TechSpot

[A] I got a bad case of the Sirefef Virus.

By ThaGierk
Jun 24, 2012
  1. Windows 7 32bit keeps rebooting. Can't do anything before it shuts down. MSE is saying 2 critical errors. Log says Sirefef. I downloaded frst, followed directions. Need help. Thanks.

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 24-06-2012 20:11:09
    Running from I:\
    Windows 7 Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run [167936 2010-06-26] (Applian Technologies, Inc.)
    HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2011-09-16] (LogMeIn, Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM\...\Run: [HKLM] c:\dir\install\install\Windows Update.exe [1169224 2009-06-10] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\ThaGierk\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)
    HKU\ThaGierk\...\Run: [Google Update] "C:\Users\ThaGierk\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-03] (Google Inc.)
    HKU\ThaGierk\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)
    HKU\ThaGierk\...\Run: [Facebook Update] "C:\Users\ThaGierk\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-03-07] (Facebook Inc.)
    HKU\ThaGierk\...\Run: [HKCU] c:\dir\install\install\Windows Update.exe [1169224 2009-06-10] (Microsoft Corporation)
    HKU\ThaGierk\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [12163568 2012-06-13] (Google)
    HKLM\...\Policies\Explorer\Run: [Policies] c:\dir\install\install\Windows Update.exe [1169224 2009-06-10] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\ThaGierk\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)

    ================================ Services (Whitelisted) ==================

    3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2011-05-14] ()
    2 cypherixservice; C:\Windows\system32\cypherixsrv.exe [1043224 2011-04-27] (Cypherix Software (India) Pvt. Ltd.)
    3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556032 2010-08-03] (Microsoft Corporation)
    3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374152 2012-05-19] (LogMeIn, Inc.)
    2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136584 2012-05-19] (LogMeIn, Inc.)
    2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2011-09-16] (LogMeIn, Inc.)
    2 LVPrcSrv; "C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe" [162648 2010-05-07] (Logitech Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
    2 Nwsapagent; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
    2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [240232 2010-03-16] (NVIDIA Corporation)
    2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
    3 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [113264 2011-03-25] (VMware, Inc.)
    3 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [334448 2011-03-25] (VMware, Inc.)
    3 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [539248 2011-03-25] (VMware, Inc.)
    3 VMware NAT Service; C:\Windows\system32\vmnat.exe [404080 2011-03-25] (VMware, Inc.)
    3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
    3 PS3 Media Server; "C:\Program Files\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files\PS3 Media Server\win32\service\wrapper.conf" [x]
    3 ufad-ws60; "C:\Program Files\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Player\\" -s ufad-p2v.xml [x]

    ========================== Drivers (Whitelisted) =============

    3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
    3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40320 2009-07-13] (Microsoft Corporation)
    3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14464 2009-07-13] (Microsoft Corporation)
    3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-05] (Broadcom Corporation)
    3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-11-09] (Logitech Inc.)
    1 cyphxdrv; \??\C:\Windows\system32\Drivers\cyphxdrv.sys [99608 2011-04-27] (Cypherix Software (India) Pvt. Ltd.)
    4 Dot4aptam; C:\Windows\system32\drivers\mpio.sys [130624 2009-07-13] (Microsoft Corporation)
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-11-01] (DT Soft Ltd)
    3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
    2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32368 2011-03-25] (VMware, Inc.)
    3 KBCAM; C:\Windows\System32\Drivers\KBCAM.sys [16384 2001-02-06] (LCS/Telegraphics)
    2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2011-09-16] (LogMeIn, Inc.)
    3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2011-09-16] (LogMeIn, Inc.)
    2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2011-09-16] (LogMeIn, Inc.)
    3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
    3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [283744 2010-11-09] (Logitech Inc.)
    3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
    3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [4323040 2010-11-09] (Logitech Inc.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2009-07-13] (Microsoft Corporation)
    3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2009-07-13] (Microsoft Corporation)
    3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [18944 2010-03-22] (NVIDIA Corporation)
    3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
    3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
    3 PRISM_USB; C:\Windows\System32\DRIVERS\LSPMUSBX.sys [666624 2004-07-26] (Cisco-Linksys, LLC.)
    3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [43008 2009-07-23] (Realtek Semiconductor Corporation )
    3 USBNET; C:\Windows\System32\DRIVERS\netusb.sys [70016 2002-02-20] (The LinkSys Group, Inc.)
    1 VBoxDrv; C:\Windows\System32\DRIVERS\VBoxDrv.sys [158512 2011-11-04] (Oracle Corporation)
    3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [104752 2011-11-04] (Oracle Corporation)
    3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [116016 2011-11-04] (Oracle Corporation)
    1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [91440 2011-11-04] (Oracle Corporation)
    2 vmci; \??\C:\Windows\system32\Drivers\vmci.sys [70768 2011-03-25] (VMware, Inc.)
    3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [24688 2011-03-25] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2011-03-25] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2011-03-25] (VMware, Inc.)
    2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [26352 2011-03-25] (VMware, Inc.)
    2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [854256 2011-03-25] (VMware, Inc.)
    2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2010-08-19] (VMware, Inc.)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
    4 LMIRfsClientNP; [x]
    3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-24 20:11 - 2012-06-24 20:11 - 00000000 ____D C:\FRST
    2012-06-24 17:22 - 2012-06-24 17:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-24 17:21 - 2012-06-24 17:21 - 10288512 ____A (Microsoft Corporation) C:\Users\ThaGierk\Downloads\mseinstall (1).exe
    2012-06-24 17:19 - 2012-06-24 17:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-24 17:18 - 2012-06-24 17:18 - 10288512 ____A (Microsoft Corporation) C:\Users\ThaGierk\Downloads\mseinstall.exe
    2012-06-24 17:09 - 2012-06-24 17:11 - 00000000 ____D C:\Users\ThaGierk\Desktop\New folder
    2012-06-24 17:07 - 2012-06-24 17:07 - 00001877 ____A C:\Users\ThaGierk\Desktop\WebPod Studio.lnk
    2012-06-24 17:07 - 2012-06-24 17:07 - 00001877 ____A C:\Users\LogMeInRemoteUser\Desktop\WebPod Studio.lnk
    2012-06-24 17:07 - 2012-06-24 17:07 - 00000000 ____D C:\Program Files\WebPod Studio
    2012-06-24 17:07 - 2005-07-10 12:20 - 00111104 ____A (Viscom Software www.viscomsoft.com) C:\Windows\System32\videocap.ocx
    2012-06-24 17:07 - 2005-03-25 18:14 - 00091648 ____A C:\Windows\System32\vorbisenc.dll
    2012-06-24 17:07 - 2005-03-25 18:13 - 00033792 ____A C:\Windows\System32\vorbisfile.dll
    2012-06-24 17:07 - 2005-03-25 18:09 - 00057344 ____A C:\Windows\System32\ogg.dll
    2012-06-24 17:07 - 2004-03-03 16:41 - 00000468 ____A C:\Windows\System32\videocap.lic
    2012-06-24 17:07 - 2004-02-08 00:53 - 00856064 ____A (Essien Research & Development) C:\Windows\System32\mpgfiltr.ax
    2012-06-24 17:07 - 2004-01-03 18:27 - 00052736 ____A C:\Windows\System32\videocaptext.dll
    2012-06-24 17:07 - 2003-08-18 12:25 - 00068608 ____A (Viscom Software www.viscomsoft.com) C:\Windows\System32\videoedit.ocx
    2012-06-24 17:07 - 2003-07-22 23:28 - 00000421 ____A C:\Windows\System32\VideoEdit.lic
    2012-06-24 17:07 - 2002-04-23 20:25 - 00228352 ____A C:\Windows\System32\vorbis.dll
    2012-06-24 17:07 - 2000-07-04 00:51 - 00086528 ____A C:\Windows\System32\lame_enc.dll
    2012-06-24 17:07 - 2000-01-31 04:00 - 00025600 ____A (Inprise Corporation) C:\Windows\System32\Borlndmm.dll
    2012-06-24 17:06 - 2012-06-24 17:06 - 08853035 ____A C:\Users\ThaGierk\Downloads\wps_standard_install.exe
    2012-06-24 17:05 - 2012-06-24 17:05 - 00463080 ____A (CNET Download.com) C:\Users\ThaGierk\Downloads\cnet2_wps_professional_install_exe.exe
    2012-06-24 16:59 - 2012-06-24 16:59 - 09126722 ____A C:\Users\ThaGierk\Downloads\wps_professional_install.exe
    2012-06-24 13:14 - 2012-06-24 13:16 - 00000000 ____D C:\Users\ThaGierk\Desktop\100GOPRO
    2012-06-24 12:49 - 2012-06-24 12:59 - 30588024 ____A C:\Users\ThaGierk\Desktop\infiltrationgierkcut 1.avi
    2012-06-24 09:38 - 2012-06-24 09:48 - 31400762 ____A C:\Users\ThaGierk\Desktop\infiltrationgierkcut.avi
    2012-06-24 08:47 - 2012-06-24 08:49 - 13690318 ____A C:\Users\ThaGierk\Desktop\infiltration.flv
    2012-06-24 07:57 - 2012-06-24 07:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-23 19:56 - 2012-06-23 19:56 - 00330622 ____A C:\Users\ThaGierk\Downloads\Alien.Resurrection.(1997).Extended.cut.dvdrip.xvid-finale.nzb
    2012-06-23 18:57 - 2012-06-23 18:58 - 00209752 ____A C:\Users\ThaGierk\Downloads\Friends.With.Kids.2011.DVDSCR.XviD-MADiSON.nzb
    2012-06-22 21:28 - 2012-06-22 21:29 - 100451209 ____A C:\Users\ThaGierk\Downloads\2012-06-22-R&F-CF64k.mp3
    2012-06-22 21:27 - 2012-06-22 21:27 - 00030940 ____A C:\Users\ThaGierk\Downloads\2012-06-22-R&F-CF64k.mp3.torrent
    2012-06-21 19:27 - 2012-06-21 19:29 - 201595704 ____A C:\Users\ThaGierk\Downloads\2012-06-21 R&F.mp3
    2012-06-21 19:26 - 2012-06-21 19:26 - 00015768 ____A C:\Users\ThaGierk\Downloads\2012-06-21 R&F.torrent
    2012-06-21 18:41 - 2012-06-21 18:41 - 00069223 ____A C:\Users\ThaGierk\Downloads\Deadliest.Catch.S08E11.HDTV.x264-KILLERS.nzb
    2012-06-20 19:21 - 2012-06-20 19:22 - 99883832 ____A C:\Users\ThaGierk\Downloads\Ron & Fez - 2012-06-20 Wed.m4a
    2012-06-20 19:20 - 2012-06-20 19:20 - 00030785 ____A C:\Users\ThaGierk\Downloads\Ron & Fez - 2012-06-20 Wed.m4a.torrent
    2012-06-20 19:10 - 2012-06-20 19:10 - 00039006 ____A C:\Users\ThaGierk\Downloads\Air.Crash.Confidential.S01E01.HDTV.XviD-OTT.nzb
    2012-06-20 19:06 - 2012-06-20 19:06 - 00037206 ____A C:\Users\ThaGierk\Downloads\Hardcore.Pawn.S05E26.Rich.vs.Les.HDTV.XviD-CRiMSON.nzb
    2012-06-20 17:47 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-20 17:47 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-20 17:47 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-20 17:47 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-20 17:47 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-20 17:47 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-19 20:43 - 2012-06-19 20:43 - 00081397 ____A C:\Users\ThaGierk\Downloads\Deadliest.Catch.S08E10.HDTV.x264-KILLERS.nzb
    2012-06-19 20:43 - 2012-06-19 20:43 - 00076022 ____A C:\Users\ThaGierk\Downloads\Deadliest.Catch.S08E09.HDTV.x264-KILLERS.nzb
    2012-06-19 20:40 - 2012-06-19 20:42 - 199493737 ____A C:\Users\ThaGierk\Downloads\2012-06-19 R&F.mp3
    2012-06-19 20:39 - 2012-06-19 20:39 - 00015608 ____A C:\Users\ThaGierk\Downloads\2012-06-19 R&F.torrent
    2012-06-18 19:26 - 2012-06-18 19:28 - 102434430 ____A C:\Users\ThaGierk\Downloads\2012-06-18-R&F-CF64k.mp3
    2012-06-18 19:26 - 2012-06-18 19:26 - 00031560 ____A C:\Users\ThaGierk\Downloads\2012-06-18-R&F-CF64k.mp3.torrent
    2012-06-18 13:27 - 2012-06-18 13:27 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
    2012-06-18 13:27 - 2012-06-18 13:27 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
    2012-06-17 21:47 - 2012-06-17 21:47 - 00031898 ____A C:\Users\ThaGierk\Downloads\Coast.to.Coast...Jun.15-2012.nzb
    2012-06-16 18:40 - 2012-06-16 18:40 - 00097030 ____A C:\Users\ThaGierk\Downloads\BBC.Episodes.S02E06.2012-XviD.nzb
    2012-06-16 06:38 - 2012-06-16 06:38 - 00016583 ____A C:\Users\ThaGierk\Downloads\2.Live.Crew.Is.What.We-Are.nzb
    2012-06-16 06:37 - 2012-06-16 06:37 - 00023608 ____A C:\Users\ThaGierk\Downloads\The.2.Live.Crew...As.Nasty.as.They.Wanna.Be-2005.nzb
    2012-06-16 06:15 - 2012-06-16 06:15 - 00046461 ____A C:\Users\ThaGierk\Downloads\Wham!...The.Best.of.Wham!-(1997).nzb
    2012-06-15 16:12 - 2012-06-16 16:40 - 00000000 ____D C:\Users\ThaGierk\Desktop\contour camera
    2012-06-14 21:08 - 2012-06-14 21:09 - 101945835 ____A C:\Users\ThaGierk\Downloads\2012-06-14-R&F-CF64k.mp3
    2012-06-14 21:07 - 2012-06-14 21:07 - 00031400 ____A C:\Users\ThaGierk\Downloads\2012-06-14-R&F-CF64k.mp3.torrent
    2012-06-10 07:40 - 2012-06-10 07:41 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\PhotoScape
    2012-06-10 07:40 - 2012-06-10 07:40 - 00000954 ____A C:\Users\ThaGierk\Desktop\PhotoScape.lnk
    2012-06-10 07:40 - 2012-06-10 07:40 - 00000954 ____A C:\Users\LogMeInRemoteUser\Desktop\PhotoScape.lnk
    2012-06-10 07:40 - 2012-06-10 07:40 - 00000000 ____D C:\Program Files\PhotoScape
    2012-06-10 07:15 - 2012-06-10 07:18 - 00000000 ____D C:\Users\ThaGierk\Desktop\pinata
    2012-06-09 14:56 - 2012-06-09 14:56 - 00380086 ____A C:\Users\ThaGierk\Desktop\Falcon.png
    2012-06-09 14:31 - 2012-06-09 14:31 - 00071377 ____A C:\Users\ThaGierk\Desktop\securedownload
    2012-06-09 07:27 - 2012-06-09 08:02 - 77515446 ____A C:\Users\ThaGierk\Desktop\saturdayJune92012.flv
    2012-06-08 19:05 - 2012-06-08 20:28 - 182125352 ____A C:\Users\ThaGierk\Desktop\FridayNIghtJune8th.flv
    2012-06-08 15:37 - 2012-06-08 15:38 - 02177326 ____A C:\Users\ThaGierk\Desktop\saturdayJune62012.flv
    2012-06-08 15:37 - 2012-06-08 15:37 - 00000631 ____A C:\Users\ThaGierk\Desktop\saturdayJune62012.0.flv
    2012-06-07 17:07 - 2012-06-07 17:31 - 00000186 ____A C:\Users\ThaGierk\Desktop\teachercut.mpg.sfl
    2012-06-07 16:45 - 2012-06-07 17:31 - 195803140 ____A C:\Users\ThaGierk\Desktop\teachercut.mpg
    2012-06-07 16:23 - 2012-06-07 16:23 - 00000036 ____A C:\Users\ThaGierk\Desktop\teachercut.mov.sfl
    2012-06-07 16:22 - 2012-06-07 16:23 - 370854717 ____A C:\Users\ThaGierk\Desktop\teachercut.mov
    2012-06-06 16:14 - 2012-06-06 16:29 - 00000000 ____D C:\Users\ThaGierk\Desktop\touchup
    2012-06-06 16:05 - 2012-06-06 16:30 - 00000000 ____D C:\Users\ThaGierk\Desktop\griffkindergagraduation
    2012-06-06 06:02 - 2012-06-24 19:00 - 00000000 ___SD C:\Users\ThaGierk\Google Drive
    2012-06-06 06:02 - 2012-06-06 06:02 - 00001693 ____A C:\Users\ThaGierk\Desktop\Google Drive.lnk
    2012-06-06 05:54 - 2012-06-06 05:54 - 00000000 ____D C:\Users\ThaGierk\AppData\LocalGoogle
    2012-06-02 08:24 - 2012-06-02 08:24 - 00000966 ____A C:\Users\ThaGierk\Desktop\RMVB Player.lnk
    2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Program Files\RMVB Player
    2012-05-29 17:53 - 2012-05-29 17:54 - 00000000 ____D C:\Users\ThaGierk\Desktop\friday13book
    2012-05-28 08:15 - 2012-05-28 08:36 - 47023983 ____A C:\Users\ThaGierk\Desktop\MondayMay28.flv
    2012-05-26 08:20 - 2012-05-26 08:21 - 00000000 ____D C:\Users\ThaGierk\Desktop\greatamerica
    2012-05-26 07:16 - 2012-05-26 08:00 - 98847930 ____A C:\Users\ThaGierk\Desktop\SaturdayMay26.flv
    2012-05-26 07:15 - 2012-05-26 07:15 - 00042963 ____A C:\Users\ThaGierk\Desktop\sundayMay20th.flv

    ============ 3 Months Modified Files and Folders ===============

    2012-06-24 20:11 - 2012-06-24 20:11 - 00000000 ____D C:\FRST
    2012-06-24 19:01 - 2011-04-03 08:09 - 01409752 ____A C:\Windows\WindowsUpdate.log
    2012-06-24 19:00 - 2012-06-06 06:02 - 00000000 ___SD C:\Users\ThaGierk\Google Drive
    2012-06-24 19:00 - 2012-05-17 18:49 - 00009880 ____A C:\Windows\System32\debug.log
    2012-06-24 19:00 - 2011-06-06 18:56 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-24 18:59 - 2012-02-11 14:08 - 00000000 ____D C:\Windows\System32\logishrd
    2012-06-24 18:59 - 2011-12-24 11:28 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-24 18:59 - 2011-06-04 13:42 - 00000318 __ASH C:\Windows\Tasks\Rnmlab.job
    2012-06-24 18:58 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-24 18:58 - 2009-07-13 20:39 - 00124136 ____A C:\Windows\setupact.log
    2012-06-24 18:48 - 2012-03-07 16:43 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001UA.job
    2012-06-24 18:26 - 2011-06-06 18:56 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-24 17:23 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-24 17:23 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-24 17:22 - 2012-06-24 17:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-24 17:22 - 2011-12-24 12:32 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-24 17:22 - 2011-04-03 08:37 - 00005520 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-24 17:21 - 2012-06-24 17:21 - 10288512 ____A (Microsoft Corporation) C:\Users\ThaGierk\Downloads\mseinstall (1).exe
    2012-06-24 17:19 - 2012-06-24 17:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-24 17:19 - 2011-04-03 08:39 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001UA.job
    2012-06-24 17:18 - 2012-06-24 17:18 - 10288512 ____A (Microsoft Corporation) C:\Users\ThaGierk\Downloads\mseinstall.exe
    2012-06-24 17:13 - 2011-04-04 15:11 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\.purple
    2012-06-24 17:11 - 2012-06-24 17:09 - 00000000 ____D C:\Users\ThaGierk\Desktop\New folder
    2012-06-24 17:07 - 2012-06-24 17:07 - 00001877 ____A C:\Users\ThaGierk\Desktop\WebPod Studio.lnk
    2012-06-24 17:07 - 2012-06-24 17:07 - 00001877 ____A C:\Users\LogMeInRemoteUser\Desktop\WebPod Studio.lnk
    2012-06-24 17:07 - 2012-06-24 17:07 - 00000000 ____D C:\Program Files\WebPod Studio
    2012-06-24 17:06 - 2012-06-24 17:06 - 08853035 ____A C:\Users\ThaGierk\Downloads\wps_standard_install.exe
    2012-06-24 17:05 - 2012-06-24 17:05 - 00463080 ____A (CNET Download.com) C:\Users\ThaGierk\Downloads\cnet2_wps_professional_install_exe.exe
    2012-06-24 16:59 - 2012-06-24 16:59 - 09126722 ____A C:\Users\ThaGierk\Downloads\wps_professional_install.exe
    2012-06-24 15:48 - 2012-03-07 16:43 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001Core.job
    2012-06-24 15:40 - 2011-12-14 16:37 - 00000000 ____D C:\Users\All Users\LogMeIn
    2012-06-24 13:16 - 2012-06-24 13:14 - 00000000 ____D C:\Users\ThaGierk\Desktop\100GOPRO
    2012-06-24 12:59 - 2012-06-24 12:49 - 30588024 ____A C:\Users\ThaGierk\Desktop\infiltrationgierkcut 1.avi
    2012-06-24 09:48 - 2012-06-24 09:38 - 31400762 ____A C:\Users\ThaGierk\Desktop\infiltrationgierkcut.avi
    2012-06-24 09:19 - 2011-04-03 08:39 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001Core.job
    2012-06-24 09:09 - 2011-07-31 09:57 - 00000000 ____D C:\Users\ThaGierk\Documents\VideoPad Projects
    2012-06-24 08:51 - 2011-08-09 16:26 - 00000000 ____D C:\Users\ThaGierk\Documents\My Recordings
    2012-06-24 08:50 - 2011-08-09 16:22 - 00000000 ____D C:\Program Files\Replay Media Catcher
    2012-06-24 08:49 - 2012-06-24 08:47 - 13690318 ____A C:\Users\ThaGierk\Desktop\infiltration.flv
    2012-06-24 08:47 - 2011-08-09 16:26 - 00237568 ____A C:\Windows\System32\rmc_rtspdl.dll
    2012-06-24 08:47 - 2011-08-09 16:26 - 00156672 ____A (Radioactive) C:\Windows\System32\rmc_fixasf.exe
    2012-06-24 07:57 - 2012-06-24 07:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-24 07:19 - 2011-09-04 10:38 - 00000000 ____D C:\Users\ThaGierk\Desktop\883TheMythStuff
    2012-06-23 22:15 - 2011-04-04 15:26 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\NewsBin
    2012-06-23 20:22 - 2011-04-28 19:20 - 00000000 ____D C:\Users\ThaGierk\AppData\Local\QuickPar
    2012-06-23 19:56 - 2012-06-23 19:56 - 00330622 ____A C:\Users\ThaGierk\Downloads\Alien.Resurrection.(1997).Extended.cut.dvdrip.xvid-finale.nzb
    2012-06-23 18:58 - 2012-06-23 18:57 - 00209752 ____A C:\Users\ThaGierk\Downloads\Friends.With.Kids.2011.DVDSCR.XviD-MADiSON.nzb
    2012-06-22 21:52 - 2011-04-04 19:32 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\uTorrent
    2012-06-22 21:29 - 2012-06-22 21:28 - 100451209 ____A C:\Users\ThaGierk\Downloads\2012-06-22-R&F-CF64k.mp3
    2012-06-22 21:27 - 2012-06-22 21:27 - 00030940 ____A C:\Users\ThaGierk\Downloads\2012-06-22-R&F-CF64k.mp3.torrent
    2012-06-21 19:29 - 2012-06-21 19:27 - 201595704 ____A C:\Users\ThaGierk\Downloads\2012-06-21 R&F.mp3
    2012-06-21 19:26 - 2012-06-21 19:26 - 00015768 ____A C:\Users\ThaGierk\Downloads\2012-06-21 R&F.torrent
    2012-06-21 18:41 - 2012-06-21 18:41 - 00069223 ____A C:\Users\ThaGierk\Downloads\Deadliest.Catch.S08E11.HDTV.x264-KILLERS.nzb
    2012-06-20 19:22 - 2012-06-20 19:21 - 99883832 ____A C:\Users\ThaGierk\Downloads\Ron & Fez - 2012-06-20 Wed.m4a
    2012-06-20 19:20 - 2012-06-20 19:20 - 00030785 ____A C:\Users\ThaGierk\Downloads\Ron & Fez - 2012-06-20 Wed.m4a.torrent
    2012-06-20 19:10 - 2012-06-20 19:10 - 00039006 ____A C:\Users\ThaGierk\Downloads\Air.Crash.Confidential.S01E01.HDTV.XviD-OTT.nzb
    2012-06-20 19:06 - 2012-06-20 19:06 - 00037206 ____A C:\Users\ThaGierk\Downloads\Hardcore.Pawn.S05E26.Rich.vs.Les.HDTV.XviD-CRiMSON.nzb
    2012-06-19 20:43 - 2012-06-19 20:43 - 00081397 ____A C:\Users\ThaGierk\Downloads\Deadliest.Catch.S08E10.HDTV.x264-KILLERS.nzb
    2012-06-19 20:43 - 2012-06-19 20:43 - 00076022 ____A C:\Users\ThaGierk\Downloads\Deadliest.Catch.S08E09.HDTV.x264-KILLERS.nzb
    2012-06-19 20:42 - 2012-06-19 20:40 - 199493737 ____A C:\Users\ThaGierk\Downloads\2012-06-19 R&F.mp3
    2012-06-19 20:39 - 2012-06-19 20:39 - 00015608 ____A C:\Users\ThaGierk\Downloads\2012-06-19 R&F.torrent
    2012-06-18 19:28 - 2012-06-18 19:26 - 102434430 ____A C:\Users\ThaGierk\Downloads\2012-06-18-R&F-CF64k.mp3
    2012-06-18 19:26 - 2012-06-18 19:26 - 00031560 ____A C:\Users\ThaGierk\Downloads\2012-06-18-R&F-CF64k.mp3.torrent
    2012-06-18 13:27 - 2012-06-18 13:27 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
    2012-06-18 13:27 - 2012-06-18 13:27 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
    2012-06-17 21:47 - 2012-06-17 21:47 - 00031898 ____A C:\Users\ThaGierk\Downloads\Coast.to.Coast...Jun.15-2012.nzb
    2012-06-16 18:40 - 2012-06-16 18:40 - 00097030 ____A C:\Users\ThaGierk\Downloads\BBC.Episodes.S02E06.2012-XviD.nzb
    2012-06-16 16:40 - 2012-06-15 16:12 - 00000000 ____D C:\Users\ThaGierk\Desktop\contour camera
    2012-06-16 06:38 - 2012-06-16 06:38 - 00016583 ____A C:\Users\ThaGierk\Downloads\2.Live.Crew.Is.What.We-Are.nzb
    2012-06-16 06:37 - 2012-06-16 06:37 - 00023608 ____A C:\Users\ThaGierk\Downloads\The.2.Live.Crew...As.Nasty.as.They.Wanna.Be-2005.nzb
    2012-06-16 06:15 - 2012-06-16 06:15 - 00046461 ____A C:\Users\ThaGierk\Downloads\Wham!...The.Best.of.Wham!-(1997).nzb
    2012-06-14 21:09 - 2012-06-14 21:08 - 101945835 ____A C:\Users\ThaGierk\Downloads\2012-06-14-R&F-CF64k.mp3
    2012-06-14 21:07 - 2012-06-14 21:07 - 00031400 ____A C:\Users\ThaGierk\Downloads\2012-06-14-R&F-CF64k.mp3.torrent
    2012-06-13 15:54 - 2012-05-04 20:26 - 00000000 ____D C:\Users\ThaGierk\Desktop\movies
    2012-06-11 21:21 - 2011-04-03 08:40 - 00002419 ____A C:\Users\ThaGierk\Desktop\Google Chrome.lnk
    2012-06-10 07:41 - 2012-06-10 07:40 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\PhotoScape
    2012-06-10 07:40 - 2012-06-10 07:40 - 00000954 ____A C:\Users\ThaGierk\Desktop\PhotoScape.lnk
    2012-06-10 07:40 - 2012-06-10 07:40 - 00000954 ____A C:\Users\LogMeInRemoteUser\Desktop\PhotoScape.lnk
    2012-06-10 07:40 - 2012-06-10 07:40 - 00000000 ____D C:\Program Files\PhotoScape
    2012-06-10 07:18 - 2012-06-10 07:15 - 00000000 ____D C:\Users\ThaGierk\Desktop\pinata
    2012-06-09 20:02 - 2011-04-10 06:50 - 00000000 ____D C:\Users\All Users\Adobe
    2012-06-09 20:02 - 2011-04-03 08:53 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\Adobe
    2012-06-09 14:56 - 2012-06-09 14:56 - 00380086 ____A C:\Users\ThaGierk\Desktop\Falcon.png
    2012-06-09 14:31 - 2012-06-09 14:31 - 00071377 ____A C:\Users\ThaGierk\Desktop\securedownload
    2012-06-09 08:02 - 2012-06-09 07:27 - 77515446 ____A C:\Users\ThaGierk\Desktop\saturdayJune92012.flv
    2012-06-08 20:28 - 2012-06-08 19:05 - 182125352 ____A C:\Users\ThaGierk\Desktop\FridayNIghtJune8th.flv
    2012-06-08 15:38 - 2012-06-08 15:37 - 02177326 ____A C:\Users\ThaGierk\Desktop\saturdayJune62012.flv
    2012-06-08 15:37 - 2012-06-08 15:37 - 00000631 ____A C:\Users\ThaGierk\Desktop\saturdayJune62012.0.flv
    2012-06-08 04:54 - 2011-04-05 18:12 - 00005219 ____A C:\Users\ThaGierk\Desktop\namepass.txt
    2012-06-07 19:45 - 2011-04-16 15:24 - 00000000 ____D C:\Users\ThaGierk\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
    2012-06-07 17:31 - 2012-06-07 17:07 - 00000186 ____A C:\Users\ThaGierk\Desktop\teachercut.mpg.sfl
    2012-06-07 17:31 - 2012-06-07 16:45 - 195803140 ____A C:\Users\ThaGierk\Desktop\teachercut.mpg
    2012-06-07 16:23 - 2012-06-07 16:23 - 00000036 ____A C:\Users\ThaGierk\Desktop\teachercut.mov.sfl
    2012-06-07 16:23 - 2012-06-07 16:22 - 370854717 ____A C:\Users\ThaGierk\Desktop\teachercut.mov
    2012-06-07 15:30 - 2011-06-04 13:25 - 00027256 ____A C:\Users\ThaGierk\Documents\Default.sfvidcap
    2012-06-06 16:30 - 2012-06-06 16:05 - 00000000 ____D C:\Users\ThaGierk\Desktop\griffkindergagraduation
    2012-06-06 16:29 - 2012-06-06 16:14 - 00000000 ____D C:\Users\ThaGierk\Desktop\touchup
    2012-06-06 06:02 - 2012-06-06 06:02 - 00001693 ____A C:\Users\ThaGierk\Desktop\Google Drive.lnk
    2012-06-06 06:02 - 2011-04-03 08:34 - 00000000 ____D C:\users\ThaGierk
    2012-06-06 05:54 - 2012-06-06 05:54 - 00000000 ____D C:\Users\ThaGierk\AppData\LocalGoogle
    2012-06-06 05:54 - 2011-06-06 18:56 - 00000000 ____D C:\Program Files\Google
    2012-06-06 05:54 - 2011-04-03 08:39 - 00000000 ____D C:\Users\ThaGierk\AppData\Local\Google
    2012-06-02 20:20 - 2011-12-18 21:58 - 00000600 ____A C:\Users\ThaGierk\AppData\Local\PUTTY.RND
    2012-06-02 14:19 - 2012-06-20 17:47 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-20 17:47 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-20 17:47 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-20 17:47 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:12 - 2012-06-20 17:47 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-20 17:47 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 10:07 - 2011-12-18 10:33 - 00000000 ____D C:\Users\ThaGierk\.VirtualBox
    2012-06-02 10:05 - 2011-04-05 20:13 - 00118480 ____A C:\Windows\PFRO.log
    2012-06-02 08:24 - 2012-06-02 08:24 - 00000966 ____A C:\Users\ThaGierk\Desktop\RMVB Player.lnk
    2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Program Files\RMVB Player
    2012-06-02 07:41 - 2011-12-04 21:21 - 00000000 ____D C:\Users\ThaGierk\Desktop\imagination_play
    2012-05-30 04:57 - 2012-05-03 18:17 - 00000000 ____D C:\Users\ThaGierk\Desktop\First Field Trip
    2012-05-30 04:57 - 2010-08-10 08:24 - 00000000 ____D C:\Users\ThaGierk\Desktop\louie
    2012-05-29 17:54 - 2012-05-29 17:53 - 00000000 ____D C:\Users\ThaGierk\Desktop\friday13book
    2012-05-28 08:36 - 2012-05-28 08:15 - 47023983 ____A C:\Users\ThaGierk\Desktop\MondayMay28.flv
    2012-05-26 08:21 - 2012-05-26 08:20 - 00000000 ____D C:\Users\ThaGierk\Desktop\greatamerica
    2012-05-26 08:00 - 2012-05-26 07:16 - 98847930 ____A C:\Users\ThaGierk\Desktop\SaturdayMay26.flv
    2012-05-26 07:15 - 2012-05-26 07:15 - 00042963 ____A C:\Users\ThaGierk\Desktop\sundayMay20th.flv
    2012-05-20 07:55 - 2012-05-20 07:12 - 98050532 ____A C:\Users\ThaGierk\Desktop\sundayMay20th.0.flv
    2012-05-19 15:33 - 2011-12-14 16:37 - 00087424 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
    2012-05-19 15:33 - 2011-12-14 16:37 - 00083360 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
    2012-05-19 15:33 - 2011-12-14 16:37 - 00030592 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
    2012-05-19 15:33 - 2011-12-14 16:37 - 00000000 ____D C:\Program Files\LogMeIn
    2012-05-19 14:12 - 2012-05-19 12:49 - 186260620 ____A C:\Users\ThaGierk\Desktop\newmicintro.flv
    2012-05-19 12:40 - 2012-05-19 12:40 - 00000661 ____A C:\Users\ThaGierk\Documents\gierkraps.rtf
    2012-05-19 08:32 - 2012-05-19 08:07 - 00000192 ____A C:\Users\ThaGierk\Desktop\imaginationplayact2.mpg.sfl
    2012-05-19 08:32 - 2012-05-19 08:06 - 13936644 ____A C:\Users\ThaGierk\Desktop\imaginationplayact2.mpg
    2012-05-19 08:07 - 2012-05-19 08:02 - 01302568 ____A C:\Users\ThaGierk\Desktop\planeride.avi.sfk
    2012-05-13 19:07 - 2012-05-13 19:10 - 04082394 ____A C:\Users\ThaGierk\Desktop\Distraction-Test-v1.m4a
    2012-05-13 19:07 - 2012-05-13 19:07 - 04082394 ____A C:\Users\ThaGierk\Downloads\Distraction-Test-v1.m4a
    2012-05-12 20:47 - 2012-05-12 20:47 - 00000878 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-12 19:12 - 2012-05-12 19:12 - 08848056 ____A C:\Users\ThaGierk\Downloads\Rap-Test-v1.aif
    2012-05-12 08:40 - 2011-11-20 09:50 - 00048816 ____A C:\Users\ThaGierk\Documents\Imagintion play.fdx
    2012-05-07 21:25 - 2012-05-06 07:03 - 00000000 ____D C:\Users\ThaGierk\Desktop\cesniaflight
    2012-05-07 19:17 - 2012-05-07 19:11 - 00014968 ____A C:\Users\ThaGierk\Desktop\111.mp3.sfk
    2012-05-07 19:09 - 2012-05-07 19:08 - 00047480 ____A C:\Users\ThaGierk\Desktop\183.mp3.sfk
    2012-05-06 20:52 - 2012-05-06 20:34 - 56073284 ____A C:\Users\ThaGierk\Desktop\planeridecomplete1.avi
    2012-05-06 07:33 - 2011-07-31 09:06 - 00000000 ____D C:\Users\All Users\NCH Software
    2012-05-03 15:15 - 2009-07-13 20:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-04-30 16:21 - 2011-08-09 16:26 - 00000000 ____D C:\Users\ThaGierk\AppData\Local\mdnslib
    2012-04-29 18:47 - 2012-04-29 18:47 - 00003020 ____A C:\Windows\System32\TEST.log
    2012-04-29 15:17 - 2012-04-29 15:04 - 29157525 ____A C:\Users\ThaGierk\Desktop\apriltestphone.flv
    2012-04-29 07:32 - 2012-04-29 07:32 - 00001057 ____A C:\Users\Public\Desktop\Switch Sound File Converter.lnk
    2012-04-29 07:32 - 2011-07-31 09:06 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\NCH Software
    2012-04-29 07:32 - 2011-07-31 09:06 - 00000000 ____D C:\Program Files\NCH Software
    2012-04-29 07:28 - 2012-04-29 07:26 - 00000000 ____D C:\Users\ThaGierk\Desktop\mp3val
    2012-04-28 09:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-04-28 09:10 - 2009-07-13 20:33 - 00314416 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-04-28 08:35 - 2012-04-28 08:35 - 00000000 ____D C:\Program Files\MSXML 4.0
    2012-04-28 08:35 - 2012-04-28 08:34 - 00285746 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2012-04-26 19:56 - 2012-04-26 19:56 - 00000000 ____D C:\dir
    2012-04-23 19:34 - 2012-04-22 18:58 - 00000000 ____D C:\Users\ThaGierk\Desktop\galticcards
    2012-04-23 16:20 - 2012-04-23 16:20 - 00000000 ____D C:\Users\ThaGierk\AppData\Local\HP
    2012-04-23 16:20 - 2012-04-23 16:19 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\HP
    2012-04-23 16:20 - 2012-04-23 16:07 - 00000000 ____D C:\Users\All Users\HP
    2012-04-23 16:20 - 2011-04-09 20:25 - 00058568 ____A C:\Users\ThaGierk\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-23 16:19 - 2012-04-23 16:19 - 00000000 ____D C:\Users\All Users\WEBREG
    2012-04-23 16:19 - 2012-04-23 16:07 - 00221503 ____A C:\Windows\hpoins19.dat
    2012-04-23 16:19 - 2012-04-23 16:07 - 00001255 ____A C:\Users\All Users\hpzinstall.log
    2012-04-23 16:18 - 2009-07-13 18:04 - 00000438 ____A C:\Windows\win.ini
    2012-04-23 16:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32
    2012-04-23 16:15 - 2012-04-23 16:15 - 00000000 ____D C:\Users\ThaGierk\AppData\Roaming\Yahoo!
    2012-04-23 16:15 - 2012-04-23 16:15 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2012-04-23 16:15 - 2012-04-23 16:15 - 00000000 ____D C:\Program Files\Yahoo!
    2012-04-23 16:14 - 2012-04-23 16:07 - 00000000 ____D C:\Program Files\HP
    2012-04-23 16:13 - 2012-04-23 16:13 - 00000000 ____D C:\Users\All Users\HP Product Assistant
    2012-04-23 16:11 - 2011-04-03 09:17 - 00000000 ____D C:\Program Files\Common Files\Hewlett-Packard
    2012-04-23 16:10 - 2012-04-23 16:10 - 00000000 ____D C:\Program Files\Common Files\HP
    2012-04-23 16:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
    2012-04-21 02:16 - 2012-04-21 07:56 - 11856550 ____A C:\Users\ThaGierk\Desktop\sample.avi
    2012-04-17 19:23 - 2012-04-17 19:22 - 00000000 ____D C:\Users\ThaGierk\Desktop\gameofthrones
    2012-04-16 18:07 - 2012-04-16 18:07 - 03086810 ____A C:\Users\ThaGierk\Desktop\ewok_algriffl.psd
    2012-04-16 18:02 - 2012-04-16 18:02 - 32925441 ____A C:\Users\ThaGierk\Desktop\griffewok.psd
    2012-04-11 05:08 - 2012-04-11 05:08 - 00387687 ____A C:\Users\ThaGierk\Desktop\tigerdirect.png
    2012-04-09 18:27 - 2011-12-30 14:14 - 00007645 ____A C:\Users\ThaGierk\AppData\Local\resmon.resmoncfg
    2012-04-08 14:09 - 2012-04-08 08:05 - 00000000 ____D C:\Users\ThaGierk\Desktop\april4broadcast pictutes
    2012-04-08 09:15 - 2011-12-16 17:00 - 00000038 ____A C:\Windows\avisplitter.INI
    2012-04-07 21:19 - 2012-04-07 21:03 - 36575625 ____A C:\Users\ThaGierk\Desktop\apriltestphone.0.flv
    2012-04-07 07:51 - 2011-12-11 08:18 - 00000000 ____D C:\Users\ThaGierk\Desktop\SonyVegasfromTony
    2012-04-07 07:02 - 2012-04-07 07:02 - 00001718 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-04-07 07:02 - 2012-04-07 07:01 - 00000000 ____D C:\Program Files\iTunes
    2012-04-07 07:01 - 2012-04-07 07:01 - 00000000 ____D C:\Program Files\iPod
    2012-04-07 07:01 - 2011-04-04 19:40 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-04-04 16:01 - 2012-04-04 15:55 - 00000000 ____D C:\Users\ThaGierk\Desktop\galaticcards
    2012-04-04 15:55 - 2011-10-25 20:09 - 00000000 ____D C:\Users\ThaGierk\Desktop\mkvconvert
    2012-04-02 20:37 - 2012-03-22 05:17 - 00001392 ____A C:\Users\Public\simplemind-1.1.log
    2012-04-02 17:57 - 2011-12-03 14:40 - 00000000 ____D C:\Users\ThaGierk\Desktop\harvest1intros
    2012-04-02 17:56 - 2011-08-12 20:05 - 00000000 ____D C:\Users\ThaGierk\Desktop\Pulp Fiction Collectors Editio
    2012-03-29 02:02 - 2011-04-07 15:10 - 55154568 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-03-28 05:10 - 2012-03-28 05:06 - 05828959 ____A C:\Users\ThaGierk\Desktop\ImaginationPlay2.mp4
    2012-03-28 05:04 - 2012-03-28 05:02 - 00078344 ____A C:\Users\ThaGierk\Desktop\imagination_play1.avi.sfk

    ZeroAccess:
    C:\Windows\Installer\{4560d3ee-381e-3853-e703-8026c9b6e42f}
    C:\Windows\Installer\{4560d3ee-381e-3853-e703-8026c9b6e42f}\@
    C:\Windows\Installer\{4560d3ee-381e-3853-e703-8026c9b6e42f}\L
    C:\Windows\Installer\{4560d3ee-381e-3853-e703-8026c9b6e42f}\n
    C:\Windows\Installer\{4560d3ee-381e-3853-e703-8026c9b6e42f}\U

    ZeroAccess:
    C:\Users\ThaGierk\AppData\Local\{4560d3ee-381e-3853-e703-8026c9b6e42f}
    C:\Users\ThaGierk\AppData\Local\{4560d3ee-381e-3853-e703-8026c9b6e42f}\@
    C:\Users\ThaGierk\AppData\Local\{4560d3ee-381e-3853-e703-8026c9b6e42f}\L
    C:\Users\ThaGierk\AppData\Local\{4560d3ee-381e-3853-e703-8026c9b6e42f}\n
    C:\Users\ThaGierk\AppData\Local\{4560d3ee-381e-3853-e703-8026c9b6e42f}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 12%
    Total physical RAM: 4031.24 MB
    Available physical RAM: 3534.68 MB
    Total Pagefile: 4029.52 MB
    Available Pagefile: 3538.79 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB

    ======================= Partitions =========================

    1 Drive c: (OTHER) (Fixed) (Total:463.25 GB) (Free:52.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:199.5 GB) NTFS
    5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    6 Drive I: () (Removable) (Total:3.74 GB) (Free:0.28 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: () (Fixed) (Total:698.63 GB) (Free:140.83 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 8 MB
    Disk 1 Online 465 GB 2566 MB
    Disk 2 Online 931 GB 0 B
    Disk 3 Online 3829 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 31 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 Y NTFS Partition 698 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 463 GB 31 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C OTHER NTFS Partition 463 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E New Volume NTFS Partition 931 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3827 MB 19 KB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT32 Removable 3827 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-17 23:22

    ======================= End Of Log ============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  3. ThaGierk

    ThaGierk TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-24 21:12:41
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    C:\RECYCLER\S-1-5-21-220523388-1482476501-725345543-1003\Dc3\KB956572\SP3QFE\services.exe
    [2010-07-14 14:25] - [2009-02-06 03:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

    C:\RECYCLER\S-1-5-21-220523388-1482476501-725345543-1003\Dc3\KB956572\SP3GDR\services.exe
    [2010-07-14 14:25] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

    === End Of Search ===
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    See if you can boot normally.

    If so....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. ThaGierk

    ThaGierk TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-24 21:33:23 Run:1
    Running from I:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{4560d3ee-381e-3853-e703-8026c9b6e42f} moved successfully.
    C:\Users\ThaGierk\AppData\Local\{4560d3ee-381e-3853-e703-8026c9b6e42f} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    Booted, no restarts. works log for combofix
    ComboFix 12-06-24.03 - ThaGierk 06/24/2012 21:58:06.1.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2751.1675 [GMT -7:00]
    Running from: c:\users\ThaGierk\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\dir
    c:\dir\install\install\Windows Update.exe
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    C:\Thumbs.db
    c:\users\ThaGierk\AppData\Local\{2F82A3D9-1CEA-46A1-82FF-F20B3CC4BC87}
    c:\users\ThaGierk\AppData\Local\{2F82A3D9-1CEA-46A1-82FF-F20B3CC4BC87}\chrome.manifest
    c:\users\ThaGierk\AppData\Local\{2F82A3D9-1CEA-46A1-82FF-F20B3CC4BC87}\chrome\content\_cfg.js
    c:\users\ThaGierk\AppData\Local\{2F82A3D9-1CEA-46A1-82FF-F20B3CC4BC87}\chrome\content\overlay.xul
    c:\users\ThaGierk\AppData\Local\{2F82A3D9-1CEA-46A1-82FF-F20B3CC4BC87}\install.rdf
    c:\users\ThaGierk\AppData\Local\Microsoft\Windows\Temporary Internet Files\install_flash_player_10_active_x.msi
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\_ctypes.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\_elementtree.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\_hashlib.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\_socket.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\_ssl.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\pyexpat.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\pysqlite2._sqlite.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\python26.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\pythoncom26.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\PyWinTypes26.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\select.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\unicodedata.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32api.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32com.shell.shell.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32crypt.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32event.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32file.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32inet.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32pdh.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\win32process.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\windows._cacheinvalidation.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._controls_.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._core_.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._gdi_.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._html2.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._misc_.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._windows_.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wx._wizard.pyd
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wxbase293u_net_vc.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wxbase293u_vc.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wxmsw293u_adv_vc.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wxmsw293u_core_vc.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wxmsw293u_html_vc.dll
    c:\users\ThaGierk\AppData\Local\Temp\_MEI24483\wxmsw293u_webview_vc.dll
    c:\users\ThaGierk\AppData\Roaming\54AE.C14
    c:\users\ThaGierk\AppData\Roaming\Adobe\plugs
    c:\users\ThaGierk\AppData\Roaming\Adobe\shed
    c:\users\ThaGierk\moviestudiope100.exe
    c:\windows\security\Database\tmp.edb
    c:\windows\system\system32
    c:\windows\system\system32\Drivers\kbcam.inf
    c:\windows\system\system32\Drivers\kbcam.sys
    c:\windows\system32\DEBUG.log
    c:\windows\system32\User.ini
    c:\windows\system32\win.ini
    E:\autorun.inf
    E:\setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-25 04:48 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29D2F180-222D-4563-B714-C2EDAF5FA248}\mpengine.dll
    2012-06-25 04:11 . 2012-06-25 04:12 -------- d-----w- C:\FRST
    2012-06-25 01:23 . 2012-06-25 01:23 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBE44794-36AA-43EF-80FC-73F35F2CB225}\gapaengine.dll
    2012-06-25 01:22 . 2012-06-25 01:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-25 01:19 . 2012-06-25 01:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-25 01:07 . 2003-08-18 20:25 68608 ----a-w- c:\windows\system32\videoedit.ocx
    2012-06-25 01:07 . 2004-02-08 08:53 856064 ----a-w- c:\windows\system32\mpgfiltr.ax
    2012-06-25 01:07 . 2000-07-04 08:51 86528 ----a-w- c:\windows\system32\lame_enc.dll
    2012-06-25 01:07 . 2005-03-26 02:14 91648 ----a-w- c:\windows\system32\vorbisenc.dll
    2012-06-25 01:07 . 2005-03-26 02:13 33792 ----a-w- c:\windows\system32\vorbisfile.dll
    2012-06-25 01:07 . 2005-03-26 02:09 57344 ----a-w- c:\windows\system32\ogg.dll
    2012-06-25 01:07 . 2002-04-24 04:25 228352 ----a-w- c:\windows\system32\vorbis.dll
    2012-06-25 01:07 . 2005-07-10 20:20 111104 ----a-w- c:\windows\system32\videocap.ocx
    2012-06-25 01:07 . 2004-01-04 02:27 52736 ----a-w- c:\windows\system32\videocaptext.dll
    2012-06-25 01:07 . 2000-01-31 12:00 25600 ----a-w- c:\windows\system32\Borlndmm.dll
    2012-06-25 01:07 . 2012-06-25 01:07 -------- d-----w- c:\program files\WebPod Studio
    2012-06-24 15:57 . 2012-06-24 15:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-06-21 01:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 01:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 01:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 01:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 01:47 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 01:47 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-10 15:40 . 2012-06-10 15:41 -------- d-----w- c:\users\ThaGierk\AppData\Roaming\PhotoScape
    2012-06-10 15:40 . 2012-06-10 15:40 -------- d-----w- c:\program files\PhotoScape
    2012-06-06 14:02 . 2012-06-25 05:09 -------- d-s---w- c:\users\ThaGierk\Google Drive
    2012-06-02 16:24 . 2012-06-02 16:24 -------- d-----w- c:\program files\RMVB Player
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 16:47 . 2011-08-10 00:26 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2012-06-24 16:47 . 2011-08-10 00:26 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2012-05-19 23:33 . 2011-12-15 00:37 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-05-19 23:33 . 2011-12-15 00:37 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-05-19 23:33 . 2011-12-15 00:37 30592 ----a-w- c:\windows\system32\LMIport.dll
    2012-05-19 23:33 . 2011-12-15 00:37 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-06-16 04:17 . 2011-07-15 02:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-13 23:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-13 23:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-13 23:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-13 23:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
    "Facebook Update"="c:\users\ThaGierk\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-08 137536]
    "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-06-13 12163568]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Freecorder FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2010-06-26 167936]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    .
    c:\users\ThaGierk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Facebook Messenger.lnk - c:\users\ThaGierk\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-04-03 16:39 136176 ----atw- c:\users\ThaGierk\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2011-01-13 02:01 6129496 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-04-19 00:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-05 03:34 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
    2011-03-26 06:26 64112 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
    R3 KBCAM;JamC@m USB service;c:\windows\system32\Drivers\KBCAM.sys [2001-02-06 16384]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 214952]
    R3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\DRIVERS\LSPMUSBX.sys [2004-07-26 666624]
    R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
    R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\netusb.sys [2002-02-20 70016]
    R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1343400]
    S1 cyphxdrv;cyphxdrv;c:\windows\system32\Drivers\cyphxdrv.sys [2011-04-28 99608]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-02 232512]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 158512]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 91440]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 cypherixservice;Cypherix service;c:\windows\system32\cypherixsrv.exe [2011-04-28 1043224]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-19 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 104752]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 116016]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001Core.job
    - c:\users\ThaGierk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 00:42]
    .
    2012-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001UA.job
    - c:\users\ThaGierk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 00:42]
    .
    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 02:56]
    .
    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 02:56]
    .
    2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001Core.job
    - c:\users\ThaGierk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 16:39]
    .
    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601251385-3675537058-689484537-1001UA.job
    - c:\users\ThaGierk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 16:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:53616
    uInternet Settings,ProxyOverride = *.local
    IE: {{193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - c:\progra~1\WEBPOD~1\wpc.exe
    LSP: c:\program files\VMware\VMware Player\vsocklib.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\ThaGierk\AppData\Roaming\Mozilla\Firefox\Profiles\nu8gzls9.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    MSConfigStartUp-4ECYTQ9SIC - c:\users\ThaGierk\AppData\Local\Temp\Qbr.exe
    MSConfigStartUp-Bbeqezel - c:\users\ThaGierk\AppData\Local\wmerePI.dll
    MSConfigStartUp-conhost - c:\users\ThaGierk\AppData\Roaming\Microsoft\conhost.exe
    MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    MSConfigStartUp-Lveheiejldd - c:\users\ThaGierk\AppData\Local\Temp\op9yk.exe
    MSConfigStartUp-Lveheiejlhb - c:\users\ThaGierk\AppData\Local\Temp\debug.exe
    MSConfigStartUp-Lveheiejlkc - c:\users\ThaGierk\AppData\Local\Temp\cmd.exe
    MSConfigStartUp-Lveheiejlmc - c:\users\ThaGierk\AppData\Local\Temp\mdm.exe
    MSConfigStartUp-Lveheiejlna - c:\users\ThaGierk\AppData\Local\Temp\login.exe
    MSConfigStartUp-Lveheiejlne - c:\users\ThaGierk\AppData\Local\Temp\lsass.exe
    MSConfigStartUp-Lveheiejlo+ - c:\users\ThaGierk\AppData\Local\Temp\avp32.exe
    MSConfigStartUp-Lveheiejloc - c:\users\ThaGierk\AppData\Local\Temp\avp.exe
    MSConfigStartUp-Lveheiejlora - c:\users\ThaGierk\AppData\Local\Temp\iexplarer.exe
    MSConfigStartUp-Lveheiejlotc - c:\users\ThaGierk\AppData\Local\Temp\hexdump.exe
    MSConfigStartUp-Lveheiejlppf - c:\users\ThaGierk\AppData\Local\Temp\services.exe
    MSConfigStartUp-Lveheiejlqc - c:\users\ThaGierk\AppData\Local\Temp\win.exe
    MSConfigStartUp-Lveheiejlqe - c:\users\ThaGierk\AppData\Local\Temp\setup.exe
    MSConfigStartUp-Lveheiejlqse - c:\users\ThaGierk\AppData\Local\Temp\winlogon.exe
    MSConfigStartUp-Lveheiejlqvc - c:\users\ThaGierk\AppData\Local\Temp\svchost.exe
    MSConfigStartUp-LveheiejlqW - c:\users\ThaGierk\AppData\Local\Temp\drweb.exe
    MSConfigStartUp-LveheiejlqZ - c:\users\ThaGierk\AppData\Local\Temp\msmgm.exe
    MSConfigStartUp-Lveheiejlrf - c:\users\ThaGierk\AppData\Local\Temp\smss.exe
    MSConfigStartUp-Lveheiejlrxc - c:\users\ThaGierk\AppData\Local\Temp\spoolsv.exe
    MSConfigStartUp-Lveheiejlub - c:\users\ThaGierk\AppData\Local\Temp\sysmgm.exe
    MSConfigStartUp-Lveheiejlud - c:\users\ThaGierk\AppData\Local\Temp\system.exe
    MSConfigStartUp-Lveheiejlupc - c:\users\ThaGierk\AppData\Local\Temp\sysedit.exe
    MSConfigStartUp-LveheiejlZd - c:\users\ThaGierk\AppData\Local\Temp\l4jlx.exe
    MSConfigStartUp-Mqpe - c:\windows\avp.exe
    MSConfigStartUp-MqpSc - c:\windows\avp32.exe
    MSConfigStartUp-Mqqoc - c:\windows\debug.exe
    MSConfigStartUp-Mqqyc - c:\windows\csrss.exe
    MSConfigStartUp-MqqZ - c:\windows\cmd.exe
    MSConfigStartUp-MqrMc - c:\windows\gdi32.exe
    MSConfigStartUp-Mqrta - c:\windows\install.exe
    MSConfigStartUp-Mqruqc - c:\windows\iexplarer.exe
    MSConfigStartUp-Mqstc - c:\windows\msmgm.exe
    MSConfigStartUp-Mqsuc - c:\windows\lsass.exe
    MSConfigStartUp-MqsZ - c:\windows\mdm.exe
    MSConfigStartUp-Mque - c:\windows\user.exe
    MSConfigStartUp-Mqug - c:\windows\smss.exe
    MSConfigStartUp-Mqurb - c:\windows\taskmgr.exe
    MSConfigStartUp-Mquse - c:\windows\svchost.exe
    MSConfigStartUp-Mquuf - c:\windows\spoolsv.exe
    MSConfigStartUp-Mquvc - c:\windows\setup.exe
    MSConfigStartUp-Mquxe - c:\windows\system.exe
    MSConfigStartUp-Mqva - c:\windows\win.exe
    MSConfigStartUp-MqvPc - c:\windows\win16.exe
    MSConfigStartUp-Mqvsc - c:\windows\winlogon.exe
    MSConfigStartUp-sk4j6 - c:\users\ThaGierk\AppData\Roaming\qdp7it8.exe
    MSConfigStartUp-Smad - c:\users\ThaGierk\AppData\Local\SanctionedMedia\Smad\Smad.exe
    MSConfigStartUp-Yzunapawog - c:\users\ThaGierk\AppData\Local\asipozanijudu.dll
    AddRemove-HaaliMkx - c:\program files\Haali\MatroskaSplitter\uninstall.exe
    AddRemove-RealFlightG4Pro - c:\program files\Common Files\KnifeEdge\LauncherHelperG4.exe
    AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-FoxTab Media Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3601251385-3675537058-689484537-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**â,˜=J]
    @Allowed: (Read) (RestrictedCode)
    @SACL=(02 0001)
    "LP_LastUpdateTime"="0"
    "LP_LastCheckTime"=dword:4fe738aa
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3760)
    c:\users\ThaGierk\AppData\Local\FLVService\lib\FLVSrvLib.dll
    c:\program files\WinSCP3\DragExt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\conhost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-24 22:16:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-25 05:16
    .
    Pre-Run: 56,233,046,016 bytes free
    Post-Run: 62,315,098,112 bytes free
    .
    - - End Of File - - 20F3AF415E85C05120A7B1BE3A044809
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)

    Any current issues?

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...