TechSpot

File recovery rogue scanner infection

Solved
By CanHazTrojanz?
Sep 1, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Hmm...we're getting really to being stuck.
    The main obstacle is your lack of CD/DVD drive because I'm afraid that with this type of infection we'll have to access your computer from the external source using FRST.
    We can easily create Windows 7 DVD to access System Recovery Options and then run FRST.
    Surely without optical drive we can't do this.
    I suspect your MBR may be infected as well.

    I think at this point getting optical drive is crucial.
  2. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK will do tomorrow, everything's closed right now. Can I do that from an external hard drive?
  3. Broni

    Broni Malware Annihilator Posts: 46,499   +252

  4. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK great! I'll get on that. Pls don't close the thread, I'm doing this first thing, and I know you have other things to attend, but I'm not earning anything with my clients until this gets solved. So for me it's critical to get it fixed. Thanks for hanging in there with me.
  5. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I'm looking at the titles of your pinned topics at smartestcomputing.us.com and I'm not sure to which one you're referring? (Sorry, I'm trying to follow - you mentioned making a Windows 7 DVD, there are several threads that seem to relate to the topic, and I'm not familiar with most of the jargon.)
  6. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

  7. Broni

    Broni Malware Annihilator Posts: 46,499   +252

  8. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    So I have an external optical drive with blank DVD's to burn to. The tutorial linked above at your site had an updated version of Windows 7 ISO at:

    http://www.mydigitallife.info/windo...links-ultimate-professional-and-home-premium/

    It's an ISO image file, I downloaded it and burned it to the CDROM/DVD. Is that right so far? There was no point at which there were 3 files as the tutorial pointed out, just the one ISO file. Now going to the tutorial I'm confused:

    Did I just basically skip down to step 8 where you have the single file for Windows? I'm confused because there's no executable file, etc.
  9. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Broni -

    I went ahead and connected the USB drive with the FRST program on it and the DVD drive with the Windows 7 ISO as I mentioned above, but when I tried to click on the Windows 7 ISO I was told there was an error with the process (something to the effect: "Runtime error C++" and it's an error I recognize from the virus...

    Also, the file on the DVD is apparently a zipped file, so the error happened when I tried to open that zipped file. What I did was to take the DVD and then extract the files (on an uninfected PC) onto the DVD...and I'm not sure if this is the right move or if I'm getting off track here.

    The DVD now lists:

    Folders:
    boot
    efi
    sources

    autorun (Setup Information)
    bootmgr (File)
    bootmgr.efi (EFI File)
    setup (Application)
    X15-65733.iso (ISO File)

    So before I make things any worse, I just want to be sure I didn't mess the DVD up at this point, or if I need to re-download the Windows 7 as a single ISO file as I did before and just leave it zipped?
  10. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Broni -

    Your tutorial starts with:

    "For many people who order Windows 7 through online store such as Digital River, the download of Windows 7 ESD installation files is not in a single ISO image format, but as electronic digital distribution files."

    I didn't order Windows 7 through a store, I have it on my PC already...so the rest of the tutorial doesn't really apply except the part about downloading the Windows 7 ISO directly, so that's what I did, and I have Windows 7 Premium Edition so I don't need to download the oscdimg file as you noted.

    When I went back to your former instructions of using the thumb drive with FRST and starting off in system recovery, the DVD doesn't auto-play. I hit "restart" with the thumb drive and the DVD drive hooked up, and it simply starts normally. Please tell me what I missed. It's getting on a week and I need to get back to work.
  11. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Just an update - I'm getting a Windows 7 DVD from my brother, he's had similar problems. Hopefully that works, we have the same OS I believe. Will let you know how it goes.
     
  12. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Was having a difficult time because I couldn't get the Windows 7 disc to boot at startup, so on my machine (HP Compaq CQ61-420US) I had to follow the tutorial here:

    http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&docname=c01867418#N696

    Basically hitting "Esc" at restart > Select Boot Device > External DVD Drive

    Your instructions were to:

    If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

    That part about "check your BIOS settings" was where I was getting stuck, as there was no tutorial on it (and I've never heard of a BIOS). So the above link helped me, apparently it's different per manufacturer.

    New Problem:

    I got to the part about Repair Your Computer > Select Operating System and once I did, the following error message appeared:

    System Recovery Options

    This version of System Recovery Options is not compatible with the version of Windows you are trying to repair. Try using a recovery disc that is compatible with this version of Windows.
    I'm using a Windows 7 Home Premium disc, it's 64 bit just exactly like I have...
  13. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    I found this on MS page:
  14. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Thanks, that helped. I got so far as the CMD line, found the flash drive letter and did as asked. Then this error message appeared:
    This version of I:\FRST64.exe is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
    But here again, I have the 64-bit version of FRST from the link you gave, and a 64-bit OS along with a 64-bit disc...I'll try redownloading the FRST program again.
  15. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Broni -

    Stupid question here - I was just informed the recovery disc of Windows 7 I've been using IS a 32-bit...but my machine is 64-bit...so my silly question is would it be best for me to simply buy the 64 bit Windows 7 and proceed? Or download the FRST 32 bit version and run that?

    Basically I'd like to keep the 64 bit OS when all is said and done, and I'm not sure if that's possible if I run the 32-bit disc at this point.
  16. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Possibly you're mistaken about your Windows version.
    Try 32-bit tool.
  17. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Try 32-bit FRST.
  18. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK nevermind my stupid question above, I don't want to lose files and at this point I can't export my existing clients' files to any other storage, so I'll have to order a recovery disc from HP. Please don't close the thread, but I don't think I'll get the disc before Tuesday...aaaaaaaaarrrgghghgghhh...thanks for hanging in there.
  19. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Well I'm not mistaken about my original OS, it's 64 bit, but the DISC my brother gave me is 32 bit (he just informed me of that, though I asked specifically for 64 bit). So before I place this order, do I just go ahead with the 32 bit FRST?
  20. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    I'm not sure if it'll work but it won't break anything so give it a shot.
  21. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

  22. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    That did the trick, thanks!

    I'm re-running the services.exe because I think I hit the wrong button - both reports were named the same thing (I hit "Scan" rather than "Search" when I input "services.exe" into the search field, when it ran that scan, it gave me a FRST.txt file again).

    ##==================================##

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 05-09-2012
    Ran by SYSTEM at 07-09-2012 19:36:16
    Running from H:\
    Windows 7 Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
    HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
    HKU\IdHusseys\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-03-19] (Hewlett-Packard Company)
    HKU\IdHusseys\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17145992 2012-02-15] (Skype Technologies S.A.)
    HKU\IdHusseys\...\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
    Startup: C:\Users\IdHusseys\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\IdHusseys\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
    ==================== Services ================================
    2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [63960 2012-07-27] (Adobe Systems Incorporated)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (LSI Corporation)
    2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55184 2012-05-24] (Apple Inc.)
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-18] (Microsoft Corporation)
    4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
    2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
    3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
    3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [799800 2011-03-28] (Hewlett-Packard Company)
    3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [69632 2005-11-14] (Macrovision Corporation)
    3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-04] (Microsoft Corporation)
    2 LightScribeService; "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [73728 2010-03-19] (Hewlett-Packard Company)
    3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [113120 2012-08-07] (Mozilla Foundation)
    3 OpenVPNService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()
    3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
    2 SBAMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe" [3677000 2012-08-29] (GFI Software)
    2 SBPIMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe" [175496 2012-08-29] (GFI Software)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
    3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [x]
    4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
    4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
    4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
    4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
    ==================== Drivers =================================
    3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-04-06] (LSI Corporation)
    3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1594368 2010-03-02] (Atheros Communications, Inc.)
    3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
    3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
    3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation)
    3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
    3 netw5v64; C:\Windows\System32\DRIVERS\netw5v64.sys [5434368 2009-06-10] (Intel Corporation)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [23960 2011-04-13] (Microsoft Corporation)
    3 Point64; C:\Windows\System32\DRIVERS\point64.sys [45432 2011-04-13] (Microsoft Corporation)
    3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [215040 2009-05-22] (Realtek )
    2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [82872 2012-08-01] (GFI Software)
    3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [86816 2012-08-26] (GFI Software)
    3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.)
    3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
    3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487936 2009-07-21] (IDT, Inc.)
    3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30720 2010-08-20] (The OpenVPN Project)
    3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [389120 2009-06-10] (Marvell)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
    ==================== NetSvcs (Whitelisted) =================

    ============ One Month Created Files and Folders ==============
    2012-09-04 16:00 - 2012-09-04 16:02 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-03 23:10 - 2012-09-03 23:10 - 00021485 ____A C:\ComboFix.txt
    2012-09-03 21:15 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-03 21:15 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-03 21:15 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-03 21:15 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-03 21:14 - 2012-09-03 23:10 - 00000000 ____D C:\ComboFix
    2012-09-03 21:13 - 2012-09-03 23:10 - 00000000 ____D C:\Qoobox
    2012-09-03 21:10 - 2012-09-03 21:03 - 04742575 ____R (Swearware) C:\Users\IdHusseys\Desktop\ComboFix.exe
    2012-09-03 12:09 - 2012-09-03 12:09 - 02193345 ____A C:\Users\IdHusseys\Downloads\tdsskiller.zip
    2012-09-02 12:18 - 2012-09-02 12:18 - 00002567 ____A C:\Users\IdHusseys\Desktop\RKreport[1].txt
    2012-09-02 12:16 - 2012-09-02 12:18 - 00000000 ____D C:\Users\IdHusseys\Desktop\RK_Quarantine
    2012-09-01 17:49 - 2012-09-01 19:48 - 00607260 ____A (Swearware) C:\Users\IdHusseys\Desktop\dds.com
    2012-09-01 17:21 - 2012-09-01 17:21 - 00000000 ____A C:\Users\IdHusseys\Desktop\gmer log.log
    2012-09-01 15:30 - 2012-09-01 15:30 - 00000275 ____A C:\Users\IdHusseys\Desktop\catchme.log
    2012-09-01 12:21 - 2012-09-01 12:22 - 00017437 ____A C:\Users\IdHusseys\Desktop\MBRCheck_09.01.12_14.21.28.txt
    2012-09-01 04:26 - 2012-09-01 04:26 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 04:26 - 2012-09-01 04:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-31 23:27 - 2012-08-31 23:27 - 00001975 ____A C:\Users\Public\Desktop\VIPRE.lnk
    2012-08-31 22:47 - 2012-08-31 22:47 - 00184231 ____A C:\Users\IdHusseys\Downloads\12-7-11_fakereanfix.zip
    2012-08-31 16:19 - 2012-08-31 16:19 - 00000093 ____A C:\Users\IdHusseys\AppData\Roaming\netstat.bat
    2012-08-31 13:57 - 2012-08-31 13:57 - 00058080 ____A C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
    2012-08-30 22:39 - 2012-08-30 22:38 - 00080549 ____A C:\Users\IdHusseys\Desktop\lv.htm
    2012-08-30 20:12 - 2012-08-30 22:49 - 00001066 ____A C:\Users\IdHusseys\Desktop\Duct Tape SEO V2 2012 CopyCat SEO.txt
    2012-08-29 15:41 - 2012-08-29 15:41 - 00047496 ____A (GFI Software) C:\Windows\SysWOW64\sbbd.exe
    2012-08-29 14:28 - 2012-08-31 16:48 - 00000000 ____D C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages_files
    2012-08-29 14:28 - 2012-08-29 14:28 - 00282691 ___AH C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages.htm
    2012-08-27 20:46 - 2012-09-03 22:04 - 00000940 ____A C:\Windows\PFRO.log
    2012-08-27 14:52 - 2012-08-27 14:52 - 00000915 ____A C:\Users\IdHusseys\Desktop\Xenu.lnk
    2012-08-27 14:35 - 2012-08-27 14:36 - 00000308 ____A C:\Users\IdHusseys\Desktop\TO DO ON YOUR SITES.txt
    2012-08-26 17:25 - 2012-08-27 19:34 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-26 11:26 - 2012-08-26 11:26 - 00086816 ____A (GFI Software) C:\Windows\System32\Drivers\sbwtis.sys
    2012-08-25 02:21 - 2012-08-25 02:22 - 14690376 ____A (LastPass) C:\Users\IdHusseys\Downloads\lastpass_x64 (1).exe
    2012-08-25 02:20 - 2012-08-25 02:20 - 00002392 ____A C:\Users\IdHusseys\Desktop\Google Chrome.lnk
    2012-08-25 02:19 - 2012-09-03 17:44 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
    2012-08-25 02:19 - 2012-09-01 02:34 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
    2012-08-24 22:57 - 2012-08-30 03:28 - 00000000 ___HD C:\Users\IdHusseys\Documents\Magic Rank Tracker Reports
    2012-08-23 21:34 - 2012-08-23 21:34 - 14790243 ____A (Jayson Yanuaria ) C:\Program Files (x86)\SERPAttacks_Video.exe
    2012-08-23 21:22 - 2012-08-31 16:51 - 00000000 ____D C:\Program Files (x86)\Market Samurai
    2012-08-23 21:22 - 2012-08-31 16:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-08-23 21:22 - 2012-08-31 16:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-08-23 19:36 - 2012-08-23 19:39 - 20348849 ____A C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
    2012-08-23 19:32 - 2012-08-23 19:38 - 135933721 ____A C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    2012-08-22 16:56 - 2012-08-22 16:56 - 00001948 ____A C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
    2012-08-22 01:05 - 2012-08-22 01:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-22 01:05 - 2012-08-22 01:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-22 00:09 - 2012-08-22 00:10 - 00000929 ____A C:\Users\IdHusseys\Desktop\LYNX.lnk
    2012-08-22 00:08 - 2012-08-31 16:51 - 00000000 ____D C:\lynx_w32
    2012-08-21 21:10 - 2012-08-31 16:52 - 00000000 ____D C:\Users\IdHusseys\Desktop\lynx2-8-7
    2012-08-20 02:38 - 2012-09-07 17:29 - 00003202 ____A C:\Windows\setupact.log
    2012-08-20 02:38 - 2012-08-20 02:38 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-16 11:13 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-16 11:13 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-16 11:13 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-16 11:13 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-16 11:13 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-16 11:13 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-16 11:13 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-16 11:13 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-16 11:13 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-16 11:13 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-16 11:13 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-16 11:13 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-16 11:13 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-16 11:13 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-16 11:13 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-16 11:13 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-16 11:13 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-16 11:13 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-16 11:13 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-16 11:13 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-16 11:13 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-16 11:13 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-16 11:13 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-16 11:13 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-16 11:13 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-16 11:13 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-16 11:13 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-16 11:13 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-15 10:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-15 10:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-15 10:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-15 10:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-15 10:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-15 10:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-15 10:28 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-15 10:28 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-15 10:28 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-15 10:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-15 10:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-15 10:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-15 10:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-14 14:24 - 2012-08-23 13:23 - 15428440 ____A (Adobe Systems Inc.) C:\Program Files (x86)\AdobeAIRInstaller.exe
    2012-08-14 13:49 - 2012-08-14 13:49 - 00000000 ___HD C:\Users\IdHusseys\AppData\Local\{136E17CE-9D8C-4576-B5FB-9FD9476CEE7D}
    2012-08-13 11:53 - 2012-08-13 11:54 - 00000000 ___HD C:\Users\IdHusseys\AppData\Local\{22CFA543-8BC0-487D-B925-78E6564E6786}
    2012-08-11 13:18 - 2012-08-31 16:39 - 00000000 ____D C:\Users\IdHusseys\Documents\Microsys
    2012-08-11 13:18 - 2012-08-22 16:56 - 00000000 ___HD C:\Users\IdHusseys\AppData\Roaming\Microsys
    2012-08-11 13:18 - 2012-08-11 13:18 - 00001957 ____A C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
    2012-08-11 13:17 - 2012-08-31 16:33 - 00000000 ____D C:\Program Files\Microsys
    2012-08-09 12:55 - 1997-06-06 13:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL

    ============ 3 Months Modified Files ========================
    2012-09-07 17:29 - 2012-08-20 02:38 - 00003202 ____A C:\Windows\setupact.log
    2012-09-07 17:29 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-07 17:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-07 15:44 - 2009-12-21 00:30 - 01751988 ____A C:\Windows\WindowsUpdate.log
    2012-09-06 21:46 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-06 21:46 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-05 23:00 - 2009-07-13 21:13 - 00782480 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-03 23:10 - 2012-09-03 23:10 - 00021485 ____A C:\ComboFix.txt
    2012-09-03 22:50 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-09-03 22:04 - 2012-08-27 20:46 - 00000940 ____A C:\Windows\PFRO.log
    2012-09-03 21:03 - 2012-09-03 21:10 - 04742575 ____R (Swearware) C:\Users\IdHusseys\Desktop\ComboFix.exe
    2012-09-03 17:44 - 2012-08-25 02:19 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
    2012-09-03 12:09 - 2012-09-03 12:09 - 02193345 ____A C:\Users\IdHusseys\Downloads\tdsskiller.zip
    2012-09-02 12:18 - 2012-09-02 12:18 - 00002567 ____A C:\Users\IdHusseys\Desktop\RKreport[1].txt
    2012-09-01 19:48 - 2012-09-01 17:49 - 00607260 ____A (Swearware) C:\Users\IdHusseys\Desktop\dds.com
    2012-09-01 17:21 - 2012-09-01 17:21 - 00000000 ____A C:\Users\IdHusseys\Desktop\gmer log.log
    2012-09-01 15:30 - 2012-09-01 15:30 - 00000275 ____A C:\Users\IdHusseys\Desktop\catchme.log
    2012-09-01 12:22 - 2012-09-01 12:21 - 00017437 ____A C:\Users\IdHusseys\Desktop\MBRCheck_09.01.12_14.21.28.txt
    2012-09-01 04:26 - 2012-09-01 04:26 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 02:34 - 2012-08-25 02:19 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
    2012-08-31 23:27 - 2012-08-31 23:27 - 00001975 ____A C:\Users\Public\Desktop\VIPRE.lnk
    2012-08-31 22:47 - 2012-08-31 22:47 - 00184231 ____A C:\Users\IdHusseys\Downloads\12-7-11_fakereanfix.zip
    2012-08-31 16:19 - 2012-08-31 16:19 - 00000093 ____A C:\Users\IdHusseys\AppData\Roaming\netstat.bat
    2012-08-31 13:57 - 2012-08-31 13:57 - 00058080 ____A C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
    2012-08-30 22:49 - 2012-08-30 20:12 - 00001066 ____A C:\Users\IdHusseys\Desktop\Duct Tape SEO V2 2012 CopyCat SEO.txt
    2012-08-30 22:38 - 2012-08-30 22:39 - 00080549 ____A C:\Users\IdHusseys\Desktop\lv.htm
    2012-08-29 15:41 - 2012-08-29 15:41 - 00047496 ____A (GFI Software) C:\Windows\SysWOW64\sbbd.exe
    2012-08-29 15:41 - 2010-04-17 08:15 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
    2012-08-29 14:28 - 2012-08-29 14:28 - 00282691 ___AH C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages.htm
    2012-08-27 20:46 - 2009-07-13 20:45 - 00377688 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-27 19:34 - 2012-08-26 17:25 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-27 19:34 - 2011-10-21 16:50 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-27 14:52 - 2012-08-27 14:52 - 00000915 ____A C:\Users\IdHusseys\Desktop\Xenu.lnk
    2012-08-27 14:36 - 2012-08-27 14:35 - 00000308 ____A C:\Users\IdHusseys\Desktop\TO DO ON YOUR SITES.txt
    2012-08-26 11:26 - 2012-08-26 11:26 - 00086816 ____A (GFI Software) C:\Windows\System32\Drivers\sbwtis.sys
    2012-08-25 18:31 - 2010-07-15 11:12 - 00579257 ____A C:\Users\IdHusseys\.ranktracker.properties
    2012-08-25 02:51 - 2011-07-06 11:37 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
    2012-08-25 02:22 - 2012-08-25 02:21 - 14690376 ____A (LastPass) C:\Users\IdHusseys\Downloads\lastpass_x64 (1).exe
    2012-08-25 02:20 - 2012-08-25 02:20 - 00002392 ____A C:\Users\IdHusseys\Desktop\Google Chrome.lnk
    2012-08-24 14:38 - 2010-07-24 14:55 - 04159475 ____A C:\Users\IdHusseys\.websiteauditor.properties
    2012-08-24 01:02 - 2012-06-17 17:22 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-08-24 01:02 - 2010-04-15 20:03 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-23 21:34 - 2012-08-23 21:34 - 14790243 ____A (Jayson Yanuaria ) C:\Program Files (x86)\SERPAttacks_Video.exe
    2012-08-23 21:31 - 2010-04-10 12:39 - 00092928 ___AH C:\Users\IdHusseys\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-23 19:39 - 2012-08-23 19:36 - 20348849 ____A C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
    2012-08-23 19:38 - 2012-08-23 19:32 - 135933721 ____A C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    2012-08-23 15:24 - 2011-04-19 14:42 - 00165516 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-08-23 13:23 - 2012-08-14 14:24 - 15428440 ____A (Adobe Systems Inc.) C:\Program Files (x86)\AdobeAIRInstaller.exe
    2012-08-22 16:56 - 2012-08-22 16:56 - 00001948 ____A C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
    2012-08-22 01:05 - 2012-08-22 01:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-22 01:05 - 2012-08-22 01:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-22 00:10 - 2012-08-22 00:09 - 00000929 ____A C:\Users\IdHusseys\Desktop\LYNX.lnk
    2012-08-20 02:38 - 2012-08-20 02:38 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-20 02:37 - 2012-03-07 02:20 - 00000498 ____A C:\Windows\SysWOW64\CountScans.XML
    2012-08-20 02:31 - 2011-01-17 23:49 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-08-16 14:46 - 2010-07-15 23:27 - 00532409 ____A C:\Users\IdHusseys\.linkassistant.properties
    2012-08-16 11:07 - 2010-04-11 14:46 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-12 14:58 - 2010-10-12 08:19 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForIdHusseys.job
    2012-08-11 13:18 - 2012-08-11 13:18 - 00001957 ____A C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
    2012-08-02 15:31 - 2010-07-25 23:05 - 00638358 ____A C:\Users\IdHusseys\.spyglass.properties
    2012-08-01 18:33 - 2012-08-01 18:33 - 00005477 ___AH C:\Users\IdHusseys\.recently-used.xbel
    2012-08-01 12:36 - 2012-08-01 12:36 - 00082872 ____A (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
    2012-07-18 10:15 - 2012-08-15 10:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-09 18:15 - 2012-07-09 17:34 - 00000131 ____A C:\Users\IdHusseys\Desktop\Job Search Passwords.txt
    2012-07-04 14:16 - 2012-08-15 10:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 10:28 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 10:28 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 10:28 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 10:28 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-28 20:55 - 2012-08-16 11:13 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-16 11:13 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-16 11:13 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-16 11:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-16 11:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-16 11:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-16 11:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-16 11:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-16 11:13 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-16 11:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-16 11:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-16 11:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-16 11:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-16 11:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-16 11:13 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-16 11:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-16 11:13 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-16 11:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-16 11:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-16 11:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-16 11:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-16 11:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-16 11:13 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-16 11:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-16 11:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-16 11:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-16 11:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-16 11:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-26 11:53 - 2012-06-26 11:53 - 04518720 ____A (FileZilla Project) C:\Users\IdHusseys\Downloads\FileZilla_3.5.3_win32-setup.exe
    2012-06-26 11:53 - 2012-06-26 11:53 - 00001964 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
    2012-06-22 21:16 - 2012-06-22 15:44 - 00011183 ____A C:\Users\IdHusseys\Desktop\Penguin Part 3 Post.txt
    2012-06-20 22:49 - 2012-06-20 22:49 - 00003638 ____A C:\Users\IdHusseys\Desktop\object-cache.php
    2012-06-20 22:48 - 2012-06-20 22:48 - 00001316 ____A C:\Users\IdHusseys\Desktop\db.php
    2012-06-20 19:27 - 2012-06-20 16:51 - 00001023 ____A C:\Users\IdHusseys\Desktop\Flipping My Sites Evaluation.txt
    2012-06-16 01:41 - 2012-06-16 01:41 - 00000088 ___AH C:\Users\IdHusseys\.95d691779473f3e03bc4b4e56319d74c.key
    2012-06-16 01:32 - 2012-06-16 01:32 - 02271405 ___AH C:\Users\IdHusseys\Downloads\LongTailProTrial (1).zip
    2012-06-16 01:28 - 2012-06-16 01:28 - 02271405 ___AH C:\Users\IdHusseys\Downloads\LongTailProTrial.zip
    2012-06-15 22:45 - 2012-06-15 19:05 - 00012666 ____A C:\Users\IdHusseys\Desktop\Pand Recovery Part 2 Income Diversification.txt
    2012-06-13 14:29 - 2012-06-13 14:29 - 00290432 ___AH C:\Users\IdHusseys\Downloads\cj_tactics-getresponse-3-16-12.csv
    2012-06-10 14:52 - 2012-06-10 14:52 - 00112636 ___AH C:\Users\IdHusseys\Downloads\welcome-gate-1.0.95.zip

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe
    [2011-04-27 21:38] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
    C:\Windows\System32\winlogon.exe
    [2011-03-24 23:07] - [2010-11-20 05:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
    C:\Windows\System32\wininit.exe
    [2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
    C:\Windows\System32\svchost.exe
    [2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\User32.dll
    [2011-03-24 23:07] - [2010-11-20 05:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
    C:\Windows\System32\userinit.exe
    [2011-03-24 23:06] - [2010-11-20 05:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
    C:\Windows\System32\Drivers\volsnap.sys
    [2011-03-24 23:06] - [2010-11-20 05:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639

    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-27 22:42:43
    Restore point made on: 2012-08-27 22:49:30
    Restore point made on: 2012-08-29 20:32:41
    Restore point made on: 2012-08-30 11:31:10
    Restore point made on: 2012-08-31 15:36:56
    Restore point made on: 2012-08-31 17:32:35
    Restore point made on: 2012-08-31 17:34:57
    Restore point made on: 2012-08-31 17:44:11
    Restore point made on: 2012-08-31 17:45:13
    Restore point made on: 2012-08-31 17:46:07
    Restore point made on: 2012-08-31 17:46:48
    Restore point made on: 2012-08-31 17:51:44
    ==================== Memory info ===========================
    Percentage of memory in use: 17%
    Total physical RAM: 2812.2 MB
    Available physical RAM: 2318.7 MB
    Total Pagefile: 2810.48 MB
    Available Pagefile: 2331.91 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.68 MB
    ==================== Partitions ============================
    1 Drive c: () (Fixed) (Total:219.07 GB) (Free:149.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.37 GB) FAT32
    6 Drive I: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 7633 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 219 GB 200 MB
    Partition 3 Primary 13 GB 219 GB
    Partition 4 Primary 103 MB 232 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 219 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E RECOVERY NTFS Partition 13 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 H FAT32 Removable 7633 MB Healthy
    ==================================================================================
    Last Boot: 2012-08-27 07:39
    ==================== End Of Log =============================
  23. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Here is the services.exe scan:

    Farbar Recovery Scan Tool (x86) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-07 19:45:09
    Running from H:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\ERDNT\cache64\services.exe
    [2011-06-16 12:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    === End Of Search ===
  24. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    I don't see anything malicious there but I still suspect your MBR is infected.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally and see if you can run aswMBR and TDSSKiller.

    Attached Files:

  25. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I'm still unable to connect to the internet, so when awsMBR asks to download the latest Avast definitions, I can't. Just run it anyway? Here is the Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-07 20:11:49 Run:1
    Running from H:\
    ==============================================

    ========= bootrec /FixMbr =========
    ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

    ========= End of CMD: =========

    ==== End of Fixlog ====


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.