Possible malware in assembly folder

Solved
By Ahiggins
Jun 11, 2012
  1. Recently, Google Chrome won't let me use www.google.com becase it's says "The site's security certificate is signed using a weak signature algorithm!" I tested out other search engines like Yahoo, Bing and MSN, but they all get the same message. So I opened up Firefox and tried to use Google. Firefox let me use Google, but it redirected everything I clicked on. So I copied and pasted some links to see what I could find out about the problem. After a couple tries of forum browsing I realized I don't really know what to do. Since that time I've downloaded and installed Malwarebytes, SUPERAntiSpyware, HiJackThis, AVG 2012 and rkill, but I don't if any of those are what I need and how to use them properly.

    I did use AVG, and it prompted me to remove two viruses located at:

    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini

    but I couldn't actually get AVG to remove them because it was having difficulty



    I'll post some logs here:

    Malwarebytes Log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.09.06

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    Adam :: ADAM-PC [administrator]

    Protection: Disabled

    6/9/2012 9:40:03 PM
    mbam-log-2012-06-09 (21-40-03).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 1009111
    Time elapsed: 4 hour(s), 26 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

    (end)

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.4.1
    Run by Adam at 10:07:44 on 2012-06-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2033 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Spotify Web Helper] "C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Adam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FLIPTO~1.LNK - C:\Program Files (x86)\fliptoast\fliptoast.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3666F52B-065A-4F99-BDFE-A869FA3DCA0B} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{7FD6A074-41B9-4B8F-BB42-3A426298A2DB} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4Com.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun-x64: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\3gp9yy3b.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Adam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-8 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 1262400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-9 79360]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-6-20 89920]
    .
    =============== Created Last 30 ================
    .
    2012-06-10 14:57:45 -------- d-----w- C:\Program Files (x86)\Black_Box
    2012-06-09 16:13:09 388096 ----a-r- C:\Users\Adam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-06-09 16:13:08 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-06-09 15:08:38 -------- d-----w- C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-09 15:08:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-06-09 15:08:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-06-08 17:39:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 15:15:01 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-06-08 15:14:10 -------- d--h--w- C:\$AVG
    2012-06-08 15:14:10 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-06-08 15:12:13 -------- d-----w- C:\Program Files (x86)\AVG
    2012-06-08 01:54:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-06-05 19:20:07 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D38E1E-10DE-4BCC-B14E-D96D751CA046}\mpengine.dll
    2012-06-05 00:14:29 -------- d-----w- C:\Program Files (x86)\Photo Story 3 for Windows
    2012-06-03 03:24:44 -------- d-----w- C:\Program Files (x86)\TightVNC
    2012-06-03 03:23:23 -------- d-----w- C:\Users\Adam\AppData\Local\Downloaded Installations
    2012-05-29 02:00:21 -------- d-----w- C:\Users\Adam\AppData\Local\Cranium
    2012-05-29 01:42:49 -------- d-----w- C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
    2012-05-29 01:42:07 -------- d-----w- C:\Program Files (x86)\iPhoneBrowser
    2012-05-26 11:45:13 -------- d-----w- C:\Users\Adam\AppData\Local\libimobiledevice
    2012-05-25 23:11:03 -------- d-----w- C:\Program Files (x86)\Paradox Interactive
    2012-05-25 22:56:51 -------- d-----w- C:\Users\Adam\AppData\Roaming\Atari
    2012-05-25 22:45:52 -------- d-----w- C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
    2012-05-25 18:59:33 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
    2012-05-25 18:59:05 -------- d-----w- C:\Users\Adam\AppData\Local\CrashRpt
    2012-05-24 00:30:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-05-21 23:30:28 -------- d-----w- C:\Program Files (x86)\Landwirtschafts Simulator 2011
    2012-05-19 19:48:36 -------- d-----w- C:\Users\Adam\AppData\Roaming\.minecraft_xray
    2012-05-19 18:42:43 -------- d-----w- C:\Users\Adam\AppData\Roaming\Bertware
    2012-05-19 18:30:15 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-05-19 15:00:03 -------- d-----w- C:\Windows\SysWow64\world_the_end
    2012-05-19 15:00:03 -------- d-----w- C:\Windows\SysWow64\world_nether
    2012-05-19 15:00:02 -------- d-----w- C:\Windows\SysWow64\world
    2012-05-19 15:00:02 -------- d-----w- C:\Windows\SysWow64\plugins
    2012-05-19 14:07:38 -------- d-----w- C:\glassfish3
    2012-05-19 13:37:42 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-05-19 02:31:10 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-05-18 00:29:55 -------- d-----w- C:\multiAVCHD
    2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-05-14 18:58:31 -------- d-----w- C:\Users\Adam\AppData\Local\SniperV2
    2012-05-14 18:32:45 -------- d-----w- C:\Program Files (x86)\Rebellion
    2012-05-14 03:50:21 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-14 03:50:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-14 03:50:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-12 15:54:55 -------- d-----w- C:\Users\Adam\AppData\Roaming\Tropico 4
    2012-05-12 15:48:32 -------- d-----w- C:\Users\Adam\AppData\Roaming\Kalypso Media
    .
    ==================== Find3M ====================
    .
    2012-05-26 16:49:51 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-05-26 16:49:51 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-05-26 00:42:03 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-25 18:57:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-19 19:11:16 839112 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-06 01:29:56 3658157137 ----a-w- C:\Program Files (x86)\VindictusSetupV152.exe
    2012-05-04 21:31:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-04 21:31:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-04 21:31:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-21 18:11:27 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
    2012-04-21 18:11:27 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
    2012-04-21 18:11:27 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
    2012-04-21 17:20:28 94208 ----a-w- C:\Windows\DIIUnin.exe
    2012-04-21 17:20:28 2829 ----a-w- C:\Windows\DIIUnin.pif
    2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
    2012-04-18 17:08:06 72512 ----a-w- C:\Windows\System32\nvapo64v.dll
    2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2006-05-03 17:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 18:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 20:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
    2010-01-07 05:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
    .
    ============= FINISH: 10:08:27.04 ===============

    Attach Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/16/2011 8:47:23 PM
    System Uptime: 6/11/2012 8:34:08 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M3N-HT DELUXE
    Processor: AMD Phenom(tm) 9850 Quad-Core Processor | Socket AM2 | 2511/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 932 GiB total, 380.396 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 106.859 GiB free.
    E: is CDROM (UDF)
    F: is CDROM (UDF)
    G: is CDROM ()
    H: is FIXED (NTFS) - 298 GiB total, 18.618 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\PRINTER\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    6500_E709_eDocs
    6500_E709_Help
    6500_E709n
    AC3Filter 1.63b
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.2)
    AnalogX NetStat Live
    ANNO 2070
    Apple Application Support
    Apple Software Update
    ARMA 2
    ARMA 2: British Armed Forces
    ARMA 2: British Armed Forces - Data cache removal
    ARMA 2: Operation Arrowhead
    ARMA 2: Private Military Company
    ARMA 2: Private Military Company - Data cache removal
    ArmA II Launcher
    Audacity 1.3.14 (Unicode)
    AviSynth 2.5
    Bandisoft MPEG-1 Decoder
    Battlecraft 1942
    Battlefield 1942
    Battlefield 1942: Secret Weapons of WWII
    Battlefield 1942: The Road To Rome
    Battlefield Mod Development Toolkit
    Battlefield Vietnam(TM)
    Battlelog Web Plugins
    BattlEye for OA Uninstall
    BattlEye Uninstall
    BioShock
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Call of Duty(R) - World at War(TM) 1.1 Patch
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.3 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) - World at War(TM) 1.5 Patch
    Call of Duty(R) - World at War(TM) 1.6 Patch
    Call of Duty(R) - World at War(TM) 1.7 Patch
    Cheat Engine 6.1
    Cities XL 2012
    Counter-Strike: Source
    CraftBukkit
    Creative Audio Control Panel
    Creative Sound Blaster Properties x64 Edition
    DAEMON Tools Pro
    Day of Defeat: Source
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destination Component
    DeviceDiscovery
    Diablo II
    Disktrix UltimateDefrag 3.0
    DivX Setup
    DocMgr
    DocProc
    ESN Sonar
    Europa Universalis III
    EVGA Precision 2.0.3
    Farming Simulator 2011
    Fax
    FormatFactory 2.80
    Garry's Mod
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    Grand Theft Auto IV
    Grand Theft Auto Vice City
    GTA2
    HiJackThis
    Host OpenAL (ADI)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Update
    HPProductAssistant
    iPhoneBrowser
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    K-Lite Mega Codec Pack 8.1.0
    LAME v3.99.3 (for Windows)
    LogMeIn Hamachi
    Magic ISO Maker v5.5 (build 0274)
    Magicka
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Max Payne 3
    Max Payne 3 version 1.02
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Corporation
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Skype Recorder
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nexon Game Manager
    NVIDIA 3D Vision Controller Driver
    NVIDIA ForceWare Network Access Manager
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Octodad
    ooVoo
    Origin
    Pando Media Booster
    PDF Settings CS5
    Photo Story 3 for Windows
    ProductContext
    PunkBuster for Battlefield 1942
    PunkBuster for Battlefield Vietnam
    PunkBuster Services
    QuickTime
    Rainmeter
    RAR Password Recovery v1.1 RC16 (remove only)
    Rockstar Games Social Club
    Roller Coaster Tycoon 2 (Full)
    Roller Coaster Tycoon 3 Platinum - CarlesNeo !
    Rosetta Stone Version 3
    Saints Row. The Third 1.0
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Shutdown Timer
    Sid Meier's Civilization V
    Skype Click to Call
    Skype™ 5.8
    SmartWebPrinting
    SolutionCenter
    SoundMAX
    Spiral Knights
    Spotify
    StarCraft II
    Status
    Steam
    SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
    Team Fortress 2
    TeamSpeak 3 Client
    Terraria
    Toolbox
    Total War: SHOGUN 2
    TrayApp
    Tropico 3: Absolute Power
    Tunatic
    Ubisoft Game Launcher
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    Victoria 2
    Victoria II A House Divided 2.1
    Videora iPod touch Converter 6
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.10
    Vuze
    WebReg
    WinDirStat 1.1.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2012 11:21:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.
    6/9/2012 11:21:48 AM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/9/2012 11:21:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
    6/9/2012 11:08:53 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/9/2012 11:07:55 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 Beep i8042prt spldr sptd Wanarpv6
    6/9/2012 11:07:55 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/9/2012 11:07:55 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    6/9/2012 11:07:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/9/2012 11:07:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/9/2012 11:07:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/9/2012 11:07:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/9/2012 11:06:53 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    6/9/2012 11:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    6/9/2012 11:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/9/2012 11:05:50 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    6/7/2012 9:03:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00235490E80A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    6/7/2012 9:01:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 00235490E80A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    6/11/2012 8:38:31 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    6/11/2012 8:36:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt
    6/11/2012 8:36:13 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/11/2012 8:36:13 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/11/2012 8:36:13 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/11/2012 10:05:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 00235490E80A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    I still need GMER log.
  3. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    Oops. My mistake, sorry about that.

    Here it is:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-11 10:05:00
    Windows 6.0.6002 Service Pack 2
    Running: rfghzz7h.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6C 0x1A 0x81 0xC1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xC8 0x9E 0x6C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x47 0x37 0x04 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6C 0x1A 0x81 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xC8 0x9E 0x6C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x47 0x37 0x04 ...

    ---- EOF - GMER 1.0.15 ----
  4. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    Alright I have those done, here they are:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...




    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-11 12:57:58
    -----------------------------
    12:57:58.401 OS Version: Windows x64 6.0.6002 Service Pack 2
    12:57:58.401 Number of processors: 4 586 0x203
    12:57:58.401 ComputerName: ADAM-PC UserName: Adam
    12:58:03.796 Initialize success
    13:00:09.488 AVAST engine defs: 12061100
    13:00:19.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    13:00:19.562 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    13:00:19.565 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
    13:00:19.566 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
    13:00:19.569 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
    13:00:19.572 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
    13:00:19.601 Disk 0 MBR read successfully
    13:00:19.604 Disk 0 MBR scan
    13:00:19.608 Disk 0 Windows VISTA default MBR code
    13:00:19.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
    13:00:19.640 Disk 0 scanning C:\Windows\system32\drivers
    13:00:36.490 Service scanning
    13:01:04.741 Modules scanning
    13:01:04.750 Disk 0 trace - called modules:
    13:01:04.777 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80051aa2c0]<<spcb.sys ataport.SYS pciide.sys
    13:01:04.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058b4790]
    13:01:04.786 3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> [0xfffffa80052ec270]
    13:01:04.790 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8005385060]
    13:01:04.794 \Driver\atapi[0xfffffa80052ec490] -> IRP_MJ_CREATE -> 0xfffffa80051aa2c0
    13:01:09.114 AVAST engine scan C:\Windows
    13:01:18.247 AVAST engine scan C:\Windows\system32
    13:04:49.975 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    13:04:56.019 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    13:08:04.664 AVAST engine scan C:\Windows\system32\drivers
    13:08:38.082 AVAST engine scan C:\Users\Adam
    13:16:36.948 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
    13:16:36.956 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"
  6. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    Here's the ComboFix Log:

    ComboFix 11-11-10.03 - Adam 11/10/2011 17:31:55.1.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2420 [GMT -5:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Adam\AppData\Roaming\mm
    c:\windows\iun6002.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-10 22:20 . 2011-11-10 22:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B18F277-16F0-4F1A-AA53-6E393C3AA577}\offreg.dll
    2011-11-10 21:41 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-10 21:41 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-10 21:41 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2011-11-10 21:41 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-10 21:41 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
    2011-11-10 21:41 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-10 03:26 . 2011-11-10 03:27 -------- d-----w- C:\FRST
    2011-11-04 23:39 . 2011-11-04 23:39 -------- d-----w- C:\$AVG
    2011-11-04 23:32 . 2011-11-04 23:33 -------- d-----w- c:\users\Adam\AppData\Roaming\AVG
    2011-11-04 22:46 . 2011-11-10 22:19 -------- d-----w- c:\programdata\AVG2012
    2011-11-04 22:40 . 2011-11-04 22:40 -------- d--h--w- c:\programdata\Common Files
    2011-11-04 22:40 . 2011-11-10 22:11 -------- d-----w- c:\programdata\MFAData
    2011-11-04 20:58 . 2011-11-04 20:58 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
    2011-11-04 20:58 . 2011-11-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
    2011-11-04 18:32 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B18F277-16F0-4F1A-AA53-6E393C3AA577}\mpengine.dll
    2011-11-04 00:00 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2011-11-04 00:00 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2011-11-04 00:00 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2011-11-04 00:00 . 2003-02-27 20:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2011-11-04 00:00 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2011-11-04 00:00 . 2011-11-04 00:00 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2011-11-04 00:00 . 2011-11-04 00:00 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2011-10-31 20:01 . 2011-10-31 20:01 503 ----a-w- c:\programdata\1320091276.bdinstall.bin
    2011-10-31 19:58 . 2011-10-31 19:58 -------- d-----w- c:\program files\Common Files\Bitdefender
    2011-10-30 21:41 . 2011-11-10 22:21 -------- d-----w- c:\users\Adam\AppData\Local\LogMeIn Hamachi
    2011-10-30 21:39 . 2011-10-30 21:39 -------- d-----w- c:\program files (x86)\Hamachi
    2011-10-30 19:28 . 2011-10-30 19:28 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2011-10-30 19:27 . 2011-10-30 19:27 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-30 19:27 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-28 01:33 . 2011-10-28 01:33 -------- d-----w- c:\programdata\Creative Labs
    2011-10-27 22:38 . 2011-10-27 22:38 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-10-17 23:21 . 2011-10-17 23:21 -------- d-----w- c:\program files (x86)\AnalogX
    2011-10-16 23:55 . 2011-10-16 23:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2011-10-15 21:42 . 2011-10-15 21:42 -------- d-----w- c:\program files\iPod
    2011-10-15 21:42 . 2011-10-15 21:43 -------- d-----w- c:\program files\iTunes
    2011-10-15 21:42 . 2011-10-15 21:43 -------- d-----w- c:\program files (x86)\iTunes
    2011-10-15 21:36 . 2011-10-15 21:36 -------- d-----w- c:\program files\Bonjour
    2011-10-15 21:36 . 2011-10-15 21:36 -------- d-----w- c:\program files (x86)\Bonjour
    2011-10-12 19:45 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 19:45 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 19:45 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 19:45 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 19:45 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-12 19:45 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-12 19:45 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
    2011-10-12 19:45 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-16 15:30 . 2011-06-17 03:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-09 13:42 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-10-09 13:42 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-05 23:24 . 2011-06-23 01:47 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-10-05 23:24 . 2011-06-21 00:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-10-05 21:48 . 2011-06-21 00:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-10-03 09:06 . 2011-06-18 20:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-29 20:25 . 2011-06-21 00:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-09-09 23:39 . 2011-06-17 03:10 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-09-09 23:39 . 2011-06-17 03:10 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-09-09 23:39 . 2011-06-17 03:10 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-09-09 23:39 . 2011-06-17 03:10 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-09-05 17:05 . 2011-09-05 17:05 53656 ----a-w- c:\windows\system32\AdobePDF.dll
    2011-09-05 17:04 . 2011-09-05 17:04 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-15 1242448]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-7-24 102912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-09 79360]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2011-08-15 2329480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 20:35]
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 20:35]
    .
    2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000Core.job
    - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 19:09]
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000UA.job
    - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 19:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\3gp9yy3b.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    AddRemove-Battlecraft 19422.1 - c:\windows\iun6002.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-593570071-605911810-3574683811-1000\Software\SecuROM\License information*]
    "datasecu"=hex:56,47,6d,bc,d1,17,c2,eb,cf,1f,1c,24,20,54,2e,bd,2f,75,a9,d6,f4,
    e9,22,b8,cc,52,3c,84,2f,67,a3,5b,86,21,7b,2a,7e,37,24,d4,3b,fa,46,da,c9,b8,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\06\01\14\11&2?"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    Completion time: 2011-11-10 17:42:59
    ComboFix-quarantined-files.txt 2011-11-10 22:42
    .
    Pre-Run: 559,802,859,520 bytes free
    Post-Run: 559,718,985,728 bytes free
    .
    - - End Of File - - B9382736B42483DF61A00D56E314EDCA
  8. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please post fresh aswMBR log.
  9. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    I'm not sure about this aswMBR scan. I've been running it for about four hours now, and it' still going. It's been scanning C:\ProgramData\NVIDIA\Updatus\WLMerger.exe for roughly an hour and a half. That file is only 185 KB. How do I know if the scan is done?
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Try to run it from safe mode.
  11. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    The option that says AV Scan should be set at Quickscan, correct?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Yes. Don't change any settings.
  13. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    Okay here is the log. I think it's done right this time.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-11 14:15:39
    -----------------------------
    14:15:39.459 OS Version: Windows x64 6.0.6002 Service Pack 2
    14:15:39.459 Number of processors: 4 586 0x203
    14:15:39.460 ComputerName: ADAM-PC UserName: Adam
    14:15:43.877 Initialize success
    14:15:54.849 AVAST engine defs: 12061100
    14:16:00.318 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    14:16:00.321 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    14:16:00.323 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
    14:16:00.325 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
    14:16:00.327 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
    14:16:00.329 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
    14:16:00.379 Disk 0 MBR read successfully
    14:16:00.382 Disk 0 MBR scan
    14:16:00.386 Disk 0 Windows VISTA default MBR code
    14:16:00.408 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
    14:16:00.504 Disk 0 scanning C:\Windows\system32\drivers
    14:16:24.958 Service scanning
    14:16:49.660 Modules scanning
    14:16:49.667 Disk 0 trace - called modules:
    14:16:49.699 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80051aa2c0]<<spcb.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:16:49.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058b4790]
    14:16:49.708 3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> [0xfffffa80052ec270]
    14:16:49.713 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8005385060]
    14:16:49.717 \Driver\atapi[0xfffffa80052ec490] -> IRP_MJ_CREATE -> 0xfffffa80051aa2c0
    14:16:51.274 AVAST engine scan C:\Windows
    14:17:53.305 AVAST engine scan C:\Windows\system32
    14:21:59.360 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    14:22:03.666 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    14:25:12.617 AVAST engine scan C:\Windows\system32\drivers
    14:26:17.015 AVAST engine scan C:\Users\Adam
    16:14:32.781 AVAST engine scan C:\ProgramData
    18:12:58.926 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
    18:12:59.001 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-11 18:18:32
    -----------------------------
    18:18:32.989 OS Version: Windows x64 6.0.6002 Service Pack 2
    18:18:32.989 Number of processors: 4 586 0x203
    18:18:33.005 ComputerName: ADAM-PC UserName: Adam
    18:18:44.970 Initialize success
    18:19:07.746 AVAST engine defs: 12061100
    18:26:31.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    18:26:31.550 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    18:26:31.553 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
    18:26:31.555 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
    18:26:31.557 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
    18:26:31.560 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
    18:26:31.604 Disk 0 MBR read successfully
    18:26:31.607 Disk 0 MBR scan
    18:26:31.611 Disk 0 Windows VISTA default MBR code
    18:26:31.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
    18:26:31.663 Disk 0 scanning C:\Windows\system32\drivers
    18:26:42.379 Service scanning
    18:27:07.012 Modules scanning
    18:27:07.012 Disk 0 trace - called modules:
    18:27:07.043 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    18:27:07.043 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005560060]
    18:27:07.043 3 CLASSPNP.SYS[fffffa60011d4c33] -> nt!IofCallDriver -> [0xfffffa80052ba520]
    18:27:07.059 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80052c7060]
    18:27:08.743 AVAST engine scan C:\Windows
    18:27:12.784 AVAST engine scan C:\Windows\system32
    18:30:09.376 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    18:30:12.511 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    18:32:21.196 AVAST engine scan C:\Windows\system32\drivers
    18:33:15.109 AVAST engine scan C:\Users\Adam
    19:29:56.591 AVAST engine scan C:\ProgramData
    19:51:38.146 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
    19:51:38.146 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"
  14. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    The infection seems to still be there.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
  15. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    This log is going to have to be split into two parts because it goes over the character limit, so here is part one:

    Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
    Ran by Adam at 11-06-2012 20:10:21
    Running from C:\Users\Adam\Desktop
    Service Pack 2 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

    ========================== Registry (Whitelisted) =============

    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
    HKU\Mcx1\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
    HKU\Mcx1\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
    HKU\Mcx1\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
    HKU\Mcx1\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]
    HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-11] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
    HKU\UpdatusUser\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
    HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
    HKU\UpdatusUser\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell] [x ] ()
    HKLM-x32\...\Winlogon: [Shell] [x ] ()
    HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
    HKLM\...\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess
    Startup: C:\Users\Adam\Start Menu\Programs\Startup\fliptoast.lnk
    ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-11 18:12 - 2012-06-11 19:51 - 00004787 ____A C:\Users\Adam\Documents\aswMBR.txt
    2012-06-11 18:12 - 2012-06-11 19:51 - 00000512 ____A C:\Users\Adam\Documents\MBR.dat
    2012-06-11 14:05 - 2012-06-11 14:05 - 00000000 ___SD C:\ComboFix
    2012-06-11 14:00 - 2012-06-11 14:00 - 04542341 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe
    2012-06-11 14:00 - 2012-06-11 14:00 - 00000852 ____A C:\Users\Adam\Desktop\ComboFix - Shortcut.lnk
    2012-06-11 13:16 - 2012-06-11 13:16 - 00002379 ____A C:\Users\Adam\Desktop\aswMBR.txt
    2012-06-11 13:16 - 2012-06-11 13:16 - 00000512 ____A C:\Users\Adam\Desktop\MBR.dat
    2012-06-11 12:58 - 2012-06-11 12:58 - 00000514 ____A C:\Users\Adam\Desktop\Bootkit.txt
    2012-06-11 12:57 - 2012-06-11 12:57 - 04731392 ____A (AVAST Software) C:\Users\Adam\Desktop\aswMBR.exe
    2012-06-11 12:56 - 2012-06-11 12:57 - 00054447 ____A C:\Users\Adam\Desktop\bootkit_remover_debug_log.txt
    2012-06-11 12:55 - 2012-06-11 12:56 - 00044607 ____A C:\Users\Adam\Desktop\bootkit_remover.zip
    2012-06-11 10:11 - 2012-06-11 10:11 - 00030359 ____A C:\Users\Adam\Desktop\DDS.txt
    2012-06-11 10:11 - 2012-06-11 10:11 - 00014600 ____A C:\Users\Adam\Desktop\Attach.txt
    2012-06-11 10:05 - 2012-06-11 10:05 - 00002487 ____A C:\Users\Adam\Desktop\gmer.log
    2012-06-11 09:23 - 2012-06-11 09:23 - 00302592 ____A C:\Users\Adam\Desktop\rfghzz7h.exe
    2012-06-10 13:11 - 2012-06-10 13:11 - 00001006 ____A C:\Users\Public\Desktop\Max Payne 3.lnk
    2012-06-10 10:57 - 2012-06-11 01:02 - 00000000 ____D C:\Program Files (x86)\Black_Box
    2012-06-10 04:54 - 2012-06-11 10:06 - 00607260 ____R (Swearware) C:\Users\Adam\Desktop\dds.scr
    2012-06-10 04:53 - 2012-06-10 04:53 - 00050477 ____A C:\Users\Adam\Downloads\Defogger.exe
    2012-06-09 12:13 - 2012-06-09 12:13 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2012-06-09 12:09 - 2012-06-09 12:09 - 01402880 ____A C:\Users\Adam\Downloads\HijackThis.msi
    2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-06-08 13:39 - 2012-06-08 13:39 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-08 13:39 - 2012-06-08 13:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 13:38 - 2012-06-09 11:10 - 00000404 ____A C:\rkill.log
    2012-06-08 11:15 - 2012-06-08 11:15 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
    2012-06-08 11:14 - 2012-06-11 19:57 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-06-08 11:14 - 2012-06-08 11:14 - 00000000 ___HD C:\$AVG
    2012-06-08 11:12 - 2012-06-08 11:12 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-06-08 11:02 - 2012-06-08 11:02 - 03879712 ____A (AVG Technologies) C:\Users\Adam\Downloads\avg_free_stb_all_2012_2178_cnet.exe
    2012-06-08 10:51 - 2012-06-08 10:52 - 25907319 ____A C:\Users\Adam\Downloads\354213231432lnnfx.rar
    2012-06-07 21:54 - 2012-06-07 21:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-06-07 21:29 - 2012-06-08 01:52 - 471786357 ____A C:\Users\Adam\Downloads\195753258dcandupd.rar
    2012-06-07 20:51 - 2012-06-07 20:51 - 00363236 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0F07.txt
    2012-06-07 20:51 - 2012-06-07 20:51 - 00011234 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0F07.txt
    2012-06-06 21:59 - 2012-06-06 21:59 - 00000132 ____A C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-06-06 19:31 - 2012-06-06 19:31 - 00000031 ____A C:\Users\Adam\Documents\Email Password.txt
    2012-06-06 18:26 - 2012-06-06 18:26 - 00013772 ____A C:\Users\Adam\Documents\Political problems.docx
    2012-06-06 17:38 - 2012-06-06 18:26 - 00013765 ____A C:\Users\Adam\Downloads\Political problems.docx
    2012-06-05 18:46 - 2012-06-05 18:46 - 00361316 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI12F6.txt
    2012-06-05 18:46 - 2012-06-05 18:46 - 00011154 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI12F6.txt
    2012-06-04 20:14 - 2012-06-04 20:14 - 00000000 ____D C:\Program Files (x86)\Photo Story 3 for Windows
    2012-06-04 20:12 - 2012-06-04 20:11 - 05271552 ____A C:\Users\Adam\Downloads\Pstory.msi
    2012-06-04 20:10 - 2012-06-04 20:10 - 00463080 ____A (CNET Download.com) C:\Users\Adam\Downloads\cnet_Pstory_msi.exe
    2012-06-04 20:10 - 2012-06-04 20:10 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 46396.crdownload
    2012-06-03 21:28 - 2012-06-03 21:31 - 70166650 ____A C:\Users\Adam\Downloads\CamMeekins.zip
    2012-06-02 23:24 - 2012-06-09 12:17 - 00000000 ____D C:\Program Files (x86)\TightVNC
    2012-06-02 23:23 - 2012-06-02 23:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Downloaded Installations
    2012-06-02 23:22 - 2012-06-02 23:23 - 21178512 ____A (Wyse Technology) C:\Users\Adam\Downloads\PocketCloud Windows Companion_v2.4.19.exe
    2012-06-02 21:59 - 2012-06-02 22:01 - 00000000 ____D C:\Users\Adam\Documents\eCommerce
    2012-06-02 14:18 - 2012-06-02 14:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-02 12:48 - 2012-06-02 22:03 - 00000000 ____D C:\Users\Adam\Documents\12th Grade
    2012-06-01 16:14 - 2012-06-01 16:14 - 05570355 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1 (2).zip
    2012-06-01 16:13 - 2012-06-01 16:13 - 03491763 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1.zip
    2012-05-28 22:00 - 2012-05-28 22:00 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium
    2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
    2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Program Files (x86)\iPhoneBrowser
    2012-05-28 21:40 - 2012-05-28 21:40 - 00564211 ____A C:\Users\Adam\Downloads\SetupiPhoneBrowser.1.93.exe
    2012-05-28 21:40 - 2012-05-28 21:40 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 25141.crdownload
    2012-05-26 16:16 - 2012-05-26 16:16 - 00000000 ____D C:\Users\Adam\Documents\Paradox Interactive
    2012-05-26 07:45 - 2012-05-26 07:45 - 00000000 ____D C:\Users\Adam\AppData\Local\libimobiledevice
    2012-05-25 19:11 - 2012-05-26 16:12 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
    2012-05-25 19:07 - 2011-03-25 12:17 - 00000071 ____A C:\Users\Adam\Downloads\fan-eu3c.cue
    2012-05-25 19:06 - 2011-03-25 08:25 - 747573792 ____A C:\Users\Adam\Downloads\fan-eu3c.bin
    2012-05-25 18:56 - 2012-05-25 19:00 - 00000000 ____D C:\Users\Adam\Documents\RCT3
    2012-05-25 18:56 - 2012-05-25 18:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Atari
    2012-05-25 18:45 - 2012-05-25 19:33 - 00000000 ____D C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
    2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashRpt
    2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
    2012-05-25 14:57 - 2012-05-25 14:57 - 00365992 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI083B.txt
    2012-05-25 14:57 - 2012-05-25 14:57 - 00357232 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI085B.txt
    2012-05-25 14:57 - 2012-05-25 14:57 - 00011690 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI085B.txt
    2012-05-25 14:57 - 2012-05-25 14:57 - 00011402 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI083B.txt
    2012-05-23 20:30 - 2012-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-05-23 20:26 - 2012-05-23 20:26 - 03857920 ____A C:\Users\Adam\Downloads\hamachi.msi
    2012-05-22 19:44 - 2012-05-15 06:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-22 19:44 - 2012-05-15 06:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-22 19:44 - 2012-05-15 06:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-22 19:44 - 2012-04-18 13:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-05-22 19:44 - 2012-04-18 13:08 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
    2012-05-22 19:44 - 2012-04-18 13:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-05-22 19:39 - 2012-05-22 19:42 - 168454136 ____A (NVIDIA Corporation) C:\Users\Adam\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
    2012-05-22 15:15 - 2012-05-22 15:15 - 00028649 ____A C:\Users\Adam\Downloads\Joseph_Campbell_-_The_Hero's_Journey_[DivX-AC3].torrent
    2012-05-21 19:40 - 2012-05-21 19:41 - 19046064 ____A (GIANTS Software ) C:\Users\Adam\Downloads\FarmingSimulator2011Patch2.2EN.exe
    2012-05-21 19:30 - 2012-05-21 19:46 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2011
    2012-05-21 15:43 - 2012-05-21 15:43 - 05536064 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner (1).exe
    2012-05-20 22:59 - 2012-05-20 22:59 - 00000162 ___AH C:\Users\Adam\Documents\~$yisics Bike Project.docx
    2012-05-20 00:17 - 2012-05-20 00:17 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC (1).pdf
    2012-05-19 20:06 - 2012-05-19 20:06 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC.pdf
    2012-05-19 15:48 - 2012-05-19 15:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft_xray
    2012-05-19 15:33 - 2012-05-19 15:33 - 00000000 ____D C:\Program Files\7-Zip
    2012-05-19 15:32 - 2012-05-19 15:32 - 01376768 ____A C:\Users\Adam\Downloads\7z920-x64.msi
    2012-05-19 15:17 - 2012-05-19 15:17 - 00036559 ____A C:\Users\Adam\Downloads\xray_12.7.zip
    2012-05-19 15:11 - 2012-05-19 15:11 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-05-19 15:11 - 2012-05-19 15:11 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-05-19 15:11 - 2012-05-19 15:11 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-05-19 15:11 - 2012-05-19 15:11 - 00000000 ____D C:\Program Files\Java
    2012-05-19 15:09 - 2012-05-19 15:09 - 21865936 ____A (Oracle Corporation) C:\Users\Adam\Downloads\jre-7u4-windows-x64.exe
    2012-05-19 14:42 - 2012-05-19 14:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bertware
    2012-05-19 14:30 - 2012-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-19 14:29 - 2012-05-19 14:29 - 00000000 ____D C:\Program Files (x86)\Java
    2012-05-19 14:29 - 2012-04-04 18:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-05-19 14:28 - 2012-05-19 14:28 - 00892360 ____A (Oracle Corporation) C:\Users\Adam\Downloads\chromeinstall-7u4.exe
    2012-05-19 11:00 - 2012-05-19 11:06 - 00000000 ____D C:\Windows\SysWOW64\world_the_end
    2012-05-19 11:00 - 2012-05-19 11:06 - 00000000 ____D C:\Windows\SysWOW64\world_nether
    2012-05-19 11:00 - 2012-05-19 11:06 - 00000000 ____D C:\Windows\SysWOW64\world
    2012-05-19 11:00 - 2012-05-19 11:00 - 00003101 ____A C:\Windows\SysWOW64\server.log
    2012-05-19 11:00 - 2012-05-19 11:00 - 00002576 ____A C:\Windows\SysWOW64\help.yml
    2012-05-19 11:00 - 2012-05-19 11:00 - 00001311 ____A C:\Windows\SysWOW64\bukkit.yml
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000458 ____A C:\Windows\SysWOW64\server.properties
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\plugins
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\white-list.txt
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\permissions.yml
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\ops.txt
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-players.txt
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-ips.txt
    2012-05-19 10:07 - 2012-05-19 10:07 - 00000000 ____D C:\glassfish3
    2012-05-19 10:04 - 2012-05-19 10:06 - 146771704 ____A (Oracle Corporation.) C:\Users\Adam\Downloads\java_ee_sdk-6u4-jdk-windows-x64.exe
    2012-05-19 09:37 - 2012-04-04 18:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-05-19 09:27 - 2012-05-31 23:14 - 00000000 ____D C:\Users\Adam\Desktop\Bukkit Server
    2012-05-18 22:31 - 2012-05-19 15:11 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-05-17 20:29 - 2012-05-17 20:51 - 00000000 ____D C:\multiAVCHD
    2012-05-17 20:27 - 2012-05-17 20:29 - 38514000 ____A C:\Users\Adam\Downloads\multiAVCHD_4.1.exe
    2012-05-16 19:34 - 2012-05-16 19:34 - 05507904 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner.jar
    2012-05-16 18:51 - 2012-05-16 18:51 - 00803612 ____A C:\Users\Adam\Downloads\Rectagon Project v1.rar
    2012-05-16 15:53 - 2012-05-16 15:53 - 00015501 ____A C:\Users\Adam\Downloads\Discovery_LP_[2009]_[Album]_DHZ_Inc_Release-[Demonoid.me]_9268303.3692.torrent
    2012-05-15 02:21 - 2012-05-15 02:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-14 14:58 - 2012-05-14 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\SniperV2
    2012-05-14 14:32 - 2012-05-14 14:32 - 00000000 ____D C:\Program Files (x86)\Rebellion
    2012-05-14 14:08 - 2012-05-14 14:08 - 00000000 ____D C:\Users\Adam\Documents\Sniper Elite V2
    2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-13 22:54 - 2012-05-13 22:54 - 00029078 ____A C:\Users\Adam\Downloads\_=Demonoid.me=_-Sniper_Elite_V2_SKIDROW_9268303.3692.torrent
    2012-05-12 11:54 - 2012-05-13 14:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tropico 4
    2012-05-12 11:48 - 2012-05-12 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kalypso Media
  16. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    ============ 3 Months Modified Files and Folders =============

    2012-06-11 20:10 - 2011-11-09 23:26 - 00000000 ____D C:\FRST
    2012-06-11 20:09 - 2012-06-11 20:09 - 01402035 ____A C:\Users\Adam\Desktop\FRST64.exe
    2012-06-11 20:07 - 2011-09-22 16:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-11 20:03 - 2011-06-18 15:31 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype
    2012-06-11 19:57 - 2012-06-08 11:14 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-06-11 19:57 - 2012-04-21 18:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\uTorrent
    2012-06-11 19:57 - 2011-11-04 18:40 - 00000000 ____D C:\Users\All Users\MFAData
    2012-06-11 19:54 - 2011-06-18 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-06-11 19:53 - 2011-10-30 17:41 - 00000000 ____D C:\Users\Adam\AppData\Local\LogMeIn Hamachi
    2012-06-11 19:53 - 2011-09-22 16:35 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-11 19:53 - 2011-06-18 13:41 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-11 19:53 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-11 19:53 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-11 19:53 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-11 19:51 - 2012-06-11 18:12 - 00004787 ____A C:\Users\Adam\Documents\aswMBR.txt
    2012-06-11 19:51 - 2012-06-11 18:12 - 00000512 ____A C:\Users\Adam\Documents\MBR.dat
    2012-06-11 18:18 - 2011-10-31 16:33 - 26874912 ____A C:\Windows\ntbtlog.txt
    2012-06-11 18:15 - 2006-11-02 11:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-11 18:14 - 2008-01-20 21:53 - 01264221 ____A C:\Windows\WindowsUpdate.log
    2012-06-11 17:31 - 2012-04-08 10:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-11 17:26 - 2011-06-18 15:09 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000UA.job
    2012-06-11 16:26 - 2011-06-18 15:09 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000Core.job
    2012-06-11 14:05 - 2012-06-11 14:05 - 00000000 ___SD C:\ComboFix
    2012-06-11 14:04 - 2011-11-10 18:29 - 00000000 ____D C:\Windows\ERDNT
    2012-06-11 14:03 - 2011-11-10 18:29 - 00000000 ____D C:\Qoobox
    2012-06-11 14:00 - 2012-06-11 14:00 - 04542341 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe
    2012-06-11 14:00 - 2012-06-11 14:00 - 00000852 ____A C:\Users\Adam\Desktop\ComboFix - Shortcut.lnk
    2012-06-11 13:16 - 2012-06-11 13:16 - 00002379 ____A C:\Users\Adam\Desktop\aswMBR.txt
    2012-06-11 13:16 - 2012-06-11 13:16 - 00000512 ____A C:\Users\Adam\Desktop\MBR.dat
    2012-06-11 12:58 - 2012-06-11 12:58 - 00000514 ____A C:\Users\Adam\Desktop\Bootkit.txt
    2012-06-11 12:57 - 2012-06-11 12:57 - 04731392 ____A (AVAST Software) C:\Users\Adam\Desktop\aswMBR.exe
    2012-06-11 12:57 - 2012-06-11 12:56 - 00054447 ____A C:\Users\Adam\Desktop\bootkit_remover_debug_log.txt
    2012-06-11 12:56 - 2012-06-11 12:55 - 00044607 ____A C:\Users\Adam\Desktop\bootkit_remover.zip
    2012-06-11 12:56 - 2011-09-20 03:02 - 00083968 ____A (Esage Lab) C:\Users\Adam\Desktop\boot_cleaner.exe
    2012-06-11 10:11 - 2012-06-11 10:11 - 00030359 ____A C:\Users\Adam\Desktop\DDS.txt
    2012-06-11 10:11 - 2012-06-11 10:11 - 00014600 ____A C:\Users\Adam\Desktop\Attach.txt
    2012-06-11 10:06 - 2012-06-10 04:54 - 00607260 ____R (Swearware) C:\Users\Adam\Desktop\dds.scr
    2012-06-11 10:05 - 2012-06-11 10:05 - 00002487 ____A C:\Users\Adam\Desktop\gmer.log
    2012-06-11 09:23 - 2012-06-11 09:23 - 00302592 ____A C:\Users\Adam\Desktop\rfghzz7h.exe
    2012-06-11 01:19 - 2011-10-02 21:23 - 00000000 ____D C:\Users\Adam\Documents\Rockstar Games
    2012-06-11 01:05 - 2011-06-20 15:14 - 00000000 ____D C:\Users\Adam\Documents\Vuze Downloads
    2012-06-11 01:02 - 2012-06-10 10:57 - 00000000 ____D C:\Program Files (x86)\Black_Box
    2012-06-10 13:11 - 2012-06-10 13:11 - 00001006 ____A C:\Users\Public\Desktop\Max Payne 3.lnk
    2012-06-10 10:47 - 2008-01-20 23:26 - 00086186 ____A C:\Windows\PFRO.log
    2012-06-10 04:53 - 2012-06-10 04:53 - 00050477 ____A C:\Users\Adam\Downloads\Defogger.exe
    2012-06-09 12:17 - 2012-06-02 23:24 - 00000000 ____D C:\Program Files (x86)\TightVNC
    2012-06-09 12:13 - 2012-06-09 12:13 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2012-06-09 12:09 - 2012-06-09 12:09 - 01402880 ____A C:\Users\Adam\Downloads\HijackThis.msi
    2012-06-09 11:10 - 2012-06-08 13:38 - 00000404 ____A C:\rkill.log
    2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-06-08 15:38 - 2011-06-16 22:41 - 00001460 ____A C:\Users\Adam\AppData\Local\d3d9caps64.dat
    2012-06-08 13:39 - 2012-06-08 13:39 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-08 13:39 - 2012-06-08 13:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-08 11:29 - 2011-11-04 18:46 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-06-08 11:15 - 2012-06-08 11:15 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
    2012-06-08 11:14 - 2012-06-08 11:14 - 00000000 ___HD C:\$AVG
    2012-06-08 11:12 - 2012-06-08 11:12 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-06-08 11:03 - 2011-06-18 13:41 - 00000000 ____D C:\users\UpdatusUser
    2012-06-08 11:02 - 2012-06-08 11:02 - 03879712 ____A (AVG Technologies) C:\Users\Adam\Downloads\avg_free_stb_all_2012_2178_cnet.exe
    2012-06-08 10:52 - 2012-06-08 10:51 - 25907319 ____A C:\Users\Adam\Downloads\354213231432lnnfx.rar
    2012-06-08 01:52 - 2012-06-07 21:29 - 471786357 ____A C:\Users\Adam\Downloads\195753258dcandupd.rar
    2012-06-07 21:54 - 2012-06-07 21:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-06-07 21:21 - 2011-07-07 16:06 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2012-06-07 20:51 - 2012-06-07 20:51 - 00363236 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0F07.txt
    2012-06-07 20:51 - 2012-06-07 20:51 - 00011234 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0F07.txt
    2012-06-07 20:51 - 2011-06-18 23:15 - 00202217 ____A C:\Windows\DirectX.log
    2012-06-07 20:18 - 2011-11-13 09:13 - 00000000 ____D C:\Users\All Users\Rockstar Games
    2012-06-07 20:18 - 2011-06-16 23:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-06 21:59 - 2012-06-06 21:59 - 00000132 ____A C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-06-06 21:16 - 2012-04-25 22:53 - 00000000 ____D C:\Users\Adam\AppData\Local\Spotify
    2012-06-06 21:16 - 2012-04-25 22:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spotify
    2012-06-06 19:31 - 2012-06-06 19:31 - 00000031 ____A C:\Users\Adam\Documents\Email Password.txt
    2012-06-06 18:26 - 2012-06-06 18:26 - 00013772 ____A C:\Users\Adam\Documents\Political problems.docx
    2012-06-06 18:26 - 2012-06-06 17:38 - 00013765 ____A C:\Users\Adam\Downloads\Political problems.docx
    2012-06-05 18:46 - 2012-06-05 18:46 - 00361316 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI12F6.txt
    2012-06-05 18:46 - 2012-06-05 18:46 - 00011154 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI12F6.txt
    2012-06-04 20:14 - 2012-06-04 20:14 - 00000000 ____D C:\Program Files (x86)\Photo Story 3 for Windows
    2012-06-04 20:11 - 2012-06-04 20:12 - 05271552 ____A C:\Users\Adam\Downloads\Pstory.msi
    2012-06-04 20:10 - 2012-06-04 20:10 - 00463080 ____A (CNET Download.com) C:\Users\Adam\Downloads\cnet_Pstory_msi.exe
    2012-06-04 20:10 - 2012-06-04 20:10 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 46396.crdownload
    2012-06-03 21:31 - 2012-06-03 21:28 - 70166650 ____A C:\Users\Adam\Downloads\CamMeekins.zip
    2012-06-02 23:33 - 2011-07-24 20:46 - 00000000 ____D C:\Users\Adam\Documents\11th Grade
    2012-06-02 23:23 - 2012-06-02 23:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Downloaded Installations
    2012-06-02 23:23 - 2012-06-02 23:22 - 21178512 ____A (Wyse Technology) C:\Users\Adam\Downloads\PocketCloud Windows Companion_v2.4.19.exe
    2012-06-02 22:03 - 2012-06-02 12:48 - 00000000 ____D C:\Users\Adam\Documents\12th Grade
    2012-06-02 22:01 - 2012-06-02 21:59 - 00000000 ____D C:\Users\Adam\Documents\eCommerce
    2012-06-02 19:50 - 2011-08-04 19:23 - 00000000 ____D C:\Program Files (x86)\EA GAMES
    2012-06-02 16:02 - 2011-06-20 13:39 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Azureus
    2012-06-02 14:19 - 2012-06-02 14:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-01 16:14 - 2012-06-01 16:14 - 05570355 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1 (2).zip
    2012-06-01 16:13 - 2012-06-01 16:13 - 03491763 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1.zip
    2012-05-31 23:14 - 2012-05-19 09:27 - 00000000 ____D C:\Users\Adam\Desktop\Bukkit Server
    2012-05-30 19:09 - 2011-06-21 09:35 - 00031232 ____A C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-29 21:41 - 2006-11-02 08:46 - 00759910 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-05-29 21:37 - 2012-02-22 19:07 - 00000000 ____D C:\users\UpdatusUser.Adam-PC
    2012-05-28 22:00 - 2012-05-28 22:00 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium
    2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
    2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Program Files (x86)\iPhoneBrowser
    2012-05-28 21:40 - 2012-05-28 21:40 - 00564211 ____A C:\Users\Adam\Downloads\SetupiPhoneBrowser.1.93.exe
    2012-05-28 21:40 - 2012-05-28 21:40 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 25141.crdownload
    2012-05-26 16:16 - 2012-05-26 16:16 - 00000000 ____D C:\Users\Adam\Documents\Paradox Interactive
    2012-05-26 16:12 - 2012-05-25 19:11 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
    2012-05-26 12:49 - 2011-06-22 21:47 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-05-26 12:49 - 2011-06-20 20:55 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-05-26 07:45 - 2012-05-26 07:45 - 00000000 ____D C:\Users\Adam\AppData\Local\libimobiledevice
    2012-05-25 20:48 - 2011-07-18 10:54 - 00000000 ____D C:\Users\Adam\Desktop\Shortcuts
    2012-05-25 20:42 - 2011-06-20 20:55 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-05-25 19:33 - 2012-05-25 18:45 - 00000000 ____D C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
    2012-05-25 19:00 - 2012-05-25 18:56 - 00000000 ____D C:\Users\Adam\Documents\RCT3
    2012-05-25 18:56 - 2012-05-25 18:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Atari
    2012-05-25 17:34 - 2011-06-18 16:50 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft
    2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashRpt
    2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
    2012-05-25 14:59 - 2011-06-20 21:02 - 00000000 ____D C:\Users\Adam\AppData\Local\PunkBuster
    2012-05-25 14:58 - 2011-07-24 19:26 - 00000000 ____D C:\Users\Adam\Documents\My Games
    2012-05-25 14:57 - 2012-05-25 14:57 - 00365992 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI083B.txt
    2012-05-25 14:57 - 2012-05-25 14:57 - 00357232 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI085B.txt
    2012-05-25 14:57 - 2012-05-25 14:57 - 00011690 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI085B.txt
    2012-05-25 14:57 - 2012-05-25 14:57 - 00011402 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI083B.txt
    2012-05-25 14:57 - 2011-06-20 20:55 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-23 20:31 - 2011-06-18 15:10 - 00002037 ____A C:\Users\Adam\Desktop\Google Chrome.lnk
    2012-05-23 20:30 - 2012-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-05-23 20:26 - 2012-05-23 20:26 - 03857920 ____A C:\Users\Adam\Downloads\hamachi.msi
    2012-05-22 19:54 - 2011-06-18 13:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-05-22 19:53 - 2011-06-16 22:41 - 00000000 ____D C:\users\Adam
    2012-05-22 19:47 - 2011-06-16 23:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-05-22 19:42 - 2012-05-22 19:39 - 168454136 ____A (NVIDIA Corporation) C:\Users\Adam\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
    2012-05-22 15:15 - 2012-05-22 15:15 - 00028649 ____A C:\Users\Adam\Downloads\Joseph_Campbell_-_The_Hero's_Journey_[DivX-AC3].torrent
    2012-05-21 19:46 - 2012-05-21 19:30 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2011
    2012-05-21 19:41 - 2012-05-21 19:40 - 19046064 ____A (GIANTS Software ) C:\Users\Adam\Downloads\FarmingSimulator2011Patch2.2EN.exe
    2012-05-21 15:43 - 2012-05-21 15:43 - 05536064 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner (1).exe
    2012-05-20 22:59 - 2012-05-20 22:59 - 00000162 ___AH C:\Users\Adam\Documents\~$yisics Bike Project.docx
    2012-05-20 00:45 - 2011-07-08 11:43 - 00000000 ____D C:\Program Files (x86)\Computer Tools
    2012-05-20 00:17 - 2012-05-20 00:17 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC (1).pdf
    2012-05-19 20:06 - 2012-05-19 20:06 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC.pdf
    2012-05-19 15:48 - 2012-05-19 15:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft_xray
    2012-05-19 15:33 - 2012-05-19 15:33 - 00000000 ____D C:\Program Files\7-Zip
    2012-05-19 15:32 - 2012-05-19 15:32 - 01376768 ____A C:\Users\Adam\Downloads\7z920-x64.msi
    2012-05-19 15:17 - 2012-05-19 15:17 - 00036559 ____A C:\Users\Adam\Downloads\xray_12.7.zip
    2012-05-19 15:11 - 2012-05-19 15:11 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-05-19 15:11 - 2012-05-19 15:11 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-05-19 15:11 - 2012-05-19 15:11 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-05-19 15:11 - 2012-05-19 15:11 - 00000000 ____D C:\Program Files\Java
    2012-05-19 15:11 - 2012-05-18 22:31 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-05-19 15:11 - 2011-12-06 16:35 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-05-19 15:09 - 2012-05-19 15:09 - 21865936 ____A (Oracle Corporation) C:\Users\Adam\Downloads\jre-7u4-windows-x64.exe
    2012-05-19 14:42 - 2012-05-19 14:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bertware
    2012-05-19 14:30 - 2012-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-19 14:29 - 2012-05-19 14:29 - 00000000 ____D C:\Program Files (x86)\Java
    2012-05-19 14:28 - 2012-05-19 14:28 - 00892360 ____A (Oracle Corporation) C:\Users\Adam\Downloads\chromeinstall-7u4.exe
    2012-05-19 11:06 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\world_the_end
    2012-05-19 11:06 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\world_nether
    2012-05-19 11:06 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\world
    2012-05-19 11:00 - 2012-05-19 11:00 - 00003101 ____A C:\Windows\SysWOW64\server.log
    2012-05-19 11:00 - 2012-05-19 11:00 - 00002576 ____A C:\Windows\SysWOW64\help.yml
    2012-05-19 11:00 - 2012-05-19 11:00 - 00001311 ____A C:\Windows\SysWOW64\bukkit.yml
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000458 ____A C:\Windows\SysWOW64\server.properties
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\plugins
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\white-list.txt
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\permissions.yml
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\ops.txt
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-players.txt
    2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-ips.txt
    2012-05-19 10:07 - 2012-05-19 10:07 - 00000000 ____D C:\glassfish3
    2012-05-19 10:06 - 2012-05-19 10:04 - 146771704 ____A (Oracle Corporation.) C:\Users\Adam\Downloads\java_ee_sdk-6u4-jdk-windows-x64.exe
    2012-05-19 09:37 - 2011-06-16 22:42 - 00000000 ____D C:\Users\Adam\AppData\LocalLow
    2012-05-17 20:51 - 2012-05-17 20:29 - 00000000 ____D C:\multiAVCHD
    2012-05-17 20:29 - 2012-05-17 20:27 - 38514000 ____A C:\Users\Adam\Downloads\multiAVCHD_4.1.exe
    2012-05-16 20:21 - 2011-06-16 22:43 - 00101232 ____A C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-16 20:20 - 2006-11-02 11:21 - 04931736 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-16 19:34 - 2012-05-16 19:34 - 05507904 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner.jar
    2012-05-16 18:51 - 2012-05-16 18:51 - 00803612 ____A C:\Users\Adam\Downloads\Rectagon Project v1.rar
    2012-05-16 15:53 - 2012-05-16 15:53 - 00015501 ____A C:\Users\Adam\Downloads\Discovery_LP_[2009]_[Album]_DHZ_Inc_Release-[Demonoid.me]_9268303.3692.torrent
    2012-05-15 06:48 - 2012-05-22 19:44 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 06:48 - 2012-05-22 19:44 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 06:48 - 2012-05-22 19:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 06:48 - 2012-02-22 19:01 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 06:48 - 2012-02-22 19:01 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 06:48 - 2011-08-15 21:07 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 06:48 - 2011-08-15 21:07 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 06:48 - 2011-06-18 13:38 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 06:48 - 2011-06-18 13:38 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 06:48 - 2011-06-18 13:38 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 06:48 - 2011-06-18 13:38 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 05:29 - 2011-06-18 13:40 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 05:29 - 2011-06-18 13:40 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 05:29 - 2011-06-18 13:40 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 05:29 - 2011-06-18 13:40 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 05:28 - 2011-06-18 13:40 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-15 02:21 - 2012-05-15 02:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-14 14:59 - 2012-05-14 14:58 - 00000000 ____D C:\Users\Adam\AppData\Local\SniperV2
    2012-05-14 14:57 - 2011-08-26 14:57 - 00000000 ____D C:\Users\Adam\AppData\Local\SKIDROW
    2012-05-14 14:32 - 2012-05-14 14:32 - 00000000 ____D C:\Program Files (x86)\Rebellion
    2012-05-14 14:25 - 2011-11-14 16:10 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
    2012-05-14 14:08 - 2012-05-14 14:08 - 00000000 ____D C:\Users\Adam\Documents\Sniper Elite V2
    2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-13 23:50 - 2011-06-16 23:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-05-13 22:54 - 2012-05-13 22:54 - 00029078 ____A C:\Users\Adam\Downloads\_=Demonoid.me=_-Sniper_Elite_V2_SKIDROW_9268303.3692.torrent
    2012-05-13 14:43 - 2012-05-12 11:54 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tropico 4
    2012-05-12 11:48 - 2012-05-12 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kalypso Media
    2012-05-12 09:50 - 2011-07-04 15:06 - 00000000 ____D C:\Users\Adam\AppData\Local\ArmA 2 OA
    2012-05-12 09:06 - 2012-04-21 18:10 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-05-12 09:06 - 2011-07-03 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-11 23:36 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-05-11 23:36 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-11 23:13 - 2011-07-06 18:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-11 23:13 - 2006-11-02 08:35 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-05-10 20:07 - 2012-05-10 20:07 - 00031178 ____A C:\Users\Adam\Downloads\File-SSBB_Gameplay.jpg
    2012-05-08 21:33 - 2011-07-06 22:51 - 00000000 ____D C:\Users\Adam\AppData\Local\ArmA 2
    2012-05-07 20:01 - 2011-06-23 16:16 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc
    2012-05-07 18:14 - 2012-05-07 18:11 - 00000000 ____D C:\Users\Adam\Downloads\Torrent Files
    2012-05-06 13:49 - 2012-05-06 13:49 - 00000000 ____D C:\Users\Adam\AppData\Local\Spirited_Machine
    2012-05-06 13:37 - 2012-05-06 13:37 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spirited Machine
    2012-05-06 13:36 - 2012-05-06 13:36 - 00000000 ____D C:\Program Files (x86)\Spirited Machine
    2012-05-06 13:33 - 2012-05-06 13:33 - 01036736 ____A C:\Users\Adam\Downloads\ArmA2Launcher-1_4_0_0.zip
    2012-05-06 13:22 - 2012-05-06 13:22 - 00000000 ____D C:\Users\Adam\Documents\BigBrothaThunda
    2012-05-06 12:57 - 2012-05-06 12:56 - 08329892 ____A C:\Users\Adam\Downloads\ARMA2_OA_Build_92477.zip
    2012-05-06 12:43 - 2011-07-07 10:36 - 00000000 ____D C:\Users\Adam\Documents\ArmA 2 Other Profiles
    2012-05-05 23:44 - 2012-05-05 20:02 - 00000000 ____D C:\Users\Adam\AppData\Local\PMB Files
    2012-05-05 22:18 - 2012-05-05 22:18 - 00000000 ____D C:\Users\All Users\Nexon
    2012-05-05 22:18 - 2012-05-05 21:32 - 00000000 ____D C:\Users\All Users\NexonUS
    2012-05-05 22:15 - 2012-05-05 22:15 - 00000000 ____D C:\Users\Adam\Documents\Vindictus
    2012-05-05 21:49 - 2012-05-05 21:49 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
    2012-05-05 21:29 - 2012-05-05 20:02 - 3658157137 ____A (Nexon) C:\Program Files (x86)\VindictusSetupV152.exe
    2012-05-05 20:02 - 2012-05-05 20:02 - 00000000 ____D C:\Users\All Users\PMB Files
    2012-05-04 17:31 - 2012-04-08 10:31 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 17:31 - 2012-04-08 10:07 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-04 17:31 - 2011-06-16 23:43 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-03 22:35 - 2012-04-21 13:13 - 00000000 ____D C:\Program Files (x86)\Diablo II
    2012-05-02 15:06 - 2012-05-06 12:57 - 08386848 ____A (Igor Pavlov) C:\Users\Adam\Downloads\ARMA2_OA_Build_92477.exe
    2012-05-02 15:06 - 2012-05-06 12:57 - 00022246 ____A C:\Users\Adam\Downloads\changeLog.txt
    2012-05-01 21:59 - 2012-05-01 21:59 - 00000267 ____A C:\Users\Adam\Downloads\wamc.pls
    2012-05-01 20:56 - 2012-05-01 20:56 - 00000000 ____D C:\Users\Adam\Downloads\1773constantmotion
    2012-05-01 20:45 - 2012-05-01 20:05 - 70646616 ____A C:\Users\Adam\Downloads\1773constantmotion.zip
    2012-05-01 16:54 - 2011-06-20 20:39 - 00000000 ____D C:\Program Files (x86)\Activision
    2012-04-30 18:20 - 2012-04-30 18:20 - 00169368 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-04-29 22:18 - 2012-04-29 22:18 - 00001743 ____A C:\Users\Adam\Downloads\cover.gif
    2012-04-28 18:48 - 2012-04-28 17:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bioshock
    2012-04-28 18:01 - 2012-04-28 17:30 - 00000000 ____D C:\Users\Adam\Documents\Bioshock
    2012-04-28 17:41 - 2011-07-27 15:34 - 00000000 ____D C:\Program Files (x86)\2K Games
    2012-04-28 17:39 - 2012-04-28 17:39 - 00019289 ____A C:\Users\Adam\Downloads\BioShock.Update.1.1.CRACKED-DETONATiON.rar.torrent
    2012-04-28 15:41 - 2012-04-28 15:41 - 00034439 ____A C:\Users\Adam\Downloads\Bioshock.torrent
    2012-04-27 21:06 - 2012-04-27 21:06 - 00078680 ____A C:\Users\Adam\AppData\Roaming\icarus-dxdiag.xml
    2012-04-26 21:58 - 2012-04-26 21:38 - 00000000 ____D C:\Users\Adam\Documents\Pirates of the Burning Sea
    2012-04-26 18:59 - 2012-04-26 18:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
    2012-04-26 18:59 - 2012-04-26 18:59 - 00000000 ____D C:\Users\Adam\AppData\Local\SCE
    2012-04-25 15:21 - 2011-06-18 15:30 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-04-25 15:21 - 2011-06-18 15:30 - 00000000 ____D C:\Users\All Users\Skype
    2012-04-24 21:09 - 2012-04-24 21:09 - 00085959 ____A C:\Users\Adam\Downloads\Adam C Higgins Z00673806.pdf
    2012-04-24 21:09 - 2012-04-24 21:09 - 00085959 ____A C:\Users\Adam\Downloads\Adam C Higgins Z00673806 (1).pdf
    2012-04-22 09:28 - 2011-07-25 16:07 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe
    2012-04-22 09:28 - 2011-06-16 23:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Adobe
    2012-04-22 09:06 - 2012-04-22 09:06 - 00000000 ____D C:\Program Files\Adobe
    2012-04-22 09:06 - 2012-04-22 09:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-04-22 09:06 - 2011-07-25 20:07 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
    2012-04-22 09:02 - 2012-04-22 09:02 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
    2012-04-22 09:00 - 2011-07-25 16:06 - 00000000 ____D C:\Users\All Users\Adobe
    2012-04-22 09:00 - 2011-07-25 16:06 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-04-22 08:59 - 2012-04-22 08:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-04-22 08:59 - 2012-04-22 08:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-04-22 08:39 - 2012-04-22 08:39 - 00000000 ____D C:\Users\Adam\AppData\Local\Octodad
    2012-04-21 22:57 - 2012-04-21 22:57 - 00000000 ____D C:\Users\Adam\Documents\Remedy
    2012-04-21 22:46 - 2012-04-21 22:46 - 00000000 ____D C:\Program Files (x86)\Remedy Entertainment
    2012-04-21 22:38 - 2012-04-21 22:38 - 00000000 ____D C:\Users\Adam\Documents\Alan Wake
    2012-04-21 22:23 - 2012-04-21 22:19 - 00000000 ____D C:\Program Files (x86)\Octodad
    2012-04-21 22:14 - 2012-04-21 22:09 - 314885356 ____A C:\Users\Adam\Downloads\OctodadInstallerV1.5.3.exe
    2012-04-21 21:50 - 2012-02-15 16:23 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
    2012-04-21 21:50 - 2012-02-15 16:23 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2012-04-21 21:43 - 2012-02-22 16:44 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
    2012-04-21 18:15 - 2012-04-21 18:15 - 00015286 ____A C:\Users\Adam\Downloads\Okamiden_USA_NDS-CKVGZ.torrent
    2012-04-21 18:15 - 2012-04-21 18:15 - 00000000 ____D C:\Users\Adam\Downloads\uTorrent Files
    2012-04-21 18:00 - 2012-04-21 18:00 - 00080363 ____A C:\Users\Adam\Downloads\Alan.Wake-SKIDROW.torrent
    2012-04-21 15:08 - 2012-04-21 14:30 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tunngle
    2012-04-21 15:04 - 2012-04-21 14:30 - 00000000 ____D C:\Users\All Users\Tunngle
    2012-04-21 14:13 - 2012-04-21 13:20 - 00040494 ____A C:\Windows\DIIUnin.dat
    2012-04-21 14:11 - 2012-04-21 14:08 - 00021840 ___AT C:\Windows\SysWOW64\SIntfNT.dll
    2012-04-21 14:11 - 2012-04-21 14:08 - 00017212 ___AT C:\Windows\SysWOW64\SIntf32.dll
    2012-04-21 14:11 - 2012-04-21 14:08 - 00012067 ___AT C:\Windows\SysWOW64\SIntf16.dll
    2012-04-21 14:07 - 2012-04-21 14:07 - 00001740 ____A C:\Users\UpdatusUser.Adam-PC\Desktop\Diablo II - Lord of Destruction.lnk
    2012-04-21 14:07 - 2012-04-21 14:07 - 00001740 ____A C:\Users\Mcx1\Desktop\Diablo II - Lord of Destruction.lnk
    2012-04-21 13:20 - 2012-04-21 13:20 - 00094208 ____A (Blizzard Entertainment) C:\Windows\DIIUnin.exe
    2012-04-21 13:20 - 2012-04-21 13:20 - 00002829 ____A C:\Windows\DIIUnin.pif
    2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ___HD C:\Windows\msdownld.tmp
    2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ____D C:\Windows\SysWOW64\directx
    2012-04-21 07:49 - 2011-12-31 15:08 - 00566424 ____A C:\Users\Adam\AppData\Local\dd_dotnetfx35install.txt
    2012-04-21 07:49 - 2011-12-31 15:08 - 00008210 ____A C:\Users\Adam\AppData\Local\uxeventlog.txt
    2012-04-21 07:48 - 2011-12-31 15:08 - 00572172 ____A C:\Users\Adam\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2012-04-20 20:47 - 2012-04-20 20:47 - 00000000 ____D C:\Users\Adam\Documents\Diablo III
    2012-04-20 16:01 - 2012-04-20 16:01 - 00362478 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0A9C.txt
    2012-04-20 16:01 - 2012-04-20 16:01 - 00011202 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0A9C.txt
    2012-04-20 15:53 - 2012-04-20 15:53 - 00000000 ____D C:\Users\All Users\Battle.net
    2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-18 15:40 - 2011-07-24 21:06 - 00000000 ____D C:\Users\Adam\Documents\PDF's
    2012-04-18 15:39 - 2012-04-18 15:39 - 00077629 ____A C:\Users\Adam\Documents\2012-2013_Terms_and_Conditions_to_Housing.pdf
    2012-04-18 13:08 - 2012-05-22 19:44 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-04-18 13:08 - 2012-05-22 19:44 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
    2012-04-18 13:08 - 2012-05-22 19:44 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-04-18 13:08 - 2012-02-22 19:01 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
    2012-04-11 15:35 - 2006-11-02 08:34 - 00000286 ____A C:\Windows\win.ini
    2012-04-08 20:35 - 2012-04-08 20:35 - 00194910 ____A C:\Users\Adam\Downloads\Decision_Points.exe
    2012-04-08 18:14 - 2012-02-11 12:30 - 00000000 ____D C:\Users\All Users\Rosetta Stone
    2012-04-04 18:47 - 2012-05-19 14:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-04-04 18:47 - 2012-05-19 09:37 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-04-04 18:47 - 2011-06-18 16:51 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-04 15:56 - 2011-10-30 15:27 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-03 04:22 - 2012-05-11 16:17 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-04-02 09:59 - 2012-05-11 16:17 - 02766848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-04-01 20:30 - 2012-04-01 20:20 - 00028608 ____A C:\Users\Adam\Documents\Paul's Game Hours 4-1-2012.docx
    2012-04-01 13:05 - 2012-04-01 13:05 - 00361614 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI36F2.txt
    2012-04-01 13:05 - 2012-04-01 13:05 - 00011906 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI36F2.txt
    2012-04-01 12:32 - 2012-04-01 12:32 - 05385333 ____A C:\Users\Adam\Downloads\idchart.zip
    2012-03-31 12:18 - 2012-03-31 12:18 - 00000870 ____A C:\Users\UpdatusUser.Adam-PC\Desktop\WinDirStat.lnk
    2012-03-31 12:18 - 2012-03-31 12:18 - 00000870 ____A C:\Users\Mcx1\Desktop\WinDirStat.lnk
    2012-03-31 12:18 - 2012-03-31 12:18 - 00000000 ____D C:\Program Files (x86)\WinDirStat
    2012-03-31 12:17 - 2012-03-31 12:17 - 00645729 ____A (WDS Team) C:\Users\Adam\Downloads\windirstat1_1_2_setup.exe
    2012-03-30 08:45 - 2012-05-11 16:18 - 01423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-29 15:12 - 2012-03-29 15:12 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-03-29 15:12 - 2012-03-29 15:12 - 00000000 ____D C:\Program Files\iTunes
    2012-03-29 15:12 - 2012-03-29 15:12 - 00000000 ____D C:\Program Files\iPod
    2012-03-29 15:12 - 2012-03-08 19:58 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-03-28 19:22 - 2012-03-28 19:22 - 00000000 ____D C:\Users\Adam\Documents\Spartan
    2012-03-28 19:19 - 2012-03-28 19:19 - 00000000 ____D C:\Users\Adam\Documents\Games for Windows - LIVE Demos
    2012-03-28 19:18 - 2012-03-28 19:17 - 02335524 ____A C:\Users\Adam\AppData\Local\dd_NET_Framework35_x64_MSI1B69.txt
    2012-03-28 19:14 - 2012-03-28 19:14 - 00373036 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI1927.txt
    2012-03-28 19:14 - 2012-03-28 19:14 - 00012890 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI1927.txt
    2012-03-27 18:43 - 2012-03-27 18:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\LOVE
    2012-03-27 18:43 - 2012-03-27 18:42 - 05565454 ____A C:\Users\Adam\Downloads\mari0-win.zip
    2012-03-26 22:54 - 2012-03-26 22:54 - 00000000 ____D C:\Users\Adam\Documents\Red Kawa
    2012-03-26 22:54 - 2012-03-26 22:54 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Red Kawa
    2012-03-26 22:54 - 2012-03-26 22:54 - 00000000 ____D C:\Users\Adam\AppData\Local\Geckofx
    2012-03-26 22:53 - 2012-03-26 22:53 - 00000000 ____D C:\Program Files (x86)\Red Kawa
    2012-03-26 22:53 - 2012-03-26 22:53 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2012-03-25 16:49 - 2012-02-08 21:00 - 00000195 ____A C:\Users\Adam\Documents\ORU Vision Info.txt
    2012-03-20 19:34 - 2012-05-11 16:18 - 00072576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-03-20 03:10 - 2011-08-31 10:20 - 00754824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-03-19 05:17 - 2012-03-19 05:17 - 00383808 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-03-14 17:56 - 2012-03-14 17:56 - 00000077 ____A C:\Users\Adam\Downloads\listen.pls


    ZeroAccess:
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\00000004.@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\201d3dde
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000004.@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000008.@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\000000cb.@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000000.@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000032.@
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000064.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2011-06-20 09:26] - [2009-04-11 03:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: <===== ATTENTION!
    HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
    HKLM\...\exefile\open\command: <===== ATTENTION!

    ========================= Memory info ======================

    Percentage of memory in use: 48%
    Total physical RAM: 4093.55 MB
    Available physical RAM: 2113.76 MB
    Total Pagefile: 8391.61 MB
    Available Pagefile: 5596.45 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:931.51 GB) (Free:379.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive d: () (Fixed) (Total:465.76 GB) (Free:106.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive e: (GTA IV Disc 1) (CDROM) (Total:7.03 GB) (Free:0 GB) UDF
    7 Drive h: (More Storage) (Fixed) (Total:298.09 GB) (Free:18.62 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 0 B
    Disk 1 Online 298 GB 0 B
    Disk 2 Online 466 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 932 GB Healthy System (partition with boot components)

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 1024 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 H More Storag NTFS Partition 298 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 1024 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 D NTFS Partition 466 GB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-11 19:59

    ======================= End Of Log ==========================
  17. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      services.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  18. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    SystemLook Scan here:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:23 on 11/06/2012 by Adam
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "services.exe"
    C:\FRST\Quarantine\system64\services.exe --a---- 381952 bytes [13:26 20/06/2011] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
    C:\Windows\ERDNT\cache64\services.exe --a---- 384512 bytes [22:41 10/11/2011] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\System32\services.exe --a---- 381952 bytes [13:26 20/06/2011] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
    C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [13:25 20/06/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [13:26 20/06/2011] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [13:25 20/06/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

    -= EOF =-
  19. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe | C:\Windows\System32\services.exe
    File::
     
    File::
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Windows\assembly\GAC_32\Desktop.ini
     
    Folder::
    C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}
     
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  20. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    I created the CFScript, and then copied over to ComboFix.exe, which then ran Combofix again, but once it was done, no log came up.
  21. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Look for C:\combofix.txt
    If it's not there try to restart computer.
  22. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    After the restart should I run ComboFix again via the CFScript? I only found the old ComboFix Log.
  23. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Try to run Combofix fix from safe mode.
    NOTE. I edited Combofix script in my reply #19 so create new CFScript.txt file.
  24. Ahiggins

    Ahiggins Newcomer, in training Topic Starter Posts: 44

    I ran the new script, and still no log appeared, but a folder did appear in my C:\ drive. So I restarted my computer in safe mode and ran the script again, and that also didn't provide a log, but it did put a file in my C:\ labeled as ComboFix with no identified file type.
  25. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    See if it'll open in Notepad.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.