Solved Possible malware in assembly folder

[Ahiggins]

Recently, Google Chrome won't let me use www.google.com becase it's says "The site's security certificate is signed using a weak signature algorithm!" I tested out other search engines like Yahoo, Bing and MSN, but they all get the same message. So I opened up Firefox and tried to use Google. Firefox let me use Google, but it redirected everything I clicked on. So I copied and pasted some links to see what I could find out about the problem. After a couple tries of forum browsing I realized I don't really know what to do. Since that time I've downloaded and installed Malwarebytes, SUPERAntiSpyware, HiJackThis, AVG 2012 and rkill, but I don't if any of those are what I need and how to use them properly.

I did use AVG, and it prompted me to remove two viruses located at:

c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini

but I couldn't actually get AVG to remove them because it was having difficulty



I'll post some logs here:

Malwarebytes Log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Adam :: ADAM-PC [administrator]

Protection: Disabled

6/9/2012 9:40:03 PM
mbam-log-2012-06-09 (21-40-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1009111
Time elapsed: 4 hour(s), 26 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.4.1
Run by Adam at 10:07:44 on 2012-06-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2033 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Adam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FLIPTO~1.LNK - C:\Program Files (x86)\fliptoast\fliptoast.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3666F52B-065A-4F99-BDFE-A869FA3DCA0B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FD6A074-41B9-4B8F-BB42-3A426298A2DB} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4Com.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\3gp9yy3b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Adam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-8 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-9 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-6-20 89920]
.
=============== Created Last 30 ================
.
2012-06-10 14:57:45 -------- d-----w- C:\Program Files (x86)\Black_Box
2012-06-09 16:13:09 388096 ----a-r- C:\Users\Adam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 16:13:08 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-09 15:08:38 -------- d-----w- C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 15:08:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-09 15:08:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-08 17:39:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 15:15:01 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-08 15:14:10 -------- d--h--w- C:\$AVG
2012-06-08 15:14:10 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-08 15:12:13 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-08 01:54:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-05 19:20:07 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D38E1E-10DE-4BCC-B14E-D96D751CA046}\mpengine.dll
2012-06-05 00:14:29 -------- d-----w- C:\Program Files (x86)\Photo Story 3 for Windows
2012-06-03 03:24:44 -------- d-----w- C:\Program Files (x86)\TightVNC
2012-06-03 03:23:23 -------- d-----w- C:\Users\Adam\AppData\Local\Downloaded Installations
2012-05-29 02:00:21 -------- d-----w- C:\Users\Adam\AppData\Local\Cranium
2012-05-29 01:42:49 -------- d-----w- C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
2012-05-29 01:42:07 -------- d-----w- C:\Program Files (x86)\iPhoneBrowser
2012-05-26 11:45:13 -------- d-----w- C:\Users\Adam\AppData\Local\libimobiledevice
2012-05-25 23:11:03 -------- d-----w- C:\Program Files (x86)\Paradox Interactive
2012-05-25 22:56:51 -------- d-----w- C:\Users\Adam\AppData\Roaming\Atari
2012-05-25 22:45:52 -------- d-----w- C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-25 18:59:33 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-05-25 18:59:05 -------- d-----w- C:\Users\Adam\AppData\Local\CrashRpt
2012-05-24 00:30:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-05-21 23:30:28 -------- d-----w- C:\Program Files (x86)\Landwirtschafts Simulator 2011
2012-05-19 19:48:36 -------- d-----w- C:\Users\Adam\AppData\Roaming\.minecraft_xray
2012-05-19 18:42:43 -------- d-----w- C:\Users\Adam\AppData\Roaming\Bertware
2012-05-19 18:30:15 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-19 15:00:03 -------- d-----w- C:\Windows\SysWow64\world_the_end
2012-05-19 15:00:03 -------- d-----w- C:\Windows\SysWow64\world_nether
2012-05-19 15:00:02 -------- d-----w- C:\Windows\SysWow64\world
2012-05-19 15:00:02 -------- d-----w- C:\Windows\SysWow64\plugins
2012-05-19 14:07:38 -------- d-----w- C:\glassfish3
2012-05-19 13:37:42 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-19 02:31:10 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-18 00:29:55 -------- d-----w- C:\multiAVCHD
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-14 18:58:31 -------- d-----w- C:\Users\Adam\AppData\Local\SniperV2
2012-05-14 18:32:45 -------- d-----w- C:\Program Files (x86)\Rebellion
2012-05-14 03:50:21 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-14 03:50:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 03:50:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-12 15:54:55 -------- d-----w- C:\Users\Adam\AppData\Roaming\Tropico 4
2012-05-12 15:48:32 -------- d-----w- C:\Users\Adam\AppData\Roaming\Kalypso Media
.
==================== Find3M ====================
.
2012-05-26 16:49:51 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-26 16:49:51 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-26 00:42:03 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-25 18:57:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-19 19:11:16 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-06 01:29:56 3658157137 ----a-w- C:\Program Files (x86)\VindictusSetupV152.exe
2012-05-04 21:31:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:31:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:31:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 18:11:27 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-04-21 18:11:27 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-04-21 18:11:27 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-04-21 17:20:28 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-04-21 17:20:28 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:06 72512 ----a-w- C:\Windows\System32\nvapo64v.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2006-05-03 17:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 18:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 05:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 10:08:27.04 ===============

Attach Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2011 8:47:23 PM
System Uptime: 6/11/2012 8:34:08 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3N-HT DELUXE
Processor: AMD Phenom(tm) 9850 Quad-Core Processor | Socket AM2 | 2511/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 380.396 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 106.859 GiB free.
E: is CDROM (UDF)
F: is CDROM (UDF)
G: is CDROM ()
H: is FIXED (NTFS) - 298 GiB total, 18.618 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
6500_E709_eDocs
6500_E709_Help
6500_E709n
AC3Filter 1.63b
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
AnalogX NetStat Live
ANNO 2070
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Operation Arrowhead
ARMA 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
ArmA II Launcher
Audacity 1.3.14 (Unicode)
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield Mod Development Toolkit
Battlefield Vietnam(TM)
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
BioShock
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Cheat Engine 6.1
Cities XL 2012
Counter-Strike: Source
CraftBukkit
Creative Audio Control Panel
Creative Sound Blaster Properties x64 Edition
DAEMON Tools Pro
Day of Defeat: Source
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
Diablo II
Disktrix UltimateDefrag 3.0
DivX Setup
DocMgr
DocProc
ESN Sonar
Europa Universalis III
EVGA Precision 2.0.3
Farming Simulator 2011
Fax
FormatFactory 2.80
Garry's Mod
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
Grand Theft Auto IV
Grand Theft Auto Vice City
GTA2
HiJackThis
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Update
HPProductAssistant
iPhoneBrowser
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
K-Lite Mega Codec Pack 8.1.0
LAME v3.99.3 (for Windows)
LogMeIn Hamachi
Magic ISO Maker v5.5 (build 0274)
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Max Payne 3
Max Payne 3 version 1.02
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Corporation
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Skype Recorder
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octodad
ooVoo
Origin
Pando Media Booster
PDF Settings CS5
Photo Story 3 for Windows
ProductContext
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
PunkBuster Services
QuickTime
Rainmeter
RAR Password Recovery v1.1 RC16 (remove only)
Rockstar Games Social Club
Roller Coaster Tycoon 2 (Full)
Roller Coaster Tycoon 3 Platinum - CarlesNeo !
Rosetta Stone Version 3
Saints Row. The Third 1.0
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shutdown Timer
Sid Meier's Civilization V
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
SoundMAX
Spiral Knights
Spotify
StarCraft II
Status
Steam
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
Team Fortress 2
TeamSpeak 3 Client
Terraria
Toolbox
Total War: SHOGUN 2
TrayApp
Tropico 3: Absolute Power
Tunatic
Ubisoft Game Launcher
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Victoria 2
Victoria II A House Divided 2.1
Videora iPod touch Converter 6
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
Vuze
WebReg
WinDirStat 1.1.2
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 11:21:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.
6/9/2012 11:21:48 AM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2012 11:21:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
6/9/2012 11:08:53 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2012 11:07:55 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 Beep i8042prt spldr sptd Wanarpv6
6/9/2012 11:07:55 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2012 11:07:55 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2012 11:07:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2012 11:07:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/9/2012 11:07:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/9/2012 11:07:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/9/2012 11:06:53 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
6/9/2012 11:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/9/2012 11:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/9/2012 11:05:50 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
6/7/2012 9:03:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00235490E80A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/7/2012 9:01:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 00235490E80A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/11/2012 8:38:31 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
6/11/2012 8:36:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt
6/11/2012 8:36:13 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/11/2012 8:36:13 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/11/2012 8:36:13 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/11/2012 10:05:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 00235490E80A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

I still need GMER log.

 

[Ahiggins]

Oops. My mistake, sorry about that.

Here it is:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-11 10:05:00
Windows 6.0.6002 Service Pack 2
Running: rfghzz7h.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6C 0x1A 0x81 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xC8 0x9E 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x47 0x37 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6C 0x1A 0x81 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xC8 0x9E 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBF 0x47 0x37 0x04 ...

---- EOF - GMER 1.0.15 ----

 

[Broni]

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Ahiggins]

Alright I have those done, here they are:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 12:57:58
-----------------------------
12:57:58.401 OS Version: Windows x64 6.0.6002 Service Pack 2
12:57:58.401 Number of processors: 4 586 0x203
12:57:58.401 ComputerName: ADAM-PC UserName: Adam
12:58:03.796 Initialize success
13:00:09.488 AVAST engine defs: 12061100
13:00:19.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
13:00:19.562 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
13:00:19.565 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
13:00:19.566 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
13:00:19.569 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
13:00:19.572 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
13:00:19.601 Disk 0 MBR read successfully
13:00:19.604 Disk 0 MBR scan
13:00:19.608 Disk 0 Windows VISTA default MBR code
13:00:19.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
13:00:19.640 Disk 0 scanning C:\Windows\system32\drivers
13:00:36.490 Service scanning
13:01:04.741 Modules scanning
13:01:04.750 Disk 0 trace - called modules:
13:01:04.777 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80051aa2c0]<<spcb.sys ataport.SYS pciide.sys
13:01:04.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058b4790]
13:01:04.786 3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> [0xfffffa80052ec270]
13:01:04.790 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8005385060]
13:01:04.794 \Driver\atapi[0xfffffa80052ec490] -> IRP_MJ_CREATE -> 0xfffffa80051aa2c0
13:01:09.114 AVAST engine scan C:\Windows
13:01:18.247 AVAST engine scan C:\Windows\system32
13:04:49.975 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:04:56.019 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:08:04.664 AVAST engine scan C:\Windows\system32\drivers
13:08:38.082 AVAST engine scan C:\Users\Adam
13:16:36.948 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
13:16:36.956 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Ahiggins]

Here's the ComboFix Log:

ComboFix 11-11-10.03 - Adam 11/10/2011 17:31:55.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2420 [GMT -5:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Roaming\mm
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 22:20 . 2011-11-10 22:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B18F277-16F0-4F1A-AA53-6E393C3AA577}\offreg.dll
2011-11-10 21:41 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 21:41 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 21:41 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-10 21:41 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 21:41 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-10 21:41 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 03:26 . 2011-11-10 03:27 -------- d-----w- C:\FRST
2011-11-04 23:39 . 2011-11-04 23:39 -------- d-----w- C:\$AVG
2011-11-04 23:32 . 2011-11-04 23:33 -------- d-----w- c:\users\Adam\AppData\Roaming\AVG
2011-11-04 22:46 . 2011-11-10 22:19 -------- d-----w- c:\programdata\AVG2012
2011-11-04 22:40 . 2011-11-04 22:40 -------- d--h--w- c:\programdata\Common Files
2011-11-04 22:40 . 2011-11-10 22:11 -------- d-----w- c:\programdata\MFAData
2011-11-04 20:58 . 2011-11-04 20:58 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-11-04 20:58 . 2011-11-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2011-11-04 18:32 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B18F277-16F0-4F1A-AA53-6E393C3AA577}\mpengine.dll
2011-11-04 00:00 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-11-04 00:00 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-11-04 00:00 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-11-04 00:00 . 2003-02-27 20:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-11-04 00:00 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-11-04 00:00 . 2011-11-04 00:00 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-11-04 00:00 . 2011-11-04 00:00 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-10-31 20:01 . 2011-10-31 20:01 503 ----a-w- c:\programdata\1320091276.bdinstall.bin
2011-10-31 19:58 . 2011-10-31 19:58 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-10-30 21:41 . 2011-11-10 22:21 -------- d-----w- c:\users\Adam\AppData\Local\LogMeIn Hamachi
2011-10-30 21:39 . 2011-10-30 21:39 -------- d-----w- c:\program files (x86)\Hamachi
2011-10-30 19:28 . 2011-10-30 19:28 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2011-10-30 19:27 . 2011-10-30 19:27 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 19:27 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 01:33 . 2011-10-28 01:33 -------- d-----w- c:\programdata\Creative Labs
2011-10-27 22:38 . 2011-10-27 22:38 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-17 23:21 . 2011-10-17 23:21 -------- d-----w- c:\program files (x86)\AnalogX
2011-10-16 23:55 . 2011-10-16 23:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-15 21:42 . 2011-10-15 21:42 -------- d-----w- c:\program files\iPod
2011-10-15 21:42 . 2011-10-15 21:43 -------- d-----w- c:\program files\iTunes
2011-10-15 21:42 . 2011-10-15 21:43 -------- d-----w- c:\program files (x86)\iTunes
2011-10-15 21:36 . 2011-10-15 21:36 -------- d-----w- c:\program files\Bonjour
2011-10-15 21:36 . 2011-10-15 21:36 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 19:45 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 19:45 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 19:45 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 19:45 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 19:45 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 19:45 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 19:45 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 19:45 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 15:30 . 2011-06-17 03:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-09 13:42 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-09 13:42 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-05 23:24 . 2011-06-23 01:47 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-05 23:24 . 2011-06-21 00:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-05 21:48 . 2011-06-21 00:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-03 09:06 . 2011-06-18 20:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 20:25 . 2011-06-21 00:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-09 23:39 . 2011-06-17 03:10 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-09 23:39 . 2011-06-17 03:10 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-09-09 23:39 . 2011-06-17 03:10 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-09 23:39 . 2011-06-17 03:10 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-09-05 17:05 . 2011-09-05 17:05 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-09-05 17:04 . 2011-09-05 17:04 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-15 1242448]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-7-24 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-09 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 20:35]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 20:35]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 19:09]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 19:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\nvLsp.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\3gp9yy3b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Battlecraft 19422.1 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-593570071-605911810-3574683811-1000\Software\SecuROM\License information*]
"datasecu"=hex:56,47,6d,bc,d1,17,c2,eb,cf,1f,1c,24,20,54,2e,bd,2f,75,a9,d6,f4,
e9,22,b8,cc,52,3c,84,2f,67,a3,5b,86,21,7b,2a,7e,37,24,d4,3b,fa,46,da,c9,b8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\01\14\11&2?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2011-11-10 17:42:59
ComboFix-quarantined-files.txt 2011-11-10 22:42
.
Pre-Run: 559,802,859,520 bytes free
Post-Run: 559,718,985,728 bytes free
.
- - End Of File - - B9382736B42483DF61A00D56E314EDCA

 

[Broni]

Please post fresh aswMBR log.

 

[Ahiggins]

I'm not sure about this aswMBR scan. I've been running it for about four hours now, and it' still going. It's been scanning C:\ProgramData\NVIDIA\Updatus\WLMerger.exe for roughly an hour and a half. That file is only 185 KB. How do I know if the scan is done?

 

[Broni]

Try to run it from safe mode.

 

[Ahiggins]

The option that says AV Scan should be set at Quickscan, correct?

 

[Broni]

Yes. Don't change any settings.

 

[Ahiggins]

Okay here is the log. I think it's done right this time.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 14:15:39
-----------------------------
14:15:39.459 OS Version: Windows x64 6.0.6002 Service Pack 2
14:15:39.459 Number of processors: 4 586 0x203
14:15:39.460 ComputerName: ADAM-PC UserName: Adam
14:15:43.877 Initialize success
14:15:54.849 AVAST engine defs: 12061100
14:16:00.318 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:16:00.321 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
14:16:00.323 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
14:16:00.325 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
14:16:00.327 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
14:16:00.329 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
14:16:00.379 Disk 0 MBR read successfully
14:16:00.382 Disk 0 MBR scan
14:16:00.386 Disk 0 Windows VISTA default MBR code
14:16:00.408 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
14:16:00.504 Disk 0 scanning C:\Windows\system32\drivers
14:16:24.958 Service scanning
14:16:49.660 Modules scanning
14:16:49.667 Disk 0 trace - called modules:
14:16:49.699 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80051aa2c0]<<spcb.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:16:49.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058b4790]
14:16:49.708 3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> [0xfffffa80052ec270]
14:16:49.713 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8005385060]
14:16:49.717 \Driver\atapi[0xfffffa80052ec490] -> IRP_MJ_CREATE -> 0xfffffa80051aa2c0
14:16:51.274 AVAST engine scan C:\Windows
14:17:53.305 AVAST engine scan C:\Windows\system32
14:21:59.360 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:22:03.666 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:25:12.617 AVAST engine scan C:\Windows\system32\drivers
14:26:17.015 AVAST engine scan C:\Users\Adam
16:14:32.781 AVAST engine scan C:\ProgramData
18:12:58.926 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
18:12:59.001 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 18:18:32
-----------------------------
18:18:32.989 OS Version: Windows x64 6.0.6002 Service Pack 2
18:18:32.989 Number of processors: 4 586 0x203
18:18:33.005 ComputerName: ADAM-PC UserName: Adam
18:18:44.970 Initialize success
18:19:07.746 AVAST engine defs: 12061100
18:26:31.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:26:31.550 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
18:26:31.553 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:26:31.555 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
18:26:31.557 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
18:26:31.560 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
18:26:31.604 Disk 0 MBR read successfully
18:26:31.607 Disk 0 MBR scan
18:26:31.611 Disk 0 Windows VISTA default MBR code
18:26:31.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
18:26:31.663 Disk 0 scanning C:\Windows\system32\drivers
18:26:42.379 Service scanning
18:27:07.012 Modules scanning
18:27:07.012 Disk 0 trace - called modules:
18:27:07.043 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:27:07.043 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005560060]
18:27:07.043 3 CLASSPNP.SYS[fffffa60011d4c33] -> nt!IofCallDriver -> [0xfffffa80052ba520]
18:27:07.059 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80052c7060]
18:27:08.743 AVAST engine scan C:\Windows
18:27:12.784 AVAST engine scan C:\Windows\system32
18:30:09.376 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:30:12.511 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:32:21.196 AVAST engine scan C:\Windows\system32\drivers
18:33:15.109 AVAST engine scan C:\Users\Adam
19:29:56.591 AVAST engine scan C:\ProgramData
19:51:38.146 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
19:51:38.146 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"

 

[Broni]

The infection seems to still be there.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

• Double click on downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log (FRST.txt) on your desktop.
• Please copy and paste it to your reply.

 

[Ahiggins]

This log is going to have to be split into two parts because it goes over the character limit, so here is part one:

Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by Adam at 11-06-2012 20:10:21
Running from C:\Users\Adam\Desktop
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
HKU\Mcx1\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
HKU\Mcx1\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Mcx1\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
HKU\Mcx1\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
HKU\UpdatusUser\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Adam\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-11 18:12 - 2012-06-11 19:51 - 00004787 ____A C:\Users\Adam\Documents\aswMBR.txt
2012-06-11 18:12 - 2012-06-11 19:51 - 00000512 ____A C:\Users\Adam\Documents\MBR.dat
2012-06-11 14:05 - 2012-06-11 14:05 - 00000000 ___SD C:\ComboFix
2012-06-11 14:00 - 2012-06-11 14:00 - 04542341 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe
2012-06-11 14:00 - 2012-06-11 14:00 - 00000852 ____A C:\Users\Adam\Desktop\ComboFix - Shortcut.lnk
2012-06-11 13:16 - 2012-06-11 13:16 - 00002379 ____A C:\Users\Adam\Desktop\aswMBR.txt
2012-06-11 13:16 - 2012-06-11 13:16 - 00000512 ____A C:\Users\Adam\Desktop\MBR.dat
2012-06-11 12:58 - 2012-06-11 12:58 - 00000514 ____A C:\Users\Adam\Desktop\Bootkit.txt
2012-06-11 12:57 - 2012-06-11 12:57 - 04731392 ____A (AVAST Software) C:\Users\Adam\Desktop\aswMBR.exe
2012-06-11 12:56 - 2012-06-11 12:57 - 00054447 ____A C:\Users\Adam\Desktop\bootkit_remover_debug_log.txt
2012-06-11 12:55 - 2012-06-11 12:56 - 00044607 ____A C:\Users\Adam\Desktop\bootkit_remover.zip
2012-06-11 10:11 - 2012-06-11 10:11 - 00030359 ____A C:\Users\Adam\Desktop\DDS.txt
2012-06-11 10:11 - 2012-06-11 10:11 - 00014600 ____A C:\Users\Adam\Desktop\Attach.txt
2012-06-11 10:05 - 2012-06-11 10:05 - 00002487 ____A C:\Users\Adam\Desktop\gmer.log
2012-06-11 09:23 - 2012-06-11 09:23 - 00302592 ____A C:\Users\Adam\Desktop\rfghzz7h.exe
2012-06-10 13:11 - 2012-06-10 13:11 - 00001006 ____A C:\Users\Public\Desktop\Max Payne 3.lnk
2012-06-10 10:57 - 2012-06-11 01:02 - 00000000 ____D C:\Program Files (x86)\Black_Box
2012-06-10 04:54 - 2012-06-11 10:06 - 00607260 ____R (Swearware) C:\Users\Adam\Desktop\dds.scr
2012-06-10 04:53 - 2012-06-10 04:53 - 00050477 ____A C:\Users\Adam\Downloads\Defogger.exe
2012-06-09 12:13 - 2012-06-09 12:13 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 12:09 - 2012-06-09 12:09 - 01402880 ____A C:\Users\Adam\Downloads\HijackThis.msi
2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-08 13:39 - 2012-06-08 13:39 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 13:39 - 2012-06-08 13:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 13:38 - 2012-06-09 11:10 - 00000404 ____A C:\rkill.log
2012-06-08 11:15 - 2012-06-08 11:15 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-08 11:14 - 2012-06-11 19:57 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-08 11:14 - 2012-06-08 11:14 - 00000000 ___HD C:\$AVG
2012-06-08 11:12 - 2012-06-08 11:12 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-08 11:02 - 2012-06-08 11:02 - 03879712 ____A (AVG Technologies) C:\Users\Adam\Downloads\avg_free_stb_all_2012_2178_cnet.exe
2012-06-08 10:51 - 2012-06-08 10:52 - 25907319 ____A C:\Users\Adam\Downloads\354213231432lnnfx.rar
2012-06-07 21:54 - 2012-06-07 21:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-07 21:29 - 2012-06-08 01:52 - 471786357 ____A C:\Users\Adam\Downloads\195753258dcandupd.rar
2012-06-07 20:51 - 2012-06-07 20:51 - 00363236 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0F07.txt
2012-06-07 20:51 - 2012-06-07 20:51 - 00011234 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0F07.txt
2012-06-06 21:59 - 2012-06-06 21:59 - 00000132 ____A C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-06 19:31 - 2012-06-06 19:31 - 00000031 ____A C:\Users\Adam\Documents\Email Password.txt
2012-06-06 18:26 - 2012-06-06 18:26 - 00013772 ____A C:\Users\Adam\Documents\Political problems.docx
2012-06-06 17:38 - 2012-06-06 18:26 - 00013765 ____A C:\Users\Adam\Downloads\Political problems.docx
2012-06-05 18:46 - 2012-06-05 18:46 - 00361316 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI12F6.txt
2012-06-05 18:46 - 2012-06-05 18:46 - 00011154 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI12F6.txt
2012-06-04 20:14 - 2012-06-04 20:14 - 00000000 ____D C:\Program Files (x86)\Photo Story 3 for Windows
2012-06-04 20:12 - 2012-06-04 20:11 - 05271552 ____A C:\Users\Adam\Downloads\Pstory.msi
2012-06-04 20:10 - 2012-06-04 20:10 - 00463080 ____A (CNET Download.com) C:\Users\Adam\Downloads\cnet_Pstory_msi.exe
2012-06-04 20:10 - 2012-06-04 20:10 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 46396.crdownload
2012-06-03 21:28 - 2012-06-03 21:31 - 70166650 ____A C:\Users\Adam\Downloads\CamMeekins.zip
2012-06-02 23:24 - 2012-06-09 12:17 - 00000000 ____D C:\Program Files (x86)\TightVNC
2012-06-02 23:23 - 2012-06-02 23:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Downloaded Installations
2012-06-02 23:22 - 2012-06-02 23:23 - 21178512 ____A (Wyse Technology) C:\Users\Adam\Downloads\PocketCloud Windows Companion_v2.4.19.exe
2012-06-02 21:59 - 2012-06-02 22:01 - 00000000 ____D C:\Users\Adam\Documents\eCommerce
2012-06-02 14:18 - 2012-06-02 14:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-02 12:48 - 2012-06-02 22:03 - 00000000 ____D C:\Users\Adam\Documents\12th Grade
2012-06-01 16:14 - 2012-06-01 16:14 - 05570355 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1 (2).zip
2012-06-01 16:13 - 2012-06-01 16:13 - 03491763 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1.zip
2012-05-28 22:00 - 2012-05-28 22:00 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium
2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Program Files (x86)\iPhoneBrowser
2012-05-28 21:40 - 2012-05-28 21:40 - 00564211 ____A C:\Users\Adam\Downloads\SetupiPhoneBrowser.1.93.exe
2012-05-28 21:40 - 2012-05-28 21:40 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 25141.crdownload
2012-05-26 16:16 - 2012-05-26 16:16 - 00000000 ____D C:\Users\Adam\Documents\Paradox Interactive
2012-05-26 07:45 - 2012-05-26 07:45 - 00000000 ____D C:\Users\Adam\AppData\Local\libimobiledevice
2012-05-25 19:11 - 2012-05-26 16:12 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2012-05-25 19:07 - 2011-03-25 12:17 - 00000071 ____A C:\Users\Adam\Downloads\fan-eu3c.cue
2012-05-25 19:06 - 2011-03-25 08:25 - 747573792 ____A C:\Users\Adam\Downloads\fan-eu3c.bin
2012-05-25 18:56 - 2012-05-25 19:00 - 00000000 ____D C:\Users\Adam\Documents\RCT3
2012-05-25 18:56 - 2012-05-25 18:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Atari
2012-05-25 18:45 - 2012-05-25 19:33 - 00000000 ____D C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashRpt
2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
2012-05-25 14:57 - 2012-05-25 14:57 - 00365992 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI083B.txt
2012-05-25 14:57 - 2012-05-25 14:57 - 00357232 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI085B.txt
2012-05-25 14:57 - 2012-05-25 14:57 - 00011690 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI085B.txt
2012-05-25 14:57 - 2012-05-25 14:57 - 00011402 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI083B.txt
2012-05-23 20:30 - 2012-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-05-23 20:26 - 2012-05-23 20:26 - 03857920 ____A C:\Users\Adam\Downloads\hamachi.msi
2012-05-22 19:44 - 2012-05-15 06:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-22 19:44 - 2012-05-15 06:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-22 19:44 - 2012-05-15 06:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-22 19:44 - 2012-04-18 13:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-05-22 19:44 - 2012-04-18 13:08 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
2012-05-22 19:44 - 2012-04-18 13:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-05-22 19:39 - 2012-05-22 19:42 - 168454136 ____A (NVIDIA Corporation) C:\Users\Adam\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-22 15:15 - 2012-05-22 15:15 - 00028649 ____A C:\Users\Adam\Downloads\Joseph_Campbell_-_The_Hero's_Journey_[DivX-AC3].torrent
2012-05-21 19:40 - 2012-05-21 19:41 - 19046064 ____A (GIANTS Software ) C:\Users\Adam\Downloads\FarmingSimulator2011Patch2.2EN.exe
2012-05-21 19:30 - 2012-05-21 19:46 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2011
2012-05-21 15:43 - 2012-05-21 15:43 - 05536064 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner (1).exe
2012-05-20 22:59 - 2012-05-20 22:59 - 00000162 ___AH C:\Users\Adam\Documents\~$yisics Bike Project.docx
2012-05-20 00:17 - 2012-05-20 00:17 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC (1).pdf
2012-05-19 20:06 - 2012-05-19 20:06 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC.pdf
2012-05-19 15:48 - 2012-05-19 15:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft_xray
2012-05-19 15:33 - 2012-05-19 15:33 - 00000000 ____D C:\Program Files\7-Zip
2012-05-19 15:32 - 2012-05-19 15:32 - 01376768 ____A C:\Users\Adam\Downloads\7z920-x64.msi
2012-05-19 15:17 - 2012-05-19 15:17 - 00036559 ____A C:\Users\Adam\Downloads\xray_12.7.zip
2012-05-19 15:11 - 2012-05-19 15:11 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-19 15:11 - 2012-05-19 15:11 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-19 15:11 - 2012-05-19 15:11 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-19 15:11 - 2012-05-19 15:11 - 00000000 ____D C:\Program Files\Java
2012-05-19 15:09 - 2012-05-19 15:09 - 21865936 ____A (Oracle Corporation) C:\Users\Adam\Downloads\jre-7u4-windows-x64.exe
2012-05-19 14:42 - 2012-05-19 14:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bertware
2012-05-19 14:30 - 2012-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-19 14:29 - 2012-05-19 14:29 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-19 14:29 - 2012-04-04 18:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-19 14:28 - 2012-05-19 14:28 - 00892360 ____A (Oracle Corporation) C:\Users\Adam\Downloads\chromeinstall-7u4.exe
2012-05-19 11:00 - 2012-05-19 11:06 - 00000000 ____D C:\Windows\SysWOW64\world_the_end
2012-05-19 11:00 - 2012-05-19 11:06 - 00000000 ____D C:\Windows\SysWOW64\world_nether
2012-05-19 11:00 - 2012-05-19 11:06 - 00000000 ____D C:\Windows\SysWOW64\world
2012-05-19 11:00 - 2012-05-19 11:00 - 00003101 ____A C:\Windows\SysWOW64\server.log
2012-05-19 11:00 - 2012-05-19 11:00 - 00002576 ____A C:\Windows\SysWOW64\help.yml
2012-05-19 11:00 - 2012-05-19 11:00 - 00001311 ____A C:\Windows\SysWOW64\bukkit.yml
2012-05-19 11:00 - 2012-05-19 11:00 - 00000458 ____A C:\Windows\SysWOW64\server.properties
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\plugins
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\white-list.txt
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\permissions.yml
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\ops.txt
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-players.txt
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-ips.txt
2012-05-19 10:07 - 2012-05-19 10:07 - 00000000 ____D C:\glassfish3
2012-05-19 10:04 - 2012-05-19 10:06 - 146771704 ____A (Oracle Corporation.) C:\Users\Adam\Downloads\java_ee_sdk-6u4-jdk-windows-x64.exe
2012-05-19 09:37 - 2012-04-04 18:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-19 09:27 - 2012-05-31 23:14 - 00000000 ____D C:\Users\Adam\Desktop\Bukkit Server
2012-05-18 22:31 - 2012-05-19 15:11 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-17 20:29 - 2012-05-17 20:51 - 00000000 ____D C:\multiAVCHD
2012-05-17 20:27 - 2012-05-17 20:29 - 38514000 ____A C:\Users\Adam\Downloads\multiAVCHD_4.1.exe
2012-05-16 19:34 - 2012-05-16 19:34 - 05507904 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner.jar
2012-05-16 18:51 - 2012-05-16 18:51 - 00803612 ____A C:\Users\Adam\Downloads\Rectagon Project v1.rar
2012-05-16 15:53 - 2012-05-16 15:53 - 00015501 ____A C:\Users\Adam\Downloads\Discovery_LP_[2009]_[Album]_DHZ_Inc_Release-[Demonoid.me]_9268303.3692.torrent
2012-05-15 02:21 - 2012-05-15 02:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 14:58 - 2012-05-14 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\SniperV2
2012-05-14 14:32 - 2012-05-14 14:32 - 00000000 ____D C:\Program Files (x86)\Rebellion
2012-05-14 14:08 - 2012-05-14 14:08 - 00000000 ____D C:\Users\Adam\Documents\Sniper Elite V2
2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-13 22:54 - 2012-05-13 22:54 - 00029078 ____A C:\Users\Adam\Downloads\_=Demonoid.me=_-Sniper_Elite_V2_SKIDROW_9268303.3692.torrent
2012-05-12 11:54 - 2012-05-13 14:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tropico 4
2012-05-12 11:48 - 2012-05-12 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kalypso Media

 

[Ahiggins]

============ 3 Months Modified Files and Folders =============

2012-06-11 20:10 - 2011-11-09 23:26 - 00000000 ____D C:\FRST
2012-06-11 20:09 - 2012-06-11 20:09 - 01402035 ____A C:\Users\Adam\Desktop\FRST64.exe
2012-06-11 20:07 - 2011-09-22 16:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-11 20:03 - 2011-06-18 15:31 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype
2012-06-11 19:57 - 2012-06-08 11:14 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-11 19:57 - 2012-04-21 18:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\uTorrent
2012-06-11 19:57 - 2011-11-04 18:40 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-11 19:54 - 2011-06-18 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-11 19:53 - 2011-10-30 17:41 - 00000000 ____D C:\Users\Adam\AppData\Local\LogMeIn Hamachi
2012-06-11 19:53 - 2011-09-22 16:35 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 19:53 - 2011-06-18 13:41 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-11 19:53 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 19:53 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 19:53 - 2006-11-02 11:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 19:51 - 2012-06-11 18:12 - 00004787 ____A C:\Users\Adam\Documents\aswMBR.txt
2012-06-11 19:51 - 2012-06-11 18:12 - 00000512 ____A C:\Users\Adam\Documents\MBR.dat
2012-06-11 18:18 - 2011-10-31 16:33 - 26874912 ____A C:\Windows\ntbtlog.txt
2012-06-11 18:15 - 2006-11-02 11:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 18:14 - 2008-01-20 21:53 - 01264221 ____A C:\Windows\WindowsUpdate.log
2012-06-11 17:31 - 2012-04-08 10:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-11 17:26 - 2011-06-18 15:09 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000UA.job
2012-06-11 16:26 - 2011-06-18 15:09 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000Core.job
2012-06-11 14:05 - 2012-06-11 14:05 - 00000000 ___SD C:\ComboFix
2012-06-11 14:04 - 2011-11-10 18:29 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 14:03 - 2011-11-10 18:29 - 00000000 ____D C:\Qoobox
2012-06-11 14:00 - 2012-06-11 14:00 - 04542341 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe
2012-06-11 14:00 - 2012-06-11 14:00 - 00000852 ____A C:\Users\Adam\Desktop\ComboFix - Shortcut.lnk
2012-06-11 13:16 - 2012-06-11 13:16 - 00002379 ____A C:\Users\Adam\Desktop\aswMBR.txt
2012-06-11 13:16 - 2012-06-11 13:16 - 00000512 ____A C:\Users\Adam\Desktop\MBR.dat
2012-06-11 12:58 - 2012-06-11 12:58 - 00000514 ____A C:\Users\Adam\Desktop\Bootkit.txt
2012-06-11 12:57 - 2012-06-11 12:57 - 04731392 ____A (AVAST Software) C:\Users\Adam\Desktop\aswMBR.exe
2012-06-11 12:57 - 2012-06-11 12:56 - 00054447 ____A C:\Users\Adam\Desktop\bootkit_remover_debug_log.txt
2012-06-11 12:56 - 2012-06-11 12:55 - 00044607 ____A C:\Users\Adam\Desktop\bootkit_remover.zip
2012-06-11 12:56 - 2011-09-20 03:02 - 00083968 ____A (Esage Lab) C:\Users\Adam\Desktop\boot_cleaner.exe
2012-06-11 10:11 - 2012-06-11 10:11 - 00030359 ____A C:\Users\Adam\Desktop\DDS.txt
2012-06-11 10:11 - 2012-06-11 10:11 - 00014600 ____A C:\Users\Adam\Desktop\Attach.txt
2012-06-11 10:06 - 2012-06-10 04:54 - 00607260 ____R (Swearware) C:\Users\Adam\Desktop\dds.scr
2012-06-11 10:05 - 2012-06-11 10:05 - 00002487 ____A C:\Users\Adam\Desktop\gmer.log
2012-06-11 09:23 - 2012-06-11 09:23 - 00302592 ____A C:\Users\Adam\Desktop\rfghzz7h.exe
2012-06-11 01:19 - 2011-10-02 21:23 - 00000000 ____D C:\Users\Adam\Documents\Rockstar Games
2012-06-11 01:05 - 2011-06-20 15:14 - 00000000 ____D C:\Users\Adam\Documents\Vuze Downloads
2012-06-11 01:02 - 2012-06-10 10:57 - 00000000 ____D C:\Program Files (x86)\Black_Box
2012-06-10 13:11 - 2012-06-10 13:11 - 00001006 ____A C:\Users\Public\Desktop\Max Payne 3.lnk
2012-06-10 10:47 - 2008-01-20 23:26 - 00086186 ____A C:\Windows\PFRO.log
2012-06-10 04:53 - 2012-06-10 04:53 - 00050477 ____A C:\Users\Adam\Downloads\Defogger.exe
2012-06-09 12:17 - 2012-06-02 23:24 - 00000000 ____D C:\Program Files (x86)\TightVNC
2012-06-09 12:13 - 2012-06-09 12:13 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 12:09 - 2012-06-09 12:09 - 01402880 ____A C:\Users\Adam\Downloads\HijackThis.msi
2012-06-09 11:10 - 2012-06-08 13:38 - 00000404 ____A C:\rkill.log
2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 11:08 - 2012-06-09 11:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-08 15:38 - 2011-06-16 22:41 - 00001460 ____A C:\Users\Adam\AppData\Local\d3d9caps64.dat
2012-06-08 13:39 - 2012-06-08 13:39 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 13:39 - 2012-06-08 13:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 11:29 - 2011-11-04 18:46 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-08 11:15 - 2012-06-08 11:15 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-08 11:14 - 2012-06-08 11:14 - 00000000 ___HD C:\$AVG
2012-06-08 11:12 - 2012-06-08 11:12 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-08 11:03 - 2011-06-18 13:41 - 00000000 ____D C:\users\UpdatusUser
2012-06-08 11:02 - 2012-06-08 11:02 - 03879712 ____A (AVG Technologies) C:\Users\Adam\Downloads\avg_free_stb_all_2012_2178_cnet.exe
2012-06-08 10:52 - 2012-06-08 10:51 - 25907319 ____A C:\Users\Adam\Downloads\354213231432lnnfx.rar
2012-06-08 01:52 - 2012-06-07 21:29 - 471786357 ____A C:\Users\Adam\Downloads\195753258dcandupd.rar
2012-06-07 21:54 - 2012-06-07 21:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-07 21:21 - 2011-07-07 16:06 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-07 20:51 - 2012-06-07 20:51 - 00363236 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0F07.txt
2012-06-07 20:51 - 2012-06-07 20:51 - 00011234 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0F07.txt
2012-06-07 20:51 - 2011-06-18 23:15 - 00202217 ____A C:\Windows\DirectX.log
2012-06-07 20:18 - 2011-11-13 09:13 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-07 20:18 - 2011-06-16 23:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-06 21:59 - 2012-06-06 21:59 - 00000132 ____A C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-06 21:16 - 2012-04-25 22:53 - 00000000 ____D C:\Users\Adam\AppData\Local\Spotify
2012-06-06 21:16 - 2012-04-25 22:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spotify
2012-06-06 19:31 - 2012-06-06 19:31 - 00000031 ____A C:\Users\Adam\Documents\Email Password.txt
2012-06-06 18:26 - 2012-06-06 18:26 - 00013772 ____A C:\Users\Adam\Documents\Political problems.docx
2012-06-06 18:26 - 2012-06-06 17:38 - 00013765 ____A C:\Users\Adam\Downloads\Political problems.docx
2012-06-05 18:46 - 2012-06-05 18:46 - 00361316 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI12F6.txt
2012-06-05 18:46 - 2012-06-05 18:46 - 00011154 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI12F6.txt
2012-06-04 20:14 - 2012-06-04 20:14 - 00000000 ____D C:\Program Files (x86)\Photo Story 3 for Windows
2012-06-04 20:11 - 2012-06-04 20:12 - 05271552 ____A C:\Users\Adam\Downloads\Pstory.msi
2012-06-04 20:10 - 2012-06-04 20:10 - 00463080 ____A (CNET Download.com) C:\Users\Adam\Downloads\cnet_Pstory_msi.exe
2012-06-04 20:10 - 2012-06-04 20:10 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 46396.crdownload
2012-06-03 21:31 - 2012-06-03 21:28 - 70166650 ____A C:\Users\Adam\Downloads\CamMeekins.zip
2012-06-02 23:33 - 2011-07-24 20:46 - 00000000 ____D C:\Users\Adam\Documents\11th Grade
2012-06-02 23:23 - 2012-06-02 23:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Downloaded Installations
2012-06-02 23:23 - 2012-06-02 23:22 - 21178512 ____A (Wyse Technology) C:\Users\Adam\Downloads\PocketCloud Windows Companion_v2.4.19.exe
2012-06-02 22:03 - 2012-06-02 12:48 - 00000000 ____D C:\Users\Adam\Documents\12th Grade
2012-06-02 22:01 - 2012-06-02 21:59 - 00000000 ____D C:\Users\Adam\Documents\eCommerce
2012-06-02 19:50 - 2011-08-04 19:23 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2012-06-02 16:02 - 2011-06-20 13:39 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Azureus
2012-06-02 14:19 - 2012-06-02 14:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-01 16:14 - 2012-06-01 16:14 - 05570355 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1 (2).zip
2012-06-01 16:13 - 2012-06-01 16:13 - 03491763 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1.zip
2012-05-31 23:14 - 2012-05-19 09:27 - 00000000 ____D C:\Users\Adam\Desktop\Bukkit Server
2012-05-30 19:09 - 2011-06-21 09:35 - 00031232 ____A C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-29 21:41 - 2006-11-02 08:46 - 00759910 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-29 21:37 - 2012-02-22 19:07 - 00000000 ____D C:\users\UpdatusUser.Adam-PC
2012-05-28 22:00 - 2012-05-28 22:00 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium
2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
2012-05-28 21:42 - 2012-05-28 21:42 - 00000000 ____D C:\Program Files (x86)\iPhoneBrowser
2012-05-28 21:40 - 2012-05-28 21:40 - 00564211 ____A C:\Users\Adam\Downloads\SetupiPhoneBrowser.1.93.exe
2012-05-28 21:40 - 2012-05-28 21:40 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 25141.crdownload
2012-05-26 16:16 - 2012-05-26 16:16 - 00000000 ____D C:\Users\Adam\Documents\Paradox Interactive
2012-05-26 16:12 - 2012-05-25 19:11 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2012-05-26 12:49 - 2011-06-22 21:47 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-26 12:49 - 2011-06-20 20:55 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-26 07:45 - 2012-05-26 07:45 - 00000000 ____D C:\Users\Adam\AppData\Local\libimobiledevice
2012-05-25 20:48 - 2011-07-18 10:54 - 00000000 ____D C:\Users\Adam\Desktop\Shortcuts
2012-05-25 20:42 - 2011-06-20 20:55 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-25 19:33 - 2012-05-25 18:45 - 00000000 ____D C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-25 19:00 - 2012-05-25 18:56 - 00000000 ____D C:\Users\Adam\Documents\RCT3
2012-05-25 18:56 - 2012-05-25 18:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Atari
2012-05-25 17:34 - 2011-06-18 16:50 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft
2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashRpt
2012-05-25 14:59 - 2012-05-25 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
2012-05-25 14:59 - 2011-06-20 21:02 - 00000000 ____D C:\Users\Adam\AppData\Local\PunkBuster
2012-05-25 14:58 - 2011-07-24 19:26 - 00000000 ____D C:\Users\Adam\Documents\My Games
2012-05-25 14:57 - 2012-05-25 14:57 - 00365992 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI083B.txt
2012-05-25 14:57 - 2012-05-25 14:57 - 00357232 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI085B.txt
2012-05-25 14:57 - 2012-05-25 14:57 - 00011690 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI085B.txt
2012-05-25 14:57 - 2012-05-25 14:57 - 00011402 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI083B.txt
2012-05-25 14:57 - 2011-06-20 20:55 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-23 20:31 - 2011-06-18 15:10 - 00002037 ____A C:\Users\Adam\Desktop\Google Chrome.lnk
2012-05-23 20:30 - 2012-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-05-23 20:26 - 2012-05-23 20:26 - 03857920 ____A C:\Users\Adam\Downloads\hamachi.msi
2012-05-22 19:54 - 2011-06-18 13:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-22 19:53 - 2011-06-16 22:41 - 00000000 ____D C:\users\Adam
2012-05-22 19:47 - 2011-06-16 23:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-22 19:42 - 2012-05-22 19:39 - 168454136 ____A (NVIDIA Corporation) C:\Users\Adam\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-22 15:15 - 2012-05-22 15:15 - 00028649 ____A C:\Users\Adam\Downloads\Joseph_Campbell_-_The_Hero's_Journey_[DivX-AC3].torrent
2012-05-21 19:46 - 2012-05-21 19:30 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2011
2012-05-21 19:41 - 2012-05-21 19:40 - 19046064 ____A (GIANTS Software ) C:\Users\Adam\Downloads\FarmingSimulator2011Patch2.2EN.exe
2012-05-21 15:43 - 2012-05-21 15:43 - 05536064 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner (1).exe
2012-05-20 22:59 - 2012-05-20 22:59 - 00000162 ___AH C:\Users\Adam\Documents\~$yisics Bike Project.docx
2012-05-20 00:45 - 2011-07-08 11:43 - 00000000 ____D C:\Program Files (x86)\Computer Tools
2012-05-20 00:17 - 2012-05-20 00:17 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC (1).pdf
2012-05-19 20:06 - 2012-05-19 20:06 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC.pdf
2012-05-19 15:48 - 2012-05-19 15:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft_xray
2012-05-19 15:33 - 2012-05-19 15:33 - 00000000 ____D C:\Program Files\7-Zip
2012-05-19 15:32 - 2012-05-19 15:32 - 01376768 ____A C:\Users\Adam\Downloads\7z920-x64.msi
2012-05-19 15:17 - 2012-05-19 15:17 - 00036559 ____A C:\Users\Adam\Downloads\xray_12.7.zip
2012-05-19 15:11 - 2012-05-19 15:11 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-19 15:11 - 2012-05-19 15:11 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-19 15:11 - 2012-05-19 15:11 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-19 15:11 - 2012-05-19 15:11 - 00000000 ____D C:\Program Files\Java
2012-05-19 15:11 - 2012-05-18 22:31 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-19 15:11 - 2011-12-06 16:35 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-19 15:09 - 2012-05-19 15:09 - 21865936 ____A (Oracle Corporation) C:\Users\Adam\Downloads\jre-7u4-windows-x64.exe
2012-05-19 14:42 - 2012-05-19 14:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bertware
2012-05-19 14:30 - 2012-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-19 14:29 - 2012-05-19 14:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-19 14:29 - 2012-05-19 14:29 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-19 14:28 - 2012-05-19 14:28 - 00892360 ____A (Oracle Corporation) C:\Users\Adam\Downloads\chromeinstall-7u4.exe
2012-05-19 11:06 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\world_the_end
2012-05-19 11:06 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\world_nether
2012-05-19 11:06 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\world
2012-05-19 11:00 - 2012-05-19 11:00 - 00003101 ____A C:\Windows\SysWOW64\server.log
2012-05-19 11:00 - 2012-05-19 11:00 - 00002576 ____A C:\Windows\SysWOW64\help.yml
2012-05-19 11:00 - 2012-05-19 11:00 - 00001311 ____A C:\Windows\SysWOW64\bukkit.yml
2012-05-19 11:00 - 2012-05-19 11:00 - 00000458 ____A C:\Windows\SysWOW64\server.properties
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____D C:\Windows\SysWOW64\plugins
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\white-list.txt
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\permissions.yml
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\ops.txt
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-players.txt
2012-05-19 11:00 - 2012-05-19 11:00 - 00000000 ____A C:\Windows\SysWOW64\banned-ips.txt
2012-05-19 10:07 - 2012-05-19 10:07 - 00000000 ____D C:\glassfish3
2012-05-19 10:06 - 2012-05-19 10:04 - 146771704 ____A (Oracle Corporation.) C:\Users\Adam\Downloads\java_ee_sdk-6u4-jdk-windows-x64.exe
2012-05-19 09:37 - 2011-06-16 22:42 - 00000000 ____D C:\Users\Adam\AppData\LocalLow
2012-05-17 20:51 - 2012-05-17 20:29 - 00000000 ____D C:\multiAVCHD
2012-05-17 20:29 - 2012-05-17 20:27 - 38514000 ____A C:\Users\Adam\Downloads\multiAVCHD_4.1.exe
2012-05-16 20:21 - 2011-06-16 22:43 - 00101232 ____A C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-16 20:20 - 2006-11-02 11:21 - 04931736 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-16 19:34 - 2012-05-16 19:34 - 05507904 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner.jar
2012-05-16 18:51 - 2012-05-16 18:51 - 00803612 ____A C:\Users\Adam\Downloads\Rectagon Project v1.rar
2012-05-16 15:53 - 2012-05-16 15:53 - 00015501 ____A C:\Users\Adam\Downloads\Discovery_LP_[2009]_[Album]_DHZ_Inc_Release-[Demonoid.me]_9268303.3692.torrent
2012-05-15 06:48 - 2012-05-22 19:44 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 06:48 - 2012-05-22 19:44 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 06:48 - 2012-05-22 19:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 06:48 - 2012-02-22 19:01 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 06:48 - 2012-02-22 19:01 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 06:48 - 2011-08-15 21:07 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 06:48 - 2011-08-15 21:07 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 06:48 - 2011-06-18 13:38 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 06:48 - 2011-06-18 13:38 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 06:48 - 2011-06-18 13:38 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 06:48 - 2011-06-18 13:38 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 05:29 - 2011-06-18 13:40 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 05:29 - 2011-06-18 13:40 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 05:29 - 2011-06-18 13:40 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 05:29 - 2011-06-18 13:40 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 05:28 - 2011-06-18 13:40 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 02:21 - 2012-05-15 02:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 14:59 - 2012-05-14 14:58 - 00000000 ____D C:\Users\Adam\AppData\Local\SniperV2
2012-05-14 14:57 - 2011-08-26 14:57 - 00000000 ____D C:\Users\Adam\AppData\Local\SKIDROW
2012-05-14 14:32 - 2012-05-14 14:32 - 00000000 ____D C:\Program Files (x86)\Rebellion
2012-05-14 14:25 - 2011-11-14 16:10 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-05-14 14:08 - 2012-05-14 14:08 - 00000000 ____D C:\Users\Adam\Documents\Sniper Elite V2
2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-13 23:50 - 2012-05-13 23:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-13 23:50 - 2011-06-16 23:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-13 22:54 - 2012-05-13 22:54 - 00029078 ____A C:\Users\Adam\Downloads\_=Demonoid.me=_-Sniper_Elite_V2_SKIDROW_9268303.3692.torrent
2012-05-13 14:43 - 2012-05-12 11:54 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tropico 4
2012-05-12 11:48 - 2012-05-12 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kalypso Media
2012-05-12 09:50 - 2011-07-04 15:06 - 00000000 ____D C:\Users\Adam\AppData\Local\ArmA 2 OA
2012-05-12 09:06 - 2012-04-21 18:10 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-12 09:06 - 2011-07-03 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 23:36 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-05-11 23:36 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 23:13 - 2011-07-06 18:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 23:13 - 2006-11-02 08:35 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-10 20:07 - 2012-05-10 20:07 - 00031178 ____A C:\Users\Adam\Downloads\File-SSBB_Gameplay.jpg
2012-05-08 21:33 - 2011-07-06 22:51 - 00000000 ____D C:\Users\Adam\AppData\Local\ArmA 2
2012-05-07 20:01 - 2011-06-23 16:16 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc
2012-05-07 18:14 - 2012-05-07 18:11 - 00000000 ____D C:\Users\Adam\Downloads\Torrent Files
2012-05-06 13:49 - 2012-05-06 13:49 - 00000000 ____D C:\Users\Adam\AppData\Local\Spirited_Machine
2012-05-06 13:37 - 2012-05-06 13:37 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spirited Machine
2012-05-06 13:36 - 2012-05-06 13:36 - 00000000 ____D C:\Program Files (x86)\Spirited Machine
2012-05-06 13:33 - 2012-05-06 13:33 - 01036736 ____A C:\Users\Adam\Downloads\ArmA2Launcher-1_4_0_0.zip
2012-05-06 13:22 - 2012-05-06 13:22 - 00000000 ____D C:\Users\Adam\Documents\BigBrothaThunda
2012-05-06 12:57 - 2012-05-06 12:56 - 08329892 ____A C:\Users\Adam\Downloads\ARMA2_OA_Build_92477.zip
2012-05-06 12:43 - 2011-07-07 10:36 - 00000000 ____D C:\Users\Adam\Documents\ArmA 2 Other Profiles
2012-05-05 23:44 - 2012-05-05 20:02 - 00000000 ____D C:\Users\Adam\AppData\Local\PMB Files
2012-05-05 22:18 - 2012-05-05 22:18 - 00000000 ____D C:\Users\All Users\Nexon
2012-05-05 22:18 - 2012-05-05 21:32 - 00000000 ____D C:\Users\All Users\NexonUS
2012-05-05 22:15 - 2012-05-05 22:15 - 00000000 ____D C:\Users\Adam\Documents\Vindictus
2012-05-05 21:49 - 2012-05-05 21:49 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-05-05 21:29 - 2012-05-05 20:02 - 3658157137 ____A (Nexon) C:\Program Files (x86)\VindictusSetupV152.exe
2012-05-05 20:02 - 2012-05-05 20:02 - 00000000 ____D C:\Users\All Users\PMB Files
2012-05-04 17:31 - 2012-04-08 10:31 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 17:31 - 2012-04-08 10:07 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 17:31 - 2011-06-16 23:43 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-03 22:35 - 2012-04-21 13:13 - 00000000 ____D C:\Program Files (x86)\Diablo II
2012-05-02 15:06 - 2012-05-06 12:57 - 08386848 ____A (Igor Pavlov) C:\Users\Adam\Downloads\ARMA2_OA_Build_92477.exe
2012-05-02 15:06 - 2012-05-06 12:57 - 00022246 ____A C:\Users\Adam\Downloads\changeLog.txt
2012-05-01 21:59 - 2012-05-01 21:59 - 00000267 ____A C:\Users\Adam\Downloads\wamc.pls
2012-05-01 20:56 - 2012-05-01 20:56 - 00000000 ____D C:\Users\Adam\Downloads\1773constantmotion
2012-05-01 20:45 - 2012-05-01 20:05 - 70646616 ____A C:\Users\Adam\Downloads\1773constantmotion.zip
2012-05-01 16:54 - 2011-06-20 20:39 - 00000000 ____D C:\Program Files (x86)\Activision
2012-04-30 18:20 - 2012-04-30 18:20 - 00169368 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-04-29 22:18 - 2012-04-29 22:18 - 00001743 ____A C:\Users\Adam\Downloads\cover.gif
2012-04-28 18:48 - 2012-04-28 17:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bioshock
2012-04-28 18:01 - 2012-04-28 17:30 - 00000000 ____D C:\Users\Adam\Documents\Bioshock
2012-04-28 17:41 - 2011-07-27 15:34 - 00000000 ____D C:\Program Files (x86)\2K Games
2012-04-28 17:39 - 2012-04-28 17:39 - 00019289 ____A C:\Users\Adam\Downloads\BioShock.Update.1.1.CRACKED-DETONATiON.rar.torrent
2012-04-28 15:41 - 2012-04-28 15:41 - 00034439 ____A C:\Users\Adam\Downloads\Bioshock.torrent
2012-04-27 21:06 - 2012-04-27 21:06 - 00078680 ____A C:\Users\Adam\AppData\Roaming\icarus-dxdiag.xml
2012-04-26 21:58 - 2012-04-26 21:38 - 00000000 ____D C:\Users\Adam\Documents\Pirates of the Burning Sea
2012-04-26 18:59 - 2012-04-26 18:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-04-26 18:59 - 2012-04-26 18:59 - 00000000 ____D C:\Users\Adam\AppData\Local\SCE
2012-04-25 15:21 - 2011-06-18 15:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-25 15:21 - 2011-06-18 15:30 - 00000000 ____D C:\Users\All Users\Skype
2012-04-24 21:09 - 2012-04-24 21:09 - 00085959 ____A C:\Users\Adam\Downloads\Adam C Higgins Z00673806.pdf
2012-04-24 21:09 - 2012-04-24 21:09 - 00085959 ____A C:\Users\Adam\Downloads\Adam C Higgins Z00673806 (1).pdf
2012-04-22 09:28 - 2011-07-25 16:07 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe
2012-04-22 09:28 - 2011-06-16 23:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Adobe
2012-04-22 09:06 - 2012-04-22 09:06 - 00000000 ____D C:\Program Files\Adobe
2012-04-22 09:06 - 2012-04-22 09:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-22 09:06 - 2011-07-25 20:07 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-22 09:02 - 2012-04-22 09:02 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-04-22 09:00 - 2011-07-25 16:06 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-22 09:00 - 2011-07-25 16:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-04-22 08:59 - 2012-04-22 08:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-22 08:59 - 2012-04-22 08:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-22 08:39 - 2012-04-22 08:39 - 00000000 ____D C:\Users\Adam\AppData\Local\Octodad
2012-04-21 22:57 - 2012-04-21 22:57 - 00000000 ____D C:\Users\Adam\Documents\Remedy
2012-04-21 22:46 - 2012-04-21 22:46 - 00000000 ____D C:\Program Files (x86)\Remedy Entertainment
2012-04-21 22:38 - 2012-04-21 22:38 - 00000000 ____D C:\Users\Adam\Documents\Alan Wake
2012-04-21 22:23 - 2012-04-21 22:19 - 00000000 ____D C:\Program Files (x86)\Octodad
2012-04-21 22:14 - 2012-04-21 22:09 - 314885356 ____A C:\Users\Adam\Downloads\OctodadInstallerV1.5.3.exe
2012-04-21 21:50 - 2012-02-15 16:23 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-04-21 21:50 - 2012-02-15 16:23 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-04-21 21:43 - 2012-02-22 16:44 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-04-21 18:15 - 2012-04-21 18:15 - 00015286 ____A C:\Users\Adam\Downloads\Okamiden_USA_NDS-CKVGZ.torrent
2012-04-21 18:15 - 2012-04-21 18:15 - 00000000 ____D C:\Users\Adam\Downloads\uTorrent Files
2012-04-21 18:00 - 2012-04-21 18:00 - 00080363 ____A C:\Users\Adam\Downloads\Alan.Wake-SKIDROW.torrent
2012-04-21 15:08 - 2012-04-21 14:30 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tunngle
2012-04-21 15:04 - 2012-04-21 14:30 - 00000000 ____D C:\Users\All Users\Tunngle
2012-04-21 14:13 - 2012-04-21 13:20 - 00040494 ____A C:\Windows\DIIUnin.dat
2012-04-21 14:11 - 2012-04-21 14:08 - 00021840 ___AT C:\Windows\SysWOW64\SIntfNT.dll
2012-04-21 14:11 - 2012-04-21 14:08 - 00017212 ___AT C:\Windows\SysWOW64\SIntf32.dll
2012-04-21 14:11 - 2012-04-21 14:08 - 00012067 ___AT C:\Windows\SysWOW64\SIntf16.dll
2012-04-21 14:07 - 2012-04-21 14:07 - 00001740 ____A C:\Users\UpdatusUser.Adam-PC\Desktop\Diablo II - Lord of Destruction.lnk
2012-04-21 14:07 - 2012-04-21 14:07 - 00001740 ____A C:\Users\Mcx1\Desktop\Diablo II - Lord of Destruction.lnk
2012-04-21 13:20 - 2012-04-21 13:20 - 00094208 ____A (Blizzard Entertainment) C:\Windows\DIIUnin.exe
2012-04-21 13:20 - 2012-04-21 13:20 - 00002829 ____A C:\Windows\DIIUnin.pif
2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-21 07:49 - 2011-12-31 15:08 - 00566424 ____A C:\Users\Adam\AppData\Local\dd_dotnetfx35install.txt
2012-04-21 07:49 - 2011-12-31 15:08 - 00008210 ____A C:\Users\Adam\AppData\Local\uxeventlog.txt
2012-04-21 07:48 - 2011-12-31 15:08 - 00572172 ____A C:\Users\Adam\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-04-20 20:47 - 2012-04-20 20:47 - 00000000 ____D C:\Users\Adam\Documents\Diablo III
2012-04-20 16:01 - 2012-04-20 16:01 - 00362478 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0A9C.txt
2012-04-20 16:01 - 2012-04-20 16:01 - 00011202 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0A9C.txt
2012-04-20 15:53 - 2012-04-20 15:53 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-18 15:40 - 2011-07-24 21:06 - 00000000 ____D C:\Users\Adam\Documents\PDF's
2012-04-18 15:39 - 2012-04-18 15:39 - 00077629 ____A C:\Users\Adam\Documents\2012-2013_Terms_and_Conditions_to_Housing.pdf
2012-04-18 13:08 - 2012-05-22 19:44 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 13:08 - 2012-05-22 19:44 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
2012-04-18 13:08 - 2012-05-22 19:44 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-18 13:08 - 2012-02-22 19:01 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-11 15:35 - 2006-11-02 08:34 - 00000286 ____A C:\Windows\win.ini
2012-04-08 20:35 - 2012-04-08 20:35 - 00194910 ____A C:\Users\Adam\Downloads\Decision_Points.exe
2012-04-08 18:14 - 2012-02-11 12:30 - 00000000 ____D C:\Users\All Users\Rosetta Stone
2012-04-04 18:47 - 2012-05-19 14:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 18:47 - 2012-05-19 09:37 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 18:47 - 2011-06-18 16:51 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 15:56 - 2011-10-30 15:27 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 04:22 - 2012-05-11 16:17 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 09:59 - 2012-05-11 16:17 - 02766848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-01 20:30 - 2012-04-01 20:20 - 00028608 ____A C:\Users\Adam\Documents\Paul's Game Hours 4-1-2012.docx
2012-04-01 13:05 - 2012-04-01 13:05 - 00361614 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI36F2.txt
2012-04-01 13:05 - 2012-04-01 13:05 - 00011906 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI36F2.txt
2012-04-01 12:32 - 2012-04-01 12:32 - 05385333 ____A C:\Users\Adam\Downloads\idchart.zip
2012-03-31 12:18 - 2012-03-31 12:18 - 00000870 ____A C:\Users\UpdatusUser.Adam-PC\Desktop\WinDirStat.lnk
2012-03-31 12:18 - 2012-03-31 12:18 - 00000870 ____A C:\Users\Mcx1\Desktop\WinDirStat.lnk
2012-03-31 12:18 - 2012-03-31 12:18 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2012-03-31 12:17 - 2012-03-31 12:17 - 00645729 ____A (WDS Team) C:\Users\Adam\Downloads\windirstat1_1_2_setup.exe
2012-03-30 08:45 - 2012-05-11 16:18 - 01423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 15:12 - 2012-03-29 15:12 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-29 15:12 - 2012-03-29 15:12 - 00000000 ____D C:\Program Files\iTunes
2012-03-29 15:12 - 2012-03-29 15:12 - 00000000 ____D C:\Program Files\iPod
2012-03-29 15:12 - 2012-03-08 19:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-28 19:22 - 2012-03-28 19:22 - 00000000 ____D C:\Users\Adam\Documents\Spartan
2012-03-28 19:19 - 2012-03-28 19:19 - 00000000 ____D C:\Users\Adam\Documents\Games for Windows - LIVE Demos
2012-03-28 19:18 - 2012-03-28 19:17 - 02335524 ____A C:\Users\Adam\AppData\Local\dd_NET_Framework35_x64_MSI1B69.txt
2012-03-28 19:14 - 2012-03-28 19:14 - 00373036 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI1927.txt
2012-03-28 19:14 - 2012-03-28 19:14 - 00012890 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI1927.txt
2012-03-27 18:43 - 2012-03-27 18:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\LOVE
2012-03-27 18:43 - 2012-03-27 18:42 - 05565454 ____A C:\Users\Adam\Downloads\mari0-win.zip
2012-03-26 22:54 - 2012-03-26 22:54 - 00000000 ____D C:\Users\Adam\Documents\Red Kawa
2012-03-26 22:54 - 2012-03-26 22:54 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Red Kawa
2012-03-26 22:54 - 2012-03-26 22:54 - 00000000 ____D C:\Users\Adam\AppData\Local\Geckofx
2012-03-26 22:53 - 2012-03-26 22:53 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2012-03-26 22:53 - 2012-03-26 22:53 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-03-25 16:49 - 2012-02-08 21:00 - 00000195 ____A C:\Users\Adam\Documents\ORU Vision Info.txt
2012-03-20 19:34 - 2012-05-11 16:18 - 00072576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-20 03:10 - 2011-08-31 10:20 - 00754824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-19 05:17 - 2012-03-19 05:17 - 00383808 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-03-14 17:56 - 2012-03-14 17:56 - 00000077 ____A C:\Users\Adam\Downloads\listen.pls


ZeroAccess:
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\00000004.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\201d3dde
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000004.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000008.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\000000cb.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000000.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000032.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2011-06-20 09:26] - [2009-04-11 03:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 48%
Total physical RAM: 4093.55 MB
Available physical RAM: 2113.76 MB
Total Pagefile: 8391.61 MB
Available Pagefile: 5596.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:379.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: () (Fixed) (Total:465.76 GB) (Free:106.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive e: (GTA IV Disc 1) (CDROM) (Total:7.03 GB) (Free:0 GB) UDF
7 Drive h: (More Storage) (Fixed) (Total:298.09 GB) (Free:18.62 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 298 GB 0 B
Disk 2 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 932 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H More Storag NTFS Partition 298 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D NTFS Partition 466 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-11 19:59

======================= End Of Log ==========================

 

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  services.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Ahiggins]

SystemLook Scan here:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:23 on 11/06/2012 by Adam
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\FRST\Quarantine\system64\services.exe --a---- 381952 bytes [13:26 20/06/2011] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\ERDNT\cache64\services.exe --a---- 384512 bytes [22:41 10/11/2011] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\System32\services.exe --a---- 381952 bytes [13:26 20/06/2011] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [13:25 20/06/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [13:26 20/06/2011] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [13:25 20/06/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe | C:\Windows\System32\services.exe
File::
 
File::
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
 
Folder::
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}
 
ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Ahiggins]

I created the CFScript, and then copied over to ComboFix.exe, which then ran Combofix again, but once it was done, no log came up.

 

[Broni]

Look for C:\combofix.txt
If it's not there try to restart computer.

 

[Ahiggins]

After the restart should I run ComboFix again via the CFScript? I only found the old ComboFix Log.

 

[Broni]

Try to run Combofix fix from safe mode.
NOTE. I edited Combofix script in my reply #19 so create new CFScript.txt file.

 

[Ahiggins]

I ran the new script, and still no log appeared, but a folder did appear in my C:\ drive. So I restarted my computer in safe mode and ran the script again, and that also didn't provide a log, but it did put a file in my C:\ labeled as ComboFix with no identified file type.

 

[Broni]

it did put a file in my C:\ labeled as ComboFix with no identified file type.

See if it'll open in Notepad.