Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic29.AHHS ZeroAccess rootkit


  • Please log in to reply
9 replies to this topic

#1 judibug

judibug

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 June 2013 - 02:26 PM

Hi there  

I was redirected from this topic http://www.bleepingcomputer.com/forums/t/497445/trojan-horse-generic29ahhs/#entry3073804

 

 

AVG is alerting to a Trojan Horse Generic29.AHHS.
There are no other symptoms presenting on my computer that I am aware of other than AVG alerting on this issue. ie: no redirects or changed desktop etc.
 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Divabug at 12:15:19 on 2013-06-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.16366.13878 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Divabug\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{737CBDE1-A0AD-4553-8230-D7C6E91399CB}\2516C60786 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A274E6C6-DFED-4763-83FE-0B5E1886F21A} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-15 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-15 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-3-13 187912]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13592]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-3-15 115216]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-15 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-3-15 406056]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-3-15 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-3-15 176640]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/15 14:53:12;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DAZContentManagementService;DAZ Content Management Service;C:\Users\Divabug\Documents\ContentManagementServer.exe [2012-4-24 22528]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-15 1691848]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-09 19:05:55 -------- d-----w- C:\Users\Divabug\AppData\Local\{88775E91-A0DD-413D-8A1D-CF63BF2BE0FC}
2013-06-09 18:38:00 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-09 06:53:05 -------- d-----w- C:\Users\Divabug\AppData\Local\{BAE18A03-BAAF-4E74-B7C9-328905AEF0A7}
2013-06-09 05:21:23 -------- d-----w- C:\Users\Divabug\AppData\Local\{2C785743-B424-4CE7-A250-EB5EA9FC5977}
2013-06-08 21:49:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-08 21:49:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 17:43:54 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-08 17:14:53 -------- d-----w- C:\Users\Divabug\AppData\Local\{7A757453-21FF-49E4-895A-FAFCF8EA82F2}
2013-06-07 17:18:36 -------- d-----w- C:\Users\Divabug\AppData\Local\{880C5C15-71A7-4556-A0AC-77AB6B966202}
2013-06-06 17:47:07 -------- d-----w- C:\Users\Divabug\AppData\Local\{E603AB29-E497-45BA-BA00-CD7BA3E8F84F}
2013-06-05 17:28:06 -------- d-----w- C:\Users\Divabug\AppData\Local\{0325A4B1-1320-4F07-8C96-879BBA637744}
2013-06-05 03:16:58 -------- d-----w- C:\ProgramData\Poser Pro
2013-06-05 03:13:55 -------- d-----w- C:\Users\Divabug\AppData\Roaming\Poser Pro
2013-06-05 03:00:38 -------- d-----w- C:\Program Files\Smith Micro
2013-06-04 23:47:46 -------- d-----w- C:\Program Files (x86)\Smith Micro
2013-06-04 18:44:16 -------- d-----w- C:\Users\Divabug\AppData\Local\{D9CB6DB2-E0DE-40EE-8958-86794A5E81A1}
2013-06-04 05:31:10 -------- d-----w- C:\Users\Divabug\AppData\Local\{045B8822-ECD1-43E9-9769-109F29D53483}
2013-06-03 16:03:43 -------- d-----w- C:\Users\Divabug\AppData\Local\{95B2C586-B035-4BCD-AA75-3723D4E2A8E7}
2013-06-02 20:15:51 -------- d-----w- C:\Users\Divabug\AppData\Local\{AAFBDDEC-48BE-414E-97CE-61CA104736BE}
2013-06-02 07:00:14 -------- d-----w- C:\Users\Divabug\AppData\Local\{0A249DAD-D13F-40F7-8BC7-F03BEA467FD4}
2013-06-01 18:15:55 -------- d-----w- C:\Users\Divabug\AppData\Local\{37C04F77-44B0-4074-9001-CDD92BC225FD}
2013-06-01 00:42:35 -------- d-----w- C:\Users\Divabug\AppData\Local\{7C75BD70-9949-4636-B0F8-0B48B0E55EBA}
2013-05-31 05:29:22 -------- d-----w- C:\Users\Divabug\AppData\Local\{F299583D-A3A2-4728-9895-92EE8766B7E0}
2013-05-30 07:14:25 -------- d-----w- C:\Users\Divabug\AppData\Local\{94DB4CE6-B731-46E5-B78C-4DDABC92434C}
2013-05-29 17:27:39 -------- d-----w- C:\Users\Divabug\AppData\Local\{B54C3301-C845-4029-98C8-476FE0ABA7FB}
2013-05-28 20:05:54 -------- d-----w- C:\Users\Divabug\AppData\Local\{278792BA-B90B-430A-84ED-C020920E6674}
2013-05-27 16:14:43 -------- d-----w- C:\Users\Divabug\AppData\Local\{164A0D03-9C4F-4C94-AB64-503480A1FCBE}
2013-05-26 06:50:46 -------- d-----w- C:\Users\Divabug\AppData\Local\{38332C14-FF4C-462C-AD6F-D8ABC7A68423}
2013-05-25 16:15:29 -------- d-----w- C:\Users\Divabug\AppData\Local\{D3A56A50-B359-4F37-AA9D-EA6CB9E1C727}
2013-05-24 22:39:43 -------- d-----w- C:\Users\Divabug\AppData\Local\{CFEBF5C6-8B33-4F3E-9D66-2DF94ABEAE27}
2013-05-24 19:10:09 -------- d-----w- C:\Users\Divabug\AppData\Local\{F4C8FC78-9FDA-4061-8DC0-A242F7CB7950}
2013-05-24 06:20:54 -------- d-----w- C:\Users\Divabug\AppData\Local\{2BA81644-5E9F-4099-A925-6CE7CEE2A2EE}
2013-05-23 17:06:06 -------- d-----w- C:\Users\Divabug\AppData\Local\{491C0C7D-B3C4-4646-8A20-C405DD545851}
2013-05-22 20:39:59 -------- d-----w- C:\Users\Divabug\AppData\Local\{4E82BF80-F6A0-42AA-9D33-DE846CEAB016}
2013-05-22 07:03:21 -------- d-----w- C:\Users\Divabug\AppData\Local\{F111337B-0F98-4BC4-9D90-44ECE7324A2E}
2013-05-21 18:35:12 -------- d-----w- C:\Users\Divabug\AppData\Local\{AA5114C4-17BD-49D9-A082-3A6FCAA350BB}
2013-05-21 06:21:43 -------- d-----w- C:\Users\Divabug\AppData\Local\{53E86E9B-83C0-4CBD-BFAC-71B718BBCC3C}
2013-05-20 17:42:17 -------- d-----w- C:\Users\Divabug\AppData\Local\{B14937E5-DDBC-42C8-9BD5-7C9D73E77536}
2013-05-20 00:20:29 -------- d-----w- C:\Users\Divabug\AppData\Local\{476C3CC4-B799-4FE9-9FA9-0B2F0C233778}
2013-05-19 08:02:44 -------- d-----w- C:\Users\Divabug\AppData\Local\{F4E9EFEF-2DEA-4D86-BA3B-0EC35367C155}
2013-05-18 16:56:58 -------- d-----w- C:\Users\Divabug\AppData\Local\{5608DEAF-3786-4979-B59C-F43846192F58}
2013-05-17 17:57:16 -------- d-----w- C:\Users\Divabug\AppData\Local\{20ECF942-32B8-46BA-B316-F629613BD531}
2013-05-17 05:50:17 -------- d-----w- C:\Users\Divabug\AppData\Local\{45FCA203-3589-44D2-8F5C-1495EF48CD76}
2013-05-16 17:16:51 -------- d-----w- C:\Users\Divabug\AppData\Local\{E6DD8346-DE02-4B05-9536-A150BEFBCE03}
2013-05-16 10:00:59 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-05-16 10:00:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-05-16 10:00:59 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-16 10:00:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-05-16 10:00:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-05-16 10:00:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 00:27:03 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-16 00:27:03 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-16 00:27:03 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-16 00:26:45 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-16 00:26:44 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-16 00:26:44 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-16 00:26:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-16 00:26:36 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-16 00:26:36 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-16 00:26:35 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 17:56:43 -------- d-----w- C:\Users\Divabug\AppData\Local\{1A9E0923-4935-4EC5-BBAF-20B62FF250D4}
2013-05-15 00:24:01 -------- d-----w- C:\Users\Divabug\AppData\Local\{272229CA-89FE-401A-B67B-C7B17A3FF634}
2013-05-14 09:21:28 -------- d-----w- C:\Users\Divabug\AppData\Local\{CAB0FCD1-A1C0-4AC9-B5C0-D8DC02BDF4C6}
2013-05-13 20:10:14 -------- d-----w- C:\Users\Divabug\AppData\Local\{B8123D07-D848-4A37-A4FC-5D9F605A76B9}
2013-05-13 07:08:20 -------- d-----w- C:\Users\Divabug\AppData\Local\{28C43BB3-81DC-4A5C-B6DB-844A04E55D0F}
2013-05-12 16:37:20 -------- d-----w- C:\Users\Divabug\AppData\Local\{052032F8-75DD-4322-A4D1-9749BD8A6BB5}
2013-05-11 19:52:12 -------- d-----w- C:\Users\Divabug\AppData\Local\{F6D072F4-AE3F-4506-9459-EC21574C4268}
2013-05-11 06:13:35 -------- d-----w- C:\Users\Divabug\AppData\Local\{3899BC74-904E-4CA7-8FD9-40962D2963F4}
.
==================== Find3M  ====================
.
2013-06-09 08:08:05 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-05-14 22:00:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 22:00:43 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-29 09:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 10:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-18 17:06:06 0 ----a-w- C:\Windows\SysWow64\_r_a_p_.tmp
2011-08-23 22:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-23 22:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-23 22:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-23 22:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-23 22:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
.
============= FINISH: 12:15:27.65 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 AM

Posted 09 June 2013 - 02:32 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 judibug

judibug
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 June 2013 - 02:36 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by Divabug (administrator) on 09-06-2013 12:34:48
Running from C:\Users\Divabug\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\n. ATTENTION! ====> ZeroAccess
HKCU\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU SearchScopes: DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: msdaipp - No CLSID Value -
Handler-x32: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp - No CLSID Value -
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 DAZContentManagementService; C:\Users\Divabug\Documents\ContentManagementServer.exe [22528 2011-05-05] ()

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-09 12:34 - 2013-06-09 12:34 - 00000000 ____D C:\FRST
2013-06-09 12:33 - 2013-06-09 12:34 - 01919988 ____A (Farbar) C:\Users\Divabug\Desktop\FRST64.exe
2013-06-09 12:15 - 2013-06-09 12:15 - 00021588 ____A C:\Users\Divabug\Desktop\dds.txt
2013-06-09 12:15 - 2013-06-09 12:15 - 00014065 ____A C:\Users\Divabug\Desktop\attach.txt
2013-06-09 12:12 - 2013-06-09 12:12 - 00688992 ____R (Swearware) C:\Users\Divabug\Desktop\dds.com
2013-06-09 12:05 - 2013-06-09 12:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{88775E91-A0DD-413D-8A1D-CF63BF2BE0FC}
2013-06-09 11:48 - 2013-06-09 11:49 - 00004782 ____A C:\Users\Divabug\Desktop\Rkill.txt
2013-06-09 11:38 - 2013-06-09 11:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-09 11:36 - 2013-06-09 11:36 - 00000000 ____D C:\Users\Divabug\Desktop\mbar-1.06.0.1003
2013-06-09 11:29 - 2013-06-09 11:29 - 00035860 ____A C:\Users\Divabug\Desktop\Result.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00002656 ____A C:\Users\Divabug\Desktop\FSS.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00000760 ____A C:\Users\Divabug\Desktop\checkup.txt
2013-06-09 11:23 - 2013-06-09 11:23 - 00004068 ____A C:\Users\Divabug\Desktop\instr.txt
2013-06-09 11:19 - 2013-06-09 11:20 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Divabug\Desktop\rkill.exe
2013-06-09 11:19 - 2013-06-09 11:19 - 13169742 ____A C:\Users\Divabug\Desktop\mbar-1.06.0.1003.zip
2013-06-09 11:18 - 2013-06-09 11:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-09 11:18 - 2013-06-09 11:18 - 00760723 ____A (Farbar) C:\Users\Divabug\Desktop\MiniToolBox.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00890839 ____A C:\Users\Divabug\Desktop\SecurityCheck.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00355651 ____A (Farbar) C:\Users\Divabug\Desktop\FSS.exe
2013-06-08 23:53 - 2013-06-08 23:53 - 00000000 ____D C:\Users\Divabug\AppData\Local\{BAE18A03-BAAF-4E74-B7C9-328905AEF0A7}
2013-06-08 22:21 - 2013-06-08 22:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2C785743-B424-4CE7-A250-EB5EA9FC5977}
2013-06-08 21:23 - 2013-06-08 21:23 - 00012328 ____A C:\Users\Divabug\Documents\cc_20130608_212320.reg
2013-06-08 21:21 - 2013-06-08 21:21 - 00000211 ____A C:\Users\Divabug\Desktop\new  2.txt
2013-06-08 14:49 - 2013-06-09 11:30 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-08 14:49 - 2013-06-09 11:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 14:49 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 14:42 - 2013-06-09 11:15 - 00000168 ____A C:\Windows\setupact.log
2013-06-08 14:42 - 2013-06-08 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 14:38 - 2013-06-08 14:38 - 00091198 ____A C:\Users\Divabug\Desktop\TRO29.pspimage
2013-06-08 12:55 - 2013-06-08 12:55 - 00002738 ____A C:\Users\Divabug\Desktop\new  1.txt
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-08 10:34 - 2013-06-08 10:34 - 00098102 ____A C:\Users\Divabug\Documents\cc_20130608_103409.reg
2013-06-08 10:24 - 2013-06-08 10:24 - 04378864 ____A (Piriform Ltd) C:\Users\Divabug\Downloads\ccsetup402.exe
2013-06-08 10:24 - 2013-06-08 10:24 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-08 10:14 - 2013-06-08 10:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7A757453-21FF-49E4-895A-FAFCF8EA82F2}
2013-06-08 01:47 - 2013-06-08 02:52 - 00016643 ____A C:\Users\Divabug\Desktop\avgrep.txt
2013-06-07 23:54 - 2013-06-07 23:54 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-07 10:18 - 2013-06-07 10:18 - 00000000 ____D C:\Users\Divabug\AppData\Local\{880C5C15-71A7-4556-A0AC-77AB6B966202}
2013-06-06 23:16 - 2013-06-06 23:16 - 01989782 ____A C:\Users\Divabug\Desktop\Image3.pspimage
2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E603AB29-E497-45BA-BA00-CD7BA3E8F84F}
2013-06-05 10:28 - 2013-06-05 10:28 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0325A4B1-1320-4F07-8C96-879BBA637744}
2013-06-04 20:16 - 2013-06-04 20:16 - 00000000 ____D C:\ProgramData\Poser Pro
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Poser Pro
2013-06-04 20:01 - 2013-06-04 20:01 - 00001898 ____A C:\Users\Public\Desktop\Queue Manager 2014.lnk
2013-06-04 20:01 - 2013-06-04 20:01 - 00001870 ____A C:\Users\Public\Desktop\Poser Pro 2014.lnk
2013-06-04 20:00 - 2013-06-04 20:03 - 00000000 ____D C:\Users\Divabug\Documents\Poser Pro 2014 Content
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Users\Public\Pixologic
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Program Files\Smith Micro
2013-06-04 16:48 - 2013-06-04 16:48 - 00000000 ____D C:\Users\Divabug\Downloads\SmithMicroDLM
2013-06-04 16:47 - 2013-06-04 16:47 - 07275472 ____A (Smith Micro Software, Inc.                                  ) C:\Users\Divabug\Desktop\SmithMicro-DownloadManager-Windows.exe
2013-06-04 16:47 - 2013-06-04 16:47 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2013-06-04 16:46 - 2013-06-04 16:46 - 00019707 ____A C:\Users\Divabug\Desktop\earlyAdopter_pp14_badge.zip
2013-06-04 11:44 - 2013-06-04 11:44 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D9CB6DB2-E0DE-40EE-8958-86794A5E81A1}
2013-06-03 22:31 - 2013-06-03 22:31 - 00000000 ____D C:\Users\Divabug\AppData\Local\{045B8822-ECD1-43E9-9769-109F29D53483}
2013-06-03 09:03 - 2013-06-03 09:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{95B2C586-B035-4BCD-AA75-3723D4E2A8E7}
2013-06-02 17:31 - 2013-06-08 14:38 - 00103424 __ASH C:\Users\Divabug\Desktop\Thumbs.db
2013-06-02 13:15 - 2013-06-02 13:16 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AAFBDDEC-48BE-414E-97CE-61CA104736BE}
2013-06-02 00:00 - 2013-06-02 00:00 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0A249DAD-D13F-40F7-8BC7-F03BEA467FD4}
2013-06-01 11:15 - 2013-06-01 11:16 - 00000000 ____D C:\Users\Divabug\AppData\Local\{37C04F77-44B0-4074-9001-CDD92BC225FD}
2013-05-31 17:42 - 2013-05-31 17:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7C75BD70-9949-4636-B0F8-0B48B0E55EBA}
2013-05-30 22:56 - 2013-06-01 17:54 - 00000000 ____D C:\Users\Divabug\Desktop\4Elicia
2013-05-30 22:29 - 2013-05-30 22:29 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F299583D-A3A2-4728-9895-92EE8766B7E0}
2013-05-30 00:14 - 2013-05-30 00:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{94DB4CE6-B731-46E5-B78C-4DDABC92434C}
2013-05-29 10:27 - 2013-05-29 10:27 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B54C3301-C845-4029-98C8-476FE0ABA7FB}
2013-05-28 13:05 - 2013-05-28 13:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{278792BA-B90B-430A-84ED-C020920E6674}
2013-05-27 09:14 - 2013-05-27 09:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{164A0D03-9C4F-4C94-AB64-503480A1FCBE}
2013-05-25 23:50 - 2013-05-25 23:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{38332C14-FF4C-462C-AD6F-D8ABC7A68423}
2013-05-25 09:15 - 2013-05-25 09:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D3A56A50-B359-4F37-AA9D-EA6CB9E1C727}
2013-05-24 15:39 - 2013-05-24 15:39 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CFEBF5C6-8B33-4F3E-9D66-2DF94ABEAE27}
2013-05-24 12:10 - 2013-05-24 12:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4C8FC78-9FDA-4061-8DC0-A242F7CB7950}
2013-05-23 23:20 - 2013-05-23 23:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2BA81644-5E9F-4099-A925-6CE7CEE2A2EE}
2013-05-23 10:06 - 2013-05-23 10:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{491C0C7D-B3C4-4646-8A20-C405DD545851}
2013-05-22 13:39 - 2013-05-22 13:40 - 00000000 ____D C:\Users\Divabug\AppData\Local\{4E82BF80-F6A0-42AA-9D33-DE846CEAB016}
2013-05-22 00:03 - 2013-05-22 00:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F111337B-0F98-4BC4-9D90-44ECE7324A2E}
2013-05-21 11:35 - 2013-05-21 11:35 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AA5114C4-17BD-49D9-A082-3A6FCAA350BB}
2013-05-20 23:21 - 2013-05-20 23:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{53E86E9B-83C0-4CBD-BFAC-71B718BBCC3C}
2013-05-20 10:42 - 2013-05-20 10:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B14937E5-DDBC-42C8-9BD5-7C9D73E77536}
2013-05-19 17:20 - 2013-05-19 17:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{476C3CC4-B799-4FE9-9FA9-0B2F0C233778}
2013-05-19 01:02 - 2013-05-19 01:02 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4E9EFEF-2DEA-4D86-BA3B-0EC35367C155}
2013-05-18 09:56 - 2013-05-18 09:57 - 00000000 ____D C:\Users\Divabug\AppData\Local\{5608DEAF-3786-4979-B59C-F43846192F58}
2013-05-17 10:57 - 2013-05-17 10:57 - 00000000 ____D C:\Users\Divabug\AppData\Local\{20ECF942-32B8-46BA-B316-F629613BD531}
2013-05-16 22:50 - 2013-05-16 22:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{45FCA203-3589-44D2-8F5C-1495EF48CD76}
2013-05-16 10:16 - 2013-05-16 10:17 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E6DD8346-DE02-4B05-9536-A150BEFBCE03}
2013-05-16 03:01 - 2013-05-05 14:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:01 - 2013-05-05 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 03:01 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 03:01 - 2013-04-04 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 18:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 17:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 17:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 17:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 17:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 17:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 03:01 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 03:01 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 03:01 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 03:01 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 03:01 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 03:01 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 03:00 - 2013-04-04 18:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:00 - 2013-04-04 17:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:00 - 2013-04-04 17:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:00 - 2013-04-04 17:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:00 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 03:00 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 03:00 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 03:00 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 17:27 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 17:27 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 17:27 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 17:26 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 17:26 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 17:26 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 17:26 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 17:26 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 17:26 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 17:26 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 17:26 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 17:26 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 17:26 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 17:26 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 10:56 - 2013-05-15 10:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\{1A9E0923-4935-4EC5-BBAF-20B62FF250D4}
2013-05-14 17:24 - 2013-05-14 17:24 - 00000000 ____D C:\Users\Divabug\AppData\Local\{272229CA-89FE-401A-B67B-C7B17A3FF634}
2013-05-14 02:21 - 2013-05-14 02:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CAB0FCD1-A1C0-4AC9-B5C0-D8DC02BDF4C6}
2013-05-13 13:10 - 2013-05-13 13:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B8123D07-D848-4A37-A4FC-5D9F605A76B9}
2013-05-13 00:08 - 2013-05-13 00:08 - 00000000 ____D C:\Users\Divabug\AppData\Local\{28C43BB3-81DC-4A5C-B6DB-844A04E55D0F}
2013-05-12 09:37 - 2013-05-12 09:37 - 00000000 ____D C:\Users\Divabug\AppData\Local\{052032F8-75DD-4322-A4D1-9749BD8A6BB5}
2013-05-11 12:52 - 2013-05-11 12:52 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F6D072F4-AE3F-4506-9459-EC21574C4268}
2013-05-10 23:13 - 2013-05-10 23:13 - 00000000 ____D C:\Users\Divabug\AppData\Local\{3899BC74-904E-4CA7-8FD9-40962D2963F4}
2013-05-10 09:20 - 2013-05-10 09:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7D4A92C0-3FAB-4ADA-BFDA-91E8BA4E6F12}

==================== One Month Modified Files and Folders =======

2013-06-09 12:34 - 2013-06-09 12:34 - 00000000 ____D C:\FRST
2013-06-09 12:34 - 2013-06-09 12:33 - 01919988 ____A (Farbar) C:\Users\Divabug\Desktop\FRST64.exe
2013-06-09 12:15 - 2013-06-09 12:15 - 00021588 ____A C:\Users\Divabug\Desktop\dds.txt
2013-06-09 12:15 - 2013-06-09 12:15 - 00014065 ____A C:\Users\Divabug\Desktop\attach.txt
2013-06-09 12:12 - 2013-06-09 12:12 - 00688992 ____R (Swearware) C:\Users\Divabug\Desktop\dds.com
2013-06-09 12:06 - 2013-06-09 12:05 - 00000000 ____D C:\Users\Divabug\AppData\Local\{88775E91-A0DD-413D-8A1D-CF63BF2BE0FC}
2013-06-09 12:00 - 2012-11-21 17:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-09 11:54 - 2012-04-02 08:05 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 11:49 - 2013-06-09 11:48 - 00004782 ____A C:\Users\Divabug\Desktop\Rkill.txt
2013-06-09 11:47 - 2013-06-09 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-09 11:36 - 2013-06-09 11:36 - 00000000 ____D C:\Users\Divabug\Desktop\mbar-1.06.0.1003
2013-06-09 11:30 - 2013-06-08 14:49 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-09 11:30 - 2013-06-08 14:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-09 11:29 - 2013-06-09 11:29 - 00035860 ____A C:\Users\Divabug\Desktop\Result.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00002656 ____A C:\Users\Divabug\Desktop\FSS.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00000760 ____A C:\Users\Divabug\Desktop\checkup.txt
2013-06-09 11:23 - 2013-06-09 11:23 - 00004068 ____A C:\Users\Divabug\Desktop\instr.txt
2013-06-09 11:23 - 2012-03-28 13:33 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Notepad++
2013-06-09 11:22 - 2009-07-13 21:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-09 11:22 - 2009-07-13 21:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-09 11:21 - 2012-03-28 07:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-09 11:20 - 2013-06-09 11:19 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Divabug\Desktop\rkill.exe
2013-06-09 11:20 - 2009-07-13 22:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-09 11:19 - 2013-06-09 11:19 - 13169742 ____A C:\Users\Divabug\Desktop\mbar-1.06.0.1003.zip
2013-06-09 11:19 - 2013-06-09 11:18 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-09 11:19 - 2012-03-15 12:27 - 01192843 ____A C:\Windows\WindowsUpdate.log
2013-06-09 11:18 - 2013-06-09 11:18 - 00760723 ____A (Farbar) C:\Users\Divabug\Desktop\MiniToolBox.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00890839 ____A C:\Users\Divabug\Desktop\SecurityCheck.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00355651 ____A (Farbar) C:\Users\Divabug\Desktop\FSS.exe
2013-06-09 11:15 - 2013-06-08 14:42 - 00000168 ____A C:\Windows\setupact.log
2013-06-09 11:15 - 2012-04-02 08:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-09 11:15 - 2012-03-15 13:10 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-09 11:15 - 2012-03-15 13:10 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-09 11:15 - 2012-03-15 12:46 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-09 11:15 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 01:08 - 2012-03-28 11:58 - 00002828 __ASH C:\ProgramData\KGyGaAvL.sys
2013-06-09 01:08 - 2012-03-28 11:56 - 00000000 ____D C:\Users\Divabug\Documents\My PSP Files
2013-06-09 01:08 - 2012-03-28 11:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\Corel
2013-06-09 01:03 - 2012-03-28 10:18 - 00000000 ____D C:\Users\Divabug\Documents\SavedPZs
2013-06-08 23:53 - 2013-06-08 23:53 - 00000000 ____D C:\Users\Divabug\AppData\Local\{BAE18A03-BAAF-4E74-B7C9-328905AEF0A7}
2013-06-08 22:21 - 2013-06-08 22:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2C785743-B424-4CE7-A250-EB5EA9FC5977}
2013-06-08 21:23 - 2013-06-08 21:23 - 00012328 ____A C:\Users\Divabug\Documents\cc_20130608_212320.reg
2013-06-08 21:21 - 2013-06-08 21:21 - 00000211 ____A C:\Users\Divabug\Desktop\new  2.txt
2013-06-08 17:01 - 2012-03-28 06:30 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-06-08 14:42 - 2013-06-08 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 14:38 - 2013-06-08 14:38 - 00091198 ____A C:\Users\Divabug\Desktop\TRO29.pspimage
2013-06-08 14:38 - 2013-06-02 17:31 - 00103424 __ASH C:\Users\Divabug\Desktop\Thumbs.db
2013-06-08 12:55 - 2013-06-08 12:55 - 00002738 ____A C:\Users\Divabug\Desktop\new  1.txt
2013-06-08 12:54 - 2010-11-20 20:47 - 00243996 ____A C:\Windows\PFRO.log
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-08 10:34 - 2013-06-08 10:34 - 00098102 ____A C:\Users\Divabug\Documents\cc_20130608_103409.reg
2013-06-08 10:29 - 2012-03-29 19:34 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\CoreFTP
2013-06-08 10:24 - 2013-06-08 10:24 - 04378864 ____A (Piriform Ltd) C:\Users\Divabug\Downloads\ccsetup402.exe
2013-06-08 10:24 - 2013-06-08 10:24 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-08 10:24 - 2012-07-30 20:29 - 00000000 ____D C:\Program Files\CCleaner
2013-06-08 10:15 - 2013-06-08 10:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7A757453-21FF-49E4-895A-FAFCF8EA82F2}
2013-06-08 02:52 - 2013-06-08 01:47 - 00016643 ____A C:\Users\Divabug\Desktop\avgrep.txt
2013-06-08 01:47 - 2012-12-13 12:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\Avg2013
2013-06-07 23:54 - 2013-06-07 23:54 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-07 10:18 - 2013-06-07 10:18 - 00000000 ____D C:\Users\Divabug\AppData\Local\{880C5C15-71A7-4556-A0AC-77AB6B966202}
2013-06-06 23:16 - 2013-06-06 23:16 - 01989782 ____A C:\Users\Divabug\Desktop\Image3.pspimage
2013-06-06 11:52 - 2012-03-28 11:58 - 00005632 ____A C:\Users\Divabug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E603AB29-E497-45BA-BA00-CD7BA3E8F84F}
2013-06-05 10:28 - 2013-06-05 10:28 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0325A4B1-1320-4F07-8C96-879BBA637744}
2013-06-04 20:16 - 2013-06-04 20:16 - 00000000 ____D C:\ProgramData\Poser Pro
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Poser Pro
2013-06-04 20:03 - 2013-06-04 20:00 - 00000000 ____D C:\Users\Divabug\Documents\Poser Pro 2014 Content
2013-06-04 20:01 - 2013-06-04 20:01 - 00001898 ____A C:\Users\Public\Desktop\Queue Manager 2014.lnk
2013-06-04 20:01 - 2013-06-04 20:01 - 00001870 ____A C:\Users\Public\Desktop\Poser Pro 2014.lnk
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Users\Public\Pixologic
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Program Files\Smith Micro
2013-06-04 16:48 - 2013-06-04 16:48 - 00000000 ____D C:\Users\Divabug\Downloads\SmithMicroDLM
2013-06-04 16:47 - 2013-06-04 16:47 - 07275472 ____A (Smith Micro Software, Inc.                                  ) C:\Users\Divabug\Desktop\SmithMicro-DownloadManager-Windows.exe
2013-06-04 16:47 - 2013-06-04 16:47 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2013-06-04 16:46 - 2013-06-04 16:46 - 00019707 ____A C:\Users\Divabug\Desktop\earlyAdopter_pp14_badge.zip
2013-06-04 11:44 - 2013-06-04 11:44 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D9CB6DB2-E0DE-40EE-8958-86794A5E81A1}
2013-06-03 22:31 - 2013-06-03 22:31 - 00000000 ____D C:\Users\Divabug\AppData\Local\{045B8822-ECD1-43E9-9769-109F29D53483}
2013-06-03 09:03 - 2013-06-03 09:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{95B2C586-B035-4BCD-AA75-3723D4E2A8E7}
2013-06-02 13:16 - 2013-06-02 13:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AAFBDDEC-48BE-414E-97CE-61CA104736BE}
2013-06-02 00:00 - 2013-06-02 00:00 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0A249DAD-D13F-40F7-8BC7-F03BEA467FD4}
2013-06-01 17:54 - 2013-05-30 22:56 - 00000000 ____D C:\Users\Divabug\Desktop\4Elicia
2013-06-01 11:16 - 2013-06-01 11:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{37C04F77-44B0-4074-9001-CDD92BC225FD}
2013-05-31 17:42 - 2013-05-31 17:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7C75BD70-9949-4636-B0F8-0B48B0E55EBA}
2013-05-30 22:29 - 2013-05-30 22:29 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F299583D-A3A2-4728-9895-92EE8766B7E0}
2013-05-30 00:14 - 2013-05-30 00:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{94DB4CE6-B731-46E5-B78C-4DDABC92434C}
2013-05-29 10:27 - 2013-05-29 10:27 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B54C3301-C845-4029-98C8-476FE0ABA7FB}
2013-05-28 13:06 - 2013-05-28 13:05 - 00000000 ____D C:\Users\Divabug\AppData\Local\{278792BA-B90B-430A-84ED-C020920E6674}
2013-05-27 09:14 - 2013-05-27 09:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{164A0D03-9C4F-4C94-AB64-503480A1FCBE}
2013-05-25 23:50 - 2013-05-25 23:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{38332C14-FF4C-462C-AD6F-D8ABC7A68423}
2013-05-25 09:15 - 2013-05-25 09:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D3A56A50-B359-4F37-AA9D-EA6CB9E1C727}
2013-05-24 15:39 - 2013-05-24 15:39 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CFEBF5C6-8B33-4F3E-9D66-2DF94ABEAE27}
2013-05-24 12:10 - 2013-05-24 12:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4C8FC78-9FDA-4061-8DC0-A242F7CB7950}
2013-05-23 23:21 - 2013-05-23 23:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2BA81644-5E9F-4099-A925-6CE7CEE2A2EE}
2013-05-23 10:06 - 2013-05-23 10:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{491C0C7D-B3C4-4646-8A20-C405DD545851}
2013-05-22 13:40 - 2013-05-22 13:39 - 00000000 ____D C:\Users\Divabug\AppData\Local\{4E82BF80-F6A0-42AA-9D33-DE846CEAB016}
2013-05-22 00:03 - 2013-05-22 00:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F111337B-0F98-4BC4-9D90-44ECE7324A2E}
2013-05-21 11:35 - 2013-05-21 11:35 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AA5114C4-17BD-49D9-A082-3A6FCAA350BB}
2013-05-20 23:21 - 2013-05-20 23:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{53E86E9B-83C0-4CBD-BFAC-71B718BBCC3C}
2013-05-20 22:10 - 2013-01-11 17:06 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-20 10:48 - 2012-12-13 12:19 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-20 10:42 - 2013-05-20 10:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B14937E5-DDBC-42C8-9BD5-7C9D73E77536}
2013-05-20 00:43 - 2012-03-28 12:20 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Poser 7
2013-05-19 17:20 - 2013-05-19 17:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{476C3CC4-B799-4FE9-9FA9-0B2F0C233778}
2013-05-19 01:02 - 2013-05-19 01:02 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4E9EFEF-2DEA-4D86-BA3B-0EC35367C155}
2013-05-19 00:44 - 2012-03-28 10:19 - 00000000 ____D C:\Users\Divabug\Documents\xMyFilesx
2013-05-18 09:57 - 2013-05-18 09:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\{5608DEAF-3786-4979-B59C-F43846192F58}
2013-05-17 10:57 - 2013-05-17 10:57 - 00000000 ____D C:\Users\Divabug\AppData\Local\{20ECF942-32B8-46BA-B316-F629613BD531}
2013-05-16 22:50 - 2013-05-16 22:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{45FCA203-3589-44D2-8F5C-1495EF48CD76}
2013-05-16 18:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 10:17 - 2013-05-16 10:16 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E6DD8346-DE02-4B05-9536-A150BEFBCE03}
2013-05-16 03:23 - 2009-07-13 21:45 - 00467552 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:22 - 2012-03-28 06:30 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-05-16 03:05 - 2012-03-28 07:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 03:04 - 2012-03-28 13:51 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 10:56 - 2013-05-15 10:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\{1A9E0923-4935-4EC5-BBAF-20B62FF250D4}
2013-05-14 17:24 - 2013-05-14 17:24 - 00000000 ____D C:\Users\Divabug\AppData\Local\{272229CA-89FE-401A-B67B-C7B17A3FF634}
2013-05-14 15:00 - 2012-04-12 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 15:00 - 2012-03-15 12:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 02:21 - 2013-05-14 02:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CAB0FCD1-A1C0-4AC9-B5C0-D8DC02BDF4C6}
2013-05-13 13:10 - 2013-05-13 13:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B8123D07-D848-4A37-A4FC-5D9F605A76B9}
2013-05-13 00:08 - 2013-05-13 00:08 - 00000000 ____D C:\Users\Divabug\AppData\Local\{28C43BB3-81DC-4A5C-B6DB-844A04E55D0F}
2013-05-12 09:37 - 2013-05-12 09:37 - 00000000 ____D C:\Users\Divabug\AppData\Local\{052032F8-75DD-4322-A4D1-9749BD8A6BB5}
2013-05-11 12:52 - 2013-05-11 12:52 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F6D072F4-AE3F-4506-9459-EC21574C4268}
2013-05-10 23:13 - 2013-05-10 23:13 - 00000000 ____D C:\Users\Divabug\AppData\Local\{3899BC74-904E-4CA7-8FD9-40962D2963F4}
2013-05-10 09:21 - 2013-05-10 09:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7D4A92C0-3FAB-4ADA-BFDA-91E8BA4E6F12}

ZeroAccess:
C:\Windows\Installer\{c3760129-d974-9d08-dd93-fba73ec66124}
C:\Windows\Installer\{c3760129-d974-9d08-dd93-fba73ec66124}\L
C:\Windows\Installer\{c3760129-d974-9d08-dd93-fba73ec66124}\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\@
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\L
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\n
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\U
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\U\00000001.@
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\U\80000000.@
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124\U\800000cb.@

ZeroAccess:
C:\Users\Divabug\AppData\Local\{c3760129-d974-9d08-dd93-fba73ec66124}
C:\Users\Divabug\AppData\Local\{c3760129-d974-9d08-dd93-fba73ec66124}\@
C:\Users\Divabug\AppData\Local\{c3760129-d974-9d08-dd93-fba73ec66124}\L
C:\Users\Divabug\AppData\Local\{c3760129-d974-9d08-dd93-fba73ec66124}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-03 00:22

==================== End Of Log ============================

 

 

 

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 AM

Posted 09 June 2013 - 03:02 PM

Download the enclosed file.

 

Save it next to FRST64.

 

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Restart the computer.

 

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

 

Rescan with FRST64 and post its report, FRST.txt.

 

 

 


Edited by JSntgRvr, 09 June 2013 - 03:03 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 judibug

judibug
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 June 2013 - 03:36 PM

Hi there

 

after rebooting I got this message  The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?

 

i clicked yes   and it did not happen again  after the next reboot so  i'm guessing it was the right thing to click :)

Also MalwareBytes did not show anything so there was nothing to select and remove.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-06-2013
Ran by Divabug at 2013-06-09 13:13:47 Run:1
Running from C:\Users\Divabug\Desktop
Boot Mode: Normal
==============================================

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Windows\Installer\{c3760129-d974-9d08-dd93-fba73ec66124} => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-279977480-577563890-1390458913-1000\$c3760129d9749d08dd93fba73ec66124 => Moved successfully.
C:\Users\Divabug\AppData\Local\{c3760129-d974-9d08-dd93-fba73ec66124} => Moved successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 13:18:24
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Divabug - DIVABUG-PC
# Boot Mode : Normal
# Running from : C:\Users\Divabug\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Divabug\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [846 octets] - [09/06/2013 13:18:24]

########## EOF - C:\AdwCleaner[S1].txt - [905 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Divabug :: DIVABUG-PC [administrator]

09/06/2013 1:23:11 PM
mbam-log-2013-06-09 (13-23-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223530
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by Divabug (administrator) on 09-06-2013 13:35:46
Running from C:\Users\Divabug\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Users\Divabug\Documents\ContentManagementServer.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU SearchScopes: DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: msdaipp - No CLSID Value -
Handler-x32: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 DAZContentManagementService; C:\Users\Divabug\Documents\ContentManagementServer.exe [22528 2011-05-05] ()

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-09 13:22 - 2013-06-09 13:22 - 00000971 ____A C:\Users\Divabug\Desktop\AdwCleaner[S1].txt
2013-06-09 13:18 - 2013-06-09 13:18 - 00000971 ____A C:\AdwCleaner[S1].txt
2013-06-09 13:18 - 2013-06-09 13:18 - 00000089 ____A C:\Users\Divabug\Desktop\recyclebin note.txt
2013-06-09 13:12 - 2013-06-09 13:12 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-09 13:11 - 2013-06-09 13:11 - 00648201 ____A C:\Users\Divabug\Desktop\AdwCleaner.exe
2013-06-09 12:35 - 2013-06-09 12:35 - 00024824 ____A C:\Users\Divabug\Desktop\Addition.txt
2013-06-09 12:34 - 2013-06-09 12:34 - 00000000 ____D C:\FRST
2013-06-09 12:33 - 2013-06-09 12:34 - 01919988 ____A (Farbar) C:\Users\Divabug\Desktop\FRST64.exe
2013-06-09 12:15 - 2013-06-09 12:15 - 00021588 ____A C:\Users\Divabug\Desktop\dds.txt
2013-06-09 12:15 - 2013-06-09 12:15 - 00014065 ____A C:\Users\Divabug\Desktop\attach.txt
2013-06-09 12:12 - 2013-06-09 12:12 - 00688992 ____R (Swearware) C:\Users\Divabug\Desktop\dds.com
2013-06-09 12:05 - 2013-06-09 12:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{88775E91-A0DD-413D-8A1D-CF63BF2BE0FC}
2013-06-09 11:48 - 2013-06-09 11:49 - 00004782 ____A C:\Users\Divabug\Desktop\Rkill.txt
2013-06-09 11:38 - 2013-06-09 11:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-09 11:36 - 2013-06-09 11:36 - 00000000 ____D C:\Users\Divabug\Desktop\mbar-1.06.0.1003
2013-06-09 11:29 - 2013-06-09 11:29 - 00035860 ____A C:\Users\Divabug\Desktop\Result.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00002656 ____A C:\Users\Divabug\Desktop\FSS.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00000760 ____A C:\Users\Divabug\Desktop\checkup.txt
2013-06-09 11:23 - 2013-06-09 11:23 - 00004068 ____A C:\Users\Divabug\Desktop\instr.txt
2013-06-09 11:19 - 2013-06-09 11:20 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Divabug\Desktop\rkill.exe
2013-06-09 11:19 - 2013-06-09 11:19 - 13169742 ____A C:\Users\Divabug\Desktop\mbar-1.06.0.1003.zip
2013-06-09 11:18 - 2013-06-09 11:18 - 00760723 ____A (Farbar) C:\Users\Divabug\Desktop\MiniToolBox.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00890839 ____A C:\Users\Divabug\Desktop\SecurityCheck.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00355651 ____A (Farbar) C:\Users\Divabug\Desktop\FSS.exe
2013-06-08 23:53 - 2013-06-08 23:53 - 00000000 ____D C:\Users\Divabug\AppData\Local\{BAE18A03-BAAF-4E74-B7C9-328905AEF0A7}
2013-06-08 22:21 - 2013-06-08 22:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2C785743-B424-4CE7-A250-EB5EA9FC5977}
2013-06-08 21:23 - 2013-06-08 21:23 - 00012328 ____A C:\Users\Divabug\Documents\cc_20130608_212320.reg
2013-06-08 21:21 - 2013-06-08 21:21 - 00000211 ____A C:\Users\Divabug\Desktop\new  2.txt
2013-06-08 14:49 - 2013-06-09 13:22 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-08 14:49 - 2013-06-09 13:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 14:49 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 14:42 - 2013-06-09 13:28 - 00000336 ____A C:\Windows\setupact.log
2013-06-08 14:42 - 2013-06-08 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 14:38 - 2013-06-08 14:38 - 00091198 ____A C:\Users\Divabug\Desktop\TRO29.pspimage
2013-06-08 12:55 - 2013-06-08 12:55 - 00002738 ____A C:\Users\Divabug\Desktop\new  1.txt
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-08 10:34 - 2013-06-08 10:34 - 00098102 ____A C:\Users\Divabug\Documents\cc_20130608_103409.reg
2013-06-08 10:24 - 2013-06-08 10:24 - 04378864 ____A (Piriform Ltd) C:\Users\Divabug\Downloads\ccsetup402.exe
2013-06-08 10:24 - 2013-06-08 10:24 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-08 10:14 - 2013-06-08 10:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7A757453-21FF-49E4-895A-FAFCF8EA82F2}
2013-06-08 01:47 - 2013-06-08 02:52 - 00016643 ____A C:\Users\Divabug\Desktop\avgrep.txt
2013-06-07 23:54 - 2013-06-07 23:54 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-07 10:18 - 2013-06-07 10:18 - 00000000 ____D C:\Users\Divabug\AppData\Local\{880C5C15-71A7-4556-A0AC-77AB6B966202}
2013-06-06 23:16 - 2013-06-06 23:16 - 01989782 ____A C:\Users\Divabug\Desktop\Image3.pspimage
2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E603AB29-E497-45BA-BA00-CD7BA3E8F84F}
2013-06-05 10:28 - 2013-06-05 10:28 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0325A4B1-1320-4F07-8C96-879BBA637744}
2013-06-04 20:16 - 2013-06-04 20:16 - 00000000 ____D C:\ProgramData\Poser Pro
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Poser Pro
2013-06-04 20:01 - 2013-06-04 20:01 - 00001898 ____A C:\Users\Public\Desktop\Queue Manager 2014.lnk
2013-06-04 20:01 - 2013-06-04 20:01 - 00001870 ____A C:\Users\Public\Desktop\Poser Pro 2014.lnk
2013-06-04 20:00 - 2013-06-04 20:03 - 00000000 ____D C:\Users\Divabug\Documents\Poser Pro 2014 Content
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Users\Public\Pixologic
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Program Files\Smith Micro
2013-06-04 16:48 - 2013-06-04 16:48 - 00000000 ____D C:\Users\Divabug\Downloads\SmithMicroDLM
2013-06-04 16:47 - 2013-06-04 16:47 - 07275472 ____A (Smith Micro Software, Inc.                                  ) C:\Users\Divabug\Desktop\SmithMicro-DownloadManager-Windows.exe
2013-06-04 16:47 - 2013-06-04 16:47 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2013-06-04 16:46 - 2013-06-04 16:46 - 00019707 ____A C:\Users\Divabug\Desktop\earlyAdopter_pp14_badge.zip
2013-06-04 11:44 - 2013-06-04 11:44 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D9CB6DB2-E0DE-40EE-8958-86794A5E81A1}
2013-06-03 22:31 - 2013-06-03 22:31 - 00000000 ____D C:\Users\Divabug\AppData\Local\{045B8822-ECD1-43E9-9769-109F29D53483}
2013-06-03 09:03 - 2013-06-03 09:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{95B2C586-B035-4BCD-AA75-3723D4E2A8E7}
2013-06-02 17:31 - 2013-06-08 14:38 - 00103424 __ASH C:\Users\Divabug\Desktop\Thumbs.db
2013-06-02 13:15 - 2013-06-02 13:16 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AAFBDDEC-48BE-414E-97CE-61CA104736BE}
2013-06-02 00:00 - 2013-06-02 00:00 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0A249DAD-D13F-40F7-8BC7-F03BEA467FD4}
2013-06-01 11:15 - 2013-06-01 11:16 - 00000000 ____D C:\Users\Divabug\AppData\Local\{37C04F77-44B0-4074-9001-CDD92BC225FD}
2013-05-31 17:42 - 2013-05-31 17:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7C75BD70-9949-4636-B0F8-0B48B0E55EBA}
2013-05-30 22:56 - 2013-06-01 17:54 - 00000000 ____D C:\Users\Divabug\Desktop\4Elicia
2013-05-30 22:29 - 2013-05-30 22:29 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F299583D-A3A2-4728-9895-92EE8766B7E0}
2013-05-30 00:14 - 2013-05-30 00:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{94DB4CE6-B731-46E5-B78C-4DDABC92434C}
2013-05-29 10:27 - 2013-05-29 10:27 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B54C3301-C845-4029-98C8-476FE0ABA7FB}
2013-05-28 13:05 - 2013-05-28 13:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{278792BA-B90B-430A-84ED-C020920E6674}
2013-05-27 09:14 - 2013-05-27 09:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{164A0D03-9C4F-4C94-AB64-503480A1FCBE}
2013-05-25 23:50 - 2013-05-25 23:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{38332C14-FF4C-462C-AD6F-D8ABC7A68423}
2013-05-25 09:15 - 2013-05-25 09:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D3A56A50-B359-4F37-AA9D-EA6CB9E1C727}
2013-05-24 15:39 - 2013-05-24 15:39 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CFEBF5C6-8B33-4F3E-9D66-2DF94ABEAE27}
2013-05-24 12:10 - 2013-05-24 12:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4C8FC78-9FDA-4061-8DC0-A242F7CB7950}
2013-05-23 23:20 - 2013-05-23 23:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2BA81644-5E9F-4099-A925-6CE7CEE2A2EE}
2013-05-23 10:06 - 2013-05-23 10:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{491C0C7D-B3C4-4646-8A20-C405DD545851}
2013-05-22 13:39 - 2013-05-22 13:40 - 00000000 ____D C:\Users\Divabug\AppData\Local\{4E82BF80-F6A0-42AA-9D33-DE846CEAB016}
2013-05-22 00:03 - 2013-05-22 00:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F111337B-0F98-4BC4-9D90-44ECE7324A2E}
2013-05-21 11:35 - 2013-05-21 11:35 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AA5114C4-17BD-49D9-A082-3A6FCAA350BB}
2013-05-20 23:21 - 2013-05-20 23:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{53E86E9B-83C0-4CBD-BFAC-71B718BBCC3C}
2013-05-20 10:42 - 2013-05-20 10:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B14937E5-DDBC-42C8-9BD5-7C9D73E77536}
2013-05-19 17:20 - 2013-05-19 17:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{476C3CC4-B799-4FE9-9FA9-0B2F0C233778}
2013-05-19 01:02 - 2013-05-19 01:02 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4E9EFEF-2DEA-4D86-BA3B-0EC35367C155}
2013-05-18 09:56 - 2013-05-18 09:57 - 00000000 ____D C:\Users\Divabug\AppData\Local\{5608DEAF-3786-4979-B59C-F43846192F58}
2013-05-17 10:57 - 2013-05-17 10:57 - 00000000 ____D C:\Users\Divabug\AppData\Local\{20ECF942-32B8-46BA-B316-F629613BD531}
2013-05-16 22:50 - 2013-05-16 22:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{45FCA203-3589-44D2-8F5C-1495EF48CD76}
2013-05-16 10:16 - 2013-05-16 10:17 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E6DD8346-DE02-4B05-9536-A150BEFBCE03}
2013-05-16 03:01 - 2013-05-05 14:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:01 - 2013-05-05 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 03:01 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 03:01 - 2013-04-04 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 18:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 17:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 17:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 17:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 17:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 17:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 03:01 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 03:01 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 03:01 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 03:01 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 03:01 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 03:01 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 03:00 - 2013-04-04 18:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:00 - 2013-04-04 17:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:00 - 2013-04-04 17:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:00 - 2013-04-04 17:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:00 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 03:00 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 03:00 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 03:00 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 17:27 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 17:27 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 17:27 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 17:26 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 17:26 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 17:26 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 17:26 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 17:26 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 17:26 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 17:26 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 17:26 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 17:26 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 17:26 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 17:26 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 10:56 - 2013-05-15 10:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\{1A9E0923-4935-4EC5-BBAF-20B62FF250D4}
2013-05-14 17:24 - 2013-05-14 17:24 - 00000000 ____D C:\Users\Divabug\AppData\Local\{272229CA-89FE-401A-B67B-C7B17A3FF634}
2013-05-14 02:21 - 2013-05-14 02:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CAB0FCD1-A1C0-4AC9-B5C0-D8DC02BDF4C6}
2013-05-13 13:10 - 2013-05-13 13:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B8123D07-D848-4A37-A4FC-5D9F605A76B9}
2013-05-13 00:08 - 2013-05-13 00:08 - 00000000 ____D C:\Users\Divabug\AppData\Local\{28C43BB3-81DC-4A5C-B6DB-844A04E55D0F}
2013-05-12 09:37 - 2013-05-12 09:37 - 00000000 ____D C:\Users\Divabug\AppData\Local\{052032F8-75DD-4322-A4D1-9749BD8A6BB5}
2013-05-11 12:52 - 2013-05-11 12:52 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F6D072F4-AE3F-4506-9459-EC21574C4268}
2013-05-10 23:13 - 2013-05-10 23:13 - 00000000 ____D C:\Users\Divabug\AppData\Local\{3899BC74-904E-4CA7-8FD9-40962D2963F4}
2013-05-10 09:20 - 2013-05-10 09:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7D4A92C0-3FAB-4ADA-BFDA-91E8BA4E6F12}

==================== One Month Modified Files and Folders =======

2013-06-09 13:33 - 2009-07-13 22:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-09 13:28 - 2013-06-08 14:42 - 00000336 ____A C:\Windows\setupact.log
2013-06-09 13:28 - 2012-04-02 08:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-09 13:28 - 2012-03-15 13:10 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-09 13:28 - 2012-03-15 13:10 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-09 13:28 - 2012-03-15 12:46 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-09 13:28 - 2012-03-15 12:27 - 01223903 ____A C:\Windows\WindowsUpdate.log
2013-06-09 13:28 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 13:27 - 2009-07-13 21:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-09 13:27 - 2009-07-13 21:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-09 13:22 - 2013-06-09 13:22 - 00000971 ____A C:\Users\Divabug\Desktop\AdwCleaner[S1].txt
2013-06-09 13:22 - 2013-06-08 14:49 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-09 13:22 - 2013-06-08 14:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-09 13:18 - 2013-06-09 13:18 - 00000971 ____A C:\AdwCleaner[S1].txt
2013-06-09 13:18 - 2013-06-09 13:18 - 00000089 ____A C:\Users\Divabug\Desktop\recyclebin note.txt
2013-06-09 13:12 - 2013-06-09 13:12 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-09 13:11 - 2013-06-09 13:11 - 00648201 ____A C:\Users\Divabug\Desktop\AdwCleaner.exe
2013-06-09 13:00 - 2012-11-21 17:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-09 12:54 - 2012-04-02 08:05 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 12:35 - 2013-06-09 12:35 - 00024824 ____A C:\Users\Divabug\Desktop\Addition.txt
2013-06-09 12:34 - 2013-06-09 12:34 - 00000000 ____D C:\FRST
2013-06-09 12:34 - 2013-06-09 12:33 - 01919988 ____A (Farbar) C:\Users\Divabug\Desktop\FRST64.exe
2013-06-09 12:15 - 2013-06-09 12:15 - 00021588 ____A C:\Users\Divabug\Desktop\dds.txt
2013-06-09 12:15 - 2013-06-09 12:15 - 00014065 ____A C:\Users\Divabug\Desktop\attach.txt
2013-06-09 12:12 - 2013-06-09 12:12 - 00688992 ____R (Swearware) C:\Users\Divabug\Desktop\dds.com
2013-06-09 12:06 - 2013-06-09 12:05 - 00000000 ____D C:\Users\Divabug\AppData\Local\{88775E91-A0DD-413D-8A1D-CF63BF2BE0FC}
2013-06-09 11:49 - 2013-06-09 11:48 - 00004782 ____A C:\Users\Divabug\Desktop\Rkill.txt
2013-06-09 11:47 - 2013-06-09 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-09 11:36 - 2013-06-09 11:36 - 00000000 ____D C:\Users\Divabug\Desktop\mbar-1.06.0.1003
2013-06-09 11:29 - 2013-06-09 11:29 - 00035860 ____A C:\Users\Divabug\Desktop\Result.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00002656 ____A C:\Users\Divabug\Desktop\FSS.txt
2013-06-09 11:27 - 2013-06-09 11:27 - 00000760 ____A C:\Users\Divabug\Desktop\checkup.txt
2013-06-09 11:23 - 2013-06-09 11:23 - 00004068 ____A C:\Users\Divabug\Desktop\instr.txt
2013-06-09 11:23 - 2012-03-28 13:33 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Notepad++
2013-06-09 11:21 - 2012-03-28 07:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-09 11:20 - 2013-06-09 11:19 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Divabug\Desktop\rkill.exe
2013-06-09 11:19 - 2013-06-09 11:19 - 13169742 ____A C:\Users\Divabug\Desktop\mbar-1.06.0.1003.zip
2013-06-09 11:18 - 2013-06-09 11:18 - 00760723 ____A (Farbar) C:\Users\Divabug\Desktop\MiniToolBox.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00890839 ____A C:\Users\Divabug\Desktop\SecurityCheck.exe
2013-06-09 11:17 - 2013-06-09 11:17 - 00355651 ____A (Farbar) C:\Users\Divabug\Desktop\FSS.exe
2013-06-09 01:08 - 2012-03-28 11:58 - 00002828 __ASH C:\ProgramData\KGyGaAvL.sys
2013-06-09 01:08 - 2012-03-28 11:56 - 00000000 ____D C:\Users\Divabug\Documents\My PSP Files
2013-06-09 01:08 - 2012-03-28 11:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\Corel
2013-06-09 01:03 - 2012-03-28 10:18 - 00000000 ____D C:\Users\Divabug\Documents\SavedPZs
2013-06-08 23:53 - 2013-06-08 23:53 - 00000000 ____D C:\Users\Divabug\AppData\Local\{BAE18A03-BAAF-4E74-B7C9-328905AEF0A7}
2013-06-08 22:21 - 2013-06-08 22:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2C785743-B424-4CE7-A250-EB5EA9FC5977}
2013-06-08 21:23 - 2013-06-08 21:23 - 00012328 ____A C:\Users\Divabug\Documents\cc_20130608_212320.reg
2013-06-08 21:21 - 2013-06-08 21:21 - 00000211 ____A C:\Users\Divabug\Desktop\new  2.txt
2013-06-08 17:01 - 2012-03-28 06:30 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-06-08 14:42 - 2013-06-08 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 14:38 - 2013-06-08 14:38 - 00091198 ____A C:\Users\Divabug\Desktop\TRO29.pspimage
2013-06-08 14:38 - 2013-06-02 17:31 - 00103424 __ASH C:\Users\Divabug\Desktop\Thumbs.db
2013-06-08 12:55 - 2013-06-08 12:55 - 00002738 ____A C:\Users\Divabug\Desktop\new  1.txt
2013-06-08 12:54 - 2010-11-20 20:47 - 00243996 ____A C:\Windows\PFRO.log
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-08 10:34 - 2013-06-08 10:34 - 00098102 ____A C:\Users\Divabug\Documents\cc_20130608_103409.reg
2013-06-08 10:29 - 2012-03-29 19:34 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\CoreFTP
2013-06-08 10:24 - 2013-06-08 10:24 - 04378864 ____A (Piriform Ltd) C:\Users\Divabug\Downloads\ccsetup402.exe
2013-06-08 10:24 - 2013-06-08 10:24 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-08 10:24 - 2012-07-30 20:29 - 00000000 ____D C:\Program Files\CCleaner
2013-06-08 10:15 - 2013-06-08 10:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7A757453-21FF-49E4-895A-FAFCF8EA82F2}
2013-06-08 02:52 - 2013-06-08 01:47 - 00016643 ____A C:\Users\Divabug\Desktop\avgrep.txt
2013-06-08 01:47 - 2012-12-13 12:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\Avg2013
2013-06-07 23:54 - 2013-06-07 23:54 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Divabug\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-07 10:18 - 2013-06-07 10:18 - 00000000 ____D C:\Users\Divabug\AppData\Local\{880C5C15-71A7-4556-A0AC-77AB6B966202}
2013-06-06 23:16 - 2013-06-06 23:16 - 01989782 ____A C:\Users\Divabug\Desktop\Image3.pspimage
2013-06-06 11:52 - 2012-03-28 11:58 - 00005632 ____A C:\Users\Divabug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E603AB29-E497-45BA-BA00-CD7BA3E8F84F}
2013-06-05 10:28 - 2013-06-05 10:28 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0325A4B1-1320-4F07-8C96-879BBA637744}
2013-06-04 20:16 - 2013-06-04 20:16 - 00000000 ____D C:\ProgramData\Poser Pro
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Poser Pro
2013-06-04 20:03 - 2013-06-04 20:00 - 00000000 ____D C:\Users\Divabug\Documents\Poser Pro 2014 Content
2013-06-04 20:01 - 2013-06-04 20:01 - 00001898 ____A C:\Users\Public\Desktop\Queue Manager 2014.lnk
2013-06-04 20:01 - 2013-06-04 20:01 - 00001870 ____A C:\Users\Public\Desktop\Poser Pro 2014.lnk
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Users\Public\Pixologic
2013-06-04 20:00 - 2013-06-04 20:00 - 00000000 ____D C:\Program Files\Smith Micro
2013-06-04 16:48 - 2013-06-04 16:48 - 00000000 ____D C:\Users\Divabug\Downloads\SmithMicroDLM
2013-06-04 16:47 - 2013-06-04 16:47 - 07275472 ____A (Smith Micro Software, Inc.                                  ) C:\Users\Divabug\Desktop\SmithMicro-DownloadManager-Windows.exe
2013-06-04 16:47 - 2013-06-04 16:47 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2013-06-04 16:46 - 2013-06-04 16:46 - 00019707 ____A C:\Users\Divabug\Desktop\earlyAdopter_pp14_badge.zip
2013-06-04 11:44 - 2013-06-04 11:44 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D9CB6DB2-E0DE-40EE-8958-86794A5E81A1}
2013-06-03 22:31 - 2013-06-03 22:31 - 00000000 ____D C:\Users\Divabug\AppData\Local\{045B8822-ECD1-43E9-9769-109F29D53483}
2013-06-03 09:03 - 2013-06-03 09:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{95B2C586-B035-4BCD-AA75-3723D4E2A8E7}
2013-06-02 13:16 - 2013-06-02 13:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AAFBDDEC-48BE-414E-97CE-61CA104736BE}
2013-06-02 00:00 - 2013-06-02 00:00 - 00000000 ____D C:\Users\Divabug\AppData\Local\{0A249DAD-D13F-40F7-8BC7-F03BEA467FD4}
2013-06-01 17:54 - 2013-05-30 22:56 - 00000000 ____D C:\Users\Divabug\Desktop\4Elicia
2013-06-01 11:16 - 2013-06-01 11:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{37C04F77-44B0-4074-9001-CDD92BC225FD}
2013-05-31 17:42 - 2013-05-31 17:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7C75BD70-9949-4636-B0F8-0B48B0E55EBA}
2013-05-30 22:29 - 2013-05-30 22:29 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F299583D-A3A2-4728-9895-92EE8766B7E0}
2013-05-30 00:14 - 2013-05-30 00:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{94DB4CE6-B731-46E5-B78C-4DDABC92434C}
2013-05-29 10:27 - 2013-05-29 10:27 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B54C3301-C845-4029-98C8-476FE0ABA7FB}
2013-05-28 13:06 - 2013-05-28 13:05 - 00000000 ____D C:\Users\Divabug\AppData\Local\{278792BA-B90B-430A-84ED-C020920E6674}
2013-05-27 09:14 - 2013-05-27 09:14 - 00000000 ____D C:\Users\Divabug\AppData\Local\{164A0D03-9C4F-4C94-AB64-503480A1FCBE}
2013-05-25 23:50 - 2013-05-25 23:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{38332C14-FF4C-462C-AD6F-D8ABC7A68423}
2013-05-25 09:15 - 2013-05-25 09:15 - 00000000 ____D C:\Users\Divabug\AppData\Local\{D3A56A50-B359-4F37-AA9D-EA6CB9E1C727}
2013-05-24 15:39 - 2013-05-24 15:39 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CFEBF5C6-8B33-4F3E-9D66-2DF94ABEAE27}
2013-05-24 12:10 - 2013-05-24 12:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4C8FC78-9FDA-4061-8DC0-A242F7CB7950}
2013-05-23 23:21 - 2013-05-23 23:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{2BA81644-5E9F-4099-A925-6CE7CEE2A2EE}
2013-05-23 10:06 - 2013-05-23 10:06 - 00000000 ____D C:\Users\Divabug\AppData\Local\{491C0C7D-B3C4-4646-8A20-C405DD545851}
2013-05-22 13:40 - 2013-05-22 13:39 - 00000000 ____D C:\Users\Divabug\AppData\Local\{4E82BF80-F6A0-42AA-9D33-DE846CEAB016}
2013-05-22 00:03 - 2013-05-22 00:03 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F111337B-0F98-4BC4-9D90-44ECE7324A2E}
2013-05-21 11:35 - 2013-05-21 11:35 - 00000000 ____D C:\Users\Divabug\AppData\Local\{AA5114C4-17BD-49D9-A082-3A6FCAA350BB}
2013-05-20 23:21 - 2013-05-20 23:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{53E86E9B-83C0-4CBD-BFAC-71B718BBCC3C}
2013-05-20 22:10 - 2013-01-11 17:06 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-20 10:48 - 2012-12-13 12:19 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-20 10:42 - 2013-05-20 10:42 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B14937E5-DDBC-42C8-9BD5-7C9D73E77536}
2013-05-20 00:43 - 2012-03-28 12:20 - 00000000 ____D C:\Users\Divabug\AppData\Roaming\Poser 7
2013-05-19 17:20 - 2013-05-19 17:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{476C3CC4-B799-4FE9-9FA9-0B2F0C233778}
2013-05-19 01:02 - 2013-05-19 01:02 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F4E9EFEF-2DEA-4D86-BA3B-0EC35367C155}
2013-05-19 00:44 - 2012-03-28 10:19 - 00000000 ____D C:\Users\Divabug\Documents\xMyFilesx
2013-05-18 09:57 - 2013-05-18 09:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\{5608DEAF-3786-4979-B59C-F43846192F58}
2013-05-17 10:57 - 2013-05-17 10:57 - 00000000 ____D C:\Users\Divabug\AppData\Local\{20ECF942-32B8-46BA-B316-F629613BD531}
2013-05-16 22:50 - 2013-05-16 22:50 - 00000000 ____D C:\Users\Divabug\AppData\Local\{45FCA203-3589-44D2-8F5C-1495EF48CD76}
2013-05-16 18:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 10:17 - 2013-05-16 10:16 - 00000000 ____D C:\Users\Divabug\AppData\Local\{E6DD8346-DE02-4B05-9536-A150BEFBCE03}
2013-05-16 03:23 - 2009-07-13 21:45 - 00467552 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:22 - 2012-03-28 06:30 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-05-16 03:05 - 2012-03-28 07:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 03:04 - 2012-03-28 13:51 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 10:56 - 2013-05-15 10:56 - 00000000 ____D C:\Users\Divabug\AppData\Local\{1A9E0923-4935-4EC5-BBAF-20B62FF250D4}
2013-05-14 17:24 - 2013-05-14 17:24 - 00000000 ____D C:\Users\Divabug\AppData\Local\{272229CA-89FE-401A-B67B-C7B17A3FF634}
2013-05-14 15:00 - 2012-04-12 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 15:00 - 2012-03-15 12:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 02:21 - 2013-05-14 02:21 - 00000000 ____D C:\Users\Divabug\AppData\Local\{CAB0FCD1-A1C0-4AC9-B5C0-D8DC02BDF4C6}
2013-05-13 13:10 - 2013-05-13 13:10 - 00000000 ____D C:\Users\Divabug\AppData\Local\{B8123D07-D848-4A37-A4FC-5D9F605A76B9}
2013-05-13 00:08 - 2013-05-13 00:08 - 00000000 ____D C:\Users\Divabug\AppData\Local\{28C43BB3-81DC-4A5C-B6DB-844A04E55D0F}
2013-05-12 09:37 - 2013-05-12 09:37 - 00000000 ____D C:\Users\Divabug\AppData\Local\{052032F8-75DD-4322-A4D1-9749BD8A6BB5}
2013-05-11 12:52 - 2013-05-11 12:52 - 00000000 ____D C:\Users\Divabug\AppData\Local\{F6D072F4-AE3F-4506-9459-EC21574C4268}
2013-05-10 23:13 - 2013-05-10 23:13 - 00000000 ____D C:\Users\Divabug\AppData\Local\{3899BC74-904E-4CA7-8FD9-40962D2963F4}
2013-05-10 09:21 - 2013-05-10 09:20 - 00000000 ____D C:\Users\Divabug\AppData\Local\{7D4A92C0-3FAB-4ADA-BFDA-91E8BA4E6F12}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-03 00:22

==================== End Of Log ============================



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 AM

Posted 09 June 2013 - 04:01 PM

That log looks clear. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 judibug

judibug
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 June 2013 - 04:15 PM

Hi there

 

I have had no further issues with my computer and AVG isn't alerting to anything anymore. Yay! lol

 

Should I go and change all my passwords now or is that necessary?

 

Thank you



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 AM

Posted 09 June 2013 - 04:31 PM

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\FRST
  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 

 

Run OTM again and click on the Cleanup button. Follow the prompts.

 

Manually remove any tool left.

Here are some suggestions.
 

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article    by Miekiemoes.

Best wishes! icon_hello.gif
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 judibug

judibug
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 June 2013 - 08:06 PM

Hi

 

I followed the instructions but didn't post between running OTM the first and second time and now the log file it generated is gone, along with the tool after hitting the cleanup button and rebooting.  :(

 

I will be following the rest of your suggestions after posting this. Thank you so much for your time and help :)



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 AM

Posted 09 June 2013 - 08:13 PM

You are welcome. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users