Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:DNS Changer-VJ [Trj]


  • This topic is locked This topic is locked
8 replies to this topic

#1 clicheinatrench

clicheinatrench

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 08 June 2012 - 12:46 AM

Greetings,

Avast is alerting me to Win32:DNS Changer-VJ [Trj] approx. every 5 mins. DDS Logs follow, thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Christian at 23:34:56 on 2012-06-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4095.2575 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Internet Security *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Windows\SOUNDMAN.EXE
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [wpinhi] rundll32.exe "C:\Users\CHRIST~1\AppData\Local\Temp\wpinhi.dll",VecFeedLoad
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{10216472-3E8F-400B-9387-69E6416EACFB} : NameServer = 192.168.1.1
TCP: Interfaces\{54B4FAEE-979C-40E1-9CC4-D3D435EB7CB2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5D11AD0E-376C-48CB-BF27-9919B54F8753} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7BA51DAA-22AE-42EC-9B35-7EB029F326CE} : DhcpNameServer = 209.91.107.11 209.121.225.11
TCP: Interfaces\{8F458CE6-A0A0-4F7C-9920-396EF3DD3253} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8F458CE6-A0A0-4F7C-9920-396EF3DD3253}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A6DDF309-7DEA-4C3A-8300-B582AEF566FB} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\vqnt5s56.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-2 40384]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-5-2 119200]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-10 2214504]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-2 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\qscnusb.sys --> C:\Windows\system32\DRIVERS\qscnusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 129976]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\MRVW24C.sys --> C:\Windows\system32\DRIVERS\MRVW24C.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-08 04:45:17 -------- d-s---w- C:\ComboFix
2012-06-08 04:28:23 -------- d-----w- C:\Users\Christian\AppData\Local\{326EF0E4-04F6-4483-BCD1-F7100678892A}
2012-06-08 04:28:10 -------- d-----w- C:\Users\Christian\AppData\Local\{2BB9BC69-769B-45EB-BE16-EFCE85049B60}
2012-06-07 21:48:54 -------- d-----w- C:\Users\Christian\AppData\Local\{4A0BF1EA-326B-4122-8F0C-21A2DBF23E1F}
2012-06-07 21:48:39 -------- d-----w- C:\Users\Christian\AppData\Local\{A37A7A39-1F55-4513-8CE8-6793C8CDEEB3}
2012-06-07 06:49:59 -------- d-----w- C:\Users\Christian\AppData\Local\Chromium
2012-06-07 06:48:04 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-06-06 06:34:13 -------- d-----w- C:\Users\Christian\AppData\Local\{2A7910F4-831A-4E14-AB3A-FF69AB97A21B}
2012-06-05 18:33:44 -------- d-----w- C:\Users\Christian\AppData\Local\{CD7301B1-7EDB-453C-9561-232225E547A2}
2012-06-05 06:33:14 -------- d-----w- C:\Users\Christian\AppData\Local\{AF608AC2-4F2E-49C7-A1C2-5E08763135FB}
2012-06-04 18:32:47 -------- d-----w- C:\Users\Christian\AppData\Local\{A2D039CA-2D51-4C4D-90A3-18C4A7F92277}
2012-06-04 06:32:09 -------- d-----w- C:\Users\Christian\AppData\Local\{ABE5B05A-30A3-4098-80C0-556AB7EACEE3}
2012-06-03 18:31:38 -------- d-----w- C:\Users\Christian\AppData\Local\{47EF22ED-8D64-4A5F-98C4-08D8FE1F05BB}
2012-06-03 06:31:09 -------- d-----w- C:\Users\Christian\AppData\Local\{D9FBCC42-BC97-41F4-A839-3B11D5DA247A}
2012-06-02 18:30:27 -------- d-----w- C:\Users\Christian\AppData\Local\{A83927AD-6FFB-4D30-A34A-D419797591B6}
2012-06-02 06:29:50 -------- d-----w- C:\Users\Christian\AppData\Local\{5EFF9497-C610-4B4E-923C-42D056D766D4}
2012-06-01 18:29:21 -------- d-----w- C:\Users\Christian\AppData\Local\{5776BAA5-E724-4C8E-82BA-2B9D2C808F32}
2012-06-01 06:28:53 -------- d-----w- C:\Users\Christian\AppData\Local\{451EB866-674B-499F-8FF2-2A563A6DD315}
2012-05-31 18:28:25 -------- d-----w- C:\Users\Christian\AppData\Local\{A2F48E5B-4B9D-47AD-B84A-DF2FEDF98F0D}
2012-05-31 06:27:59 -------- d-----w- C:\Users\Christian\AppData\Local\{018DB52F-4F9F-4AC2-BF1A-CA16985109DC}
2012-05-30 21:18:49 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-05-30 18:27:33 -------- d-----w- C:\Users\Christian\AppData\Local\{5094734C-8AF7-4F04-9259-8FC76A239FDC}
2012-05-30 06:27:07 -------- d-----w- C:\Users\Christian\AppData\Local\{EAFC3ACE-5B47-42E1-98E8-BF1168086030}
2012-05-29 18:26:39 -------- d-----w- C:\Users\Christian\AppData\Local\{D01C50DE-C5F0-4393-9628-B536B623D225}
2012-05-29 06:26:12 -------- d-----w- C:\Users\Christian\AppData\Local\{87E8A536-4E68-4CBC-A275-6A8C9286EF02}
2012-05-28 18:25:45 -------- d-----w- C:\Users\Christian\AppData\Local\{B8A89035-5FF3-42EB-9623-23AE0F579D17}
2012-05-28 06:25:17 -------- d-----w- C:\Users\Christian\AppData\Local\{9D82C2E8-0118-40A5-B088-82E72C42ACD9}
2012-05-27 18:24:48 -------- d-----w- C:\Users\Christian\AppData\Local\{2B120DD6-F2A1-4CF3-BE4A-3E3DB5FD300A}
2012-05-27 18:24:36 -------- d-----w- C:\Users\Christian\AppData\Local\{4695FF81-D2D7-42AC-8B63-2E317D65C8EB}
2012-05-27 07:33:41 -------- d-----w- C:\Users\Christian\AppData\Roaming\Malwarebytes
2012-05-27 07:33:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-27 07:33:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-27 07:33:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-27 06:23:43 -------- d-----w- C:\Users\Christian\AppData\Local\{B8336D13-63A4-4125-896F-D203EFA4067E}
2012-05-27 06:23:23 -------- d-----w- C:\Users\Christian\AppData\Local\{66F54692-481A-4EBD-B7F0-5D157A2BA445}
2012-05-26 07:06:12 -------- d-----w- C:\Users\Christian\AppData\Local\{3D358B96-A701-11E1-8270-B8AC6F996F26}
2012-05-26 07:06:12 -------- d-----w- C:\Users\Christian\AppData\Local\{3D35588D-A701-11E1-8270-B8AC6F996F26}
2012-05-25 17:53:50 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56FC7BA3-F59A-4392-BFE7-44ACBE78371B}\mpengine.dll
2012-05-23 06:35:25 -------- d-----w- C:\Users\Christian\AppData\Local\{63A8A14C-E358-44C7-A6EF-E6C8A395463C}
2012-05-23 06:35:13 -------- d-----w- C:\Users\Christian\AppData\Local\{7E9351B1-4E91-49C5-BA67-BDEB6C1FE127}
2012-05-19 16:55:22 -------- d-----w- C:\Users\Christian\AppData\Local\{526988C0-9E2C-4533-A638-7C7278A2D8EC}
2012-05-19 04:54:56 -------- d-----w- C:\Users\Christian\AppData\Local\{FD6DD773-A215-4C23-8670-4971BE643219}
2012-05-18 16:54:29 -------- d-----w- C:\Users\Christian\AppData\Local\{5DF06C0B-62BE-43BE-AB67-4EFFF8926B5B}
2012-05-18 04:54:02 -------- d-----w- C:\Users\Christian\AppData\Local\{B08F6CB1-AF36-4915-863E-96A31398EDC1}
2012-05-17 16:53:36 -------- d-----w- C:\Users\Christian\AppData\Local\{C4DFFBC8-E56B-4784-AE88-3964534DF276}
2012-05-17 04:53:00 -------- d-----w- C:\Users\Christian\AppData\Local\{91A79EFC-957B-4211-849E-80EF4C708DFB}
2012-05-17 04:52:43 -------- d-----w- C:\Users\Christian\AppData\Local\{AD593D64-E9D6-4E2D-8C8E-680118717091}
2012-05-17 03:41:01 -------- d-----w- C:\Users\Christian\AppData\Local\SKIDROW
2012-05-17 03:32:39 -------- d-----w- C:\Program Files (x86)\Kalypso
2012-05-17 03:07:54 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-17 03:07:51 -------- d-----w- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
2012-05-17 03:07:35 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-05-17 03:00:07 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-05-15 13:45:12 -------- d-----w- C:\Users\Christian\AppData\Local\{11068AEB-311E-4071-AED7-7BE830E92EE3}
2012-05-15 13:45:00 -------- d-----w- C:\Users\Christian\AppData\Local\{A113C902-CFA1-4E87-8A5D-DB820844E195}
2012-05-15 01:44:35 -------- d-----w- C:\Users\Christian\AppData\Local\{026C285C-2C8D-4C02-90B9-BA2FCF483AA7}
2012-05-14 18:20:26 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-14 13:44:09 -------- d-----w- C:\Users\Christian\AppData\Local\{0C726F03-0EF0-426C-B9F4-797A72BD726D}
2012-05-14 13:43:58 -------- d-----w- C:\Users\Christian\AppData\Local\{0FF42EE1-ED3C-4D42-A113-A4F62333ED19}
2012-05-14 01:43:30 -------- d-----w- C:\Users\Christian\AppData\Local\{7F3B9E82-2F74-4A56-9ADA-DEC5868710BB}
2012-05-13 13:43:04 -------- d-----w- C:\Users\Christian\AppData\Local\{FE7CBBED-AFB0-4444-B24E-5361FD0D8500}
2012-05-13 13:42:52 -------- d-----w- C:\Users\Christian\AppData\Local\{D309C461-1247-4ED4-A5AC-7D40A0F8C16C}
2012-05-13 01:42:18 -------- d-----w- C:\Users\Christian\AppData\Local\{9F7610EF-017F-46F2-991B-B14588EAD12F}
2012-05-12 13:41:46 -------- d-----w- C:\Users\Christian\AppData\Local\{1A024010-F66B-4E15-AFB8-101D6614AC9E}
2012-05-12 01:41:19 -------- d-----w- C:\Users\Christian\AppData\Local\{8CA25FB4-2DF5-4099-8829-36AE2F73D920}
2012-05-11 13:40:51 -------- d-----w- C:\Users\Christian\AppData\Local\{81ED27A0-F2A7-40B7-8D23-0ACDC9D8F8C4}
2012-05-11 01:40:25 -------- d-----w- C:\Users\Christian\AppData\Local\{58C1E27B-CAEA-4CCF-97DC-77DB5358F8BB}
2012-05-10 13:39:23 -------- d-----w- C:\Users\Christian\AppData\Local\{AB2A6A58-2E3E-4F27-B977-78E1E87DF149}
2012-05-10 13:38:58 -------- d-----w- C:\Users\Christian\AppData\Local\{1A6FA55B-A69D-467C-970F-F785C4E32B78}
2012-05-09 23:44:41 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 23:44:41 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 23:44:36 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 23:44:08 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 23:44:06 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 23:44:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 23:44:04 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 23:43:50 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 23:43:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 23:43:46 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 23:43:45 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 23:43:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 23:43:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-05-22 10:15:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 23:35:34.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 08 June 2012 - 02:56 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 clicheinatrench

clicheinatrench
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 08 June 2012 - 05:23 AM

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 08-06-2012 03:59:23
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [2838912 2010-09-07] (AVAST Software)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-01-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Christian\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Christian\...\Run: [Google Update] "C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-19] (Google Inc.)
HKU\Christian\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Christian\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [943504 2012-03-06] (Samsung)
HKU\Christian\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-28] ()
HKU\Christian\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Christian\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Christian\...\Run: [wpinhi] rundll32.exe "C:\Users\CHRIST~1\AppData\Local\Temp\wpinhi.dll",VecFeedLoad [297472 2012-05-25] ()
Tcpip\..\Interfaces\{10216472-3E8F-400B-9387-69E6416EACFB}: [NameServer]192.168.1.1
Startup: C:\Users\Christian\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [1249064 2011-07-29] ()
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3479712 2008-09-16] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [125520 2010-09-07] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [61008 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [250448 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [472656 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-09-07] (AVAST Software)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-16] (DT Soft Ltd)
3 MobileAdapter; C:\Windows\System32\DRIVERS\qscnusb.sys [118016 2009-04-21] (QUALCOMM Incorporated)
3 MRV6X64U; C:\Windows\System32\DRIVERS\MRVW24C.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2011-05-06] (Duplex Secure Ltd.)
3 VX1000; C:\Windows\System32\Drivers\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)
1 iglgdgzt; \??\C:\Windows\system32\drivers\iglgdgzt.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-07 22:29 - 2012-06-07 22:29 - 00001412 ____A C:\Users\Christian\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
2012-06-07 21:36 - 2012-06-07 21:36 - 00025726 ____A C:\Users\Christian\Desktop\DDS.txt
2012-06-07 21:36 - 2012-06-07 21:36 - 00020773 ____A C:\Users\Christian\Desktop\Attach.txt
2012-06-07 21:36 - 2012-06-07 21:36 - 00004241 ____A C:\Users\Christian\Desktop\Attach.zip
2012-06-07 21:31 - 2012-06-07 21:32 - 00607260 ____R (Swearware) C:\Users\Christian\Downloads\dds.scr
2012-06-07 21:08 - 2012-06-07 21:08 - 00002084 ____A C:\Users\Christian\Desktop\aswMBR.txt
2012-06-07 21:08 - 2012-06-07 21:08 - 00000512 ____A C:\Users\Christian\Desktop\MBR.dat
2012-06-07 20:53 - 2012-06-07 20:54 - 00127910 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.53.12_log.txt
2012-06-07 20:52 - 2012-06-07 20:54 - 04731392 ____A (AVAST Software) C:\Users\Christian\Downloads\aswMBR (1).exe
2012-06-07 20:52 - 2012-06-07 20:53 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\tdsskiller (1).exe
2012-06-07 20:45 - 2012-06-07 20:45 - 00000000 ___SD C:\ComboFix
2012-06-07 20:45 - 2012-06-07 20:45 - 00000000 ____D C:\Windows\ERDNT
2012-06-07 20:44 - 2012-06-07 20:45 - 00000000 ____D C:\Qoobox
2012-06-07 20:43 - 2012-06-07 20:43 - 00001006 ____A C:\Users\Christian\Desktop\checkup.txt
2012-06-07 20:37 - 2012-06-07 20:38 - 00853862 ____A C:\Users\Christian\Downloads\SecurityCheck.exe
2012-06-07 20:37 - 2012-06-07 20:37 - 04539477 ____A (Swearware) C:\Users\Christian\Downloads\ComboFix (1).exe
2012-06-07 20:28 - 2012-06-07 20:28 - 00000000 ____D C:\Users\Christian\AppData\Local\{326EF0E4-04F6-4483-BCD1-F7100678892A}
2012-06-07 20:28 - 2012-06-07 20:28 - 00000000 ____D C:\Users\Christian\AppData\Local\{2BB9BC69-769B-45EB-BE16-EFCE85049B60}
2012-06-07 13:48 - 2012-06-07 13:49 - 00000000 ____D C:\Users\Christian\AppData\Local\{4A0BF1EA-326B-4122-8F0C-21A2DBF23E1F}
2012-06-07 13:48 - 2012-06-07 13:48 - 00000000 ____D C:\Users\Christian\AppData\Local\{A37A7A39-1F55-4513-8CE8-6793C8CDEEB3}
2012-06-06 22:49 - 2012-06-06 22:49 - 00000000 ____D C:\Users\Christian\AppData\Local\Chromium
2012-06-06 22:48 - 2012-06-06 22:48 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-06 22:47 - 2012-06-06 22:49 - 00000000 ____D C:\Users\Christian\Documents\Rockstar Games
2012-06-05 22:34 - 2012-06-05 22:34 - 00000000 ____D C:\Users\Christian\AppData\Local\{2A7910F4-831A-4E14-AB3A-FF69AB97A21B}
2012-06-05 10:33 - 2012-06-05 10:33 - 00000000 ____D C:\Users\Christian\AppData\Local\{CD7301B1-7EDB-453C-9561-232225E547A2}
2012-06-04 22:33 - 2012-06-04 22:33 - 00000000 ____D C:\Users\Christian\AppData\Local\{AF608AC2-4F2E-49C7-A1C2-5E08763135FB}
2012-06-04 10:32 - 2012-06-04 10:32 - 00000000 ____D C:\Users\Christian\AppData\Local\{A2D039CA-2D51-4C4D-90A3-18C4A7F92277}
2012-06-03 22:32 - 2012-06-03 22:32 - 00000000 ____D C:\Users\Christian\AppData\Local\{ABE5B05A-30A3-4098-80C0-556AB7EACEE3}
2012-06-03 10:31 - 2012-06-03 10:31 - 00000000 ____D C:\Users\Christian\AppData\Local\{47EF22ED-8D64-4A5F-98C4-08D8FE1F05BB}
2012-06-02 22:31 - 2012-06-02 22:31 - 00000000 ____D C:\Users\Christian\AppData\Local\{D9FBCC42-BC97-41F4-A839-3B11D5DA247A}
2012-06-02 10:30 - 2012-06-02 10:30 - 00000000 ____D C:\Users\Christian\AppData\Local\{A83927AD-6FFB-4D30-A34A-D419797591B6}
2012-06-01 22:29 - 2012-06-01 22:30 - 00000000 ____D C:\Users\Christian\AppData\Local\{5EFF9497-C610-4B4E-923C-42D056D766D4}
2012-06-01 10:29 - 2012-06-01 10:29 - 00000000 ____D C:\Users\Christian\AppData\Local\{5776BAA5-E724-4C8E-82BA-2B9D2C808F32}
2012-05-31 22:28 - 2012-05-31 22:29 - 00000000 ____D C:\Users\Christian\AppData\Local\{451EB866-674B-499F-8FF2-2A563A6DD315}
2012-05-31 10:28 - 2012-05-31 10:28 - 00000000 ____D C:\Users\Christian\AppData\Local\{A2F48E5B-4B9D-47AD-B84A-DF2FEDF98F0D}
2012-05-30 23:25 - 2012-05-30 23:34 - 00565859 ____A C:\Users\Christian\Downloads\Chalk-.png
2012-05-30 23:19 - 2012-05-30 23:19 - 01105941 ____A C:\Users\Christian\Downloads\Chalk-.jpg
2012-05-30 22:27 - 2012-05-30 22:28 - 00000000 ____D C:\Users\Christian\AppData\Local\{018DB52F-4F9F-4AC2-BF1A-CA16985109DC}
2012-05-30 10:27 - 2012-05-30 10:27 - 00000000 ____D C:\Users\Christian\AppData\Local\{5094734C-8AF7-4F04-9259-8FC76A239FDC}
2012-05-29 22:27 - 2012-05-29 22:27 - 00000000 ____D C:\Users\Christian\AppData\Local\{EAFC3ACE-5B47-42E1-98E8-BF1168086030}
2012-05-29 10:26 - 2012-05-29 10:26 - 00000000 ____D C:\Users\Christian\AppData\Local\{D01C50DE-C5F0-4393-9628-B536B623D225}
2012-05-29 00:28 - 2012-05-29 00:29 - 02127448 ____A (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\tdsskiller.exe
2012-05-28 22:26 - 2012-05-28 22:26 - 00000000 ____D C:\Users\Christian\AppData\Local\{87E8A536-4E68-4CBC-A275-6A8C9286EF02}
2012-05-28 11:28 - 2012-05-28 11:29 - 04731392 ____A (AVAST Software) C:\Users\Christian\Downloads\aswMBR.exe
2012-05-28 10:25 - 2012-05-28 10:25 - 00000000 ____D C:\Users\Christian\AppData\Local\{B8A89035-5FF3-42EB-9623-23AE0F579D17}
2012-05-27 22:25 - 2012-05-27 22:25 - 00000000 ____D C:\Users\Christian\AppData\Local\{9D82C2E8-0118-40A5-B088-82E72C42ACD9}
2012-05-27 10:24 - 2012-06-05 22:34 - 00000000 ____D C:\Users\Christian\AppData\Local\{4695FF81-D2D7-42AC-8B63-2E317D65C8EB}
2012-05-27 10:24 - 2012-05-27 10:24 - 00000000 ____D C:\Users\Christian\AppData\Local\{2B120DD6-F2A1-4CF3-BE4A-3E3DB5FD300A}
2012-05-26 23:33 - 2012-05-26 23:33 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2012-05-26 23:33 - 2012-05-26 23:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-26 23:33 - 2012-05-26 23:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-26 23:33 - 2012-04-04 13:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-26 23:23 - 2012-05-26 23:24 - 04529532 ____R (Swearware) C:\Users\Christian\Downloads\ComboFix.exe
2012-05-26 22:23 - 2012-05-26 22:24 - 00000000 ____D C:\Users\Christian\AppData\Local\{B8336D13-63A4-4125-896F-D203EFA4067E}
2012-05-26 22:23 - 2012-05-26 22:23 - 00000000 ____D C:\Users\Christian\AppData\Local\{66F54692-481A-4EBD-B7F0-5D157A2BA445}
2012-05-25 23:06 - 2012-05-25 23:06 - 00000000 ____D C:\Users\Christian\AppData\Local\{3D358B96-A701-11E1-8270-B8AC6F996F26}
2012-05-25 23:06 - 2012-05-25 23:06 - 00000000 ____D C:\Users\Christian\AppData\Local\{3D35588D-A701-11E1-8270-B8AC6F996F26}
2012-05-22 22:35 - 2012-05-22 22:35 - 00000000 ____D C:\Users\Christian\AppData\Local\{7E9351B1-4E91-49C5-BA67-BDEB6C1FE127}
2012-05-22 22:35 - 2012-05-22 22:35 - 00000000 ____D C:\Users\Christian\AppData\Local\{63A8A14C-E358-44C7-A6EF-E6C8A395463C}
2012-05-22 22:32 - 2012-05-22 22:32 - 00291680 ____A C:\Windows\Minidump\052312-23843-01.dmp
2012-05-19 08:55 - 2012-05-19 08:55 - 00000000 ____D C:\Users\Christian\AppData\Local\{526988C0-9E2C-4533-A638-7C7278A2D8EC}
2012-05-18 20:54 - 2012-05-18 20:55 - 00000000 ____D C:\Users\Christian\AppData\Local\{FD6DD773-A215-4C23-8670-4971BE643219}
2012-05-18 08:54 - 2012-05-18 08:54 - 00000000 ____D C:\Users\Christian\AppData\Local\{5DF06C0B-62BE-43BE-AB67-4EFFF8926B5B}
2012-05-17 22:40 - 2012-05-31 19:19 - 00028672 ____A C:\Users\Christian\Documents\Glayarc.odt
2012-05-17 20:54 - 2012-05-17 20:54 - 00000000 ____D C:\Users\Christian\AppData\Local\{B08F6CB1-AF36-4915-863E-96A31398EDC1}
2012-05-17 08:53 - 2012-05-17 08:53 - 00000000 ____D C:\Users\Christian\AppData\Local\{C4DFFBC8-E56B-4784-AE88-3964534DF276}
2012-05-16 20:55 - 2012-05-16 20:55 - 00001908 ____A C:\Windows\diagwrn.xml
2012-05-16 20:55 - 2012-05-16 20:55 - 00001908 ____A C:\Windows\diagerr.xml
2012-05-16 20:53 - 2012-05-16 20:53 - 00000000 ____D C:\Users\Christian\AppData\Local\{91A79EFC-957B-4211-849E-80EF4C708DFB}
2012-05-16 20:52 - 2012-05-19 08:55 - 00000000 ____D C:\Users\Christian\AppData\Local\{AD593D64-E9D6-4E2D-8C8E-680118717091}
2012-05-16 19:41 - 2012-05-16 19:57 - 00000000 ____D C:\Users\Public\Documents\Jagged Alliance - Back in Action
2012-05-16 19:41 - 2012-05-16 19:41 - 00000000 ____D C:\Users\Christian\AppData\Local\SKIDROW
2012-05-16 19:32 - 2012-05-16 19:32 - 00000000 ____D C:\Program Files (x86)\Kalypso
2012-05-16 19:07 - 2012-05-16 19:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
2012-05-16 19:07 - 2012-05-16 19:07 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-16 19:07 - 2012-05-16 19:07 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-16 19:00 - 2012-06-07 20:25 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-15 05:45 - 2012-05-15 05:45 - 00000000 ____D C:\Users\Christian\AppData\Local\{A113C902-CFA1-4E87-8A5D-DB820844E195}
2012-05-15 05:45 - 2012-05-15 05:45 - 00000000 ____D C:\Users\Christian\AppData\Local\{11068AEB-311E-4071-AED7-7BE830E92EE3}
2012-05-15 00:34 - 2012-05-15 00:34 - 00291360 ____A C:\Windows\Minidump\051512-30703-01.dmp
2012-05-14 17:44 - 2012-05-14 17:44 - 00000000 ____D C:\Users\Christian\AppData\Local\{026C285C-2C8D-4C02-90B9-BA2FCF483AA7}
2012-05-14 10:20 - 2012-05-22 02:15 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-14 10:20 - 2012-05-14 10:20 - 00000000 ____D C:\Windows\System32\Macromed
2012-05-14 05:44 - 2012-05-14 05:44 - 00000000 ____D C:\Users\Christian\AppData\Local\{0C726F03-0EF0-426C-B9F4-797A72BD726D}
2012-05-14 05:43 - 2012-05-14 17:44 - 00000000 ____D C:\Users\Christian\AppData\Local\{0FF42EE1-ED3C-4D42-A113-A4F62333ED19}
2012-05-13 17:43 - 2012-05-13 17:43 - 00000000 ____D C:\Users\Christian\AppData\Local\{7F3B9E82-2F74-4A56-9ADA-DEC5868710BB}
2012-05-13 05:43 - 2012-05-13 05:43 - 00000000 ____D C:\Users\Christian\AppData\Local\{FE7CBBED-AFB0-4444-B24E-5361FD0D8500}
2012-05-13 05:42 - 2012-05-13 17:43 - 00000000 ____D C:\Users\Christian\AppData\Local\{D309C461-1247-4ED4-A5AC-7D40A0F8C16C}
2012-05-12 20:40 - 2012-05-12 20:40 - 00291624 ____A C:\Windows\Minidump\051212-20828-01.dmp
2012-05-12 17:42 - 2012-05-12 17:42 - 00000000 ____D C:\Users\Christian\AppData\Local\{9F7610EF-017F-46F2-991B-B14588EAD12F}
2012-05-12 05:41 - 2012-05-12 05:41 - 00000000 ____D C:\Users\Christian\AppData\Local\{1A024010-F66B-4E15-AFB8-101D6614AC9E}
2012-05-11 17:41 - 2012-05-11 17:41 - 00000000 ____D C:\Users\Christian\AppData\Local\{8CA25FB4-2DF5-4099-8829-36AE2F73D920}
2012-05-11 05:40 - 2012-05-11 05:41 - 00000000 ____D C:\Users\Christian\AppData\Local\{81ED27A0-F2A7-40B7-8D23-0ACDC9D8F8C4}
2012-05-10 17:40 - 2012-05-10 17:40 - 00000000 ____D C:\Users\Christian\AppData\Local\{58C1E27B-CAEA-4CCF-97DC-77DB5358F8BB}
2012-05-10 05:39 - 2012-05-10 05:39 - 00000000 ____D C:\Users\Christian\AppData\Local\{AB2A6A58-2E3E-4F27-B977-78E1E87DF149}
2012-05-10 05:38 - 2012-05-12 17:42 - 00000000 ____D C:\Users\Christian\AppData\Local\{1A6FA55B-A69D-467C-970F-F785C4E32B78}
2012-05-09 15:44 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 15:44 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 15:44 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 15:44 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 15:44 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 15:44 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 15:44 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 15:43 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys


============ 3 Months Modified Files and Folders =============

2012-06-08 03:59 - 2012-06-08 03:59 - 0000000 ____D C:\FRST
2012-06-08 01:54 - 2011-04-28 18:32 - 1265934 ____A C:\Windows\WindowsUpdate.log
2012-06-08 01:54 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 01:38 - 2011-12-19 22:23 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207793719-792165986-3615585125-1000UA.job
2012-06-07 22:29 - 2012-06-07 22:29 - 0001412 ____A C:\Users\Christian\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
2012-06-07 21:36 - 2012-06-07 21:36 - 0025726 ____A C:\Users\Christian\Desktop\DDS.txt
2012-06-07 21:36 - 2012-06-07 21:36 - 0020773 ____A C:\Users\Christian\Desktop\Attach.txt
2012-06-07 21:36 - 2012-06-07 21:36 - 0004241 ____A C:\Users\Christian\Desktop\Attach.zip
2012-06-07 21:36 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 21:36 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 21:32 - 2012-06-07 21:31 - 0607260 ____R (Swearware) C:\Users\Christian\Downloads\dds.scr
2012-06-07 21:17 - 2011-05-03 15:02 - 0000000 ____D C:\Users\Christian\Tracing
2012-06-07 21:17 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 21:17 - 2009-07-13 20:51 - 0001003 ____A C:\Windows\setupact.log
2012-06-07 21:16 - 2011-04-28 18:29 - 3220725760 __ASH C:\hiberfil.sys
2012-06-07 21:08 - 2012-06-07 21:08 - 0002084 ____A C:\Users\Christian\Desktop\aswMBR.txt
2012-06-07 21:08 - 2012-06-07 21:08 - 0000512 ____A C:\Users\Christian\Desktop\MBR.dat
2012-06-07 20:54 - 2012-06-07 20:53 - 0127910 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.53.12_log.txt
2012-06-07 20:54 - 2012-06-07 20:52 - 4731392 ____A (AVAST Software) C:\Users\Christian\Downloads\aswMBR (1).exe
2012-06-07 20:53 - 2012-06-07 20:52 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\tdsskiller (1).exe
2012-06-07 20:45 - 2012-06-07 20:45 - 0000000 ___SD C:\ComboFix
2012-06-07 20:45 - 2012-06-07 20:45 - 0000000 ____D C:\Windows\ERDNT
2012-06-07 20:45 - 2012-06-07 20:44 - 0000000 ____D C:\Qoobox
2012-06-07 20:44 - 2009-07-13 21:08 - 0032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-07 20:43 - 2012-06-07 20:43 - 0001006 ____A C:\Users\Christian\Desktop\checkup.txt
2012-06-07 20:38 - 2012-06-07 20:37 - 0853862 ____A C:\Users\Christian\Downloads\SecurityCheck.exe
2012-06-07 20:37 - 2012-06-07 20:37 - 4539477 ____A (Swearware) C:\Users\Christian\Downloads\ComboFix (1).exe
2012-06-07 20:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-07 20:28 - 2012-06-07 20:28 - 0000000 ____D C:\Users\Christian\AppData\Local\{326EF0E4-04F6-4483-BCD1-F7100678892A}
2012-06-07 20:28 - 2012-06-07 20:28 - 0000000 ____D C:\Users\Christian\AppData\Local\{2BB9BC69-769B-45EB-BE16-EFCE85049B60}
2012-06-07 20:28 - 2011-08-10 13:11 - 0000000 ____D C:\users\UpdatusUser
2012-06-07 20:28 - 2011-05-03 14:24 - 0000000 ____D C:\Users\Christian\AppData\Local\Windows Live
2012-06-07 20:26 - 2011-04-28 20:46 - 0000000 ____D C:\users\Christian
2012-06-07 20:25 - 2012-05-16 19:00 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-06-07 20:25 - 2011-05-22 21:15 - 0000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2012-06-07 20:25 - 2011-04-28 20:48 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Azureus
2012-06-07 20:25 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-06-07 20:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-06-07 20:24 - 2012-01-27 01:08 - 0000000 ____D C:\Users\All Users\Real
2012-06-07 20:15 - 2011-05-09 21:43 - 0000000 ____D C:\Users\Christian\AppData\Local\ElevatedDiagnostics
2012-06-07 13:49 - 2012-06-07 13:48 - 0000000 ____D C:\Users\Christian\AppData\Local\{4A0BF1EA-326B-4122-8F0C-21A2DBF23E1F}
2012-06-07 13:48 - 2012-06-07 13:48 - 0000000 ____D C:\Users\Christian\AppData\Local\{A37A7A39-1F55-4513-8CE8-6793C8CDEEB3}
2012-06-06 22:49 - 2012-06-06 22:49 - 0000000 ____D C:\Users\Christian\AppData\Local\Chromium
2012-06-06 22:49 - 2012-06-06 22:47 - 0000000 ____D C:\Users\Christian\Documents\Rockstar Games
2012-06-06 22:48 - 2012-06-06 22:48 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-05 22:34 - 2012-06-05 22:34 - 0000000 ____D C:\Users\Christian\AppData\Local\{2A7910F4-831A-4E14-AB3A-FF69AB97A21B}
2012-06-05 22:34 - 2012-05-27 10:24 - 0000000 ____D C:\Users\Christian\AppData\Local\{4695FF81-D2D7-42AC-8B63-2E317D65C8EB}
2012-06-05 10:33 - 2012-06-05 10:33 - 0000000 ____D C:\Users\Christian\AppData\Local\{CD7301B1-7EDB-453C-9561-232225E547A2}
2012-06-04 22:33 - 2012-06-04 22:33 - 0000000 ____D C:\Users\Christian\AppData\Local\{AF608AC2-4F2E-49C7-A1C2-5E08763135FB}
2012-06-04 16:38 - 2011-12-19 22:23 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207793719-792165986-3615585125-1000Core.job
2012-06-04 10:32 - 2012-06-04 10:32 - 0000000 ____D C:\Users\Christian\AppData\Local\{A2D039CA-2D51-4C4D-90A3-18C4A7F92277}
2012-06-03 22:32 - 2012-06-03 22:32 - 0000000 ____D C:\Users\Christian\AppData\Local\{ABE5B05A-30A3-4098-80C0-556AB7EACEE3}
2012-06-03 10:31 - 2012-06-03 10:31 - 0000000 ____D C:\Users\Christian\AppData\Local\{47EF22ED-8D64-4A5F-98C4-08D8FE1F05BB}
2012-06-02 22:31 - 2012-06-02 22:31 - 0000000 ____D C:\Users\Christian\AppData\Local\{D9FBCC42-BC97-41F4-A839-3B11D5DA247A}
2012-06-02 22:15 - 2012-01-27 01:08 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Real
2012-06-02 10:30 - 2012-06-02 10:30 - 0000000 ____D C:\Users\Christian\AppData\Local\{A83927AD-6FFB-4D30-A34A-D419797591B6}
2012-06-01 22:30 - 2012-06-01 22:29 - 0000000 ____D C:\Users\Christian\AppData\Local\{5EFF9497-C610-4B4E-923C-42D056D766D4}
2012-06-01 10:29 - 2012-06-01 10:29 - 0000000 ____D C:\Users\Christian\AppData\Local\{5776BAA5-E724-4C8E-82BA-2B9D2C808F32}
2012-05-31 22:29 - 2012-05-31 22:28 - 0000000 ____D C:\Users\Christian\AppData\Local\{451EB866-674B-499F-8FF2-2A563A6DD315}
2012-05-31 19:19 - 2012-05-17 22:40 - 0028672 ____A C:\Users\Christian\Documents\Glayarc.odt
2012-05-31 10:28 - 2012-05-31 10:28 - 0000000 ____D C:\Users\Christian\AppData\Local\{A2F48E5B-4B9D-47AD-B84A-DF2FEDF98F0D}
2012-05-30 23:34 - 2012-05-30 23:25 - 0565859 ____A C:\Users\Christian\Downloads\Chalk-.png
2012-05-30 23:19 - 2012-05-30 23:19 - 1105941 ____A C:\Users\Christian\Downloads\Chalk-.jpg
2012-05-30 22:28 - 2012-05-30 22:27 - 0000000 ____D C:\Users\Christian\AppData\Local\{018DB52F-4F9F-4AC2-BF1A-CA16985109DC}
2012-05-30 10:27 - 2012-05-30 10:27 - 0000000 ____D C:\Users\Christian\AppData\Local\{5094734C-8AF7-4F04-9259-8FC76A239FDC}
2012-05-29 22:27 - 2012-05-29 22:27 - 0000000 ____D C:\Users\Christian\AppData\Local\{EAFC3ACE-5B47-42E1-98E8-BF1168086030}
2012-05-29 10:26 - 2012-05-29 10:26 - 0000000 ____D C:\Users\Christian\AppData\Local\{D01C50DE-C5F0-4393-9628-B536B623D225}
2012-05-29 00:29 - 2012-05-29 00:28 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\tdsskiller.exe
2012-05-28 22:26 - 2012-05-28 22:26 - 0000000 ____D C:\Users\Christian\AppData\Local\{87E8A536-4E68-4CBC-A275-6A8C9286EF02}
2012-05-28 11:29 - 2012-05-28 11:28 - 4731392 ____A (AVAST Software) C:\Users\Christian\Downloads\aswMBR.exe
2012-05-28 10:25 - 2012-05-28 10:25 - 0000000 ____D C:\Users\Christian\AppData\Local\{B8A89035-5FF3-42EB-9623-23AE0F579D17}
2012-05-27 22:25 - 2012-05-27 22:25 - 0000000 ____D C:\Users\Christian\AppData\Local\{9D82C2E8-0118-40A5-B088-82E72C42ACD9}
2012-05-27 10:24 - 2012-05-27 10:24 - 0000000 ____D C:\Users\Christian\AppData\Local\{2B120DD6-F2A1-4CF3-BE4A-3E3DB5FD300A}
2012-05-26 23:41 - 2011-06-10 16:46 - 0018314 ____A C:\Windows\PFRO.log
2012-05-26 23:33 - 2012-05-26 23:33 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2012-05-26 23:33 - 2012-05-26 23:33 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-26 23:33 - 2012-05-26 23:33 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-26 23:24 - 2012-05-26 23:23 - 4529532 ____R (Swearware) C:\Users\Christian\Downloads\ComboFix.exe
2012-05-26 22:46 - 2011-09-10 20:15 - 0816970 ____A C:\Windows\ntbtlog.txt
2012-05-26 22:24 - 2012-05-26 22:23 - 0000000 ____D C:\Users\Christian\AppData\Local\{B8336D13-63A4-4125-896F-D203EFA4067E}
2012-05-26 22:23 - 2012-05-26 22:23 - 0000000 ____D C:\Users\Christian\AppData\Local\{66F54692-481A-4EBD-B7F0-5D157A2BA445}
2012-05-25 23:06 - 2012-05-25 23:06 - 0000000 ____D C:\Users\Christian\AppData\Local\{3D358B96-A701-11E1-8270-B8AC6F996F26}
2012-05-25 23:06 - 2012-05-25 23:06 - 0000000 ____D C:\Users\Christian\AppData\Local\{3D35588D-A701-11E1-8270-B8AC6F996F26}
2012-05-22 22:35 - 2012-05-22 22:35 - 0000000 ____D C:\Users\Christian\AppData\Local\{7E9351B1-4E91-49C5-BA67-BDEB6C1FE127}
2012-05-22 22:35 - 2012-05-22 22:35 - 0000000 ____D C:\Users\Christian\AppData\Local\{63A8A14C-E358-44C7-A6EF-E6C8A395463C}
2012-05-22 22:32 - 2012-05-22 22:32 - 0291680 ____A C:\Windows\Minidump\052312-23843-01.dmp
2012-05-22 22:32 - 2011-05-31 20:04 - 0000000 ____D C:\Windows\Minidump
2012-05-22 02:15 - 2012-05-14 10:20 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-22 02:15 - 2011-08-25 09:10 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-19 08:55 - 2012-05-19 08:55 - 0000000 ____D C:\Users\Christian\AppData\Local\{526988C0-9E2C-4533-A638-7C7278A2D8EC}
2012-05-19 08:55 - 2012-05-16 20:52 - 0000000 ____D C:\Users\Christian\AppData\Local\{AD593D64-E9D6-4E2D-8C8E-680118717091}
2012-05-18 20:55 - 2012-05-18 20:54 - 0000000 ____D C:\Users\Christian\AppData\Local\{FD6DD773-A215-4C23-8670-4971BE643219}
2012-05-18 08:54 - 2012-05-18 08:54 - 0000000 ____D C:\Users\Christian\AppData\Local\{5DF06C0B-62BE-43BE-AB67-4EFFF8926B5B}
2012-05-17 20:54 - 2012-05-17 20:54 - 0000000 ____D C:\Users\Christian\AppData\Local\{B08F6CB1-AF36-4915-863E-96A31398EDC1}
2012-05-17 08:53 - 2012-05-17 08:53 - 0000000 ____D C:\Users\Christian\AppData\Local\{C4DFFBC8-E56B-4784-AE88-3964534DF276}
2012-05-16 20:55 - 2012-05-16 20:55 - 0001908 ____A C:\Windows\diagwrn.xml
2012-05-16 20:55 - 2012-05-16 20:55 - 0001908 ____A C:\Windows\diagerr.xml
2012-05-16 20:55 - 2009-07-13 20:51 - 0000000 ____A C:\Windows\setuperr.log
2012-05-16 20:53 - 2012-05-16 20:53 - 0000000 ____D C:\Users\Christian\AppData\Local\{91A79EFC-957B-4211-849E-80EF4C708DFB}
2012-05-16 19:57 - 2012-05-16 19:41 - 0000000 ____D C:\Users\Public\Documents\Jagged Alliance - Back in Action
2012-05-16 19:41 - 2012-05-16 19:41 - 0000000 ____D C:\Users\Christian\AppData\Local\SKIDROW
2012-05-16 19:32 - 2012-05-16 19:32 - 0000000 ____D C:\Program Files (x86)\Kalypso
2012-05-16 19:31 - 2012-05-16 19:07 - 0000000 ____D C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
2012-05-16 19:07 - 2012-05-16 19:07 - 0283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-16 19:07 - 2012-05-16 19:07 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-15 05:45 - 2012-05-15 05:45 - 0000000 ____D C:\Users\Christian\AppData\Local\{A113C902-CFA1-4E87-8A5D-DB820844E195}
2012-05-15 05:45 - 2012-05-15 05:45 - 0000000 ____D C:\Users\Christian\AppData\Local\{11068AEB-311E-4071-AED7-7BE830E92EE3}
2012-05-15 00:34 - 2012-05-15 00:34 - 0291360 ____A C:\Windows\Minidump\051512-30703-01.dmp
2012-05-14 17:44 - 2012-05-14 17:44 - 0000000 ____D C:\Users\Christian\AppData\Local\{026C285C-2C8D-4C02-90B9-BA2FCF483AA7}
2012-05-14 17:44 - 2012-05-14 05:43 - 0000000 ____D C:\Users\Christian\AppData\Local\{0FF42EE1-ED3C-4D42-A113-A4F62333ED19}
2012-05-14 10:20 - 2012-05-14 10:20 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-14 05:44 - 2012-05-14 05:44 - 0000000 ____D C:\Users\Christian\AppData\Local\{0C726F03-0EF0-426C-B9F4-797A72BD726D}
2012-05-13 17:43 - 2012-05-13 17:43 - 0000000 ____D C:\Users\Christian\AppData\Local\{7F3B9E82-2F74-4A56-9ADA-DEC5868710BB}
2012-05-13 17:43 - 2012-05-13 05:42 - 0000000 ____D C:\Users\Christian\AppData\Local\{D309C461-1247-4ED4-A5AC-7D40A0F8C16C}
2012-05-13 05:43 - 2012-05-13 05:43 - 0000000 ____D C:\Users\Christian\AppData\Local\{FE7CBBED-AFB0-4444-B24E-5361FD0D8500}
2012-05-12 20:40 - 2012-05-12 20:40 - 0291624 ____A C:\Windows\Minidump\051212-20828-01.dmp
2012-05-12 17:42 - 2012-05-12 17:42 - 0000000 ____D C:\Users\Christian\AppData\Local\{9F7610EF-017F-46F2-991B-B14588EAD12F}
2012-05-12 17:42 - 2012-05-10 05:38 - 0000000 ____D C:\Users\Christian\AppData\Local\{1A6FA55B-A69D-467C-970F-F785C4E32B78}
2012-05-12 05:41 - 2012-05-12 05:41 - 0000000 ____D C:\Users\Christian\AppData\Local\{1A024010-F66B-4E15-AFB8-101D6614AC9E}
2012-05-11 17:41 - 2012-05-11 17:41 - 0000000 ____D C:\Users\Christian\AppData\Local\{8CA25FB4-2DF5-4099-8829-36AE2F73D920}
2012-05-11 05:41 - 2012-05-11 05:40 - 0000000 ____D C:\Users\Christian\AppData\Local\{81ED27A0-F2A7-40B7-8D23-0ACDC9D8F8C4}
2012-05-10 17:40 - 2012-05-10 17:40 - 0000000 ____D C:\Users\Christian\AppData\Local\{58C1E27B-CAEA-4CCF-97DC-77DB5358F8BB}
2012-05-10 05:39 - 2012-05-10 05:39 - 0000000 ____D C:\Users\Christian\AppData\Local\{AB2A6A58-2E3E-4F27-B977-78E1E87DF149}
2012-05-10 05:36 - 2011-05-03 14:30 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 05:36 - 2009-07-13 20:45 - 0292728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 01:14 - 2011-05-04 17:06 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 01:01 - 2009-07-13 23:46 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-08 17:36 - 2012-05-08 17:36 - 0000000 ____D C:\Users\Christian\AppData\Local\Mozilla
2012-05-08 17:36 - 2012-05-08 17:36 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-08 17:36 - 2012-05-08 17:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-08 17:36 - 2012-05-08 17:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-08 17:36 - 2011-06-03 00:34 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Mozilla
2012-05-08 04:16 - 2011-04-28 20:46 - 0000000 ____D C:\Users\Christian\AppData\LocalLow
2012-05-08 04:15 - 2012-05-08 04:14 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-05-08 04:15 - 2011-04-28 20:50 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-05-08 04:14 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-07 14:55 - 2012-05-07 14:55 - 0000000 ____D C:\Users\Christian\AppData\Local\{5E1F7F0C-FFCC-46EF-AFE7-972792D124D7}
2012-05-07 14:55 - 2012-05-07 02:55 - 0000000 ____D C:\Users\Christian\AppData\Local\{75F832E9-0381-4196-B172-391B59720945}
2012-05-07 02:55 - 2012-05-07 02:55 - 0000000 ____D C:\Users\Christian\AppData\Local\{AFA050CB-46E0-482B-90E8-CBA8E983E207}
2012-05-06 17:56 - 2012-05-06 17:55 - 0291616 ____A C:\Windows\Minidump\050612-19953-01.dmp
2012-05-06 14:54 - 2012-05-06 14:54 - 0000000 ____D C:\Users\Christian\AppData\Local\{9E371525-898C-4128-9CFE-C23D29FF22AD}
2012-05-06 14:54 - 2012-05-05 14:53 - 0000000 ____D C:\Users\Christian\AppData\Local\{5EE42CE2-0A38-4975-8FD6-6094EB222AFE}
2012-05-06 02:54 - 2012-05-06 02:54 - 0000000 ____D C:\Users\Christian\AppData\Local\{0B46EC3B-015A-41AB-A236-89D010860EED}
2012-05-05 14:53 - 2012-05-05 14:53 - 0000000 ____D C:\Users\Christian\AppData\Local\{4FE4B1C8-6BA2-4336-8641-C50C2ED4DF37}
2012-05-05 14:52 - 2012-05-05 14:52 - 0291624 ____A C:\Windows\Minidump\050512-23515-01.dmp
2012-05-03 23:11 - 2012-05-03 23:11 - 0000000 ____D C:\Users\Christian\AppData\Local\{52565CA4-B7E3-4A0F-9A8B-B14DC4BA279B}
2012-05-03 23:11 - 2012-05-03 11:10 - 0000000 ____D C:\Users\Christian\AppData\Local\{CA919F99-D937-4189-9321-F121D70E8765}
2012-05-03 11:11 - 2012-05-03 11:10 - 0000000 ____D C:\Users\Christian\AppData\Local\{59708735-D9F1-4BC4-AB73-D95A6343CB82}
2012-05-03 04:45 - 2012-05-08 17:36 - 0000000 ____D C:\Users\Christian\Downloads\Tor Browser
2012-05-02 22:03 - 2012-05-02 22:02 - 0000000 ____D C:\Users\Christian\AppData\Local\{E615C47E-ECF4-47CC-B9A5-72C547FBECF0}
2012-05-02 22:02 - 2012-05-02 22:02 - 0000000 ____D C:\Users\Christian\AppData\Local\{582F1A68-3B35-47E0-AFF8-FC25F6301A08}
2012-05-01 00:19 - 2012-05-01 00:19 - 0000000 ____D C:\Users\Christian\AppData\Local\{0DDD81BF-2C5C-4EF3-A35C-47F95703F88B}
2012-05-01 00:11 - 2012-05-01 00:11 - 4883462 ____A C:\Users\Christian\Downloads\ke$ha (Live Vocal Take)MP3.mp3
2012-04-29 16:32 - 2012-04-29 16:32 - 0000000 ____D C:\Windows\en
2012-04-29 16:30 - 2011-05-03 14:35 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-29 16:29 - 2011-05-03 14:34 - 0000000 ____D C:\Program Files\Windows Live
2012-04-29 16:28 - 2011-04-30 15:46 - 0011211 ____A C:\Windows\DirectX.log
2012-04-29 07:49 - 2012-04-29 07:49 - 0000000 ____D C:\Users\Christian\AppData\Local\{589D9272-9948-47ED-AB70-2B97CF72EA94}
2012-04-29 07:48 - 2012-04-29 07:48 - 0000000 ____D C:\Users\Christian\AppData\Local\{66C1DD33-9EE9-4C85-8C0F-C6DA6378E5CB}
2012-04-28 14:14 - 2012-04-28 14:14 - 0000000 ____D C:\Users\Christian\AppData\Local\DDMSettings
2012-04-27 23:58 - 2012-04-27 23:58 - 0000000 ____D C:\Users\Christian\AppData\Local\{DAE3C9E9-73CC-4C80-87F9-052DD9E60E07}
2012-04-27 23:58 - 2012-04-27 23:58 - 0000000 ____D C:\Users\Christian\AppData\Local\{BF7F9B59-25BC-45A2-88B7-142600091561}
2012-04-26 08:43 - 2011-06-02 09:38 - 0053248 __ASH C:\Users\Christian\Thumbs.db
2012-04-22 02:08 - 2012-04-22 02:08 - 0024144 ____A C:\Users\Christian\Documents\Budget.ods
2012-04-22 01:58 - 2012-04-22 01:58 - 0000000 ____D C:\Users\Christian\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
2012-04-21 23:39 - 2012-04-21 23:39 - 0000000 ____D C:\Users\Christian\AppData\Roaming\dvdcss
2012-04-20 18:12 - 2012-04-20 18:11 - 0000000 ____D C:\Users\Christian\AppData\Local\{F5CE896B-C9DC-4C61-A03E-80FE69E413EF}
2012-04-20 18:11 - 2012-04-20 18:11 - 0000000 ____D C:\Users\Christian\AppData\Local\{6D9EF4BC-D676-4482-BF4D-6D336F07B229}
2012-04-20 18:10 - 2012-04-20 18:09 - 0291608 ____A C:\Windows\Minidump\042012-22703-01.dmp
2012-04-16 13:30 - 2012-04-16 13:30 - 0010752 ____A C:\Users\Christian\Documents\Aaron Resignation.doc
2012-04-16 00:06 - 2012-04-16 00:06 - 0000000 ____D C:\Users\Christian\AppData\Local\{C949843A-8CCE-4577-8A75-E3A182B6B4BF}
2012-04-14 19:36 - 2012-04-14 19:36 - 0000000 ____D C:\Users\Christian\AppData\Local\{C4FBC4A1-2357-4A0A-8AC9-E02DCC4C2FEF}
2012-04-14 19:36 - 2012-04-14 19:35 - 0000000 ____D C:\Users\Christian\AppData\Local\{8C1A0832-25CD-498A-80D5-2EB7D0EDA891}
2012-04-13 01:20 - 2012-04-13 01:19 - 0000000 ____D C:\Users\Christian\AppData\Local\{FEDA066D-B2BC-4372-875E-BA25F7C8D4F4}
2012-04-12 14:11 - 2012-04-12 14:10 - 0016896 ____A C:\Users\Christian\Documents\CoverLetterChristianPetersen.doc
2012-04-12 14:01 - 2012-04-12 14:01 - 0053248 ____A C:\Users\Christian\Documents\ResumeofChristianPetersen.doc
2012-04-11 00:45 - 2012-04-11 00:45 - 0000000 ____D C:\Users\Christian\AppData\Local\{055E7AED-BD0A-4017-8299-586CE6C92D76}
2012-04-11 00:45 - 2012-03-28 00:56 - 0000000 ____D C:\Users\Christian\AppData\Local\Samsung
2012-04-11 00:35 - 2012-04-11 00:35 - 0000000 ____D C:\Users\Christian\AppData\Roaming\KoshyJohn.com
2012-04-10 17:02 - 2012-04-10 17:02 - 0288114 ____A C:\Users\Christian\Documents\Futurama 041_07.jpg
2012-04-04 13:56 - 2012-05-26 23:33 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:41 - 2012-04-03 00:40 - 0000000 ____D C:\Program Files\iTunes
2012-04-03 00:41 - 2012-03-14 11:04 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-03 00:40 - 2012-04-03 00:40 - 0000000 ____D C:\Program Files\iPod
2012-03-30 22:05 - 2012-05-09 15:44 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 15:44 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 15:44 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 15:44 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 15:43 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 00:56 - 2012-03-28 00:56 - 0000000 ____D C:\Users\Christian\Documents\samsung
2012-03-28 00:56 - 2012-03-28 00:56 - 0000000 ____D C:\Users\Christian\AppData\Roaming\Samsung
2012-03-28 00:54 - 2012-03-28 00:52 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-03-28 00:53 - 2012-03-28 00:53 - 0000000 ____D C:\Program Files (x86)\MarkAny
2012-03-28 00:53 - 2012-03-28 00:52 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-28 00:52 - 2012-03-28 00:52 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-28 00:51 - 2012-03-28 00:51 - 0000000 ____D C:\Users\Christian\AppData\Local\Downloaded Installations
2012-03-22 16:06 - 2012-03-22 16:06 - 0000000 ____D C:\Users\Christian\AppData\Local\{7442D710-31C8-4EDC-9637-A29D002EC5EB}
2012-03-22 16:06 - 2012-03-22 16:05 - 0000000 ____D C:\Users\Christian\AppData\Local\{2805FDF0-46DA-46F6-AB1B-BB95EE4D80EC}
2012-03-16 23:58 - 2012-05-09 15:44 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 13:23 - 2012-03-15 13:23 - 0000000 ____D C:\Users\Christian\AppData\Local\{2597DDD8-C8BC-4E51-AA66-7E98605C7104}
2012-03-15 13:23 - 2012-03-14 01:21 - 0000000 ____D C:\Users\Christian\AppData\Local\{595196D4-D286-4D61-9076-4CAA4E8C3D95}
2012-03-15 01:23 - 2012-03-15 01:23 - 0000000 ____D C:\Users\Christian\AppData\Local\{915DB59D-6309-4917-95EE-22E1DF5AD5B7}
2012-03-14 13:23 - 2012-03-14 13:22 - 0000000 ____D C:\Users\Christian\AppData\Local\{FB041A24-9A7A-4B15-A702-3DC8F7D2E0BD}
2012-03-14 01:22 - 2012-03-14 01:22 - 0000000 ____D C:\Users\Christian\AppData\Local\{ED1D9E1E-6C52-459E-A989-68A7AC90FC46}
2012-03-13 13:22 - 2011-06-03 00:39 - 0000000 ____D C:\Users\Christian\Documents\Red Kawa
2012-03-12 17:49 - 2012-03-12 17:48 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-12 17:49 - 2012-03-12 17:47 - 0000000 ____D C:\Users\All Users\DivX
2012-03-12 17:48 - 2012-03-12 17:48 - 0000000 ____D C:\Program Files\DivX
2012-03-12 17:46 - 2012-03-12 17:46 - 0000000 __HDC C:\Users\All Users\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}
2012-03-12 17:46 - 2012-03-12 17:46 - 0000000 ____D C:\Users\Christian\AppData\Local\PackageAware
2012-03-12 17:46 - 2012-03-12 17:46 - 0000000 ____D C:\Program Files (x86)\iLivid

C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\@
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\L
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\n
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\L\00000004.@
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\00000004.@
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\000000cb.@
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\80000000.@
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\80000064.@

C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\@
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\L
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\n
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\L\00000004.@
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\00000004.@
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\00000008.@
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\000000cb.@
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\80000000.@
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4095.37 MB
Available physical RAM: 3547.27 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3532.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.78 GB) (Free:13.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:596.16 GB) (Free:32.67 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:3.51 GB) FAT32
4 Drive f: (My Book) (Fixed) (Total:931.28 GB) (Free:9.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 8 MB
Disk 1 Online 596 GB 9 MB
Disk 2 Online 3824 MB 0 B
Disk 3 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 596 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Lexar FAT32 Removable 3823 MB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F My Book FAT32 Partition 931 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-22 23:02

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 08 June 2012 - 07:31 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

1 iglgdgzt; \??\C:\Windows\system32\drivers\iglgdgzt.sys [x]
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 clicheinatrench

clicheinatrench
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 June 2012 - 05:29 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 2012-06-09 04:23:27 Run:2
Running from E:\

==============================================

iglgdgzt service not found.
C:\Windows\Installer\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0} not found.
C:\Users\Christian\AppData\Local\{a4b87d79-f0c4-1d86-69e4-c7b5f3a925d0} not found.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 09 June 2012 - 01:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 12 June 2012 - 06:02 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 14 June 2012 - 11:35 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 17 June 2012 - 11:36 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users