I cant remove the Trojan Downloader

raiden92 · February 24, 2011

Alright guys so I got infected with a file called Trojan Downloader.I tried to remove it with Malwarebytes.It told me to restart and thats what I did. So when I restarted and logged back on the file was still their even though I removed it.Pictures maybe helpful so here, take a look.If you guys have an idea how to get rid of this I will be thankful. I dont want to reformat my computer for some stupid threat.

http://img196.imageshack.us/img196/8192/threatk.png

I removed it and right after I restarted my computer it returned.

Maniac · February 24, 2011

Hello raiden92! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.
Post all of your log files, don't attach them.

Step 1

Launch Malwarebytes' Anti-Malware
Go to Update" tab and select Check for Updates.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download DDS and save it to your desktop from here or here .

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.

In your next reply, please post these log(s):

Malwarebytes' Anti-Malware log
DDS log with Attach.txt

raiden92 · February 24, 2011

This is the only log that I See,their is no extra one unless I have to download the DDS.txt.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5871

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/24/2011 1:16:32 PM

mbam-log-2011-02-24 (13-16-32).txt

Scan type: Quick scan

Objects scanned: 157407

Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\Users\PCgENIUS\AppData\Roaming\sharecash.exe (Trojan.Downloader) -> 3468 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\PCgENIUS\AppData\Roaming\sharecash.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Maniac · February 24, 2011

Go ahead with DDS.

raiden92 · February 24, 2011

below are the files you wanted.

DDS.txt

raiden92 · February 24, 2011

sorry for some reason I couldn't attach the other one but I will try right now.

Maniac · February 24, 2011

Post all of your log files, don't attach them.

In your next reply, please post these log(s):

raiden92 · February 24, 2011

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 1/14/2011 4:31:33 PM

System Uptime: 2/24/2011 1:27:18 PM (0 hours ago)

Motherboard: Acer | | F690GVM

Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 410.651 GiB free.

D: is CDROM ()

E: is CDROM ()

J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet1

Device ID: ROOT\VMWARE\0000

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet1

PNP Device ID: ROOT\VMWARE\0000

Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet8

Device ID: ROOT\VMWARE\0001

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet8

PNP Device ID: ROOT\VMWARE\0001

Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VirtualBox Host-Only Ethernet Adapter

Device ID: ROOT\NET\0000

Manufacturer: Oracle Corporation

Name: VirtualBox Host-Only Ethernet Adapter

PNP Device ID: ROOT\NET\0000

Service: VBoxNetAdp

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\3&18D45AA6&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\3&18D45AA6&0

Service: i8042prt

==== System Restore Points ===================

RP115: 2/15/2011 9:43:57 AM - Windows Update

RP116: 2/18/2011 3:00:14 AM - Windows Update

RP117: 2/18/2011 11:41:20 AM - Windows Update

RP118: 2/21/2011 2:31:27 PM - Installed Nero 7. Available with Windows Installer version 1.2 and later.

RP119: 2/21/2011 3:51:13 PM - Installed Mobile Mouse Server.

==== Installed Programs ======================

Maniac · February 25, 2011

Step 1

Going over your logs I noticed that you have

raiden92 · February 25, 2011

ComboFix 11-02-24.05 - PCgENIUS 02/25/2011 13:37:55.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.766 [GMT -7:00]

Running from: c:\users\PCgENIUS\Desktop\Combo-Fix.exe

AV: avast! Internet Security *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

FW: avast! Internet Security *Disabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}

SP: avast! Internet Security *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\PCgENIUS\AppData\Roaming\chrtmp

c:\users\PCgENIUS\AppData\Roaming\inst.exe

c:\users\PCgENIUS\AppData\Roaming\sharecash.exe

.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))

.

2011-02-25 20:45 . 2011-02-25 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\temp

2011-02-25 20:45 . 2011-02-25 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-25 20:34 . 2011-02-25 20:35 -------- d-----w- C:\32788R22FWJFW

2011-02-25 20:20 . 2011-02-25 20:20 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{C12C4FB7-4EAC-4A08-A317-5C5DAC43A409}

2011-02-25 08:19 . 2011-02-25 08:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3950EFC9-678F-4A21-AB7E-2F9906DFBEED}

2011-02-24 19:44 . 2011-02-24 19:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{F77D1B40-3ED7-47A3-92D5-D499287DE620}

2011-02-24 09:21 . 2011-02-24 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Temporary Projects

2011-02-23 22:11 . 2011-02-23 22:12 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{96734489-7E5E-4EA8-B944-3C5C122D00D1}

2011-02-23 07:05 . 2011-02-23 07:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{06CE72B3-A6E0-472F-A0DA-3185C994D02F}

2011-02-22 19:05 . 2011-02-22 19:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{70B08D51-4266-427E-9178-07E787C2809C}

2011-02-22 06:44 . 2011-02-22 06:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B4EBE905-91D5-48DF-8691-A1E3159E22D4}

2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\users\PCgENIUS\AppData\Local\AirMouse

2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\program files\Air Mouse

2011-02-21 22:50 . 2011-02-21 22:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Downloaded Installations

2011-02-21 21:36 . 2011-02-21 21:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Ahead

2011-02-21 21:35 . 2011-02-21 22:49 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Ahead

2011-02-21 21:35 . 2011-02-21 21:35 -------- d-----w- c:\programdata\Ahead

2011-02-21 21:33 . 2011-02-21 21:34 -------- d-----w- c:\program files\Common Files\Ahead

2011-02-21 21:33 . 2011-02-21 21:33 -------- d-----w- c:\program files\Nero

2011-02-21 18:43 . 2011-02-21 18:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{2B0292AF-FF8A-459B-ABC0-E71338E38152}

2011-02-21 01:23 . 2011-02-21 01:23 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D506F557-3876-4240-AC33-92EA7EB4F583}

2011-02-20 08:46 . 2011-02-20 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{10632FB3-6F94-49EB-86F3-EE6E41159B03}

2011-02-19 20:46 . 2011-02-19 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D8E1CB64-F93C-4729-9790-ED1633223B49}

2011-02-19 08:46 . 2011-02-19 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E2349F14-65AD-4534-89A6-BA5361CA2B03}

2011-02-18 20:46 . 2011-02-18 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{FA6BC863-E2E4-4ED6-9B8E-7BD3A54E38F2}

2011-02-18 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD628540-C77D-4041-AA87-A4080392EB78}\mpengine.dll

2011-02-18 08:06 . 2011-02-18 08:06 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{8DED1E8E-6FDD-49CE-BDDD-F692128538F9}

2011-02-17 19:55 . 2011-02-17 19:55 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{21274126-14B0-4179-ACCC-22F10A2C9725}

2011-02-17 07:45 . 2011-02-17 07:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{069AB47A-3135-49AC-B360-C3ED9F7D6539}

2011-02-17 06:40 . 2011-02-17 06:40 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Microsoft Corporation

2011-02-17 05:48 . 2011-02-17 05:48 -------- d-----w- c:\program files\Microsoft SQL Server

2011-02-17 05:47 . 2011-02-17 05:49 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft SDKs

2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft Help Viewer

2011-02-17 05:45 . 2011-02-17 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2011-02-16 19:45 . 2011-02-16 19:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{36735583-AA80-4932-A2E3-66DB1336B638}

2011-02-16 05:36 . 2011-02-16 05:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{7DF41BE3-2296-4006-B383-331AD0B6D5B6}

2011-02-15 16:28 . 2011-02-15 16:28 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E8BD0041-8CF5-47BC-BBD4-5ADB599C4650}

2011-02-14 22:48 . 2011-02-14 22:48 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B8F9E147-FDBD-4DDE-BDC4-AE0841BBF87D}

2011-02-14 09:40 . 2011-02-14 09:40 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E9144B00-998E-47D8-82E0-AFAF0C400F50}

2011-02-14 04:12 . 2011-02-14 04:14 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Cyberlink

2011-02-14 04:11 . 2011-02-14 04:11 -------- d-----w- c:\program files\Common Files\CyberLink

2011-02-14 04:10 . 2011-02-14 04:21 29480 ------w- c:\windows\system32\msxml3a.dll

2011-02-13 19:24 . 2011-02-13 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{30E09C5C-1EB0-4BF1-B4CB-62C550E45D69}

2011-02-13 09:37 . 2011-02-13 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Anthropics

2011-02-13 08:37 . 2011-02-13 08:37 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin

2011-02-13 08:15 . 2011-02-13 08:15 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-02-13 07:24 . 2011-02-13 07:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EE38BE9C-5EBC-4BB7-9EEB-00CE963A5530}

2011-02-13 02:44 . 2011-02-14 04:31 -------- d-----w- c:\users\Public\CyberLink

2011-02-13 02:43 . 2011-02-14 04:12 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\CyberLink

2011-02-13 02:43 . 2011-02-14 04:14 -------- d-----w- c:\programdata\CyberLink

2011-02-12 20:54 . 2011-01-31 23:29 1536000 ----a-w- c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sharesach1.exe

2011-02-12 19:37 . 2011-02-12 19:37 -------- d-----w- c:\program files\BinarySense

2011-02-12 19:24 . 2011-02-12 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3C3EF3D6-3D46-4CB1-BAC5-43743A921772}

2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\windows\Repair

2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\programdata\MyDefrag

2011-02-12 05:04 . 2011-02-12 05:04 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\BinarySense

2011-02-12 03:59 . 2011-02-12 04:00 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D24E53F1-71B1-4EF9-879B-8FEE8FFBD9B9}

2011-02-11 10:04 . 2011-02-11 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{4C0C1514-BACE-4919-B462-D9BF3D24EFBE}

2011-02-10 22:04 . 2011-02-10 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{036D3918-7AB9-46DE-B6FE-CD42A37F46A0}

2011-02-10 10:04 . 2011-02-10 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1A931670-E2CF-40B5-A329-D459EAB0BA52}

2011-02-10 09:21 . 2011-02-11 20:03 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\IDM

2011-02-10 09:21 . 2011-02-11 09:50 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DMCache

2011-02-09 22:04 . 2011-02-09 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BFB1F6D0-93A2-4AC6-970C-71334F628AA4}

2011-02-09 10:03 . 2011-02-09 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{04C77D58-4B54-4A5F-862C-AA9AB84D898E}

2011-02-09 08:01 . 2011-02-09 08:01 -------- d-----w- c:\programdata\Blumentals

2011-02-08 22:05 . 2010-05-22 20:24 14208 ------w- c:\windows\system32\drivers\disksec.sys

2011-02-08 22:05 . 2011-02-08 22:17 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\MAGIX

2011-02-08 22:04 . 2011-02-08 22:17 -------- d-----w- c:\programdata\MAGIX

2011-02-08 22:04 . 2011-02-08 22:04 -------- d-----w- c:\program files\MAGIX

2011-02-08 22:03 . 2011-02-08 22:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{35320901-4BB2-4398-9DEB-F7700B4B3BFF}

2011-02-08 10:03 . 2011-02-08 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3F325C3A-8858-41DC-8317-2230F4D707B2}

2011-02-07 21:05 . 2011-02-07 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1F916FA5-4CE2-4E0B-815C-1115F432366E}

2011-02-07 09:05 . 2011-02-07 09:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EB00599A-29EB-40DF-826F-220523E87948}

2011-02-06 20:36 . 2011-02-06 20:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{05A32EEE-B845-482A-A9F8-B1D326193B9B}

2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\programdata\InstallShield

2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Programs

2011-02-06 08:47 . 2011-02-06 08:47 -------- d-----w- c:\windows\system32\URTTEMP

2011-02-06 08:36 . 2011-02-06 08:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E399DC40-FCF9-4D5C-A08D-A56343853A20}

2011-02-06 01:48 . 2004-12-07 17:11 258352 ------w- c:\windows\system32\Unicows.dll

2011-02-06 01:48 . 2004-03-09 07:00 224016 ------w- c:\windows\system32\TABCTL32.OCX

2011-02-05 20:35 . 2011-02-05 20:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EDCA7D0F-6437-42FE-8652-982636372813}

2011-02-05 08:08 . 2011-02-05 08:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{48D7D392-35D0-4327-B6BB-0781F572C2FA}

2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\SystemRequirementsLab

2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java

2011-02-04 20:17 . 2011-02-04 20:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-02-04 20:17 . 2011-02-04 20:17 472808 ------w- c:\windows\system32\deployJava1.dll

2011-02-04 20:17 . 2011-02-04 20:17 -------- d-----w- c:\program files\Java

2011-02-04 20:08 . 2011-02-04 20:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BF86A94D-4F25-4474-96A8-C605D5B0E347}

2011-02-03 23:03 . 2011-02-03 23:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{99679732-DA3D-48FC-A8EA-36E8C8BC13FE}

2011-02-03 09:43 . 2011-02-03 09:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{85C040C9-9F0B-488D-A217-C2023130078C}

2011-02-02 21:43 . 2011-02-02 21:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{82F6411A-DAA4-43BC-B951-DD1F4E61550B}

2011-02-02 09:15 . 2011-02-02 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{CC8C5C35-119E-4A60-9CE6-DC16D5D44D60}

2011-02-01 21:15 . 2011-02-01 21:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0253F66B-96A7-4F6D-9F3A-E245FB54B8CD}

2011-02-01 09:15 . 2011-02-01 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0B05B36C-9CEB-406A-A5EB-FD5FFCBF310C}

2011-02-01 07:19 . 2011-02-01 07:20 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Apple Computer

2011-02-01 07:19 . 2011-02-01 07:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple Computer

2011-02-01 07:19 . 2009-05-18 20:17 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-02-01 07:19 . 2008-04-17 19:12 107368 ------w- c:\windows\system32\GEARAspi.dll

2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple

2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\program files\Apple Software Update

2011-02-01 07:16 . 2011-02-01 07:16 -------- d-----w- c:\program files\Bonjour

2011-02-01 07:15 . 2011-02-01 07:18 -------- d-----w- c:\program files\Common Files\Apple

2011-02-01 07:15 . 2011-02-01 07:17 -------- d-----w- c:\programdata\Apple

2011-02-01 06:37 . 2011-02-01 07:09 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DVD Catalyst 4

2011-01-31 22:44 . 2011-01-31 22:44 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\4Front

2011-01-31 22:42 . 2011-01-31 22:42 -------- d-----w- c:\programdata\4Front

2011-01-31 21:11 . 2011-01-31 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0D497E54-91CB-4101-A6E9-FC2EC1F04F76}

2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Malwarebytes

2011-01-31 09:38 . 2010-12-21 01:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-31 09:38 . 2011-01-31 09:38 -------- d-----w- c:\programdata\Malwarebytes

2011-01-31 09:38 . 2011-02-01 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-31 09:38 . 2010-12-21 01:08 20952 ------w- c:\windows\system32\drivers\mbam.sys

2011-01-31 09:11 . 2011-01-31 09:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B879E530-43F0-4A22-9BFE-0FA7C4FB60C4}

2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Adobe Mini Bridge CS5

2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-01-31 00:40 . 2011-02-16 21:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-01-31 00:35 . 2011-01-31 00:35 -------- d-----w- c:\program files\Adobe Media Player

2011-01-31 00:34 . 2011-01-31 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-01-31 00:32 . 2011-02-16 21:33 -------- d-----w- c:\program files\Common Files\Adobe

2011-01-30 21:10 . 2011-01-30 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{90813790-0F2D-4EA2-A76C-48CA678CF293}

2011-01-30 20:59 . 2011-02-16 21:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Adobe

2011-01-30 10:29 . 2011-01-30 10:29 717296 ------w- c:\windows\system32\drivers\sptd.sys

2011-01-30 10:08 . 2011-01-30 10:08 81920 ------w- c:\windows\system32\v3shrtkgn.dll

2011-01-30 10:02 . 2011-01-30 10:02 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\URSoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-14 04:21 . 2003-03-19 03:14 505128 ------w- c:\windows\system32\msvcp71.dll

2011-02-14 04:21 . 2003-02-21 11:42 353576 ------w- c:\windows\system32\msvcr71.dll

2011-01-25 20:48 . 2011-01-25 20:48 218688 ------w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-01-24 02:49 . 2011-01-24 02:49 23456 ------w- c:\windows\system32\drivers\DrvAgent32.sys

2011-01-19 00:43 . 2011-01-19 00:43 109328 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-01-19 00:43 . 2011-01-18 20:55 42960 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-01-19 00:43 . 2011-01-19 00:43 133648 ------w- c:\windows\system32\VBoxNetFltNotify.dll

2011-01-19 00:43 . 2011-01-19 00:43 120208 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-01-19 00:43 . 2011-01-18 20:55 158736 ------w- c:\windows\system32\drivers\VBoxDrv.sys

2011-01-14 23:14 . 2009-07-13 23:40 409088 ------w- c:\windows\system32\systemcpl.dll

2011-01-14 23:02 . 2009-07-13 23:24 811520 ------w- c:\windows\system32\user32.dll

2011-01-13 08:47 . 2011-01-15 04:18 38848 ----a-w- c:\windows\avastSS.scr

2011-01-13 08:47 . 2011-01-15 04:18 188216 ------w- c:\windows\system32\aswBoot.exe

2011-01-13 08:42 . 2011-01-15 04:19 99792 ------w- c:\windows\system32\drivers\aswFW.sys

2011-01-13 08:41 . 2011-01-15 04:19 357968 ------w- c:\windows\system32\drivers\aswSnx.sys

2011-01-13 08:41 . 2011-01-15 04:19 294608 ------w- c:\windows\system32\drivers\aswSP.sys

2011-01-13 08:41 . 2011-01-15 04:19 189904 ------w- c:\windows\system32\drivers\aswNdis2.sys

2011-01-13 08:40 . 2011-01-15 04:19 47440 ------w- c:\windows\system32\drivers\aswTdi.sys

2011-01-13 08:37 . 2011-01-15 04:19 23632 ------w- c:\windows\system32\drivers\aswRdr.sys

2011-01-13 08:37 . 2011-01-15 04:19 51280 ------w- c:\windows\system32\drivers\aswMonFlt.sys

2011-01-13 08:37 . 2011-01-15 04:19 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys

2010-12-30 18:59 . 2011-01-14 23:45 3351208 ------w- c:\windows\system32\drivers\RTKVHDA.sys

2010-12-29 21:30 . 2011-01-14 23:45 3794536 ------w- c:\windows\system32\RtkAPO.dll

2010-12-28 22:51 . 2011-01-14 23:45 608768 ------w- c:\windows\system32\RCoRes.dat

2010-12-22 18:28 . 2011-01-14 23:45 2106984 ------w- c:\windows\system32\RtkPgExt.dll

2010-12-15 01:51 . 2010-12-15 01:51 41984 ------w- c:\windows\system32\drivers\usbaapl.sys

2010-12-15 01:51 . 2010-12-15 01:51 4184352 ------w- c:\windows\system32\usbaaplrc.dll

2010-11-30 01:48 . 2011-01-14 23:45 1723536 ------w- c:\windows\system32\WavesGUILib.dll

2010-11-30 01:48 . 2011-01-14 23:45 1439064 ------w- c:\windows\system32\MaxxAudioRealtek.dll

2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts

.

------- Sigcheck -------

[-] 2011-01-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [N/A]

sharesach1.exe [2011-1-31 1536000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-30 717296]

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]

R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-01-24 23456]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-19 109328]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-25 218688]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-19 158736]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-19 42960]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-19 120208]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

------- Supplementary Scan -------

.

uStart Page = my.daemon-search.com

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\PCgENIUS\AppData\Roaming\Mozilla\Firefox\Profiles\gxjvztv2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Add N Edit Cookies+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe

HKCU-Run-AdobeBridge - (no file)

AddRemove-Speccy - c:\program files\Speccy\uninst.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-02-25 13:49:20

ComboFix-quarantined-files.txt 2011-02-25 20:49

Pre-Run: 440,512,184,320 bytes free

Post-Run: 447,656,308,736 bytes free

- - End Of File - - BD406A337F1308DD504E6AED6A2D716B

(Thank you man, looks like the threat is gone :blink: , just going to restart my pc and see if it returns.

raiden92 · February 25, 2011

hmm very strange, It came back :/

Maniac · February 26, 2011

I know.

Please visit www.virustotal.com and upload the following files one by one:

c:\windows\system32\v3shrtkgn.dll

c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sharesach1.exe

Please post the resaults in your next reply.

raiden92 · February 26, 2011

I think the virus got removed, avast 5 detected it and said I need to reboot, so that's what I did and it was gone. Thanks for all the help and support man :lol:

Maniac · February 26, 2011

Sorry, but we're not ready, there is still have work to do. Please re-run ComboFix.

raiden92 · February 26, 2011

but the threat is gone, alright whatever you want I will run it.

Maniac · February 26, 2011

I want to be sure and check something that your AV can't fix.

raiden92 · February 26, 2011

I am scanning once more , if their is no infected file I will try combo-fix again.

raiden92 · February 27, 2011

this is the latest results with combo-fix

omboFix 11-02-25.02 - PCgENIUS 02/26/2011 17:04:07.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.827 [GMT -7:00]

Running from: c:\users\PCgENIUS\Desktop\Combo-Fix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\nfptefw.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_xwvav

((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))

.

2011-02-27 00:09 . 2011-02-27 00:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\temp

2011-02-27 00:09 . 2011-02-27 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-26 21:05 . 2011-02-26 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{652218DD-A0E3-443D-B9D6-66AC19AE2B2E}

2011-02-26 08:54 . 2011-02-26 08:54 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{ECD6CE6E-2973-4263-B050-082ADA674572}

2011-02-26 05:15 . 2011-02-01 21:35 101592 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-02-26 05:15 . 2011-02-01 21:33 191704 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-02-26 04:58 . 2011-02-26 22:27 -------- d-----w- c:\programdata\AVAST Software

2011-02-26 04:58 . 2011-02-26 04:58 -------- d-----w- c:\program files\AVAST Software

2011-02-25 20:35 . 2011-02-25 20:49 -------- d-----w- C:\Combo-Fix