid_tracking.png
c:\program files (x86)\bleep\AVG2012\Icons\bg_tooltip.gif
c:\program files (x86)\bleep\AVG2012\Icons\bg_top_container.png
c:\program files (x86)\bleep\AVG2012\Icons\bg_top_tracking.png
c:\program files (x86)\bleep\AVG2012\Icons\bg_tracking.gif
c:\program files (x86)\bleep\AVG2012\Icons\block-doc.gif
c:\program files (x86)\bleep\AVG2012\Icons\blocked.gif
c:\program files (x86)\bleep\AVG2012\Icons\blocked12.png
c:\program files (x86)\bleep\AVG2012\Icons\border_bottom_gray.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_bottom_green.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_bottom_orange.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_bottom_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_bottom_yellow.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_top_gray.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_top_green.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_top_orange.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_top_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\border_top_yellow.gif
c:\program files (x86)\bleep\AVG2012\Icons\box_bottom_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\box_top_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\btn_block.png
c:\program files (x86)\bleep\AVG2012\Icons\bubbleBtm.png
c:\program files (x86)\bleep\AVG2012\Icons\bubbleMid.png
c:\program files (x86)\bleep\AVG2012\Icons\bubbleTop.png
c:\program files (x86)\bleep\AVG2012\Icons\bull4x4.gif
c:\program files (x86)\bleep\AVG2012\Icons\caution.gif
c:\program files (x86)\bleep\AVG2012\Icons\caution12.png
c:\program files (x86)\bleep\AVG2012\Icons\click_here_gray.gif
c:\program files (x86)\bleep\AVG2012\Icons\click_here_green.gif
c:\program files (x86)\bleep\AVG2012\Icons\click_here_orange.gif
c:\program files (x86)\bleep\AVG2012\Icons\click_here_red.gif
c:\program files (x86)\bleep\AVG2012\Icons\click_here_yellow.gif
c:\program files (x86)\bleep\AVG2012\Icons\clock.gif
c:\program files (x86)\bleep\AVG2012\Icons\clock12.png
c:\program files (x86)\bleep\AVG2012\Icons\close.gif
c:\program files (x86)\bleep\AVG2012\Icons\divider.gif
c:\program files (x86)\bleep\AVG2012\Icons\DNT-logo.png
c:\program files (x86)\bleep\AVG2012\Icons\green_inline_border_bl.png
c:\program files (x86)\bleep\AVG2012\Icons\green_inline_border_br.png
c:\program files (x86)\bleep\AVG2012\Icons\green_inline_border_r.png
c:\program files (x86)\bleep\AVG2012\Icons\green_inline_border_tl.png
c:\program files (x86)\bleep\AVG2012\Icons\green_inline_border_tr.png
c:\program files (x86)\bleep\AVG2012\Icons\icons_blocked.gif
c:\program files (x86)\bleep\AVG2012\Icons\icons_caution.gif
c:\program files (x86)\bleep\AVG2012\Icons\icons_close.gif
c:\program files (x86)\bleep\AVG2012\Icons\icons_safe.gif
c:\program files (x86)\bleep\AVG2012\Icons\icons_unknown.gif
c:\program files (x86)\bleep\AVG2012\Icons\icons_warning.gif
c:\program files (x86)\bleep\AVG2012\Icons\innerBG_gradient.gif
c:\program files (x86)\bleep\AVG2012\Icons\LS_Logo_Results.gif
c:\program files (x86)\bleep\AVG2012\Icons\orange_inline_border_bl.png
c:\program files (x86)\bleep\AVG2012\Icons\orange_inline_border_br.png
c:\program files (x86)\bleep\AVG2012\Icons\orange_inline_border_r.png
c:\program files (x86)\bleep\AVG2012\Icons\orange_inline_border_tl.png
c:\program files (x86)\bleep\AVG2012\Icons\orange_inline_border_tr.png
c:\program files (x86)\bleep\AVG2012\Icons\product_logo.png
c:\program files (x86)\bleep\AVG2012\Icons\red_inline_border_bl.png
c:\program files (x86)\bleep\AVG2012\Icons\red_inline_border_br.png
c:\program files (x86)\bleep\AVG2012\Icons\red_inline_border_r.png
c:\program files (x86)\bleep\AVG2012\Icons\red_inline_border_tl.png
c:\program files (x86)\bleep\AVG2012\Icons\red_inline_border_tr.png
c:\program files (x86)\bleep\AVG2012\Icons\safe.gif
c:\program files (x86)\bleep\AVG2012\Icons\safe12.png
c:\program files (x86)\bleep\AVG2012\Icons\toolbar_en.bmp
c:\program files (x86)\bleep\AVG2012\Icons\tooltipIcon.png
c:\program files (x86)\bleep\AVG2012\Icons\tracking_off.png
c:\program files (x86)\bleep\AVG2012\Icons\tracking_on.png
c:\program files (x86)\bleep\AVG2012\Icons\unknown.gif
c:\program files (x86)\bleep\AVG2012\Icons\vrsn-secured-lsfo.gif
c:\program files (x86)\bleep\AVG2012\Icons\warning.gif
c:\program files (x86)\bleep\AVG2012\Icons\warning12.png
c:\program files (x86)\bleep\AVG2012\Icons\x_btn.png
c:\program files (x86)\bleep\AVG2012\Icons\yellow_inline_border_bl.png
c:\program files (x86)\bleep\AVG2012\Icons\yellow_inline_border_br.png
c:\program files (x86)\bleep\AVG2012\Icons\yellow_inline_border_r.png
c:\program files (x86)\bleep\AVG2012\Icons\yellow_inline_border_tl.png
c:\program files (x86)\bleep\AVG2012\Icons\yellow_inline_border_tr.png
c:\program files (x86)\bleep\AVG2012\idpfixx.exe
c:\program files (x86)\bleep\AVG2012\js.dat
c:\program files (x86)\bleep\AVG2012\license_us.htm
c:\program files (x86)\bleep\AVG2012\mfaus.lns
c:\program files (x86)\bleep\AVG2012\mfavera.txt
c:\program files (x86)\bleep\AVG2012\mfaverx.txt
c:\program files (x86)\bleep\AVG2012\mwbsr_e_free_us.mht
c:\program files (x86)\bleep\AVG2012\mwbsr_f_free_us.mht
c:\program files (x86)\bleep\AVG2012\PCTuneup\AxBrowsers.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\DiskCleanerHelper.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\DiskDefragHelper.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\helper.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\localizer.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\MicroScanner.exe
c:\program files (x86)\bleep\AVG2012\PCTuneup\MicroScannerElevation.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\PerlRegExp.bpl
c:\program files (x86)\bleep\AVG2012\PCTuneup\RegistryCleanerHelper.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\RescueCenterHelper.dll
c:\program files (x86)\bleep\AVG2012\PCTuneup\rtl120.bpl
c:\program files (x86)\bleep\AVG2012\PCTuneup\vcl120.bpl
c:\program files (x86)\bleep\AVG2012\ph.dat
c:\program files (x86)\bleep\AVG2012\sb.dat
c:\program files (x86)\bleep\AVG2012\sb.dat.xcd
c:\program files (x86)\bleep\AVG2012\sb2.dat
c:\program files (x86)\bleep\AVG2012\sc.dat
c:\program files (x86)\bleep\AVG2012\sc.dat.xcd
c:\program files (x86)\bleep\AVG2012\sounds\scan_finish_threat_found.wav
c:\program files (x86)\bleep\AVG2012\sounds\scan_os_alert.wav
c:\program files (x86)\bleep\AVG2012\sounds\scan_rs_alert.wav
c:\program files (x86)\bleep\AVG2012\sounds\update_end_fail.wav
c:\program files (x86)\bleep\AVG2012\updatecomps.bak
c:\programdata\22cd857d
c:\users\Evan\AppData\Roaming\a3cb8817
c:\users\Evan\AppData\Roaming\FFSJ
c:\users\Evan\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Evan\bgb.exe
c:\users\Evan\Documents\~WRL0001.tmp
c:\users\Evan\Documents\~WRL1714.tmp
c:\users\Evan\g2mdlhlpx.exe
c:\users\Evan\hawknl.dll
c:\users\Evan\kigb.exe
c:\users\Evan\pthreadvce.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\SETB0AB.tmp
c:\windows\SysWow64\SETBB24.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Abel
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 00:08 . 2012-06-01 00:09 -------- d-----w- C:\FRST
2012-05-31 20:31 . 2012-05-31 20:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-31 20:31 . 2012-05-31 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 20:31 . 2012-05-31 20:31 -------- d-----w- c:\users\abc\AppData\Local\temp
2012-05-28 14:10 . 2012-05-28 15:12 -------- d-----w- c:\users\Evan\DoctorWeb
2012-05-28 13:49 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-28 13:49 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-28 13:49 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-28 13:49 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-28 13:49 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-28 13:49 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-28 13:49 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-28 13:48 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-28 13:48 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-28 13:48 . 2012-05-28 13:48 -------- d-----w- c:\programdata\AVAST Software
2012-05-28 13:48 . 2012-05-28 13:48 -------- d-----w- c:\program files\AVAST Software
2012-05-28 13:32 . 2012-05-28 13:32 -------- d-----w- c:\users\Evan\AppData\Roaming\AVG2012
2012-05-28 13:32 . 2012-05-28 13:32 -------- d-----w- c:\users\Evan\AppData\Local\AVG Secure Search
2012-05-28 13:32 . 2012-05-28 13:32 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-28 13:31 . 2012-05-28 13:31 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-28 13:31 . 2012-05-28 13:31 -------- d-----w- c:\program files (x86)\bleep search
2012-05-28 13:31 . 2012-05-28 13:31 -------- d--h--w- c:\programdata\Common Files
2012-05-28 13:31 . 2012-05-28 13:31 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-28 13:31 . 2012-05-28 14:44 -------- d-----w- c:\programdata\AVG2012
2012-05-28 13:31 . 2012-05-28 13:34 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-28 13:31 . 2012-05-28 13:31 -------- d-----w- C:\$AVG
2012-05-28 13:26 . 2012-05-28 13:34 -------- d-----w- c:\programdata\MFAData
2012-05-23 01:43 . 2012-05-23 01:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-14 15:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-14 15:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-14 15:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-14 15:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-14 15:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-14 15:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-14 15:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-12 01:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 01:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 01:50 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 01:50 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 01:50 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 01:50 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 01:48 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 01:47 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 01:47 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 01:47 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 12:06 . 2012-05-09 12:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 00:33 . 2012-02-13 01:03 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-05-23 01:43 . 2011-11-13 03:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-04-15 23:35 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-15 23:35 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-15 23:35 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-04-15 23:35 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2009-10-03 14:32 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2009-10-03 14:32 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2009-10-03 14:32 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2009-10-03 14:32 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2009-10-03 20:02 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2009-10-03 20:01 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2009-10-03 20:01 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2009-10-03 20:01 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2009-10-03 20:01 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2009-10-03 20:01 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-18 17:08 . 2012-04-15 23:35 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-04 13:56 . 2011-08-30 03:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-23 79360]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age i\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2010-11-01 92536]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Image Protection;Image Protect Service;c:\windows\ImageSAFERSvc.exe [2010-08-17 242648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-22 2152720]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-28 932736]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 ISMgr;Image SAFER Process Managerment NT.;c:\windows\system32\ImageSAFERDrv64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 09:46]
.
2012-02-06 c:\windows\Tasks\At1.job
- C:\1.mp3 [2011-09-25 00:47]
.
2012-02-27 c:\windows\Tasks\At3.job
- C:\1.mp3 [2011-09-25 00:47]
.
2012-02-27 c:\windows\Tasks\At4.job
- C:\1.mp3 [2011-09-25 00:47]
.
2012-03-01 c:\windows\Tasks\At5.job
- C:\1.mp3 [2011-09-25 00:47]
.
2012-03-01 c:\windows\Tasks\At6.job
- C:\1.mp3 [2011-09-25 00:47]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 22:00]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 22:00]
.
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-506039063-1963307070-1736628555-1001Core.job
- c:\users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 22:50]
.
2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-506039063-1963307070-1736628555-1001UA.job
- c:\users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 22:50]
.
2012-05-28 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-06-09 13:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Evan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF6072.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = localhost;127.0.0.1;*.local
uInternet Settings,ProxyServer = 209.88.88.40:80
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: wedisk.co.kr
Trusted Zone: wedisk.net
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\cclofv19.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B55384f9c-6442-4c0c-9caf-e815e320ed9b%7D&mid=adefe6739ed847d0a27099127fe07b01-58affe7193cb9c8e81de139258c1c82bd23e2265&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-28%2015%3A31%3A57&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Notify-hitromi - c:\windows\system32\config\systemprofile\AppData\Local\hitromi.dll
SafeBoot-69126776.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-506039063-1963307070-1736628555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-506039063-1963307070-1736628555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*x8+]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-506039063-1963307070-1736628555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*x8+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-506039063-1963307070-1736628555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-506039063-1963307070-1736628555-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,43,08,9e,8d,d1,62,ee,11,78,c0,1f,58,27,5d,48,56,f8,9e,92,d0,
5b,24,49,dc,61,f3,56,d2,8e,d0,a9,c5,a9,10,82,36,d5,54,54,cc,1f,86,37,98,50,\
"rkeysecu"=hex:50,f1,d5,05,50,8d,6a,4b,ad,28,c2,06,73,2e,eb,19
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\MsPMSPSv.exe
c:\windows\system32\ImageSAFERStart_X86.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2012-06-01 02:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 00:47
.
Pre-Run: 1,475,198,976 bytes free
Post-Run: 1,462,669,312 bytes free
.
- - End Of File - - 114C9CD0D8785E4A44636198B1C3FC46

#14 moomoo2u

moomoo2u
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 03 June 2012 - 04:49 PM

any idea why my flash doesnt seem to be working properly on chrome or firefox? (i.e. is it related to this?)

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 AM

Posted 03 June 2012 - 05:01 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\1.mp3

AtJob::

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users