Inactive Win64\Patched.A & Systems32\services.exe

Hi there, I'm running Windows 7 Home Premium and I have run into a little problem on AVG.

"";"Virus identified Win64/Patched.A, C:\WINDOWS\System32\services.exe";"Cannot be cleaned
Remove manually"

Help would be much appreciated!
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-11-2012
Ran by SYSTEM at 07-11-2012 17:31:00
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1617920 2011-03-01] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe [2548056 2009-10-22] (Razer USA Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
HKU\Isara\...\Run: [Best Buy pc app] C:\Users\Isara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Isara\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Isara\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671904 2012-08-28] (DT Soft Ltd)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Isara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1314720 2012-10-02] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-02] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-02] (AVG Technologies CZ, s.r.o.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) =====================

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-13] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-21] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-09-04] (DT Soft Ltd)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-07 18:20 - 2012-11-07 18:21 - 01459919 ____A (Farbar) C:\Users\Isara\Desktop\FRST64.exe
2012-11-07 12:24 - 2012-11-07 18:08 - 00000000 ____D C:\Users\Isara\Desktop\Virus_Scan
2012-11-07 11:11 - 2012-11-07 11:11 - 00000218 ____A C:\Users\Isara\.recently-used.xbel
2012-11-07 10:20 - 2009-07-13 20:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-11-07 04:40 - 2012-11-07 00:54 - 1522434136 ____A C:\Users\Isara\Desktop\Dwarfy ****.rar
2012-11-07 02:55 - 2012-11-07 02:55 - 00000175 ____A C:\Users\Isara\Desktop\Search.txt
2012-11-07 02:51 - 2012-11-07 18:07 - 00000000 ____D C:\FRST
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\SKIDROW
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\SKIDROW
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\AppData\Local\SKIDROW
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Stardock
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Application Data\Stardock
2012-11-05 23:30 - 2012-11-05 23:34 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2012-11-04 17:01 - 2012-11-07 18:15 - 00000840 ____A C:\Windows\setupact.log
2012-11-04 17:01 - 2012-11-04 17:01 - 00000000 ____A C:\Windows\setuperr.log
2012-11-04 12:20 - 2012-08-23 08:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-04 12:20 - 2012-08-23 08:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-04 12:20 - 2012-08-23 08:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-04 12:19 - 2012-08-23 09:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-04 12:19 - 2012-08-23 09:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-04 12:19 - 2012-08-23 09:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-04 12:19 - 2012-08-23 08:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-04 12:19 - 2012-08-23 08:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-04 12:19 - 2012-08-23 08:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-04 12:19 - 2012-08-23 08:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-04 12:19 - 2012-08-23 08:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-04 12:19 - 2012-08-23 08:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-04 12:19 - 2012-08-23 07:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-04 12:19 - 2012-08-23 06:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-04 12:19 - 2012-08-23 06:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-04 12:19 - 2012-08-23 06:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-04 12:19 - 2012-08-23 06:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-04 12:19 - 2012-08-23 05:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-04 12:19 - 2012-08-23 05:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-04 12:19 - 2012-08-23 05:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-04 12:19 - 2012-08-23 05:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-04 12:19 - 2012-08-23 04:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-04 12:19 - 2012-08-23 03:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-04 12:19 - 2012-08-23 03:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-04 12:18 - 2012-08-24 13:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-04 12:18 - 2012-08-24 13:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-04 12:18 - 2012-08-24 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-04 12:18 - 2012-08-24 13:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-04 12:18 - 2012-08-24 13:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-04 12:18 - 2012-08-24 11:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-04 12:18 - 2012-08-24 11:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-04 12:18 - 2012-08-24 11:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-04 12:18 - 2012-08-24 11:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-04 12:18 - 2012-05-04 06:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-11-04 12:18 - 2012-05-04 04:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-11-04 08:36 - 2012-11-04 12:53 - 00000000 ____D C:\Windows\Minidump
2012-11-03 23:25 - 2012-11-06 15:22 - 00000314 ____A C:\Users\Isara\Desktop\Kyle Spring2013 Sched.txt
2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\Application Data\AVG2013
2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\AppData\Roaming\AVG2013
2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\Application Data\TuneUp Software
2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\AppData\Roaming\TuneUp Software
2012-11-03 02:25 - 2012-11-07 18:01 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-03 02:25 - 2012-11-07 18:01 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013
2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ___HD C:\$AVG
2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-03 02:21 - 2012-11-07 18:22 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-03 02:21 - 2012-11-07 18:22 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-11-03 02:21 - 2012-11-03 17:33 - 00000000 ____D C:\Users\Isara\Local Settings\Avg2013
2012-11-03 02:21 - 2012-11-03 17:33 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Avg2013
2012-11-03 02:21 - 2012-11-03 17:33 - 00000000 ____D C:\Users\Isara\AppData\Local\Avg2013
2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\MFAData
2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\MFAData
2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\AppData\Local\MFAData
2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\Application Data\EliseProfile0.dat
2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\AppData\Roaming\EliseProfile0.dat
2012-11-01 09:35 - 2012-11-01 09:35 - 00000000 ____D C:\Program Files (x86)\Gravity
2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\Application Data\Doublefine
2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Doublefine
2012-10-29 17:51 - 2012-10-29 17:52 - 00000000 ____D C:\Program Files (x86)\Costume Quest
2012-10-29 13:15 - 2012-11-07 12:35 - 00000000 ___RD C:\Users\Isara\Dropbox
2012-10-29 13:13 - 2012-11-07 17:36 - 00000000 ____D C:\Users\Isara\Application Data\Dropbox
2012-10-29 13:13 - 2012-11-07 17:36 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Dropbox
2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\Users\Kyle Cheung\Documents\Emulators
2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\users\Kyle Cheung
2012-10-27 00:25 - 2012-10-27 02:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\ESRI
2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\Application Data\ESRI
2012-10-22 14:07 - 2012-10-27 00:18 - 00000000 ____D C:\Users\Isara\My Documents\StarCraft II
2012-10-22 14:07 - 2012-10-27 00:18 - 00000000 ____D C:\Users\Isara\Documents\StarCraft II
2012-10-21 22:49 - 2012-10-21 22:49 - 00240808 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Ask
2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Application Data\Ask
2012-10-18 15:01 - 2012-09-24 22:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-18 15:01 - 2012-09-24 22:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-18 15:01 - 2012-09-24 22:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-18 15:00 - 2012-10-18 15:01 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-15 13:55 - 2012-11-03 02:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\My Games
2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\My Games
2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\AppData\Local\My Games
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Windows\SysWOW64\Saves
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\FLT
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\FLT
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\AppData\Local\FLT
2012-10-13 14:39 - 2012-10-13 14:55 - 00000000 ____D C:\Users\Isara\My Documents\XCOM
2012-10-13 14:39 - 2012-10-13 14:55 - 00000000 ____D C:\Users\Isara\Documents\XCOM
2012-10-13 00:49 - 2012-10-13 12:12 - 00000000 ____D C:\Users\Isara\Local Settings\Skyrim
2012-10-13 00:49 - 2012-10-13 12:12 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Skyrim
2012-10-13 00:49 - 2012-10-13 12:12 - 00000000 ____D C:\Users\Isara\AppData\Local\Skyrim
2012-10-10 22:31 - 2012-10-11 10:37 - 00000000 ____D C:\Users\Isara\Application Data\WinRAR
2012-10-10 22:31 - 2012-10-11 10:37 - 00000000 ____D C:\Users\Isara\AppData\Roaming\WinRAR
2012-10-10 22:31 - 2012-10-10 22:31 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\CRE
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\CRE
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\AppData\Local\CRE
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-10-10 16:12 - 2012-10-11 09:29 - 00000000 ____D C:\Users\Isara\Application Data\uTorrent
2012-10-10 16:12 - 2012-10-11 09:29 - 00000000 ____D C:\Users\Isara\AppData\Roaming\uTorrent
2012-10-10 16:12 - 2012-10-10 16:14 - 00000000 ____D C:\Users\Isara\Local Settings\Conduit
2012-10-10 16:12 - 2012-10-10 16:14 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Conduit
2012-10-10 16:12 - 2012-10-10 16:14 - 00000000 ____D C:\Users\Isara\AppData\Local\Conduit
2012-10-10 16:12 - 2012-10-10 16:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-10-10 09:47 - 2012-08-31 13:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 09:46 - 2012-09-14 14:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 09:46 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 09:46 - 2012-08-30 13:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 09:46 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 09:46 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 09:46 - 2012-08-24 13:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 09:46 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 09:46 - 2012-08-20 13:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 09:46 - 2012-08-20 13:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 09:46 - 2012-08-20 13:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 09:46 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 09:46 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 09:46 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 09:46 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 09:46 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 09:46 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 09:46 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 09:46 - 2012-08-10 19:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 09:46 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 09:45 - 2012-06-02 00:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 09:45 - 2012-06-02 00:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 09:45 - 2012-06-02 00:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 09:45 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 09:45 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 09:45 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\PUTTY.RND
2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\Application Data\PUTTY.RND
2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\AppData\Local\PUTTY.RND
2012-10-09 10:45 - 2012-11-04 09:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-10-09 10:45 - 2012-11-04 09:35 - 00000000 ____D C:\Users\All Users\Skype
2012-10-09 10:45 - 2012-11-04 09:35 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2012-10-09 10:45 - 2012-11-04 00:11 - 00000000 ____D C:\Users\Isara\Application Data\Skype
2012-10-09 10:45 - 2012-11-04 00:11 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Skype

==================== One Month Modified Files and Folders =======

2012-11-07 18:26 - 2011-04-24 01:28 - 01257001 ____A C:\Windows\WindowsUpdate.log
2012-11-07 18:24 - 2012-09-04 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-07 18:23 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-07 18:23 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-07 18:22 - 2012-11-03 02:21 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-07 18:22 - 2012-11-03 02:21 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-11-07 18:21 - 2012-11-07 18:20 - 01459919 ____A (Farbar) C:\Users\Isara\Desktop\FRST64.exe
2012-11-07 18:21 - 2012-09-04 00:52 - 00000000 ____D C:\Users\Isara\Application Data\.purple
2012-11-07 18:21 - 2012-09-04 00:52 - 00000000 ____D C:\Users\Isara\AppData\Roaming\.purple
2012-11-07 18:18 - 2012-09-03 23:53 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-07 18:17 - 2011-04-24 02:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-11-07 18:16 - 2012-09-20 23:42 - 00000000 ____D C:\Users\Isara\Local Settings\LogMeIn Hamachi
2012-11-07 18:16 - 2012-09-20 23:42 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\LogMeIn Hamachi
2012-11-07 18:16 - 2012-09-20 23:42 - 00000000 ____D C:\Users\Isara\AppData\Local\LogMeIn Hamachi
2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-11-07 18:15 - 2012-11-04 17:01 - 00000840 ____A C:\Windows\setupact.log
2012-11-07 18:15 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-07 18:08 - 2012-11-07 12:24 - 00000000 ____D C:\Users\Isara\Desktop\Virus_Scan
2012-11-07 18:07 - 2012-11-07 02:51 - 00000000 ____D C:\FRST
2012-11-07 18:01 - 2012-11-03 02:25 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-07 18:01 - 2012-11-03 02:25 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013
2012-11-07 17:36 - 2012-10-29 13:13 - 00000000 ____D C:\Users\Isara\Application Data\Dropbox
2012-11-07 17:36 - 2012-10-29 13:13 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Dropbox
2012-11-07 12:35 - 2012-10-29 13:15 - 00000000 ___RD C:\Users\Isara\Dropbox
2012-11-07 12:22 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-07 11:11 - 2012-11-07 11:11 - 00000218 ____A C:\Users\Isara\.recently-used.xbel
2012-11-07 11:11 - 2012-09-03 21:24 - 00000000 ____D C:\users\Isara
2012-11-07 11:04 - 2012-09-04 11:07 - 00000000 ____D C:\Users\Isara\Application Data\gtk-2.0
2012-11-07 11:04 - 2012-09-04 11:07 - 00000000 ____D C:\Users\Isara\AppData\Roaming\gtk-2.0
2012-11-07 10:15 - 2012-09-03 19:51 - 00000000 ____D C:\Windows\SMINST
2012-11-07 02:55 - 2012-11-07 02:55 - 00000175 ____A C:\Users\Isara\Desktop\Search.txt
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\SKIDROW
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\SKIDROW
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\AppData\Local\SKIDROW
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Stardock
2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Application Data\Stardock
2012-11-07 01:08 - 2012-09-16 15:39 - 00000000 ____D C:\Users\Isara\My Documents\My Games
2012-11-07 01:08 - 2012-09-16 15:39 - 00000000 ____D C:\Users\Isara\Documents\My Games
2012-11-07 00:57 - 2012-09-04 20:10 - 00000000 ____D C:\Users\Isara\Application Data\DAEMON Tools Lite
2012-11-07 00:57 - 2012-09-04 20:10 - 00000000 ____D C:\Users\Isara\AppData\Roaming\DAEMON Tools Lite
2012-11-07 00:54 - 2012-11-07 04:40 - 1522434136 ____A C:\Users\Isara\Desktop\Dwarfy ****.rar
2012-11-06 23:12 - 2012-09-03 11:30 - 00000000 ____D C:\Users\Isara\My Documents\Currently Library
2012-11-06 23:12 - 2012-09-03 11:30 - 00000000 ____D C:\Users\Isara\Documents\Currently Library
2012-11-06 20:13 - 2012-09-03 11:50 - 00000000 ____D C:\Users\Isara\My Documents\iRinger Tones
2012-11-06 20:13 - 2012-09-03 11:50 - 00000000 ____D C:\Users\Isara\Documents\iRinger Tones
2012-11-06 16:09 - 2012-09-04 22:34 - 00000000 ____D C:\Users\Isara\My Documents\Binghamton 2012 Fall
2012-11-06 16:09 - 2012-09-04 22:34 - 00000000 ____D C:\Users\Isara\Documents\Binghamton 2012 Fall
2012-11-06 15:22 - 2012-11-03 23:25 - 00000314 ____A C:\Users\Isara\Desktop\Kyle Spring2013 Sched.txt
2012-11-06 15:08 - 2011-04-24 01:47 - 00431959 ____A C:\Windows\DirectX.log
2012-11-05 23:34 - 2012-11-05 23:30 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2012-11-05 23:33 - 2012-09-03 11:48 - 00000000 ____D C:\Users\Isara\My Documents\Emulators
2012-11-05 23:33 - 2012-09-03 11:48 - 00000000 ____D C:\Users\Isara\Documents\Emulators
2012-11-05 19:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-11-05 12:48 - 2012-09-19 22:47 - 00000000 ____D C:\Users\Isara\Application Data\FileZilla
2012-11-05 12:48 - 2012-09-19 22:47 - 00000000 ____D C:\Users\Isara\AppData\Roaming\FileZilla
2012-11-05 00:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-04 17:01 - 2012-11-04 17:01 - 00000000 ____A C:\Windows\setuperr.log
2012-11-04 12:53 - 2012-11-04 08:36 - 00000000 ____D C:\Windows\Minidump
2012-11-04 12:19 - 2011-04-24 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-11-04 09:35 - 2012-10-09 10:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-04 09:35 - 2012-10-09 10:45 - 00000000 ____D C:\Users\All Users\Skype
2012-11-04 09:35 - 2012-10-09 10:45 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2012-11-04 09:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-11-04 08:36 - 2009-07-14 00:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-04 00:11 - 2012-10-09 10:45 - 00000000 ____D C:\Users\Isara\Application Data\Skype
2012-11-04 00:11 - 2012-10-09 10:45 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Skype
2012-11-03 17:33 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Avg2013
2012-11-03 17:33 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Avg2013
2012-11-03 17:33 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\AppData\Local\Avg2013
2012-11-03 09:38 - 2011-04-24 01:35 - 00020306 ____A C:\Windows\PFRO.log
2012-11-03 02:31 - 2012-09-03 21:29 - 00000000 ____D C:\Users\Isara\Application Data\Creative
2012-11-03 02:31 - 2012-09-03 21:29 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Creative
2012-11-03 02:29 - 2011-04-24 01:46 - 00000000 ____D C:\Program Files (x86)\Dell
2012-11-03 02:29 - 2011-04-24 01:41 - 00000000 ____D C:\Users\All Users\Dell
2012-11-03 02:29 - 2011-04-24 01:41 - 00000000 ____D C:\Users\All Users\Application Data\Dell
2012-11-03 02:28 - 2012-10-15 13:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\Application Data\AVG2013
2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\AppData\Roaming\AVG2013
2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\Application Data\TuneUp Software
2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\AppData\Roaming\TuneUp Software
2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ___HD C:\$AVG
2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\MFAData
2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\MFAData
2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\AppData\Local\MFAData
2012-11-03 02:16 - 2012-09-03 23:55 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-11-03 02:16 - 2012-09-03 23:55 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-11-01 19:09 - 2012-09-03 23:55 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-01 19:03 - 2012-09-04 22:31 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-01 19:03 - 2012-09-04 22:31 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-01 19:03 - 2011-04-24 01:59 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-11-01 19:03 - 2011-04-24 01:59 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\Application Data\EliseProfile0.dat
2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\AppData\Roaming\EliseProfile0.dat
2012-11-01 09:35 - 2012-11-01 09:35 - 00000000 ____D C:\Program Files (x86)\Gravity
2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\My Documents\ArcGIS
2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\Documents\ArcGIS
2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\Application Data\ESRI
2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\AppData\Roaming\ESRI
2012-10-30 17:50 - 2012-09-03 23:55 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-30 16:49 - 2012-09-04 19:59 - 00000000 ____D C:\Users\Isara\Application Data\Ventrilo
2012-10-30 16:49 - 2012-09-04 19:59 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Ventrilo
2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\Application Data\Doublefine
2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Doublefine
2012-10-29 17:52 - 2012-10-29 17:51 - 00000000 ____D C:\Program Files (x86)\Costume Quest
2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\Users\Kyle Cheung\Documents\Emulators
2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\users\Kyle Cheung
2012-10-28 12:26 - 2012-09-03 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-27 18:23 - 2012-09-04 18:46 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-10-27 18:23 - 2012-09-04 18:46 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-10-27 02:13 - 2012-10-27 00:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-27 00:18 - 2012-10-22 14:07 - 00000000 ____D C:\Users\Isara\My Documents\StarCraft II
2012-10-27 00:18 - 2012-10-22 14:07 - 00000000 ____D C:\Users\Isara\Documents\StarCraft II
2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\ESRI
2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\Application Data\ESRI
2012-10-22 23:45 - 2012-09-04 00:06 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2012-10-22 14:07 - 2012-09-15 01:29 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-10-22 14:07 - 2012-09-15 01:29 - 00000000 ____D C:\Users\All Users\Application Data\Blizzard Entertainment
2012-10-22 14:07 - 2012-09-15 01:29 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-10-21 22:49 - 2012-10-21 22:49 - 00240808 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Ask
2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Application Data\Ask
2012-10-18 15:01 - 2012-10-18 15:00 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-18 15:01 - 2012-09-03 23:47 - 00000000 ____D C:\Program Files (x86)\Java
2012-10-18 15:00 - 2011-04-24 01:57 - 00000000 ____D C:\Users\All Users\McAfee
2012-10-18 15:00 - 2011-04-24 01:57 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-10-15 13:32 - 2012-10-03 10:56 - 00000000 ____D C:\Users\Isara\My Documents\Spartan
2012-10-15 13:32 - 2012-10-03 10:56 - 00000000 ____D C:\Users\Isara\Documents\Spartan
2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\My Games
2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\My Games
2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\AppData\Local\My Games
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Windows\SysWOW64\Saves
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\FLT
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\FLT
2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\AppData\Local\FLT
2012-10-13 14:55 - 2012-10-13 14:39 - 00000000 ____D C:\Users\Isara\My Documents\XCOM
2012-10-13 14:55 - 2012-10-13 14:39 - 00000000 ____D C:\Users\Isara\Documents\XCOM
2012-10-13 12:12 - 2012-10-13 00:49 - 00000000 ____D C:\Users\Isara\Local Settings\Skyrim
2012-10-13 12:12 - 2012-10-13 00:49 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Skyrim
2012-10-13 12:12 - 2012-10-13 00:49 - 00000000 ____D C:\Users\Isara\AppData\Local\Skyrim
2012-10-11 14:07 - 2012-09-04 00:05 - 00000000 ____D C:\Users\Isara\My Documents\Guild Wars 2
2012-10-11 14:07 - 2012-09-04 00:05 - 00000000 ____D C:\Users\Isara\Documents\Guild Wars 2
2012-10-11 10:37 - 2012-10-10 22:31 - 00000000 ____D C:\Users\Isara\Application Data\WinRAR
2012-10-11 10:37 - 2012-10-10 22:31 - 00000000 ____D C:\Users\Isara\AppData\Roaming\WinRAR
2012-10-11 09:29 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\Application Data\uTorrent
2012-10-11 09:29 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\AppData\Roaming\uTorrent
2012-10-11 09:13 - 2012-09-04 11:01 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-10 22:31 - 2012-10-10 22:31 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-10-10 16:14 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\Local Settings\Conduit
2012-10-10 16:14 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Conduit
2012-10-10 16:14 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\AppData\Local\Conduit
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\CRE
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\CRE
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\AppData\Local\CRE
2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-10-10 16:12 - 2012-10-10 16:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\PUTTY.RND
2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\Application Data\PUTTY.RND
2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\AppData\Local\PUTTY.RND

ZeroAccess:
C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}
C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}\@
C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}\L
C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-05 19:28:43
Restore point made on: 2012-11-05 23:30:10
Restore point made on: 2012-11-06 00:22:31
Restore point made on: 2012-11-06 15:07:54
Restore point made on: 2012-11-07 01:07:50
Restore point made on: 2012-11-07 02:43:39
Restore point made on: 2012-11-07 02:45:51

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6051.18 MB
Available physical RAM: 5223.27 MB
Total Pagefile: 6049.32 MB
Available Pagefile: 5213.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:384.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:14.52 GB) (Free:14.41 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 581 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-11-05 19:21

==================== End Of Log =============================
 
Farbar Recovery Scan Tool (x64) Version: 07-11-2012
Ran by SYSTEM at 2012-11-07 17:31:55
Running from F:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\WINDOWS\SysWOW64\services.exe
[2012-11-07 10:20] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\WINDOWS\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
 
Greetings. Run the following and let me know how it goes. :)

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    227 bytes · Views: 10
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-11-2012
Ran by SYSTEM at 2012-11-08 09:28:04 Run:2
Running from F:\

==============================================

C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\WINDOWS\System32\services.exe moved successfully.
C:\WINDOWS\SysWOW64\services.exe copied successfully to C:\WINDOWS\System32\services.exe

==== End of Fixlog ====


It look's like this did it! AVG didn't warn me about anything as it started up, so that's a good sign. Thanks a lot!
 
Please continue scanning for malware under my lead, because I bet there's still more to remove. Back to Normal Mode...

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-11-08.01 - Isara 11/08/2012 10:37:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4317 [GMT -5:00]
Running from: C:\Users\Isara\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Roaming
C:\Users\Public\AlexaNSISPlugin.4700.dll


((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))


2012-11-08 16:23:29 . 2012-11-08 16:23:29 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2012-11-08 05:29:48 . 2012-11-08 05:29:48 -------- d-----w- C:\Users\Isara\AppData\Roaming\Zeal Game Studio
2012-11-08 05:18:53 . 2012-11-08 05:19:52 -------- d-----w- C:\Program Files (x86)\A Game of Dwarves
2012-11-07 15:20:58 . 2009-07-14 01:39:37 328704 ----a-w- C:\Windows\SysWow64\services.exe
2012-11-07 07:51:46 . 2012-11-07 23:07:53 -------- d-----w- C:\FRST
2012-11-07 06:08:36 . 2012-11-07 06:08:36 -------- d-----w- C:\Users\Isara\AppData\Local\SKIDROW
2012-11-07 06:08:36 . 2012-11-07 06:08:36 -------- d-----w- C:\ProgramData\Stardock
2012-11-06 04:30:17 . 2012-11-06 04:30:17 40960 ----a-r- C:\Users\Isara\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-11-06 04:30:17 . 2012-11-06 04:30:17 40960 ----a-r- C:\Users\Isara\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-11-06 04:30:16 . 2012-11-06 04:34:18 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-11-04 17:20:00 . 2012-08-23 15:09:41 3072 ----a-w- C:\Windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-11-04 17:20:00 . 2012-08-23 13:41:52 13312 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-04 17:20:00 . 2012-08-23 13:40:56 13312 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-04 17:20:00 . 2012-08-23 13:24:57 15360 ----a-w- C:\Windows\system32\RdpGroupPolicyExtension.dll
2012-11-04 17:18:44 . 2012-08-24 18:13:17 154480 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2012-11-04 17:18:44 . 2012-08-24 18:09:34 458712 ----a-w- C:\Windows\system32\drivers\cng.sys
2012-11-04 17:18:44 . 2012-08-24 18:05:03 340992 ----a-w- C:\Windows\system32\schannel.dll
2012-11-04 17:18:44 . 2012-08-24 18:04:18 307200 ----a-w- C:\Windows\system32\ncrypt.dll
2012-11-04 17:18:44 . 2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\system32\lsasrv.dll
2012-11-04 17:18:44 . 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-04 17:18:44 . 2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-04 17:18:44 . 2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-04 17:18:43 . 2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-04 17:18:40 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-11-04 17:18:40 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-03 07:27:02 . 2012-11-03 07:27:02 -------- d-----w- C:\Users\Isara\AppData\Roaming\AVG2013
2012-11-03 07:26:21 . 2012-11-03 07:26:21 -------- d-----w- C:\Users\Isara\AppData\Roaming\TuneUp Software
2012-11-03 07:25:35 . 2012-11-07 23:01:39 -------- d-----w- C:\ProgramData\AVG2013
2012-11-03 07:25:35 . 2012-11-03 07:25:35 -------- d-----w- C:\$AVG
2012-11-03 07:25:07 . 2012-11-03 07:25:07 -------- d-----w- C:\Program Files (x86)\AVG
2012-11-03 07:21:17 . 2012-11-08 16:24:17 -------- d-----w- C:\ProgramData\MFAData
2012-11-03 07:21:17 . 2012-11-03 22:33:08 -------- d-----w- C:\Users\Isara\AppData\Local\Avg2013
2012-11-03 07:21:17 . 2012-11-03 07:21:17 -------- d--h--w- C:\ProgramData\Common Files
2012-11-03 07:21:17 . 2012-11-03 07:21:17 -------- d-----w- C:\Users\Isara\AppData\Local\MFAData
2012-11-02 14:43:06 . 2012-10-12 07:19:03 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67A268A9-36BF-4765-AEEB-8303EAF2D239}\mpengine.dll
2012-11-01 14:35:17 . 2012-11-01 14:35:17 -------- d-----w- C:\Program Files (x86)\Gravity
2012-10-29 22:53:13 . 2012-10-29 22:53:13 -------- d-----w- C:\Users\Isara\AppData\Roaming\Doublefine
2012-10-29 22:51:02 . 2012-10-29 22:52:09 -------- d-----w- C:\Program Files (x86)\Costume Quest
2012-10-29 18:15:05 . 2012-11-07 17:35:48 -------- d-----r- C:\Users\Isara\Dropbox
2012-10-29 18:13:53 . 2012-11-07 22:36:56 -------- d-----w- C:\Users\Isara\AppData\Roaming\Dropbox
2012-10-29 04:12:06 . 2012-10-29 04:12:06 -------- d-----w- C:\Users\Kyle Cheung
2012-10-26 04:37:03 . 2012-10-26 04:37:03 -------- d-----w- C:\ProgramData\ESRI
2012-10-22 18:02:44 . 2012-10-22 18:02:44 154464 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys
2012-10-18 20:01:24 . 2012-10-18 20:01:24 -------- d-----w- C:\ProgramData\Ask
2012-10-18 20:01:09 . 2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-15 18:55:05 . 2012-11-03 07:28:19 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-10-15 08:48:50 . 2012-10-15 08:48:50 63328 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
2012-10-14 05:53:29 . 2012-10-14 05:53:29 -------- d-----w- C:\Users\Isara\AppData\Local\My Games
2012-10-13 20:00:21 . 2012-10-13 20:00:21 -------- d-----w- C:\Users\Isara\AppData\Local\FLT
2012-10-13 20:00:07 . 2012-10-13 20:00:07 -------- d-----w- C:\Windows\SysWow64\Saves
2012-10-13 05:49:10 . 2012-10-13 17:12:41 -------- d-----w- C:\Users\Isara\AppData\Local\Skyrim
2012-10-10 21:13:33 . 2012-10-10 21:13:33 -------- d-----w- C:\Users\Isara\AppData\Local\CRE
2012-10-10 21:13:01 . 2012-10-10 21:13:01 -------- d-----w- C:\Program Files (x86)\Conduit
2012-10-10 21:12:59 . 2012-10-10 21:14:25 -------- d-----w- C:\Users\Isara\AppData\Local\Conduit
2012-10-10 21:12:27 . 2012-10-10 21:12:27 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-10-10 21:12:14 . 2012-10-11 14:29:31 -------- d-----w- C:\Users\Isara\AppData\Roaming\uTorrent
2012-10-10 14:47:07 . 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 14:45:58 . 2012-06-02 05:41:27 1464320 ----a-w- C:\Windows\system32\crypt32.dll
2012-10-10 14:45:57 . 2012-06-02 04:36:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 14:45:56 . 2012-06-02 05:41:28 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-10-10 14:45:56 . 2012-06-02 05:41:28 140288 ----a-w- C:\Windows\system32\cryptnet.dll
2012-10-10 14:45:56 . 2012-06-02 04:36:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 14:45:56 . 2012-06-02 04:36:29 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 15:45:52 . 2012-11-04 05:11:12 -------- d-----w- C:\Users\Isara\AppData\Roaming\Skype
2012-10-09 15:45:49 . 2012-10-09 15:45:49 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2012-10-09 15:45:48 . 2012-11-04 14:35:11 -------- d-----r- C:\Program Files (x86)\Skype
2012-10-09 15:45:44 . 2012-11-04 14:35:12 -------- d-----w- C:\ProgramData\Skype
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-11-02 00:03:50 . 2012-09-05 03:31:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-02 00:03:50 . 2012-09-05 03:31:08 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-30 22:50:30 . 2012-09-04 04:55:57 285328 ----a-w- C:\Windows\system32\aswBoot.exe
2012-10-11 14:13:12 . 2012-09-04 16:01:00 65309168 ----a-w- C:\Windows\system32\MRT.exe
2012-10-05 08:32:50 . 2012-10-05 08:32:50 111456 ----a-w- C:\Windows\system32\drivers\avgmfx64.sys
2012-10-02 07:30:38 . 2012-10-02 07:30:38 185696 ----a-w- C:\Windows\system32\drivers\avgldx64.sys
2012-09-21 07:46:04 . 2012-09-21 07:46:04 200032 ----a-w- C:\Windows\system32\drivers\avgtdia.sys
2012-09-21 07:46:00 . 2012-09-21 07:46:00 225120 ----a-w- C:\Windows\system32\drivers\avgloga.sys
2012-09-14 07:05:18 . 2012-09-14 07:05:18 40800 ----a-w- C:\Windows\system32\drivers\avgrkx64.sys
2012-09-08 19:12:18 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
2012-09-08 19:12:18 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-09-05 01:24:57 . 2012-09-05 01:24:57 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-09-04 16:14:11 . 2012-09-04 16:14:11 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 89088 ----a-w- C:\Windows\system32\ie4uinit.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 82432 ----a-w- C:\Windows\system32\icardie.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-09-04 16:14:11 . 2012-09-04 16:14:11 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 65024 ----a-w- C:\Windows\system32\pngfilt.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-09-04 16:14:11 . 2012-09-04 16:14:11 55296 ----a-w- C:\Windows\system32\msfeedsbs.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 534528 ----a-w- C:\Windows\system32\ieapfltr.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 452608 ----a-w- C:\Windows\system32\dxtmsft.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 448512 ----a-w- C:\Windows\system32\html.iec
2012-09-04 16:14:11 . 2012-09-04 16:14:11 403248 ----a-w- C:\Windows\system32\iedkcs32.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 39936 ----a-w- C:\Windows\system32\iernonce.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 3695416 ----a-w- C:\Windows\system32\ieapfltr.dat
2012-09-04 16:14:11 . 2012-09-04 16:14:11 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-09-04 16:14:11 . 2012-09-04 16:14:11 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 282112 ----a-w- C:\Windows\system32\dxtrans.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 267776 ----a-w- C:\Windows\system32\ieaksie.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 249344 ----a-w- C:\Windows\system32\webcheck.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 197120 ----a-w- C:\Windows\system32\msrating.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 163840 ----a-w- C:\Windows\system32\ieakui.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 160256 ----a-w- C:\Windows\system32\ieakeng.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 149504 ----a-w- C:\Windows\system32\occache.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 145920 ----a-w- C:\Windows\system32\iepeers.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 10752 ----a-w- C:\Windows\system32\msfeedssync.exe
2012-09-04 16:14:11 . 2012-09-04 16:14:11 103936 ----a-w- C:\Windows\system32\inseng.dll
2012-09-04 16:14:11 . 2012-09-04 16:14:11 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-09-04 15:05:03 . 2010-06-24 16:33:56 19720 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-04 14:39:32 . 2012-09-04 14:39:32 50296 ----a-w- C:\Windows\system32\drivers\avgfwd6a.sys
2012-09-04 04:47:32 . 2012-09-04 04:47:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-04 04:47:32 . 2012-09-04 04:47:46 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-24 11:15:45 . 2012-09-22 16:01:49 17810944 ----a-w- C:\Windows\system32\mshtml.dll
2012-08-24 10:39:42 . 2012-09-22 16:01:49 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-08-24 10:31:32 . 2012-09-22 16:01:55 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-08-24 10:22:46 . 2012-09-22 16:01:56 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-08-24 10:21:18 . 2012-09-22 16:01:54 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-08-24 10:20:11 . 2012-09-22 16:01:56 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-08-24 10:18:46 . 2012-09-22 16:01:57 237056 ----a-w- C:\Windows\system32\url.dll
2012-08-24 10:17:03 . 2012-09-22 16:01:54 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-08-24 10:14:45 . 2012-09-22 16:01:57 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-08-24 10:14:34 . 2012-09-22 16:01:53 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-08-24 10:13:29 . 2012-09-22 16:01:53 599040 ----a-w- C:\Windows\system32\vbscript.dll
2012-08-24 10:12:04 . 2012-09-22 16:01:53 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-08-24 10:11:57 . 2012-09-22 16:01:55 729088 ----a-w- C:\Windows\system32\msfeeds.dll
2012-08-24 10:10:14 . 2012-09-22 16:01:59 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-08-24 10:09:42 . 2012-09-22 16:02:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-08-24 10:04:06 . 2012-09-22 16:01:57 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-08-24 06:59:17 . 2012-09-22 16:01:54 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 . 2012-09-22 16:01:54 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 . 2012-09-22 16:01:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 . 2012-09-22 16:01:57 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 . 2012-09-22 16:01:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 . 2012-09-22 16:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 . 2012-09-12 15:04:57 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-08-22 18:12:40 . 2012-09-12 15:05:02 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-08-22 18:12:40 . 2012-09-12 15:04:57 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-08-22 18:12:33 . 2012-09-12 15:04:57 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 . 2012-09-26 16:42:05 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
2012-08-21 18:01:20 . 2012-09-26 22:06:36 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:20 . 2012-09-04 16:12:16 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-21 18:01:20 . 2012-09-04 16:12:15 125872 ----a-w- C:\Windows\system32\GEARAspi64.dll
2012-08-20 17:38:44 . 2012-10-10 14:46:54 44032 ----a-w- C:\Windows\apppatch\acwow64.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 18:58:52 495616]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 13:52:56 3671904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 04:54:20 283160]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 17:53:16 113288]
"RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 10:33:58 240112]
"Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 15:35:34 514544]
"Dell Registration"="C:\Program Files (x86)\System Registration\prodreg.exe" [2010-08-23 18:43:24 3926528]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 02:32:54 59280]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 23:36:46 30040]
"Razer Orochi Driver"="C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe" [2009-10-22 14:43:58 2548056]
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 17:03:38 1996200]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 04:30:34 421776]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 00:00:32 3143800]

C:\Users\Isara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 10:34:18 219632]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 17:28:36 160944]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 19:28:46 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 10:33:18 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2010-10-30 00:11:42 250984]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 20:00:56 149504]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 18:42:54 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-04 16:11:17 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-06-10 20:35:33 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys [2012-10-15 08:48:50 63328]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys [2012-09-21 07:46:00 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 08:32:50 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 07:05:18 40800]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 08:00:00 55856]
S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 14:39:32 50296]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 18:02:44 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [2012-10-02 07:30:38 185696]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [2012-09-21 07:46:04 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-05 01:24:57 283200]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 10:42:58 89600]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 05:08:48 1340976]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 00:00:04 5814392]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 18:05:08 196664]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 16:53:28 897088]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 17:01:34 983104]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 16:15:36 499200]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 17:03:36 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 04:54:22 13336]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 15:05:46 1692480]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 16:13:44 3064000]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 20:00:04 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 02:04:12 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 16:09:36 885248]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 17:01:20 1298496]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys [2011-02-17 17:42:04 75264]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys [2011-02-17 17:42:12 174080]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys [2011-02-17 17:42:06 81920]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys [2010-11-04 10:07:06 58128]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-15 06:13:00 327168]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 00:45:00 60416]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 08:28:16 317440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 21:50:36 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 21:50:36 181248]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 11:34:52 539240]
S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys [2010-12-01 10:02:22 42392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-11-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 03:31:09 . 2012-11-02 00:03:50]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-01-20 08:57:34 167960]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-01-20 08:57:24 391704]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-01-20 08:57:28 418328]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-01-25 09:57:18 525312]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-01-05 16:48:48 592240]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 19:34:16 1933584]
"BTMTrayAgent"="C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 16:53:02 10228224]
"IntelWirelessWiMAX"="C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-02 04:24:42 1617920]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Isara\AppData\Roaming\Mozilla\Firefox\Profiles\mdz7d2u9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)


I had somebody use my laptop earlier before the post, so I hope they didn't do any damage. Here's what it put out.
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
Back