also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot

TechSpot News Products Downloads Forums

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

[Solved] Need help with System Check virus

Discussion in 'Virus and Malware Removal' started by codyb, Jan 9, 2012.

Page 1 of 3

codyb Newcomer, in training

Hey,

I have seen that some others have been getting some help after getting the system check virus.

I don't even know how i got this virus i just opened up my firefox and it seemed to hit me!

Now all of my programs and folders are gone, it is saying I am having hardware issues and i have a black screen!

Please would somebody be able to help me I would greatly appreciate it!!!

Thanks,
Cody

codyb, Jan 9, 2012

#1
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Start with this guide: http://www.bleepingcomputer.com/virus-removal/remove-system-check
Broni, Jan 9, 2012

#2
codyb Newcomer, in training

Hey Broni,

thank you so much for the reply!

I have started following the guide and am now currently scanning my computer with malwarebytes.

The only issue I have had so far is that i wasn't able to open the tdsskiller so i skipped that step as i haven't really seemed to have any problems with being redirected so far.

should i still try and use tdsskiller ? i tried renaming it as 123.com and also as iexplorer.com

i look forward to your reply,

thanks,
cody

codyb, Jan 9, 2012

#3
Broni Malware Annihilator

Don't worry about TDSSKiller for now.

Broni, Jan 9, 2012

#4
codyb Newcomer, in training

Here are the results from my mbam scan:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Cody Brown :: CODY-BROWN [administrator]

Protection: Disabled

10/01/2012 3:27:55 AM
mbam-log-2012-01-10 (03-27-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 622599
Time elapsed: 1 hour(s), 15 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\uEwKkQfYkoLVFj.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\ProgramData\MthmvJ2ZzQZitD.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Cody Brown\Documents\Laptop Folder\cody\unzipped\ventrilo-2.1.4-Windows-i386\ventrilo-2.1.4-Windows-i386.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Cody Brown\Documents\Laptop Folder\cody\unzipped\zmdwm801\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

(end)

codyb, Jan 9, 2012

#5
Broni Malware Annihilator

Very well

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

===========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Broni, Jan 9, 2012

#6
codyb Newcomer, in training

Thank You soooooooooo much for helping me broni

Here is the dds file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Cody Brown at 9:56:58 on 2012-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4087.3093 [GMT 11:00]
.
AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917024201.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [MyWirelessCard] C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\WirelessCard.exe
uRun: [MyDetectWireless] C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\DetectWireless.exe
uRun: [Google Update] "C:\Users\Cody Brown\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Akamai NetSession Interface] "C:\Users\Cody Brown\AppData\Local\Akamai\netsession_win.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\CODYBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cody Brown\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.169.1
TCP: Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B} : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\34F6469725F636B637121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\34F64697723702E4564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\940786F6E65637 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\940786F6E65637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\C696E6B6379737 : DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{AA4B0376-B043-4BC3-A85A-8E68168899C8} : DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{AC4C6B1E-7835-4B6B-B993-F931CAA47AC7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C9AC704B-92F7-4E1D-9DEB-3B90B1FC81A3} : DhcpNameServer = 211.29.132.12 61.88.88.88
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917024201.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun-x64: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.org # misleading site
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Cody Brown\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Users\Cody Brown\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-17 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-10 652872]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-11-4 199008]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-12-15 291064]
S2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-6-15 109168]
S2 RumorServer;McAfee Peer Distribution Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-12-15 291064]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-27 2320920]
S2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2010-6-27 167936]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
S3 bsusbser;Basecom USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\bsusbser.sys [2010-8-8 113664]
S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-01-09 21:50:23 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
2012-01-09 21:50:03 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
2012-01-09 16:20:01 -------- d-----w- C:\FRST
2012-01-09 16:03:35 -------- d-----w- C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
2012-01-09 16:03:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-09 16:03:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-09 14:27:22 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
2012-01-09 14:27:08 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
2012-01-09 02:45:11 -------- d-----w- C:\Users\Cody Brown\.freemind
2012-01-09 02:44:53 -------- d-----w- C:\Program Files (x86)\FreeMind
2012-01-05 15:14:10 -------- d-----w- C:\Program Files (x86)\Market Samurai
2012-01-03 04:46:36 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-01-03 04:46:35 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-03 04:46:34 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2012-01-03 04:46:34 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-01-03 04:46:34 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-03 04:46:34 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2012-01-03 04:46:34 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-03 04:46:34 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-03 04:46:34 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-01-03 04:46:34 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-01-03 04:46:34 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-01-03 04:46:34 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2012-01-03 04:39:39 -------- d-----w- C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
2012-01-03 04:39:32 -------- d-----w- C:\Program Files (x86)\KeywordBlaze
2011-12-26 11:15:59 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
2011-12-26 11:15:32 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
2011-12-16 00:16:33 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut
2011-12-15 22:50:04 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
2011-12-15 22:49:52 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
2011-12-14 21:20:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 21:20:49 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 21:20:47 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 21:20:47 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:20:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 21:20:45 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2012-01-01 22:27:21 72080 ----a-w- C:\Users\Cody Brown\g2mdlhlpx.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-28 01:14:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-19 11:14:52 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-12 05:16:36 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-12 05:16:22 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-12 05:14:54 51200 ----a-w- C:\Windows\System32\OpenCL.dll
.
============= FINISH: 10:05:35.93 ===============

codyb, Jan 9, 2012

#7
codyb Newcomer, in training

Here is the attach file log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27/06/2010 5:08:09 PM
System Uptime: 10/01/2012 9:27:09 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | Socket 1156 | 2931/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 459 GiB total, 170.201 GiB free.
D: is FIXED (NTFS) - 459 GiB total, 458.769 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&304316D0&0&00E2
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&304316D0&0&00E2
Service:
.
==== System Restore Points ===================
.
RP144: 16/12/2011 4:00:11 AM - Windows Update
RP145: 27/12/2011 3:00:38 AM - Scheduled Checkpoint
RP146: 3/01/2012 3:10:01 AM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.org # misleading site
Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
.
==== Installed Programs ======================
.
Acer eDisplay Management
ACID Pro 7.0
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.4 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe After Effects CS5
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.1 MUI
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advertising Center
AHV content for Acrobat and Flash
Akamai NetSession Interface
Akamai NetSession Interface Service
Alice Greenfingers
Amazonia
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI Catalyst Registration
AviSynth 2.5
Battlefield Heroes
BlogMe
Call of Duty 4: Modern Warfare
Call of Duty: Black Ops
Camtasia Studio 7
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Counter-Strike: Source
Crazy John's Broadband
D-Link DWA-131 Wireless N Nano USB Adapter
D3DX10
Dairy Dash
Dream Day First Home
Dropbox
e-tax 2011
eSobi v2
Express Burn Disc Burning Software
Express Rip
Farm Frenzy 2
First Class Flurry
FreeMind
FrostWire 4.21.5
FXCM Trading Station
Global Agenda
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Granny In Paradise
Heroes of Hellas
Hotkey Utility
HydraVision
Identity Card
ImagXpress
Infix 4.30
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Invoice2go 4.0
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Keyword Blaze
LimeWire 5.5.14
Malwarebytes Anti-Malware version 1.60.0.1800
Market Samurai
MarketMeSuite
McAfee Browser Protection Service
McAfee SiteAdvisor Enterprise Plus
McAfee Virus and Spyware Protection Service
Merriam Websters Spell Jam
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
MixPad Audio Mixer
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
MYOB BusinessBasics v1
MyWinLocker
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
NVIDIA PhysX
Opera 11.60
PDF Settings
Pivot Pro Plugin
PunkBuster Services
Quake Live Mozilla Plugin
Quick and Dirty IMAP Mail Reader
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RunRev LiveCode 4.6.3
Safari
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 5.5
Steam
System Requirements Lab
Team Fortress 2
The Lord of the Rings FREE Trial
TidySongs
TidySongs (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Ventrilo Client
VentriloMIX
Videora iPhone Converter 6
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 x64 Runtime Setup Package
Visual C++ 8.0 x86 Runtime Setup Package
VLC media player 1.1.10
Warsow 0.5
WavePad Sound Editor
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xilisoft iPhone Video Converter 6
Your Local Shortcut
.
==== Event Viewer Messages From Past Week ========
.
10/01/2012 9:28:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/01/2012 9:28:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/01/2012 9:27:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/01/2012 9:27:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/01/2012 9:27:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/01/2012 9:27:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/01/2012 9:27:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr sptd Wanarpv6
10/01/2012 9:27:12 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/01/2012 8:51:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
10/01/2012 8:50:48 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
10/01/2012 8:50:48 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
10/01/2012 2:44:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
10/01/2012 2:42:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/01/2012 10:05:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

codyb, Jan 9, 2012

#8
codyb Newcomer, in training

I keep trying to run aswMBR and it looks like it is about to open up and then nothing happens :/

do you know why this could be ?

cheers,
cody

codyb, Jan 9, 2012

#9
Broni Malware Annihilator
Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Jan 9, 2012

#10
codyb Newcomer, in training

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`71500000

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

codyb, Jan 9, 2012

#11
Broni Malware Annihilator
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

Double click on downloaded file to run it.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log (FRST.txt) on your desktop.

Please copy and paste it to your reply.
Broni, Jan 9, 2012

#12
codyb Newcomer, in training

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by Cody Brown at 2012-01-10 10:46:39
Running from C:\Users\Cody Brown\Downloads
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-10 10:33 - 2012-01-10 10:33 - 0000000 ____D C:\Users\Cody Brown\Downloads\bootkit_remover
2012-01-10 10:32 - 2012-01-10 10:32 - 0059237 ____A C:\Users\Cody Brown\Desktop\bootkit.htm
2012-01-10 10:32 - 2012-01-10 10:32 - 0044607 ____A C:\Users\Cody Brown\Downloads\bootkit_remover.zip
2012-01-10 10:11 - 2012-01-10 10:11 - 4713472 ____A (AVAST Software) C:\Users\Cody Brown\Desktop\aswMBR.exe
2012-01-10 09:56 - 2012-01-10 09:56 - 0607260 ____R (Swearware) C:\Users\Cody Brown\Downloads\dds.scr
2012-01-10 09:40 - 2012-01-10 09:40 - 0302592 ____A C:\Users\Cody Brown\Downloads\0yn2u37y.exe
2012-01-10 09:22 - 2012-01-10 09:23 - 0607260 ____A (Swearware) C:\Users\Cody Brown\Desktop\dds.scr
2012-01-10 09:11 - 2012-01-06 02:14 - 0000935 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2012-01-10 09:11 - 2012-01-03 15:46 - 0001146 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-01-10 09:11 - 2012-01-03 15:39 - 0000915 ____A C:\Users\Public\Desktop\KeywordBlaze.lnk
2012-01-10 09:11 - 2011-12-16 11:16 - 0001144 ____A C:\Users\Public\Desktop\Your Local Shortcut.lnk
2012-01-10 09:11 - 2011-10-18 23:45 - 0000875 ____A C:\Users\Public\Desktop\Ventrilo.lnk
2012-01-10 09:11 - 2011-10-04 00:58 - 0001018 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-01-10 09:11 - 2011-08-26 22:09 - 0001176 ____A C:\Users\Public\Desktop\LiveCode 4.6.3.lnk
2012-01-10 09:11 - 2011-08-20 21:35 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-01-10 09:11 - 2011-08-13 21:39 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-01-10 09:11 - 2011-08-13 21:23 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-10 09:11 - 2011-08-13 21:19 - 0001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-01-10 09:11 - 2011-07-15 20:59 - 0001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-01-10 09:11 - 2011-06-15 11:28 - 0002049 ____A C:\Users\Public\Desktop\Acer eDisplay Management.lnk
2012-01-10 09:11 - 2011-03-15 14:58 - 0001525 ____A C:\Users\Public\Desktop\MYOB BusinessBasics v1.lnk
2012-01-10 09:11 - 2011-02-14 20:08 - 0001998 ____A C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
2012-01-10 09:11 - 2011-02-02 19:36 - 0001837 ____A C:\Users\Public\Desktop\Opera.lnk
2012-01-10 09:11 - 2011-01-04 20:45 - 0002218 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
2012-01-10 09:11 - 2011-01-04 20:45 - 0002204 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
2012-01-10 09:11 - 2011-01-04 20:08 - 0001940 ____A C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2012-01-10 09:11 - 2010-11-30 12:59 - 0000959 ____A C:\Users\Public\Desktop\mIRC.lnk
2012-01-10 09:11 - 2010-11-30 12:13 - 0001189 ____A C:\Users\Public\Desktop\Warsow.lnk
2012-01-10 09:11 - 2010-11-04 15:26 - 0001172 ____A C:\Users\Public\Desktop\Camtasia Studio 7.lnk
2012-01-10 09:11 - 2010-10-10 17:10 - 0002186 ____A C:\Users\Public\Desktop\Xilisoft iPhone Video Converter 6.lnk
2012-01-10 09:11 - 2010-09-01 10:49 - 0000851 ____A C:\Users\Public\Desktop\BlogMe.lnk
2012-01-10 09:11 - 2010-08-31 17:26 - 0001930 ____A C:\Users\Public\Desktop\ACID Pro 7.0.lnk
2012-01-10 09:11 - 2010-08-27 22:29 - 0001063 ____A C:\Users\Public\Desktop\MarketMeSuite.lnk
2012-01-10 09:11 - 2010-08-17 16:22 - 0001127 ____A C:\Users\Public\Desktop\MixPad Audio Mixer.lnk
2012-01-10 09:11 - 2010-08-17 16:21 - 0001141 ____A C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2012-01-10 09:11 - 2010-08-08 17:43 - 0002166 ____A C:\Users\Public\Desktop\Crazy John's Broadband.lnk
2012-01-10 09:11 - 2010-07-06 13:58 - 0000977 ____A C:\Users\Public\Desktop\Core FTP Lite.lnk
2012-01-10 09:11 - 2010-06-27 22:40 - 0000921 ____A C:\Users\Public\Desktop\Steam.lnk
2012-01-10 09:11 - 2010-06-27 18:18 - 0000958 ____A C:\Users\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
2012-01-10 09:11 - 2010-06-27 18:18 - 0000952 ____A C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2012-01-10 09:11 - 2009-11-27 04:52 - 0002752 ____A C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
2012-01-10 09:11 - 2009-07-14 15:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-01-10 09:07 - 2012-01-10 09:06 - 0302592 ____A C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
2012-01-10 08:56 - 2012-01-10 08:54 - 0684297 ____A C:\Users\Cody Brown\Desktop\unhide.exe
2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
2012-01-10 03:20 - 2012-01-10 10:46 - 0000000 ____D C:\FRST
2012-01-10 03:19 - 2012-01-10 03:19 - 1379209 ____A C:\Users\Cody Brown\Downloads\FRST64.exe
2012-01-10 03:04 - 2012-01-10 03:04 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-10 03:03 - 2012-01-10 03:24 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-10 03:02 - 2012-01-10 03:02 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Cody Brown\Desktop\mbam-setup.exe
2012-01-10 02:56 - 2012-01-10 02:56 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Desktop\iexplore.com.exe
2012-01-10 02:55 - 2012-01-10 02:55 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Downloads\tdsskiller.exe
2012-01-10 02:49 - 2012-01-10 02:50 - 0000505 ____A C:\rkill.log
2012-01-10 02:47 - 2012-01-10 02:46 - 1008141 ____A C:\Users\Cody Brown\Desktop\iExplore (1).exe
2012-01-10 02:45 - 2012-01-10 02:46 - 1008141 ____A C:\Users\Cody Brown\Downloads\iExplore.exe
2012-01-10 02:39 - 2012-01-10 09:28 - 0351894 ____A C:\Windows\ntbtlog.txt
2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
2012-01-10 01:11 - 2012-01-10 01:11 - 0000657 ____A C:\Users\Cody Brown\Desktop\System Check.lnk
2012-01-09 13:45 - 2012-01-09 13:46 - 0000000 ____D C:\Users\Cody Brown\.freemind
2012-01-09 13:44 - 2012-01-09 13:44 - 0001893 ____A C:\Users\Cody Brown\Desktop\FreeMind.lnk
2012-01-09 13:44 - 2012-01-09 13:44 - 0000000 ____D C:\Program Files (x86)\FreeMind
2012-01-09 13:42 - 2012-01-09 13:42 - 0102967 ____A C:\Users\Cody Brown\Desktop\UltimateWSOSuccessSystem.mmap
2012-01-09 11:34 - 2012-01-09 11:34 - 0344254 ____A C:\Users\Cody Brown\Desktop\GodFather Outsourcing By Seth Bias.pdf
2012-01-08 13:53 - 2012-01-08 14:21 - 0128000 ____A C:\Users\Cody Brown\Desktop\treatment for constipation.msam
2012-01-07 16:34 - 2012-01-07 16:45 - 0082944 ____A C:\Users\Cody Brown\Desktop\best stretch mark cream.msam
2012-01-07 15:12 - 2012-01-07 15:21 - 0150528 ____A C:\Users\Cody Brown\Desktop\how do i reduce stretch marks.msam
2012-01-06 02:14 - 2012-01-06 02:14 - 0000000 ____D C:\Program Files (x86)\Market Samurai
2012-01-03 15:43 - 2012-01-03 15:45 - 15292208 ____A (Mozilla) C:\Users\Cody Brown\Downloads\Firefox Setup 9.0.1.exe
2012-01-03 15:40 - 2012-01-04 12:29 - 0023552 ____A C:\Users\Cody Brown\Documents\My First Workspace.kwbz
2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Program Files (x86)\KeywordBlaze
2011-12-26 22:15 - 2011-12-26 22:16 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
2011-12-26 22:15 - 2011-12-26 22:15 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
2011-12-20 11:25 - 2011-12-20 11:26 - 1350660 ____A C:\Users\Cody Brown\Desktop\eBook_The Top 10... Your Loved One.v4-with cover page.pdf
2011-12-20 11:22 - 2011-12-20 11:22 - 0070071 ____A C:\Users\Cody Brown\Desktop\Art8_BestProteinShakesforWomen.doc.pdf
2011-12-20 11:15 - 2011-12-20 11:16 - 0185398 ____A C:\Users\Cody Brown\Desktop\What is Lead Generation.pdf
2011-12-19 14:00 - 2011-12-19 14:00 - 1958728 ____A C:\Users\Cody Brown\Downloads\SCAN0149.JPG
2011-12-18 10:48 - 2011-12-18 10:48 - 0027136 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri Building.doc
2011-12-17 17:08 - 2011-12-17 17:08 - 0011776 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.doc
2011-12-16 19:59 - 2011-12-16 19:59 - 0028195 ____A C:\Users\Cody Brown\Desktop\marketing-expert.jpg
2011-12-16 11:16 - 2011-12-16 11:16 - 0000000 ____D C:\Program Files (x86)\ Your Local Shortcut
2011-12-16 09:50 - 2011-12-16 09:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
2011-12-16 09:49 - 2011-12-16 09:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
2011-12-16 04:01 - 2011-11-04 13:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 04:01 - 2011-11-04 12:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 04:01 - 2011-11-04 12:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-16 04:01 - 2011-11-04 12:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 04:01 - 2011-11-04 12:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-16 04:01 - 2011-11-04 12:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 04:01 - 2011-11-04 12:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 04:01 - 2011-11-04 12:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-16 04:01 - 2011-11-04 12:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-16 04:01 - 2011-11-04 12:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 04:01 - 2011-11-04 12:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 04:01 - 2011-11-04 12:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-16 04:01 - 2011-11-04 12:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 04:01 - 2011-11-04 10:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-16 04:01 - 2011-11-04 09:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-16 04:01 - 2011-11-04 09:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-16 04:01 - 2011-11-04 09:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-16 04:01 - 2011-11-04 09:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-16 04:01 - 2011-11-04 09:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-16 04:01 - 2011-11-04 09:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-16 04:01 - 2011-11-04 09:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-16 04:01 - 2011-11-04 09:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-16 04:01 - 2011-11-04 09:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-16 04:01 - 2011-11-04 09:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-16 04:01 - 2011-11-04 09:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-16 04:01 - 2011-11-04 09:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 08:20 - 2011-11-24 15:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-15 08:20 - 2011-11-05 16:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-15 08:20 - 2011-11-05 15:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-15 08:20 - 2011-10-26 16:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-15 08:20 - 2011-10-15 17:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-15 08:20 - 2011-10-15 16:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-14 17:43 - 2011-12-20 15:51 - 0018944 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri.wps
2011-12-14 16:55 - 2011-12-14 16:55 - 0015360 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.wps
2011-12-14 16:45 - 2011-12-14 16:45 - 2049467 ____A C:\Users\Cody Brown\Desktop\Capri.pdf
2011-12-12 20:29 - 2011-12-12 20:29 - 2673928 ____A (EasyAntiCheat Solutions) C:\Users\Cody Brown\Downloads\EasyAntiCheat.exe
2011-12-11 02:24 - 2011-12-11 02:24 - 0590794 ____A C:\Users\Cody Brown\Desktop\Untitled-1 copy.jpg

============ 3 Months Modified Files and Folders =============

2012-01-10 10:46 - 2012-01-10 10:46 - 1379209 ____A C:\Users\Cody Brown\Downloads\FRST64 (1).exe
2012-01-10 10:46 - 2012-01-10 03:20 - 0000000 ____D C:\FRST
2012-01-10 10:33 - 2012-01-10 10:33 - 0000000 ____D C:\Users\Cody Brown\Downloads\bootkit_remover
2012-01-10 10:32 - 2012-01-10 10:32 - 0059237 ____A C:\Users\Cody Brown\Desktop\bootkit.htm
2012-01-10 10:32 - 2012-01-10 10:32 - 0044607 ____A C:\Users\Cody Brown\Downloads\bootkit_remover.zip
2012-01-10 10:11 - 2012-01-10 10:11 - 4713472 ____A (AVAST Software) C:\Users\Cody Brown\Desktop\aswMBR.exe
2012-01-10 09:56 - 2012-01-10 09:56 - 0607260 ____R (Swearware) C:\Users\Cody Brown\Downloads\dds.scr
2012-01-10 09:40 - 2012-01-10 09:40 - 0302592 ____A C:\Users\Cody Brown\Downloads\0yn2u37y.exe
2012-01-10 09:33 - 2009-07-14 16:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-10 09:28 - 2012-01-10 02:39 - 0351894 ____A C:\Windows\ntbtlog.txt
2012-01-10 09:27 - 2007-10-11 06:48 - 3214479360 __ASH C:\hiberfil.sys
2012-01-10 09:26 - 2007-10-11 06:52 - 1368477 ____A C:\Windows\WindowsUpdate.log
2012-01-10 09:25 - 2010-06-27 19:35 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Skype
2012-01-10 09:23 - 2012-01-10 09:22 - 0607260 ____A (Swearware) C:\Users\Cody Brown\Desktop\dds.scr
2012-01-10 09:17 - 2010-09-02 11:31 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000UA.job
2012-01-10 09:06 - 2012-01-10 09:07 - 0302592 ____A C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
2012-01-10 09:02 - 2010-06-27 18:38 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-10 08:56 - 2009-07-14 15:45 - 0014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-10 08:56 - 2009-07-14 15:45 - 0014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-10 08:54 - 2012-01-10 08:56 - 0684297 ____A C:\Users\Cody Brown\Desktop\unhide.exe
2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
2012-01-10 08:49 - 2010-08-08 17:44 - 0000943 ____A C:\Windows\WirelessCard.INI
2012-01-10 08:49 - 2010-06-27 22:14 - 0000000 ____D C:\Program Files (x86)\Steam
2012-01-10 08:49 - 2010-06-27 18:24 - 0000000 ____D C:\Users\Cody Brown\Tracing
2012-01-10 08:48 - 2010-06-27 18:38 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-10 08:48 - 2009-11-27 04:58 - 0817112 ____A C:\Windows\PFRO.log
2012-01-10 08:48 - 2009-07-14 16:08 - 0000006 ____A C:\Windows\Tasks\SA.DAT
2012-01-10 08:48 - 2009-07-14 15:51 - 0105467 ____A C:\Windows\setupact.log
2012-01-10 03:24 - 2012-01-10 03:03 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-10 03:19 - 2012-01-10 03:19 - 1379209 ____A C:\Users\Cody Brown\Downloads\FRST64.exe
2012-01-10 03:04 - 2012-01-10 03:04 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-10 03:02 - 2012-01-10 03:02 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Cody Brown\Desktop\mbam-setup.exe
2012-01-10 02:56 - 2012-01-10 02:56 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Desktop\iexplore.com.exe
2012-01-10 02:55 - 2012-01-10 02:55 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Downloads\tdsskiller.exe
2012-01-10 02:50 - 2012-01-10 02:49 - 0000505 ____A C:\rkill.log
2012-01-10 02:46 - 2012-01-10 02:47 - 1008141 ____A C:\Users\Cody Brown\Desktop\iExplore (1).exe
2012-01-10 02:46 - 2012-01-10 02:45 - 1008141 ____A C:\Users\Cody Brown\Downloads\iExplore.exe
2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
2012-01-10 01:11 - 2012-01-10 01:11 - 0000657 ____A C:\Users\Cody Brown\Desktop\System Check.lnk
2012-01-10 00:36 - 2011-10-04 16:19 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Mumble
2012-01-09 23:20 - 2010-07-06 13:59 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\CoreFTP
2012-01-09 13:46 - 2012-01-09 13:45 - 0000000 ____D C:\Users\Cody Brown\.freemind
2012-01-09 13:45 - 2010-06-27 18:08 - 0000000 ____D C:\users\Cody Brown
2012-01-09 13:44 - 2012-01-09 13:44 - 0001893 ____A C:\Users\Cody Brown\Desktop\FreeMind.lnk
2012-01-09 13:44 - 2012-01-09 13:44 - 0000000 ____D C:\Program Files (x86)\FreeMind
2012-01-09 13:42 - 2012-01-09 13:42 - 0102967 ____A C:\Users\Cody Brown\Desktop\UltimateWSOSuccessSystem.mmap
2012-01-09 11:34 - 2012-01-09 11:34 - 0344254 ____A C:\Users\Cody Brown\Desktop\GodFather Outsourcing By Seth Bias.pdf
2012-01-09 11:18 - 2010-09-27 18:50 - 0018074 ____A C:\Users\Cody Brown\AppData\Roaming\wklnhst.dat
2012-01-09 11:18 - 2009-07-14 16:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-09 04:17 - 2010-09-02 11:31 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000Core.job
2012-01-08 14:21 - 2012-01-08 13:53 - 0128000 ____A C:\Users\Cody Brown\Desktop\treatment for constipation.msam
2012-01-07 20:18 - 2010-09-02 11:40 - 0002432 ____A C:\Users\Cody Brown\Desktop\Google Chrome.lnk
2012-01-07 16:45 - 2012-01-07 16:34 - 0082944 ____A C:\Users\Cody Brown\Desktop\best stretch mark cream.msam
2012-01-07 15:21 - 2012-01-07 15:12 - 0150528 ____A C:\Users\Cody Brown\Desktop\how do i reduce stretch marks.msam
2012-01-06 02:14 - 2012-01-10 09:11 - 0000935 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2012-01-06 02:14 - 2012-01-06 02:14 - 0000000 ____D C:\Program Files (x86)\Market Samurai
2012-01-04 12:29 - 2012-01-03 15:40 - 0023552 ____A C:\Users\Cody Brown\Documents\My First Workspace.kwbz
2012-01-03 18:05 - 2011-04-15 00:22 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-01-03 15:46 - 2012-01-10 09:11 - 0001146 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-01-03 15:46 - 2010-06-27 19:25 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-03 15:45 - 2012-01-03 15:43 - 15292208 ____A (Mozilla) C:\Users\Cody Brown\Downloads\Firefox Setup 9.0.1.exe
2012-01-03 15:39 - 2012-01-10 09:11 - 0000915 ____A C:\Users\Public\Desktop\KeywordBlaze.lnk
2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Program Files (x86)\KeywordBlaze
2012-01-02 09:27 - 2011-04-07 12:06 - 0072080 ____A C:\Users\Cody Brown\g2mdlhlpx.exe
2011-12-30 15:20 - 2010-06-27 18:22 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Adobe
2011-12-26 23:11 - 2011-09-19 12:52 - 0000000 ___RD C:\Users\Cody Brown\Dropbox
2011-12-26 23:11 - 2011-09-19 12:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Dropbox
2011-12-26 22:16 - 2011-12-26 22:15 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
2011-12-26 22:15 - 2011-12-26 22:15 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
2011-12-22 20:53 - 2009-07-14 13:34 - 0000402 ____A C:\Windows\System32\Drivers\etc\hosts
2011-12-20 15:51 - 2011-12-14 17:43 - 0018944 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri.wps
2011-12-20 11:26 - 2011-12-20 11:25 - 1350660 ____A C:\Users\Cody Brown\Desktop\eBook_The Top 10... Your Loved One.v4-with cover page.pdf
2011-12-20 11:22 - 2011-12-20 11:22 - 0070071 ____A C:\Users\Cody Brown\Desktop\Art8_BestProteinShakesforWomen.doc.pdf
2011-12-20 11:16 - 2011-12-20 11:15 - 0185398 ____A C:\Users\Cody Brown\Desktop\What is Lead Generation.pdf
2011-12-20 07:17 - 2011-11-03 11:38 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\Akamai
2011-12-19 14:00 - 2011-12-19 14:00 - 1958728 ____A C:\Users\Cody Brown\Downloads\SCAN0149.JPG
2011-12-18 10:48 - 2011-12-18 10:48 - 0027136 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri Building.doc
2011-12-17 17:08 - 2011-12-17 17:08 - 0011776 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.doc
2011-12-16 19:59 - 2011-12-16 19:59 - 0028195 ____A C:\Users\Cody Brown\Desktop\marketing-expert.jpg
2011-12-16 11:16 - 2012-01-10 09:11 - 0001144 ____A C:\Users\Public\Desktop\Your Local Shortcut.lnk
2011-12-16 11:16 - 2011-12-16 11:16 - 0000000 ____D C:\Program Files (x86)\ Your Local Shortcut
2011-12-16 09:50 - 2011-12-16 09:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
2011-12-16 09:50 - 2011-12-16 09:49 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
2011-12-16 05:00 - 2009-07-14 14:20 - 0000000 ____D C:\Windows\rescache
2011-12-16 04:23 - 2009-07-14 15:45 - 5249704 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-16 04:02 - 2010-06-30 10:53 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-14 16:55 - 2011-12-14 16:55 - 0015360 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.wps
2011-12-14 16:45 - 2011-12-14 16:45 - 2049467 ____A C:\Users\Cody Brown\Desktop\Capri.pdf
2011-12-12 20:29 - 2011-12-12 20:29 - 2673928 ____A (EasyAntiCheat Solutions) C:\Users\Cody Brown\Downloads\EasyAntiCheat.exe
2011-12-11 02:24 - 2011-12-11 02:24 - 0590794 ____A C:\Users\Cody Brown\Desktop\Untitled-1 copy.jpg
2011-12-10 23:18 - 2011-12-10 23:17 - 0867537 ____A C:\Users\Cody Brown\Desktop\Untitled-1.jpg
2011-12-10 20:56 - 2011-11-15 15:04 - 0019968 ____A C:\Users\Cody Brown\Desktop\Web Design Creative Brief.wps
2011-12-08 21:35 - 2011-11-13 11:19 - 0018560 ____A C:\Users\Cody Brown\Desktop\Web Design Creative Brief.docx
2011-12-08 21:29 - 2010-06-27 18:33 - 0000000 ____D C:\Program Files (x86)\Opera
2011-12-07 23:26 - 2010-06-27 18:23 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\Google
2011-12-07 00:10 - 2011-12-07 00:10 - 0122919 ____A C:\Users\Cody Brown\Desktop\caekgaminglogo.jpg
2011-12-06 11:02 - 2011-12-06 11:02 - 0700715 ____A C:\Users\Cody Brown\Desktop\dotcom.jpg
2011-12-06 10:39 - 2011-12-06 10:39 - 0196445 ____A C:\Users\Cody Brown\Desktop\example1.jpg
2011-12-04 10:24 - 2011-12-04 09:40 - 0146432 ____A C:\Users\Cody Brown\Desktop\christmas toys.msam
2011-12-04 09:41 - 2011-04-15 23:59 - 0150108 ____A C:\Windows\SysWOW64\mlfcache.dat
2011-12-02 12:55 - 2011-12-02 12:55 - 0025161 ____A C:\Users\Cody Brown\Desktop\Google Place Page Info.pdf
2011-11-30 10:43 - 2011-11-30 10:38 - 43678872 ____A (RunRev Ltd) C:\Users\Cody Brown\Desktop\LiveCodeInstaller-5_0_0-Windows.exe
2011-11-27 02:13 - 2011-11-27 02:13 - 0005176 ____A C:\Users\Cody Brown\Desktop\googleplus.png
2011-11-24 15:52 - 2011-12-15 08:20 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-24 11:51 - 2011-05-27 08:37 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-11-24 11:50 - 2011-11-24 11:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{FAB49005-D699-4310-A81F-7157821DB89F}
2011-11-24 11:50 - 2011-11-24 11:49 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{E91DD71F-220F-426E-8C74-836BD723F420}
2011-11-18 02:19 - 2010-07-05 13:59 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-11-18 02:19 - 2010-07-05 13:59 - 0000000 ____D C:\ProgramData\FLEXnet
2011-11-17 11:47 - 2010-07-06 11:42 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Apple Computer
2011-11-14 18:13 - 2011-11-14 18:13 - 1299028 ____A C:\Users\Cody Brown\Desktop\E-commerce article.zip
2011-11-13 22:49 - 2011-11-13 22:49 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\YourLocalShorcut
2011-11-13 22:48 - 2011-11-13 22:48 - 0000000 ____D C:\Users\Cody Brown\Desktop\YourLocalShortcutSetup
2011-11-13 22:05 - 2011-11-13 22:05 - 0000000 ____D C:\Users\All Users\id Software
2011-11-13 22:05 - 2011-11-13 22:05 - 0000000 ____D C:\ProgramData\id Software
2011-11-13 15:45 - 2011-11-13 15:45 - 0672562 ____A C:\Users\Cody Brown\Downloads\DeepPocketsGPS.pdf
2011-11-12 13:57 - 2011-11-12 13:57 - 0004990 ____A C:\Users\Cody Brown\Desktop\Ex6TenZ.rar
2011-11-11 09:50 - 2011-11-11 09:50 - 0473838 ____A C:\Users\Cody Brown\Desktop\facebook viral script.zip
2011-11-11 09:16 - 2011-11-11 09:16 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{ECEC099D-8EF1-4A44-882D-8F8521ADB2B2}
2011-11-11 04:18 - 2009-07-14 14:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 10:26 - 2011-11-09 10:26 - 0300818 ____A C:\Users\Cody Brown\Desktop\flightinvoice.jpg
2011-11-07 16:57 - 2011-11-07 16:57 - 0009383 ____A C:\Users\Cody Brown\Desktop\BoomAV Inv3089 Studio 8 Web Hosting.pdf
2011-11-07 14:17 - 2011-11-07 14:17 - 1887320 ____A C:\Users\Cody Brown\Desktop\ikontop10 28th October - 4th November 2011.pdf
2011-11-06 11:06 - 2011-04-13 10:56 - 0000000 ____D C:\Users\Cody Brown\Documents\Random ****
2011-11-05 16:32 - 2011-12-15 08:20 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-05 16:04 - 2011-11-05 16:04 - 0000000 ____D C:\Users\All Users\ATI
2011-11-05 16:04 - 2011-11-05 16:04 - 0000000 ____D C:\ProgramData\ATI
2011-11-05 16:03 - 2011-11-05 16:03 - 0000000 ____D C:\Program Files (x86)\AMD APP
2011-11-05 16:03 - 2011-01-17 13:43 - 0000000 ____D C:\Program Files\ATI Technologies
2011-11-05 15:26 - 2011-12-15 08:20 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-05 11:28 - 2011-11-05 11:28 - 0116373 ____A C:\Users\Cody Brown\Desktop\newburstsmsplan.pdf
2011-11-05 11:22 - 2011-11-03 10:29 - 0016896 ____A C:\Users\Cody Brown\Desktop\Hawaii 2012.xls
2011-11-04 13:38 - 2011-12-16 04:01 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-04 12:59 - 2011-12-16 04:01 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-04 12:53 - 2011-12-16 04:01 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-04 12:46 - 2011-12-16 04:01 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-04 12:44 - 2011-12-16 04:01 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-04 12:44 - 2011-12-16 04:01 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-04 12:43 - 2011-12-16 04:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-04 12:41 - 2011-12-16 04:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-04 12:39 - 2011-12-16 04:01 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-04 12:36 - 2011-12-16 04:01 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-04 12:35 - 2011-12-16 04:01 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-04 12:34 - 2011-12-16 04:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-04 12:30 - 2011-12-16 04:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-04 10:02 - 2011-12-16 04:01 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-04 09:47 - 2011-12-16 04:01 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-04 09:46 - 2011-12-16 04:01 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-04 09:40 - 2011-12-16 04:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-04 09:40 - 2011-12-16 04:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-04 09:39 - 2011-12-16 04:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-04 09:38 - 2011-12-16 04:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-04 09:37 - 2011-12-16 04:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-04 09:34 - 2011-12-16 04:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-04 09:32 - 2011-12-16 04:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-04 09:32 - 2011-12-16 04:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-04 09:31 - 2011-12-16 04:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-04 09:28 - 2011-12-16 04:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-02 11:13 - 2011-11-02 11:13 - 0083084 ____A C:\Users\Cody Brown\Desktop\Cody EFT.pdf
2011-10-28 12:14 - 2011-10-28 12:14 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-28 12:07 - 2011-10-28 12:07 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-26 16:21 - 2011-12-15 08:20 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-19 22:14 - 2011-10-19 22:14 - 0059904 ____A C:\Windows\SysWOW64\OVDecode.dll
2011-10-18 23:47 - 2011-10-12 20:43 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Ventrilo
2011-10-18 23:45 - 2012-01-10 09:11 - 0000875 ____A C:\Users\Public\Desktop\Ventrilo.lnk
2011-10-18 23:45 - 2011-10-18 23:45 - 0000268 ____A C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2011-10-18 23:45 - 2011-10-18 23:45 - 0000000 ____D C:\Program Files (x86)\Ventrilo
2011-10-17 10:20 - 2011-10-17 10:20 - 0001697 ____A C:\Users\Cody Brown\Desktop\invoice.pdf
2011-10-16 13:12 - 2011-10-16 13:12 - 0000000 ____D C:\Users\Cody Brown\Desktop\BabyGrandSurrender
2011-10-15 22:07 - 2011-10-15 22:07 - 0004121 ____A C:\Users\Cody Brown\Desktop\russellbrunson.txt
2011-10-15 17:31 - 2011-12-15 08:20 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-15 16:38 - 2011-12-15 08:20 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-14 13:33 - 2011-10-14 13:33 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{8F05615C-E0A0-441F-9E6F-09FE4F63228B}
2011-10-14 13:33 - 2011-10-14 13:33 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{684458D1-5A12-4F9E-BF4B-F9AB7D95357F}
2011-10-13 12:43 - 2011-10-13 12:43 - 0107756 ____A C:\Users\Cody Brown\Desktop\Burst_SMS_Longcode_Rate_Card.pdf
2011-10-13 11:30 - 2011-10-13 11:30 - 0033792 ____A C:\Users\Cody Brown\Desktop\API_sign_up.xls
2011-10-13 08:52 - 2011-10-13 08:52 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{CF14285E-9494-4248-B652-C9334B9036E4}
2011-10-13 08:12 - 2011-10-13 08:12 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{BC63D572-3110-41B6-8184-CCC1A43524E4}
2011-10-13 07:56 - 2011-10-13 07:56 - 10207232 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2011-10-13 07:20 - 2011-10-13 07:20 - 24629760 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2011-10-13 07:15 - 2011-10-13 07:15 - 0198664 ____A C:\Windows\System32\atiapfxx.blb
2011-10-13 07:14 - 2011-10-13 07:14 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2011-10-13 07:14 - 2011-01-05 14:02 - 0736768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2011-10-13 07:13 - 2011-01-05 14:01 - 0867328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2011-10-13 07:10 - 2011-10-13 07:10 - 0487936 ____A (AMD) C:\Windows\System32\atieclxx.exe
2011-10-13 07:10 - 2011-04-20 13:05 - 0466944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2011-10-13 07:09 - 2011-10-13 07:09 - 0204288 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2011-10-13 07:08 - 2011-10-13 07:08 - 0356352 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\atipdlxx.dll
2011-10-13 07:08 - 2011-10-13 07:08 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2011-10-13 07:08 - 2011-04-20 13:02 - 0423424 ____A (ATI Technologies, Inc.) C:\Windows\System32\atipdl64.dll
2011-10-13 07:07 - 2011-10-13 07:07 - 0278528 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\Oemdspif.dll
2011-10-13 07:07 - 2011-10-13 07:07 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2011-10-13 07:07 - 2011-10-13 07:07 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2011-10-13 07:07 - 2011-10-13 07:07 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2011-10-13 07:04 - 2011-10-13 07:04 - 4231680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2011-10-13 07:04 - 2011-10-13 07:04 - 18630656 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2011-10-13 06:54 - 2011-01-05 13:43 - 4960768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2011-10-13 06:46 - 2011-10-13 06:46 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2011-10-13 06:46 - 2011-10-13 06:46 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2011-10-13 06:46 - 2011-10-13 06:46 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2011-10-13 06:46 - 2011-10-13 06:46 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2011-10-13 06:45 - 2011-10-13 06:45 - 9877504 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2011-10-13 06:44 - 2011-10-13 06:44 - 1828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2011-10-13 06:44 - 2011-10-13 06:44 - 1113088 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2011-10-13 06:44 - 2011-04-20 12:40 - 4023296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2011-10-13 06:44 - 2011-01-05 13:33 - 4289024 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2011-10-13 06:42 - 2011-10-13 06:42 - 8391680 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2011-10-13 06:39 - 2011-10-13 06:39 - 1847904 ____A C:\Windows\System32\atiumd6a.cap
2011-10-13 06:39 - 2010-11-26 13:24 - 0058880 ____A (AMD) C:\Windows\System32\coinst.dll
2011-10-13 06:38 - 2011-04-20 12:31 - 5431808 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2011-10-13 06:33 - 2011-10-13 06:33 - 4174848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2011-10-13 06:32 - 2011-10-13 06:32 - 1849344 ____A C:\Windows\SysWOW64\atiumdva.cap
2011-10-13 06:31 - 2011-10-13 06:31 - 0335872 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2011-10-13 06:31 - 2011-10-13 06:31 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2011-10-13 06:31 - 2011-10-13 06:31 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2011-10-13 06:31 - 2011-10-13 06:31 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2011-10-13 06:31 - 2011-04-20 12:23 - 0479744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2011-10-13 06:30 - 2011-10-13 06:30 - 0317952 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2011-10-13 06:30 - 2011-10-13 06:30 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2011-10-13 06:30 - 2011-10-13 06:30 - 0032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2011-10-13 06:29 - 2011-04-20 12:21 - 0031744 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2011-10-13 06:29 - 2011-01-05 13:18 - 0040960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2011-10-13 06:29 - 2011-01-05 13:18 - 0038912 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2011-10-13 06:29 - 2011-01-05 13:18 - 0029184 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2011-10-13 06:28 - 2011-10-13 06:28 - 0053248 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2011-10-13 06:16 - 2011-10-13 06:16 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2011-10-13 06:16 - 2011-10-13 06:16 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2011-10-13 06:16 - 2011-10-13 06:16 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2011-10-13 06:16 - 2011-10-13 06:16 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2011-10-13 04:26 - 2009-11-27 04:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-13 01:42 - 2011-10-12 20:32 - 0000000 ____D C:\Program Files\VentriloMIX
2011-10-13 00:29 - 2011-10-13 00:29 - 0003255 ____A C:\Users\Cody Brown\Downloads\Download(2).qif
2011-10-13 00:27 - 2011-10-13 00:27 - 0007286 ____A C:\Users\Cody Brown\Downloads\Download.qif

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 4087.42 MB
Available physical RAM: 3004.06 MB
Total Pagefile: 8173.04 MB
Available Pagefile: 7236.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:170.18 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:458.87 GB) (Free:458.77 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 458 GB 13 GB
Partition 4 Primary 458 GB 472 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE NTFS Partition 13 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 458 GB Healthy Boot

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Data NTFS Partition 458 GB Healthy

==========================================================

Last Boot: 2011-12-31 01:28

======================= End Of Log ==========================

codyb, Jan 9, 2012

#13
codyb Newcomer, in training

should i be running all of this still in safe mode or normal mode ?

because i am still currently in safe mode!

also i think i am getting some redirect problems which i didn't actually notice before

thanks,
cody

codyb, Jan 9, 2012

#14
Broni Malware Annihilator

Restart in normal mode and see how computer is doing there.

Then....

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Broni, Jan 9, 2012

#15
codyb Newcomer, in training

When i restarted into normal mode a lot seemed to be better but i did get one mcafee pop up saying it couldn't clean a file.

I then ran the tdss tool and restarted and the scan results are as follows:

***Infected MBR detected

should i click repair or close ?

thanks,
cody

codyb, Jan 9, 2012

#16
Broni Malware Annihilator

Click repair.

After restart post new Bootkit Remover log.

Broni, Jan 9, 2012

#17
codyb Newcomer, in training

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`71500000

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

codyb, Jan 9, 2012

#18
Broni Malware Annihilator

You sure you clicked on repair MBR?

Broni, Jan 9, 2012

#19
codyb Newcomer, in training

Yer I did and it actually said repair succeeded and then i clicked close as it looked although it had all been completed.

should i run the tdss again ?

thanks,
cody

codyb, Jan 9, 2012

#20

(You must log in or sign up to reply here.)

Page 1 of 3

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved