Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.bcminer Logs Attached


  • This topic is locked This topic is locked
38 replies to this topic

#1 tryingtobebetter

tryingtobebetter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 17 July 2012 - 01:50 PM

Hi

What am I noticing?
Computer is slower and random tabs opening when I am on Internet Explorer
Have Run Malware Bytes and it finds the Trojan and so then I remove it but then I restart computer and rerun scan it is still detected.


I am hoping someone can help.
If you stick with me I promise I will be patient and do as you say.

GMR log attached
and Malware Bytes log attached
I tried running DDR but got gobbledygook e.g ":uiuiuiֵiwiuii"

Please help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 18 July 2012 - 01:23 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 20 July 2012 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 tryingtobebetter

tryingtobebetter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 21 July 2012 - 01:03 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


Just posting. Can't do on weekdays unfortunately.
Thanks for your patience.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 21 July 2012 - 01:25 PM

ok no problem - when do you think you will be able to start?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tryingtobebetter

tryingtobebetter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 21 July 2012 - 01:30 PM

ok no problem - when do you think you will be able to start?


gringo


Right Now. Really appreciate your patience.


Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 21-07-2012 19:23:41
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162584 2011-10-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386840 2011-10-13] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417560 2011-10-13] (Intel Corporation)
HKLM\...\Run: [osnsv] rundll32.exe "C:\Users\ssr25\AppData\Roaming\osnsv.dll",HrLPSZCPToBSTR [x]
HKLM\...\Run: [cowut] "C:\Windows\System32\rundll32.exe" "C:\Users\ssr25\AppData\Roaming\cowut.dll",GetBufferf [387584 2012-07-14] (Analog Devices, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [614400 2009-10-12] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-27] (Google Inc.)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [202296 2012-04-25] (Kaspersky Lab ZAO)
HKU\Administrator\...\Run: [Vaguwyuft] C:\Users\Administrator\AppData\Roaming\Uryzf\xure.exe [x]
HKU\Administrator\...\Policies\system: [LogonHoursAction] 2
HKU\Administrator\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ruma\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-27] (Google Inc.)
HKU\Ruma\...\Run: [cowut] "C:\Windows\System32\rundll32.exe" "C:\Users\ssr25\AppData\Roaming\cowut.dll",GetBufferf [387584 2012-07-14] (Analog Devices, Inc.)
HKU\Ruma\...\Run: [osnsv] rundll32.exe "C:\Users\ssr25\AppData\Roaming\osnsv.dll",HrLPSZCPToBSTR [x]
HKU\Ruma\...\Policies\system: [LogonHoursAction] 2
HKU\Ruma\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\ssr25\...\Run: [AdobeBridge] [x]
HKU\ssr25\...\Run: [SyncMyCal] [x]
HKU\ssr25\...\Run: [Akamai NetSession Interface] "C:\Users\ssr25\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\ssr25\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\ssr25\...\Run: [Google Update] "C:\Users\ssr25\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-17] (Google Inc.)
HKU\ssr25\...\Policies\system: [LogonHoursAction] 2
HKU\ssr25\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Auto Activate Office 2010 VL.lnk
ShortcutTarget: Auto Activate Office 2010 VL.lnk -> C:\Windows\actofvl\aaovl.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\CardMinder V2.0\CardLauncher.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
ShortcutTarget: Trend Micro SafeSync.lnk -> C:\Program Files\humyo SmartDrive\HrfsClient.exe (Trend Micro Inc.)

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1226096 2012-05-03] (Lavasoft Limited)
3 DMService; C:\Windows\DOWNLO~1\DMService.exe [468368 2011-10-15] (Microsoft Corporation)
2 KSS; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r [202296 2012-04-25] (Kaspersky Lab ZAO)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River, Inc.)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [61916000 2011-04-23] (Microsoft Corporation)
2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.)
3 OnlineStorageService; "C:\Program Files\humyo SmartDrive\hrfscore.exe" [7587088 2012-01-04] (Trend Micro Inc.)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-07] (Trusteer Ltd.)
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [247152 2009-02-15] ()
3 Samsung UPD Service; "C:\Windows\System32\SUPDSvc.exe" [167280 2010-03-16] (Samsung Electronics CO., LTD.)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [428384 2011-04-23] (Microsoft Corporation)
2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [149904 2010-04-08] (Microsoft ® Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-28] (Google Inc)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-06-10] (Samsung Electronics Co., Ltd.)
2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [41984 2007-01-11] (Samsung Electronics Co., Ltd.)
3 hrfsmrx; C:\Windows\System32\Drivers\hrfsmrx.sys [186128 2011-07-10] (Trend Micro Inc.)
3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [35600 2007-01-23] (Logitech Inc.)
3 L8042mou; C:\Windows\System32\Drivers\L8042mou.sys [112400 2007-01-23] (Logitech Inc.)
3 LMouKE; C:\Windows\System32\Drivers\LMouKE.sys [136976 2007-01-23] (Logitech Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
2 npf; C:\Windows\System32\Drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-07] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101464 2012-07-07] (Trusteer Ltd.)
4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)
3 toshidpt; C:\Windows\System32\Drivers\toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [81768 2009-07-28] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 zghsmdm; C:\Windows\System32\Drivers\zghsmdm.sys [122624 2011-01-12] (ZTE Incorporated)
2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-08-04] (CyberLink Corp.)
3 cpuz132; \??\C:\Users\ssr25\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-21 10:12 - 2012-07-21 10:13 - 00000000 ____D C:\Users\ssr25\AppData\Local\{4E73B274-6F0B-41D2-A29B-FD3075C3AC4E}
2012-07-21 10:11 - 2012-07-21 10:12 - 00000000 ____D C:\Users\ssr25\AppData\Local\{66AD6554-4177-4D29-9715-2F4EB3496E36}
2012-07-21 08:56 - 2012-07-21 08:56 - 00000000 ____D C:\Users\ssr25\AppData\Local\{E0CA9CD2-12BA-4924-9C73-A11815FE25CE}
2012-07-21 08:56 - 2012-07-21 08:56 - 00000000 ____D C:\Users\ssr25\AppData\Local\{255127F9-2A42-4166-A323-5C913F590C50}
2012-07-21 08:30 - 2012-07-21 08:30 - 00277912 ____A C:\Windows\Minidump\072112-24039-01.dmp
2012-07-21 01:50 - 2012-07-21 01:50 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-07-21 01:00 - 2012-07-21 01:00 - 00000165 ___AH C:\Users\ssr25\Documents\~$quran.xlsx
2012-07-20 12:29 - 2012-07-20 12:29 - 00000000 ____D C:\Users\ssr25\AppData\Local\{D3991436-8244-45CF-8E38-03A516DB714E}
2012-07-20 12:29 - 2012-07-20 12:29 - 00000000 ____D C:\Users\ssr25\AppData\Local\{0C79532E-4EA8-49DB-AE37-5563F25921CA}
2012-07-19 12:33 - 2012-07-19 12:33 - 00000000 ____D C:\Users\ssr25\AppData\Local\{8632DD4C-5BB3-4583-9F2D-4173E93424CC}
2012-07-19 12:33 - 2012-07-19 12:33 - 00000000 ____D C:\Users\ssr25\AppData\Local\{4EAE605B-3821-4452-8545-182EDBA96535}
2012-07-18 13:03 - 2012-07-18 13:03 - 00000000 ____D C:\Users\ssr25\AppData\Local\{CCEE9592-AF28-4FF9-968D-43CA30E4586F}
2012-07-18 13:03 - 2012-07-18 13:03 - 00000000 ____D C:\Users\ssr25\AppData\Local\{A861A106-2C48-4714-9EB3-5DD9B44BDC77}
2012-07-17 10:32 - 2012-07-17 10:32 - 00000000 ____D C:\Users\ssr25\AppData\Local\{CFBB7D9C-A7F7-4D8B-A8D0-3DB4A6439DE8}
2012-07-17 10:32 - 2012-07-17 10:32 - 00000000 ____D C:\Users\ssr25\AppData\Local\{CAB735C4-1592-4FCE-923A-C0AAFC263229}
2012-07-16 15:33 - 2012-07-16 15:33 - 00294216 ____A C:\Users\ssr25\Desktop\gmer.zip
2012-07-16 15:33 - 2011-07-16 13:21 - 00302592 ____A C:\Users\ssr25\Desktop\gmer.exe
2012-07-16 15:32 - 2012-07-17 10:39 - 00000000 ____D C:\Users\ssr25\Desktop\copies
2012-07-16 15:32 - 2012-07-16 15:32 - 00302592 ____A C:\Users\ssr25\Desktop\mgjwxrj8.exe
2012-07-16 15:30 - 2012-07-16 15:30 - 00607260 ____A (Swearware) C:\Users\ssr25\Desktop\dds.scr
2012-07-16 15:20 - 2012-07-16 15:20 - 04579127 ____A (Swearware) C:\Users\ssr25\Desktop\ComboFix.exe
2012-07-16 14:55 - 2012-07-16 14:55 - 00000000 ____D C:\Users\ssr25\AppData\Local\{9902840A-CD61-415E-8137-B11049EA22D2}
2012-07-16 14:55 - 2012-07-16 14:55 - 00000000 ____D C:\Users\ssr25\AppData\Local\{33FB42DC-B722-4700-9173-94D73F588CD8}
2012-07-15 11:44 - 2012-07-15 11:44 - 00000000 ____D C:\Users\ssr25\AppData\Local\{4CD0CF32-5421-44F6-9C77-C8781BA539A7}
2012-07-15 11:44 - 2012-07-15 11:44 - 00000000 ____D C:\Users\ssr25\AppData\Local\{1CCAC845-63C0-4278-999D-AB7A8CB51E6B}
2012-07-15 11:33 - 2012-07-15 11:33 - 00277912 ____A C:\Windows\Minidump\071512-54615-01.dmp
2012-07-14 19:26 - 2012-07-14 19:27 - 09622688 ____A C:\Users\ssr25\Desktop\SopCast-3.5.0.exe
2012-07-14 19:21 - 2012-07-14 19:21 - 00000009 ____A C:\END
2012-07-14 19:20 - 2012-07-14 19:20 - 00369880 ____A C:\Users\ssr25\Desktop\sopcastSetup.exe
2012-07-14 19:11 - 2012-07-14 19:11 - 00000000 ____D C:\Users\ssr25\AppData\Local\{5C9D5E5E-0708-4CC2-88B9-BBBC907EBF4A}
2012-07-14 19:11 - 2012-07-14 19:11 - 00000000 ____D C:\Users\ssr25\AppData\Local\{15A0D62D-BB9C-4466-8F9C-1D587DC3360E}
2012-07-14 13:56 - 2012-07-14 13:56 - 00000000 ____D C:\Users\ssr25\AppData\Local\{53DBC775-9AD8-4018-A012-E64F399D5211}
2012-07-14 13:55 - 2012-07-14 13:56 - 00000000 ____D C:\Users\ssr25\AppData\Local\{6A303663-53F0-4206-B8F0-FF176D253CE0}
2012-07-14 13:40 - 2012-07-14 13:40 - 00000000 ____D C:\Users\ssr25\AppData\Roaming\Malwarebytes
2012-07-14 13:40 - 2012-07-14 13:40 - 00000000 ____D C:\Users\ssr25\AppData\Local\{6D8A9ACB-F8ED-4D87-9525-5056E3EBFCC7}
2012-07-14 13:40 - 2012-07-14 13:40 - 00000000 ____D C:\Users\ssr25\AppData\Local\{2A9FE407-CD3D-41CE-97F2-6123F9B45719}
2012-07-14 13:35 - 2012-07-14 13:35 - 00000000 ____D C:\Users\ssr25\AppData\Local\{A880BCCA-3B45-4432-90D9-C9B439CD9E3B}
2012-07-14 13:35 - 2012-07-14 13:35 - 00000000 ____D C:\Users\ssr25\AppData\Local\{21C38B5F-F3BA-4D60-9BC3-15B029415D73}
2012-07-14 13:18 - 2012-07-14 13:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 13:18 - 2012-07-14 13:36 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 13:18 - 2012-07-14 13:18 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-14 13:18 - 2012-07-14 13:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-14 13:18 - 2012-07-03 04:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-14 13:12 - 2012-07-14 13:14 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-14 13:11 - 2012-07-14 13:17 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-14 13:11 - 2012-07-14 13:13 - 03889704 ____A (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup320.exe
2012-07-14 13:10 - 2012-07-14 13:32 - 42235997 ____A C:\Users\Administrator\Downloads\avast_free_antivirus_setup.exe.vslfnlh.partial
2012-07-14 13:10 - 2012-07-14 13:12 - 03875048 ____A (AVG Technologies) C:\Users\Administrator\Downloads\avg_free_stb_all_2012_2195_cnet.exe
2012-07-14 13:00 - 2012-07-14 13:00 - 00000000 ____D C:\Users\ssr25\AppData\Local\{F7CB0F3F-F88A-42C8-BB17-89854318987C}
2012-07-14 10:41 - 2012-07-14 13:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Uryzf
2012-07-14 10:41 - 2012-07-14 12:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Odofte
2012-07-14 10:41 - 2012-07-14 10:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Etov
2012-07-14 07:29 - 2012-07-14 07:29 - 00000000 ____D C:\Users\Ruma\AppData\Local\Macromedia
2012-07-14 07:27 - 2012-07-14 07:27 - 00000000 ____D C:\Users\Ruma\AppData\Local\{71EC0E1B-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 07:12 - 2012-07-14 12:26 - 142902608 ____A C:\Users\Administrator\Desktop\setup_11.0.0.1245.x01_2012_07_14_16_55.exe
2012-07-14 07:01 - 2012-07-14 12:10 - 128378476 ____A (Kaspersky Lab) C:\Users\Administrator\Desktop\kav12.0.0.374en_gb.exe
2012-07-14 05:55 - 2012-07-14 12:37 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-14 05:55 - 2012-07-14 05:55 - 00001081 ____A C:\Users\Administrator\Desktop\Kaspersky Security Scan.lnk
2012-07-14 05:55 - 2012-07-14 05:55 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-07-14 05:24 - 2012-07-14 05:24 - 00179960 ____A (Kaspersky Lab) C:\Users\Administrator\Desktop\kss12.0.1.117mlg_en-gb_ru-gb_fr-gb_de-gb.exe
2012-07-14 05:23 - 2012-07-14 05:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 05:14 - 2012-07-14 05:14 - 00000000 ____D C:\Users\ssr25\AppData\Local\{5F5186DA-C209-424B-B9F1-D86E06DDAB07}
2012-07-14 05:11 - 2010-04-30 05:56 - 00001798 ____A C:\Windows\System32\Drivers\etc\hosts.20120714-141122.backup
2012-07-14 04:45 - 2012-07-14 04:45 - 00000000 ____D C:\Users\ssr25\AppData\Local\{E133D3D1-2087-46FD-A40F-A0989CCE95A0}
2012-07-14 04:37 - 2012-07-14 04:37 - 00000000 ____D C:\Users\ssr25\AppData\Local\{FE7E4251-C6C1-445E-B02D-A457C8418604}
2012-07-14 04:20 - 2012-07-14 04:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-07-14 04:19 - 2012-07-14 04:19 - 03875048 ____A (AVG Technologies) C:\Users\ssr25\Desktop\avg_free_stb_all_2012_2195_cnet.exe
2012-07-14 04:14 - 2012-07-14 04:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\{71EC0E1B-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 04:07 - 2012-07-14 04:09 - 00000000 ____D C:\Users\All Users\7531CCB10074778F1A9A232FF875F002
2012-07-14 04:07 - 2012-07-14 04:07 - 00387584 ____A (Analog Devices, Inc.) C:\Users\ssr25\AppData\Roaming\cowut.dll
2012-07-14 04:07 - 2012-07-14 04:07 - 00000000 ____D C:\Windows\scoped_dir_6584_4313
2012-07-14 04:07 - 2012-07-14 04:07 - 00000000 ____D C:\Users\ssr25\AppData\Local\{71EC3FDE-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 04:07 - 2012-07-14 04:07 - 00000000 ____D C:\Users\ssr25\AppData\Local\{71EC0E1B-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 04:06 - 2012-07-14 04:06 - 00062976 ___AH (FRISK Software International) C:\Windows\System32\compgman64.dll
2012-07-13 12:28 - 2012-07-13 12:29 - 00000000 ____D C:\Users\ssr25\AppData\Local\{627F0DB0-822F-4923-888D-0EC0076FA37D}
2012-07-13 12:28 - 2012-07-13 12:28 - 00000000 ____D C:\Users\ssr25\AppData\Local\{D569C490-9D2F-4358-9EB2-F4923DC0E0F3}
2012-07-12 13:01 - 2012-07-12 13:01 - 00000000 ____D C:\Users\ssr25\AppData\Local\{EB56F3A0-52CC-4087-96E5-01772DD19342}
2012-07-12 13:01 - 2012-07-12 13:01 - 00000000 ____D C:\Users\ssr25\AppData\Local\{07BC5A43-5B51-43A3-80D1-113AE482D3CF}
2012-07-11 16:48 - 2012-07-11 16:48 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-11 14:16 - 2012-07-11 14:16 - 00000000 ____D C:\Users\ssr25\AppData\Local\{F2BD4940-F686-4C44-BBB7-68B38F618F16}
2012-07-11 14:16 - 2012-07-11 14:16 - 00000000 ____D C:\Users\ssr25\AppData\Local\{97BE05B7-39D4-47B3-8DFC-2B1B0507AA14}
2012-07-10 22:05 - 2012-07-10 22:05 - 00000000 ____D C:\Users\ssr25\AppData\Local\{2B6E0C7A-DB83-42AF-B8AC-C7D200BD638B}
2012-07-10 22:04 - 2012-07-10 22:05 - 00000000 ____D C:\Users\ssr25\AppData\Local\{D1BF08C2-0B2C-4823-98AB-ACF2AC0291D0}
2012-07-10 18:11 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 18:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 18:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 18:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 18:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 18:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 18:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 18:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 18:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 18:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 18:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 18:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 18:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 18:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 18:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 18:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 18:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 18:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 18:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 18:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 18:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 18:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 18:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 18:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 18:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 18:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 18:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 18:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 18:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 14:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 14:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 14:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 14:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 14:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 14:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 14:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 14:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 14:06 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 14:06 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 14:06 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 14:06 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 14:06 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 14:06 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 14:06 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 14:06 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 14:06 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 14:06 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 14:06 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 13:56 - 2012-07-10 13:56 - 00000000 ____D C:\Users\ssr25\AppData\Local\{E70C09CB-B4C2-4BFD-87CE-FFF545D58B52}
2012-07-10 13:56 - 2012-07-10 13:56 - 00000000 ____D C:\Users\ssr25\AppData\Local\{660EDE32-3747-4273-8750-2DBF33208C04}
2012-07-09 11:01 - 2012-07-09 11:01 - 00000000 ____D C:\Users\ssr25\AppData\Local\{2EE7994F-EEB3-4FFD-A692-9BBE9FC3BDE7}
2012-07-09 11:01 - 2012-07-09 11:01 - 00000000 ____D C:\Users\ssr25\AppData\Local\{11CF4C76-1BB4-4C77-B789-EDF7493C013C}
2012-07-08 11:57 - 2012-07-08 11:57 - 00000000 ____D C:\Users\ssr25\AppData\Local\{A28B0BDF-6B88-4B5F-B35F-9ED213112199}
2012-07-08 08:00 - 2012-07-09 22:46 - 00138654 ____A C:\Users\ssr25\Documents\TimeTable.xlsx
2012-07-07 09:11 - 2012-07-07 09:25 - 00000000 ____D C:\Users\ssr25\Documents\Hajj
2012-07-06 13:51 - 2012-07-06 13:51 - 00000000 ____D C:\Users\ssr25\AppData\Local\{F9417168-2DBB-49BA-8DFD-669359534A5A}
2012-07-06 13:51 - 2012-07-06 13:51 - 00000000 ____D C:\Users\ssr25\AppData\Local\{1D2D7A79-642B-465B-9F12-57B57A912586}
2012-07-06 09:15 - 2012-07-06 09:15 - 00000000 ____D C:\Users\ssr25\AppData\Local\{2BB18D0A-8B2C-4219-A2D0-A7CEB82AC854}
2012-07-06 09:15 - 2012-07-06 09:15 - 00000000 ____D C:\Users\ssr25\AppData\Local\{23380988-8C1D-4C62-8DE5-FF1639D29366}
2012-07-05 10:51 - 2012-07-05 10:51 - 00000000 ____D C:\Users\ssr25\AppData\Local\{22F6F3DB-AC0F-4416-9DD0-31FEFE491413}
2012-07-05 10:50 - 2012-07-05 10:51 - 00000000 ____D C:\Users\ssr25\AppData\Local\{E01EC1D8-10B0-48E8-9353-CCFC0DDC412C}
2012-07-04 22:20 - 2012-07-04 22:20 - 00000000 ____D C:\Users\ssr25\AppData\Local\{CF154C2B-4C94-47A0-A949-241162F5D6CB}
2012-07-04 22:20 - 2012-07-04 22:20 - 00000000 ____D C:\Users\ssr25\AppData\Local\{043DFE05-ADE8-4E40-AA54-7387360DC4E8}
2012-07-04 14:24 - 2012-07-04 14:25 - 00000000 ____D C:\Users\ssr25\AppData\Local\{5289A440-C66F-46EB-9AF6-09B6A855FE61}
2012-07-04 14:24 - 2012-07-04 14:24 - 00000000 ____D C:\Users\ssr25\AppData\Local\{FE6C343E-CDB5-4E03-A6F3-D74DD220B0E2}
2012-07-03 11:52 - 2012-07-03 11:55 - 00000000 ____D C:\Users\ssr25\Documents\Purchases
2012-07-03 11:46 - 2012-07-03 11:47 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader for ScanSnap
2012-07-03 11:45 - 2012-07-03 11:45 - 00000846 ____A C:\Users\Public\Desktop\CardMinder.lnk
2012-07-03 11:41 - 2009-09-18 13:01 - 00367616 ____A (PFU Limited) C:\Windows\System32\s1300u-x64.dll
2012-07-03 11:41 - 2009-04-23 11:29 - 02873856 ____A (PFU Limited) C:\Windows\System32\ijl5s1300-x64.dll
2012-07-03 11:41 - 2009-04-23 11:29 - 00695296 ____A (PFU Limited) C:\Windows\System32\ippi5s1300-x64.dll
2012-07-03 11:41 - 2008-04-02 23:08 - 00033280 ____A (PFU) C:\Windows\System32\fj52usb-x64.dll
2012-07-03 11:41 - 2007-07-26 13:47 - 00351744 ____A (PFU Limited) C:\Windows\System32\s300u-x64.dll
2012-07-03 11:41 - 2007-05-23 10:57 - 02873856 ____A (PFU Limited) C:\Windows\System32\ijl5s300-x64.dll
2012-07-03 11:41 - 2007-05-23 10:57 - 00695296 ____A (PFU Limited) C:\Windows\System32\ippi5s300-x64.dll
2012-07-03 11:18 - 2012-07-03 11:19 - 00000000 ____D C:\Users\ssr25\AppData\Local\{AEE7B575-534F-40EA-9BD1-8008EF9F7286}
2012-07-03 11:18 - 2012-07-03 11:18 - 00000000 ____D C:\Users\ssr25\AppData\Local\{06FED0F6-2176-44DB-B2C0-EA00AA232A2A}
2012-07-02 11:31 - 2012-07-02 11:31 - 00000000 ____D C:\Users\ssr25\AppData\Local\{98411830-DEE0-4DA1-9142-3176CA0BAE05}
2012-07-02 11:30 - 2012-07-02 11:31 - 00000000 ____D C:\Users\ssr25\AppData\Local\{6B301677-FFF4-4751-8FEB-087B40BA7E72}
2012-07-01 13:55 - 2012-07-01 22:03 - 00110779 ____A C:\Users\ssr25\Documents\Calendar.xlsx
2012-07-01 13:11 - 2012-07-01 13:11 - 00000000 ____D C:\Users\ssr25\AppData\Local\{B97DBAF2-A98B-41FF-95BD-C721D7504190}
2012-07-01 13:11 - 2012-07-01 13:11 - 00000000 ____D C:\Users\ssr25\AppData\Local\{58ABCD09-E103-4152-AE6B-E796E4AD76F0}
2012-06-30 14:31 - 2012-06-30 14:31 - 00000000 ____D C:\Users\ssr25\AppData\Local\{2458BED6-23D6-4E6F-95D1-AFC64051A98F}
2012-06-30 14:30 - 2012-06-30 14:31 - 00000000 ____D C:\Users\ssr25\AppData\Local\{94E2DECC-6C8F-4425-BF60-847A83EA483C}
2012-06-30 00:49 - 2012-06-30 00:49 - 00000000 ____D C:\Users\ssr25\AppData\Local\{676C4659-3918-49D2-8B28-A283E479AFD1}
2012-06-29 13:48 - 2012-06-29 13:48 - 00000000 ____D C:\Users\ssr25\AppData\Local\{6B764AF2-92B2-4778-A73A-F48AF4A11B3E}
2012-06-29 13:47 - 2012-06-29 13:48 - 00000000 ____D C:\Users\ssr25\AppData\Local\{E0379CCC-ED81-4FEC-BC94-8BC86EF97ECB}
2012-06-28 12:01 - 2012-06-28 12:01 - 00000000 ____D C:\Users\ssr25\AppData\Local\{DEFE0531-8248-471F-B3F2-04BDC7BF0A89}
2012-06-28 12:00 - 2012-06-28 12:00 - 00000000 ____D C:\Users\ssr25\AppData\Local\{A7297FED-F70E-4C76-812E-D44D49BBD1EE}
2012-06-27 10:21 - 2012-06-27 10:22 - 00000000 ____D C:\Users\ssr25\AppData\Local\{580EF5BF-3384-439E-BD74-A5CB6EDF7785}
2012-06-27 10:21 - 2012-06-27 10:21 - 00000000 ____D C:\Users\ssr25\AppData\Local\{034C219B-6AFA-4D66-847D-2459751F1FEC}
2012-06-26 21:44 - 2012-06-26 21:44 - 00000000 ____D C:\Users\ssr25\AppData\Local\{7EC6416D-579A-4F0A-A32A-C251063B04F0}
2012-06-26 21:44 - 2012-06-26 21:44 - 00000000 ____D C:\Users\ssr25\AppData\Local\{417B9DA5-1454-4523-8AE4-2CA9924BFC34}
2012-06-26 09:36 - 2012-06-26 09:37 - 00000000 ____D C:\Users\ssr25\AppData\Local\{23790F75-6563-45F6-A859-B2B00EFEBE8F}
2012-06-26 09:36 - 2012-06-26 09:36 - 00000000 ____D C:\Users\ssr25\AppData\Local\{699064F8-6DA5-42F0-83D0-E5C9C49FF346}
2012-06-25 13:51 - 2012-06-25 13:51 - 00000000 ____D C:\Users\ssr25\AppData\Local\{DD2F525D-B8EA-4C82-9EEB-4C7CC2E3CC85}
2012-06-25 13:51 - 2012-06-25 13:51 - 00000000 ____D C:\Users\ssr25\AppData\Local\{D159A4D8-FCFB-4A89-8699-F964C9788282}
2012-06-24 00:40 - 2012-06-24 00:43 - 00000000 ____D C:\Users\ssr25\Documents\Spelling
2012-06-23 13:40 - 2012-06-23 13:40 - 00000000 ____D C:\Users\ssr25\AppData\Local\{273BB78C-EAA1-4588-AAF9-7475CD5309C5}
2012-06-23 13:39 - 2012-06-23 13:40 - 00000000 ____D C:\Users\ssr25\AppData\Local\{F462962E-E2DF-4D00-A1A1-F742D91A104D}


============ 3 Months Modified Files ========================

2012-07-21 10:18 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 10:18 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 10:11 - 2011-12-31 06:13 - 00000454 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-07-21 10:11 - 2010-03-16 11:15 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-21 10:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 10:11 - 2009-07-13 20:51 - 00114137 ____A C:\Windows\setupact.log
2012-07-21 09:48 - 2012-04-17 10:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-21 09:42 - 2010-03-16 11:15 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-21 09:31 - 2011-02-21 10:02 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190484632-2374381371-2564973946-1000UA.job
2012-07-21 08:30 - 2012-07-21 08:30 - 00277912 ____A C:\Windows\Minidump\072112-24039-01.dmp
2012-07-21 02:19 - 2011-03-21 09:10 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-21 01:26 - 2011-08-04 15:45 - 01320325 ____A C:\Users\ssr25\Documents\quran.xlsx
2012-07-21 01:00 - 2012-07-21 01:00 - 00000165 ___AH C:\Users\ssr25\Documents\~$quran.xlsx
2012-07-20 13:31 - 2011-02-21 10:02 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190484632-2374381371-2564973946-1000Core.job
2012-07-18 13:36 - 2009-07-13 21:13 - 01003140 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-16 15:33 - 2012-07-16 15:33 - 00294216 ____A C:\Users\ssr25\Desktop\gmer.zip
2012-07-16 15:32 - 2012-07-16 15:32 - 00302592 ____A C:\Users\ssr25\Desktop\mgjwxrj8.exe
2012-07-16 15:30 - 2012-07-16 15:30 - 00607260 ____A (Swearware) C:\Users\ssr25\Desktop\dds.scr
2012-07-16 15:20 - 2012-07-16 15:20 - 04579127 ____A (Swearware) C:\Users\ssr25\Desktop\ComboFix.exe
2012-07-15 16:33 - 2009-08-27 11:42 - 00972824 ____A C:\Windows\PFRO.log
2012-07-15 11:33 - 2012-07-15 11:33 - 00277912 ____A C:\Windows\Minidump\071512-54615-01.dmp
2012-07-14 19:27 - 2012-07-14 19:26 - 09622688 ____A C:\Users\ssr25\Desktop\SopCast-3.5.0.exe
2012-07-14 19:21 - 2012-07-14 19:21 - 00000009 ____A C:\END
2012-07-14 19:20 - 2012-07-14 19:20 - 00369880 ____A C:\Users\ssr25\Desktop\sopcastSetup.exe
2012-07-14 13:36 - 2012-07-14 13:18 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 13:32 - 2012-07-14 13:10 - 42235997 ____A C:\Users\Administrator\Downloads\avast_free_antivirus_setup.exe.vslfnlh.partial
2012-07-14 13:17 - 2012-07-14 13:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-14 13:13 - 2012-07-14 13:11 - 03889704 ____A (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup320.exe
2012-07-14 13:12 - 2012-07-14 13:10 - 03875048 ____A (AVG Technologies) C:\Users\Administrator\Downloads\avg_free_stb_all_2012_2195_cnet.exe
2012-07-14 13:04 - 2009-09-20 07:55 - 01865141 ____A C:\Windows\WindowsUpdate.log
2012-07-14 12:26 - 2012-07-14 07:12 - 142902608 ____A C:\Users\Administrator\Desktop\setup_11.0.0.1245.x01_2012_07_14_16_55.exe
2012-07-14 12:10 - 2012-07-14 07:01 - 128378476 ____A (Kaspersky Lab) C:\Users\Administrator\Desktop\kav12.0.0.374en_gb.exe
2012-07-14 07:26 - 2011-04-15 20:02 - 00004582 _RASH C:\Users\Ruma\ntuser.pol
2012-07-14 05:55 - 2012-07-14 05:55 - 00001081 ____A C:\Users\Administrator\Desktop\Kaspersky Security Scan.lnk
2012-07-14 05:24 - 2012-07-14 05:24 - 00179960 ____A (Kaspersky Lab) C:\Users\Administrator\Desktop\kss12.0.1.117mlg_en-gb_ru-gb_fr-gb_de-gb.exe
2012-07-14 04:19 - 2012-07-14 04:19 - 03875048 ____A (AVG Technologies) C:\Users\ssr25\Desktop\avg_free_stb_all_2012_2195_cnet.exe
2012-07-14 04:15 - 2010-04-04 11:02 - 00236632 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-14 04:07 - 2012-07-14 04:07 - 00387584 ____A (Analog Devices, Inc.) C:\Users\ssr25\AppData\Roaming\cowut.dll
2012-07-14 04:06 - 2012-07-14 04:06 - 00062976 ___AH (FRISK Software International) C:\Windows\System32\compgman64.dll
2012-07-11 16:48 - 2012-07-11 16:48 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-11 16:48 - 2012-04-17 10:21 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 16:48 - 2011-09-15 05:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-10 18:30 - 2009-07-13 20:45 - 05243792 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 18:03 - 2010-03-20 06:14 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 22:46 - 2012-07-08 08:00 - 00138654 ____A C:\Users\ssr25\Documents\TimeTable.xlsx
2012-07-07 22:19 - 2011-11-30 02:29 - 00101464 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-07-03 11:59 - 2011-06-11 02:27 - 00000420 ____A C:\Users\ssr25\Sti_Trace.log
2012-07-03 11:45 - 2012-07-03 11:45 - 00000846 ____A C:\Users\Public\Desktop\CardMinder.lnk
2012-07-03 04:46 - 2012-07-14 13:18 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 22:03 - 2012-07-01 13:55 - 00110779 ____A C:\Users\ssr25\Documents\Calendar.xlsx
2012-07-01 13:07 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-26 09:37 - 2010-09-05 00:06 - 00236632 ____A C:\Users\ssr25\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-14 22:51 - 2011-10-15 14:25 - 00002018 ___AH C:\Users\ssr25\Documents\Default.rdp
2012-06-11 19:08 - 2012-07-10 18:11 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 15:25 - 2012-06-11 15:25 - 02628096 ____A C:\Users\ssr25\Documents\school.xls
2012-06-09 04:53 - 2012-06-09 04:52 - 25575088 ____A (Skype Technologies S.A.) C:\Users\ssr25\Documents\SkypeSetupFull.exe
2012-06-08 21:43 - 2012-07-10 14:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 14:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 14:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 14:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 14:06 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 14:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 14:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 14:06 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 04:38 - 2012-06-05 04:38 - 01287528 ____A (Microsoft Corporation) C:\Users\ssr25\Documents\wlsetup-web.exe
2012-06-05 04:17 - 2012-06-05 04:17 - 00439264 ____A (Yahoo! Inc.) C:\Users\ssr25\Documents\msgr11uk.exe
2012-06-05 02:11 - 2012-06-05 02:11 - 00001190 ____N C:\Windows\SysWOW64\ServiceConfig.xml
2012-06-02 14:19 - 2012-06-08 15:01 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:01 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 15:01 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:01 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 15:01 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 15:01 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 15:01 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-08 15:00 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-08 15:00 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 18:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 18:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 18:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 18:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 18:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 18:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 18:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 18:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 18:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 18:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 18:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 18:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 18:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 18:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 18:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 18:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 18:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 18:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 18:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 18:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 18:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 18:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 18:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 18:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 18:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 18:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 18:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 18:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 14:06 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 14:06 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 14:06 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 14:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 14:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 14:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 14:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 14:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 14:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 18:02 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini
2012-05-24 09:47 - 2012-02-18 19:25 - 00000204 ____A C:\Windows\SysWOW64\secustat.dat
2012-05-23 23:07 - 2012-05-23 23:07 - 00000506 ____A C:\Windows\SysWOW64\HIPSConfig.xml
2012-05-23 22:26 - 2010-09-28 07:28 - 00008192 ____A C:\Users\ssr25\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 12:06 - 2012-05-21 12:06 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-21 12:06 - 2012-05-21 12:06 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-21 12:06 - 2012-05-21 12:06 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-21 12:06 - 2012-05-21 12:06 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-20 09:49 - 2010-03-16 12:11 - 00001107 ____A C:\Windows\wininit.ini
2012-05-20 09:10 - 2012-05-20 09:10 - 00001262 ____A C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
2012-05-17 22:38 - 2012-05-17 22:38 - 02611091 ____A (100dof ) C:\Users\ssr25\Downloads\100dof_kidkeylock_setup.exe
2012-05-04 03:06 - 2012-06-12 11:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 11:50 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 11:50 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 06:25 - 2012-05-03 06:25 - 03315102 ____A C:\Users\ssr25\Documents\A&E_data.zip
2012-04-30 21:40 - 2012-06-12 11:50 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 18:02 - 2011-09-03 06:27 - 00002141 ____A C:\Windows\epplauncher.mif
2012-04-27 19:55 - 2012-06-12 11:50 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 02:58 - 2012-04-26 02:58 - 00277928 ____A C:\Windows\Minidump\042612-31371-01.dmp
2012-04-25 22:08 - 2012-04-25 22:08 - 00030341 ____A C:\Users\ssr25\Downloads\Product Specification Template.xlsx
2012-04-25 21:41 - 2012-06-12 11:50 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 11:50 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 11:50 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 01:16 - 2012-04-24 01:16 - 00001844 ____A C:\Users\Public\Desktop\GMetrix SMS 3.2.lnk
2012-04-23 21:37 - 2012-06-12 11:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 11:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 11:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 11:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 11:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 11:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 12:16 - 2012-04-23 12:16 - 21019124 ____A (Aura4You.com ) C:\Users\ssr25\Downloads\aura-video-to-audio.exe


ZeroAccess:
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\L
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\L\00000004.@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\L\1afb2d56
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\L\201d3dde
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U\00000004.@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U\00000008.@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U\000000cb.@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U\80000000.@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U\80000032.@
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 6109.14 MB
Available physical RAM: 5268.63 MB
Total Pagefile: 6107.29 MB
Available Pagefile: 5265.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:341.45 GB) (Free:7.74 GB) NTFS
2 Drive e: (DATA) (Fixed) (Total:342.09 GB) (Free:89.6 GB) NTFS
3 Drive f: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.54 GB) NTFS
4 Drive g: (ScanSnap) (CDROM) (Total:2.19 GB) (Free:0 GB) CDFS
5 Drive h: (QC_11_80) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS
7 Drive j: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
13 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 3827 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 341 GB 15 GB
Partition 4 Primary 342 GB 356 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F PQSERVICE NTFS Partition 15 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Acer NTFS Partition 341 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E DATA NTFS Partition 342 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3826 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 J FAT32 Removable 3826 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 16:43

======================= End Of Log ==========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 21 July 2012 - 01:56 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tryingtobebetter

tryingtobebetter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 21 July 2012 - 07:12 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo


Search.txt

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-22 00:56:22
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 21 July 2012 - 08:29 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tryingtobebetter

tryingtobebetter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 22 July 2012 - 04:46 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]


This is the latest. Thanks again.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-22 10:43:09 Run:1
Running from J:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{9090cad0-eea6-9309-fb2f-ac48a8cff4ec} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

Edited by tryingtobebetter, 22 July 2012 - 04:47 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 22 July 2012 - 04:55 AM

Hello

You do not need to quote everything I post - that will only make the topic very long

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tryingtobebetter

tryingtobebetter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 22 July 2012 - 05:35 AM

ComboFix 12-07-21.01 - ssr25 22/07/2012 11:06:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6109.4034 [GMT 1:00]
Running from: c:\users\ssr25\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\Amazon.ico
c:\programdata\boost_interprocess\20120722104345.109999
c:\programdata\MercadoLivre.ico
c:\users\ssr25\AppData\Local\assembly\tmp
c:\users\ssr25\AppData\Roaming\.#
c:\users\ssr25\AppData\Roaming\cowut.dll
c:\users\ssr25\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\ssr25\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\ssr25\sqlite3.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tempdir
c:\windows\SysWow64\tempdir\tinypdf.chm
c:\windows\SysWow64\tempdir\tinypdf.dll
c:\windows\SysWow64\tempdir\tinypdf1.dll
c:\windows\SysWow64\tempdir\tinypdf2.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 10:18 . 2012-07-22 10:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-22 10:18 . 2012-07-22 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 10:18 . 2012-07-22 10:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-22 03:23 . 2012-07-22 03:23 -------- d-----w- C:\FRST
2012-07-21 09:50 . 2012-07-21 09:50 -------- d-----w- c:\program files (x86)\RealNetworks
2012-07-14 21:40 . 2012-07-14 21:40 -------- d-----w- c:\users\ssr25\AppData\Roaming\Malwarebytes
2012-07-14 21:18 . 2012-07-14 21:18 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-14 21:18 . 2012-07-14 21:18 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 21:18 . 2012-07-14 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 21:18 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 21:12 . 2012-07-14 21:14 -------- d-----w- c:\programdata\MFAData
2012-07-14 21:12 . 2012-07-14 21:12 -------- d--h--w- c:\programdata\Common Files
2012-07-14 18:41 . 2012-07-14 21:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\Uryzf
2012-07-14 18:41 . 2012-07-14 20:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\Odofte
2012-07-14 18:41 . 2012-07-14 18:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Etov
2012-07-14 15:29 . 2012-07-14 15:29 -------- d-----w- c:\users\Ruma\AppData\Local\Macromedia
2012-07-14 15:27 . 2012-07-14 15:27 -------- d-----w- c:\users\Ruma\AppData\Local\{71EC0E1B-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 13:55 . 2012-07-14 20:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-14 13:55 . 2012-07-14 13:55 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-07-14 13:23 . 2012-07-14 13:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 12:20 . 2012-07-14 12:20 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-07-14 12:14 . 2012-07-14 12:14 -------- d-----w- c:\users\Administrator\AppData\Local\{71EC0E1B-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 12:07 . 2012-07-14 12:09 -------- d-----w- c:\programdata\7531CCB10074778F1A9A232FF875F002
2012-07-14 12:07 . 2012-07-14 12:07 -------- d-----w- c:\windows\scoped_dir_6584_4313
2012-07-14 12:07 . 2012-07-14 12:07 -------- d-----w- c:\users\ssr25\AppData\Local\{71EC3FDE-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 12:07 . 2012-07-14 12:07 -------- d-----w- c:\users\ssr25\AppData\Local\{71EC0E1B-CDAC-11E1-8270-B8AC6F996F26}
2012-07-14 12:06 . 2012-07-14 12:06 62976 ---ha-w- c:\windows\system32\compgman64.dll
2012-07-12 00:48 . 2012-07-12 00:48 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 02:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:01 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-10 22:07 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:07 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:07 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 22:07 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 22:07 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 22:07 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 22:07 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-03 19:46 . 2012-07-03 19:47 -------- d-----w- c:\program files (x86)\ABBYY FineReader for ScanSnap
2012-07-03 19:41 . 2009-09-18 21:01 367616 ----a-w- c:\windows\system32\s1300u-x64.dll
2012-07-03 19:41 . 2009-04-23 19:29 695296 ----a-w- c:\windows\system32\ippi5s1300-x64.dll
2012-07-03 19:41 . 2009-04-23 19:29 2873856 ----a-w- c:\windows\system32\ijl5s1300-x64.dll
2012-07-03 19:41 . 2008-04-03 07:08 33280 ----a-w- c:\windows\system32\fj52usb-x64.dll
2012-07-03 19:41 . 2007-07-26 21:47 351744 ----a-w- c:\windows\system32\s300u-x64.dll
2012-07-03 19:41 . 2007-05-23 18:57 695296 ----a-w- c:\windows\system32\ippi5s300-x64.dll
2012-07-03 19:41 . 2007-05-23 18:57 2873856 ----a-w- c:\windows\system32\ijl5s300-x64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 00:48 . 2012-04-17 18:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:48 . 2011-09-15 13:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 02:03 . 2010-03-20 14:14 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-08 06:19 . 2011-11-30 10:29 101464 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-06-02 22:19 . 2012-06-08 23:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-07-11 22:22 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6937CBA1-DB7C-4B06-B22C-EC58383B1BCE}\mpengine.dll
2012-05-04 11:06 . 2012-06-12 19:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 19:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 19:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 19:50 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 19:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 19:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 19:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 19:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 19:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 19:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 19:50 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 19:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 19:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 19:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2010-01-26 09:11 . 2012-04-05 04:31 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-01-04 18:10 1108752 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-01-04 18:10 1108752 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-01-04 18:10 1108752 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-01-04 18:10 1108752 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-01-04 18:10 1108752 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-01-04 18:10 1108752 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\ssr25\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-12 614400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]
CardMinder Viewer.lnk - c:\program files (x86)\PFU\CardMinder V2.0\CardLauncher.exe [2011-6-11 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-7-3 15360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-16 1019904]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-6-11 1146880]
Trend Micro SafeSync.lnk - c:\program files\humyo SmartDrive\HrfsClient.exe [2011-7-5 1723152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-10-15 468368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2011-07-11 186128]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-07-27 339040]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-07-27 6465632]
R3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files (x86)\J River\Media Jukebox 14\JRService.exe [2010-07-15 379400]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-03-16 167280]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1255736]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-08 101464]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-08 55096]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/09/20 09:02];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-08-05 04:46 146928]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-08 976728]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-12 11576]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-04-09 149904]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 OnlineStorageService;OnlineStorageService;c:\program files\humyo SmartDrive\hrfscore.exe [2012-01-04 7587088]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 00:48]
.
2012-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 22:25]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 19:15]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 19:15]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190484632-2374381371-2564973946-1000Core.job
- c:\users\ssr25\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 10:57]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190484632-2374381371-2564973946-1000UA.job
- c:\users\ssr25\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 10:57]
.
2012-07-22 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2011-12-31 18:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-01-04 18:10 1628432 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-01-04 18:10 1628432 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-01-04 18:10 1628432 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-01-04 18:10 1628432 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-01-04 18:10 1628432 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-01-04 18:10 1628432 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"combofix"="c:\combofix\CF8511.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3802&r=17360310cn169f3e54s55uy7n1jw0s
uInternet Settings,ProxyServer = http=91.210.46.1:3129
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ssr25\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\ssr25\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - /105
TCP: DhcpNameServer = 192.168.1.1
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://portal.elc.nhs.uk/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\ssr25\AppData\Roaming\Mozilla\Firefox\Profiles\op75r816.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a6731497000000000000002511a30e91
FF - user.js: extensions.BabylonToolbar_i.hardId - a6731497000000000000002511a30e91
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15416
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{b5fb4c8d-8220-4a63-8e0f-708cdd0f4c3d} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-SyncMyCal - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
WebBrowser-{B5FB4C8D-8220-4A63-8E0F-708CDD0F4C3D} - (no file)
HKLM-Run-osnsv - c:\users\ssr25\AppData\Roaming\osnsv.dll
HKLM-Run-cowut - c:\users\ssr25\AppData\Roaming\cowut.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
.
**************************************************************************
.
Completion time: 2012-07-22 11:32:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 10:32
.
Pre-Run: 15,516,352,512 bytes free
Post-Run: 19,426,156,544 bytes free
.
- - End Of File - - B6E7B69258983F2654FE4E9E06FD8EA8


How is computer doing? I'll let you know.

I got this dialogue box but will check later:
C:\Windows\System32\GFxUI.exe
A device attached to the system is not functioning

Thanks for all your help so far.

#13 tryingtobebetter

tryingtobebetter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 22 July 2012 - 06:51 AM

Virus seems to have been removed but getting these errors when I start computer.
Attached in Screenshot
Posted Image


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ssr25 :: SSR25-PC [administrator]

Protection: Disabled

22/07/2012 12:46:53
mbam-log-2012-07-22 (12-46-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287638
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by tryingtobebetter, 22 July 2012 - 07:11 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 22 July 2012 - 12:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Administrator\AppData\Roaming\Uryzf
c:\users\Administrator\AppData\Roaming\Odofte
c:\users\Administrator\AppData\Roaming\Etov

File::
c:\windows\system32\compgman64.dll

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

Firefox::
FF - ProfilePath - c:\users\ssr25\AppData\Roaming\Mozilla\Firefox\Profiles\op75r816.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a6731497000000000000002511a30e91
FF - user.js: extensions.BabylonToolbar_i.hardId - a6731497000000000000002511a30e91
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15416
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 25 July 2012 - 12:04 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users