Solved Win64/Patched.A virus

[d3tached]

Hi, need help to get these annoying virus alerts off my computer. AVG doesn't remove them properly because they are whitelisted items and I need help to remove it by tomorrow. I'll follow the instructions as listed when I wake up tomorrow. Please reply and Thank You.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[d3tached]

In my first scan now. Also, my Microsoft Updater appeared null in my control panel.

 

[d3tached]

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Travis :: TRAVIS-PC [administrator]

10/26/2012 12:40:39 AM
mbam-log-2012-10-26 (00-40-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205815
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 35
HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044444479} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055445579} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.BHO.1 (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

Files Detected: 19
C:\Program Files (x86)\Giant Savings\Giant Savings.dll (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Travis\AppData\Local\Temp\0.8534229237374891 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Travis\AppData\Local\Temp\is754907076\GiantSavings_US.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Users\Travis\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
C:\Users\Travis\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Travis\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

 

[d3tached]

Edit, Sorry no modifications.

 

[d3tached]

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by Travis at 1:27:33 on 2012-10-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1077 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010712_5&babsrc=HP_ss&mntrId=8c9d8b2c0000000000007071bc78f2bb
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Travis\AppData\Roaming\Complitly\Complitly.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F86ECD98-6FB5-485E-86F8-6EC1BA6A9818} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Travis\AppData\Roaming\Complitly\64\Complitly64.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\lznyrcgo.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109935&tt=010712_5&babsrc=HP_ss&mntrId=8c9d8b2c0000000000007071bc78f2bb
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd80360&v=7.008.031.001&I=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: C:\Users\Travis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-10-18 22:08; plugin@yontoo.com; C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\lznyrcgo.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2012-10-20 01:01; ffxtlbr@funmoods.com; C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\lznyrcgo.default\extensions\ffxtlbr@funmoods.com
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; hgghmjltgn@hgghmjltgn.org; C:\Users\Travis\Application Data\Mozilla\Firefox\Profiles\lznyrcgo.default\extensions\hgghmjltgn@hgghmjltgn.org.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109935&tt=010712_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8c9d8b2c0000000000007071bc78f2bb
FF - user.js: extensions.BabylonToolbar_i.hardId - 8c9d8b2c0000000000007071bc78f2bb
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:19:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyBzz0FtB0B0Bzz0BtB0CtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=865177572
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyBzz0FtB0B0Bzz0BtB0CtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=865177572
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyBzz0FtB0B0Bzz0BtB0CtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=865177572&q=
FF - user.js: extensions.funmoods.id - 7071BC78F2BB8B2C
FF - user.js: extensions.funmoods.instlDay - 15631
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2222:7:59
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - true
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extentions.y2layers.installId - f57cf61d-9e03-4298-969a-9885123e11d2
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-2 2337144]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-3 136176]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-18 250808]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-21 167264]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-3 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
.
=============== Created Last 30 ================
.
2012-10-26 04:39:00--------d-----w-C:\Users\Travis\AppData\Roaming\Malwarebytes
2012-10-26 04:38:22--------d-----w-C:\ProgramData\Malwarebytes
2012-10-26 04:38:2125928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-10-26 04:38:21--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-26 04:33:56477168----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2012-10-26 04:30:30--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-10-26 03:34:532871808----a-w-C:\Windows\explorer.exe
2012-10-26 03:33:4527520----a-w-C:\Windows\System32\drivers\Diskdump.sys
2012-10-26 03:29:0952736----a-w-C:\Windows\System32\drivers\usbehci.sys
2012-10-26 03:29:0898816----a-w-C:\Windows\System32\drivers\usbccgp.sys
2012-10-26 03:29:087936----a-w-C:\Windows\System32\drivers\usbd.sys
2012-10-26 03:29:08343040----a-w-C:\Windows\System32\drivers\usbhub.sys
2012-10-26 03:29:08325120----a-w-C:\Windows\System32\drivers\usbport.sys
2012-10-26 03:29:0830720----a-w-C:\Windows\System32\drivers\usbuhci.sys
2012-10-26 03:29:0825600----a-w-C:\Windows\System32\drivers\usbohci.sys
2012-10-26 03:28:44503808----a-w-C:\Windows\System32\srcore.dll
2012-10-26 03:28:4443008----a-w-C:\Windows\SysWow64\srclient.dll
2012-10-26 03:20:11--------d-----w-C:\Program Files\Wireshark
2012-10-26 03:17:23--------d-----w-C:\Users\Travis\AppData\Local\WindowsUpdate
2012-10-26 03:06:49--------d-----w-C:\Users\Travis\AppData\Local\Secunia PSI
2012-10-26 03:06:12--------d-----w-C:\Program Files (x86)\Secunia
2012-10-19 02:09:15--------d-----w-C:\Program Files (x86)\SoundSpectrum
2012-10-19 02:08:15--------d-----w-C:\Program Files (x86)\Yontoo
2012-10-19 02:08:11--------d-----w-C:\ProgramData\Tarma Installer
2012-10-19 02:07:59--------d-----w-C:\Program Files (x86)\Funmoods
.
==================== Find3M ====================
.
2012-10-26 04:33:44473072----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-10-26 03:18:5573656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 03:18:55696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-05 03:07:4531080----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
2012-08-24 18:05:061188864----a-w-C:\Windows\System32\wininet.dll
2012-08-24 16:57:48981504----a-w-C:\Windows\SysWow64\wininet.dll
2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-08-24 15:59:301638912----a-w-C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:391638912----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03715776----a-w-C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14542208----a-w-C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 1:28:01.92 ===============

 

[d3tached]

DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2010 6:08:44 AM
System Uptime: 10/26/2012 12:50:08 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron(tm) 140 Processor | Socket AM2 | 783/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 184.009 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.676 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP142: 10/4/2012 9:17:48 PM - Scheduled Checkpoint
RP143: 10/10/2012 3:00:16 AM - Windows Update
RP144: 10/18/2012 12:22:11 PM - Scheduled Checkpoint
RP145: 10/25/2012 9:57:24 PM - Scheduled Checkpoint
RP146: 10/25/2012 11:21:05 PM - Installed MSXML 4.0 SP3 Parser
RP147: 10/25/2012 11:37:30 PM - Windows Update
RP148: 10/26/2012 12:30:44 AM - Installed Java(TM) 6 Update 37
.
==== Installed Programs ======================
.
µTorrent
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Babylon toolbar on IE
BabylonObjectInstaller
BlackBerry Desktop Software 6.1
Bonjour
Complitly
Counter-Strike: Source
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
DVDFab 8.1.3.8 (09/12/2011) Qt
FrostWire 5.1.5
G-Force
Giant Savings
Google Chrome
Google Earth
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
LabelPrint
League of Legends
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Minecraft Cracked
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
NVIDIA Drivers
Pando Media Booster
PlayReady PC Runtime amd64
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.4001)
Steam
SwiftKit
TeamViewer 6
Update Installer for WildTangent Games App
uTorrentBar Toolbar
Visual Studio 2008 x64 Redistributables
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.1.2
WinRAR 4.00 beta 1 (32-bit)
Wireshark 1.6.11 (64-bit)
Yahoo! Detect
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
10/26/2012 1:19:31 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/26/2012 1:19:31 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/25/2012 7:22:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/25/2012 11:47:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
10/25/2012 11:44:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2553141) 32-Bit Edition.
10/22/2012 6:46:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/20/2012 3:32:42 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.7 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

 

[d3tached]

Dupe...

 

[d3tached]

Sorry for PM'ing without reading the rules. Thanks for not ignoring me afterwards aswell. New member thats all.

 

[d3tached]

Virus info-

Object name C:\Windows\System32\services.exe
Detection name Virus identified Win64/Patched.A
Object type file
SDK Type Core
Result Object is white-listed (critical/system file that should not be removed)

 

[d3tached]

Alright, ready when you are chief.

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

 

[d3tached]

Need to find my flash

 

[d3tached]

Hello, sorry for the inconvenience but I need to buy a flashdrive tomorrow when I get paid. If possible could I postpone your assistance til then?

 

[Broni]

No problem

 

[d3tached]

Sorry again but I need to know whether I'll be able to use the flash later without infecting anything. If so I can continue tonight but if not I'll have to buy one tomorrow. Please get back to me.

 

[Broni]

If you want to use same flash drive on another computer...

Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

 

[d3tached]

Will it disinfect the flash drive after using one of the programs? making it usable on other computers as well that don't have those programs? The flash is used on multiple devices.

 

[Broni]

Use it until we're done and then format it to be safe.

 

[d3tached]

So install the program on my computer to disinfect it before it goes to another computer?

 

[Broni]

Yes if you're planning to use that flash drive on your computer.

 

[d3tached]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 28-10-2012 17:58:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-29] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] ()
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-04] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-16] ()
HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-04] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Travis\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-05] (Valve Corporation)
HKU\Travis\...\Run: [Google Update] "C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-02-20] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Services (Whitelisted) ===================

3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avgfws; "C:\Program Files (x86)\AVG\AVG10\avgfws.exe" [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1328736 2012-09-24] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [656480 2012-09-24] (Secunia)
2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-04] ()
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-04] (AVG Technologies)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-28 13:54 - 2012-10-28 13:54 - 00906692 ____A (Farbar) C:\Users\Travis\Downloads\FRST.exe
2012-10-28 13:29 - 2012-10-28 13:30 - 01459889 ____A (Farbar) C:\Users\Travis\Downloads\FRST64.exe
2012-10-26 00:19 - 2012-10-26 00:19 - 00001078 ____A C:\Users\Travis\Documents\Overview of Virus.csv
2012-10-25 21:54 - 2012-10-25 19:53 - 00000034 ____A C:\Users\Travis\Documents\AVG Activation Code.txt
2012-10-25 21:28 - 2012-10-25 21:28 - 00024889 ____A C:\Users\Travis\Desktop\dds.txt
2012-10-25 21:28 - 2012-10-25 21:28 - 00005515 ____A C:\Users\Travis\Desktop\attach.txt
2012-10-25 21:25 - 2012-10-25 21:25 - 00687724 ____R (Swearware) C:\Users\Travis\Downloads\dds.com
2012-10-25 21:19 - 2012-10-25 21:19 - 00000000 ____A C:\Users\Travis\Desktop\gmer.log
2012-10-25 20:58 - 2012-10-25 20:58 - 00302592 ____A C:\Users\Travis\Downloads\zng7zuel.exe
2012-10-25 20:39 - 2012-10-25 20:39 - 00000000 ____D C:\Users\Travis\AppData\Roaming\Malwarebytes
2012-10-25 20:38 - 2012-10-25 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-25 20:38 - 2012-10-25 20:38 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-25 20:38 - 2012-10-25 20:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-25 20:38 - 2012-09-29 15:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-25 20:36 - 2012-10-25 20:36 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Travis\Downloads\mbam-setup-1.65.1.1000.exe
2012-10-25 20:33 - 2012-10-25 20:33 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-10-25 20:33 - 2012-10-25 20:33 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-10-25 20:33 - 2012-10-25 20:33 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-10-25 20:33 - 2012-10-25 20:33 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-10-25 20:30 - 2012-10-25 20:30 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-10-25 20:30 - 2012-10-25 20:30 - 00000000 ____D C:\Users\All Users\McAfee
2012-10-25 19:38 - 2012-10-25 19:53 - 00000034 ____A C:\Users\Travis\Desktop\AVG Activation Code.txt
2012-10-25 19:37 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-25 19:37 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-25 19:37 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-25 19:37 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-25 19:37 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-25 19:37 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-25 19:37 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-25 19:37 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-25 19:37 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-25 19:37 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-25 19:37 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-25 19:37 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-25 19:37 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-25 19:37 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-25 19:37 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-25 19:37 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-25 19:34 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-25 19:34 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-10-25 19:34 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-10-25 19:34 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-10-25 19:34 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-10-25 19:34 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-10-25 19:34 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-10-25 19:34 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-10-25 19:34 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-10-25 19:34 - 2012-01-04 02:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-10-25 19:34 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-10-25 19:34 - 2011-12-29 22:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-10-25 19:34 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-10-25 19:34 - 2011-06-15 21:49 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-10-25 19:34 - 2011-06-15 20:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-10-25 19:34 - 2011-05-03 21:25 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-10-25 19:34 - 2011-05-03 21:22 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-10-25 19:34 - 2011-05-03 21:22 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-10-25 19:34 - 2011-05-03 21:22 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-10-25 19:34 - 2011-05-03 21:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-10-25 19:34 - 2011-05-03 21:22 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-10-25 19:34 - 2011-05-03 21:19 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-10-25 19:34 - 2011-05-03 21:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-10-25 19:34 - 2011-05-03 21:19 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-10-25 19:34 - 2011-05-03 20:34 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-10-25 19:34 - 2011-05-03 20:32 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-10-25 19:34 - 2011-05-03 20:32 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-10-25 19:34 - 2011-05-03 20:32 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-10-25 19:34 - 2011-05-03 20:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-10-25 19:34 - 2011-05-03 20:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-10-25 19:34 - 2011-05-03 20:28 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-10-25 19:34 - 2011-05-03 20:28 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-10-25 19:34 - 2011-05-03 20:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-10-25 19:34 - 2011-03-12 04:08 - 01465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-10-25 19:34 - 2011-03-12 03:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-10-25 19:34 - 2011-02-24 22:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-10-25 19:34 - 2011-02-24 21:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-10-25 19:34 - 2011-02-23 22:15 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-10-25 19:34 - 2011-02-23 21:38 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-10-25 19:34 - 2011-01-17 03:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-10-25 19:34 - 2011-01-16 21:47 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-10-25 19:33 - 2011-04-22 14:15 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-10-25 19:29 - 2011-03-24 19:29 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-10-25 19:29 - 2011-03-24 19:29 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-10-25 19:29 - 2011-03-24 19:29 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-10-25 19:29 - 2011-03-24 19:29 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-10-25 19:29 - 2011-03-24 19:29 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-10-25 19:29 - 2011-03-24 19:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-10-25 19:29 - 2011-03-24 19:28 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-10-25 19:28 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-10-25 19:28 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-10-25 19:27 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-10-25 19:27 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-10-25 19:27 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-10-25 19:27 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-10-25 19:27 - 2011-03-10 22:41 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-10-25 19:27 - 2011-03-10 22:41 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-10-25 19:27 - 2011-03-10 22:41 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-10-25 19:27 - 2011-03-10 22:41 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-10-25 19:27 - 2011-03-10 22:41 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-10-25 19:27 - 2011-03-10 22:41 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-10-25 19:27 - 2011-03-10 22:33 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-10-25 19:27 - 2011-03-10 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-10-25 19:27 - 2011-03-10 21:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-10-25 19:27 - 2011-03-10 21:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-10-25 19:27 - 2011-03-10 20:37 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-10-25 19:27 - 2011-02-18 02:51 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-10-25 19:27 - 2011-02-17 21:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-10-25 19:20 - 2012-10-25 19:20 - 00000000 ____D C:\Program Files\Wireshark
2012-10-25 19:19 - 2012-10-28 06:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-25 19:19 - 2012-10-25 19:19 - 02434048 ____A C:\Users\Travis\Downloads\msxml.msi
2012-10-25 19:18 - 2012-10-25 19:18 - 00001807 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-10-25 19:17 - 2012-10-25 19:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-10-25 19:17 - 2012-10-25 19:17 - 00000000 ____D C:\Users\Travis\AppData\Local\WindowsUpdate
2012-10-25 19:06 - 2012-10-25 19:06 - 00000000 ____D C:\Users\Travis\AppData\Local\Secunia PSI
2012-10-25 19:06 - 2012-10-25 19:06 - 00000000 ____D C:\Program Files (x86)\Secunia
2012-10-25 19:05 - 2012-10-25 19:05 - 03160768 ____A (Secunia) C:\Users\Travis\Downloads\PSISetup.exe
2012-10-22 12:23 - 2012-10-22 12:23 - 00001078 ____A C:\Users\Travis\Documents\win64 virus info.csv
2012-10-18 18:10 - 2012-10-18 18:10 - 00609880 ____A C:\Users\Travis\Downloads\cbsidlm-tr1_7-GForce_Music_Visualizer-SEO2-10741080 (1).exe
2012-10-18 18:09 - 2012-10-18 18:09 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2012-10-18 18:08 - 2012-10-18 18:08 - 03437688 ____A C:\Users\Travis\Downloads\G-Force_360_Google.exe
2012-10-18 18:07 - 2012-10-25 20:48 - 00000000 ____D C:\Program Files (x86)\Funmoods
2012-10-09 22:30 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 22:30 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 22:30 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 22:30 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 22:30 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 22:30 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 22:30 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 22:30 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 22:30 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 22:30 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 22:30 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 22:30 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 22:30 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 22:30 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 22:30 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


==================== 3 Months Modified Files ==================

2012-10-28 13:55 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-28 13:55 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-28 13:54 - 2012-10-28 13:54 - 00906692 ____A (Farbar) C:\Users\Travis\Downloads\FRST.exe
2012-10-28 13:51 - 2011-03-03 17:38 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-28 13:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-28 13:51 - 2009-07-13 20:51 - 00068923 ____A C:\Windows\setupact.log
2012-10-28 13:48 - 2010-08-02 12:15 - 01759203 ____A C:\Windows\WindowsUpdate.log
2012-10-28 13:30 - 2012-10-28 13:29 - 01459889 ____A (Farbar) C:\Users\Travis\Downloads\FRST64.exe
2012-10-28 13:30 - 2009-07-13 21:13 - 00004572 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-28 13:26 - 2011-02-20 17:46 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405690897-105122386-14069166-1001UA.job
2012-10-28 07:00 - 2010-07-31 00:31 - 00250126 ____A C:\Windows\PFRO.log
2012-10-28 06:24 - 2012-10-25 19:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-28 06:24 - 2011-03-03 17:38 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-27 18:26 - 2011-02-20 17:46 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405690897-105122386-14069166-1001Core.job
2012-10-26 00:19 - 2012-10-26 00:19 - 00001078 ____A C:\Users\Travis\Documents\Overview of Virus.csv
2012-10-25 21:28 - 2012-10-25 21:28 - 00024889 ____A C:\Users\Travis\Desktop\dds.txt
2012-10-25 21:28 - 2012-10-25 21:28 - 00005515 ____A C:\Users\Travis\Desktop\attach.txt
2012-10-25 21:25 - 2012-10-25 21:25 - 00687724 ____R (Swearware) C:\Users\Travis\Downloads\dds.com
2012-10-25 21:19 - 2012-10-25 21:19 - 00000000 ____A C:\Users\Travis\Desktop\gmer.log
2012-10-25 20:58 - 2012-10-25 20:58 - 00302592 ____A C:\Users\Travis\Downloads\zng7zuel.exe
2012-10-25 20:38 - 2012-10-25 20:38 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-25 20:36 - 2012-10-25 20:36 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Travis\Downloads\mbam-setup-1.65.1.1000.exe
2012-10-25 20:33 - 2012-10-25 20:33 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-10-25 20:33 - 2012-10-25 20:33 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-10-25 20:33 - 2012-10-25 20:33 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-10-25 20:33 - 2012-10-25 20:33 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-10-25 20:33 - 2010-11-26 05:38 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-10-25 20:19 - 2009-07-13 20:45 - 00285448 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-25 19:53 - 2012-10-25 21:54 - 00000034 ____A C:\Users\Travis\Documents\AVG Activation Code.txt
2012-10-25 19:53 - 2012-10-25 19:38 - 00000034 ____A C:\Users\Travis\Desktop\AVG Activation Code.txt
2012-10-25 19:19 - 2012-10-25 19:19 - 02434048 ____A C:\Users\Travis\Downloads\msxml.msi
2012-10-25 19:18 - 2012-10-25 19:18 - 00001807 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-10-25 19:18 - 2012-08-17 21:59 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-25 19:18 - 2011-07-20 08:28 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-25 19:05 - 2012-10-25 19:05 - 03160768 ____A (Secunia) C:\Users\Travis\Downloads\PSISetup.exe
2012-10-22 13:42 - 2012-08-17 22:02 - 00000024 ____A C:\Users\Travis\random.dat
2012-10-22 12:23 - 2012-10-22 12:23 - 00001078 ____A C:\Users\Travis\Documents\win64 virus info.csv
2012-10-22 12:02 - 2011-10-28 17:30 - 00000032 ____A C:\Users\Travis\jagex_cl_runescape_LIVE.dat
2012-10-21 11:33 - 2012-01-29 06:57 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForTravis.job
2012-10-20 05:47 - 2010-12-04 06:07 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-18 21:46 - 2011-12-18 19:13 - 00000046 ____A C:\Users\Travis\jagex_cl_runescape_LIVE1.dat
2012-10-18 18:10 - 2012-10-18 18:10 - 00609880 ____A C:\Users\Travis\Downloads\cbsidlm-tr1_7-GForce_Music_Visualizer-SEO2-10741080 (1).exe
2012-10-18 18:08 - 2012-10-18 18:08 - 03437688 ____A C:\Users\Travis\Downloads\G-Force_360_Google.exe
2012-10-10 19:26 - 2011-02-20 17:46 - 00002489 ____A C:\Users\Travis\Desktop\Google Chrome.lnk
2012-10-09 23:01 - 2011-02-01 16:13 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-29 15:54 - 2012-10-25 20:38 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-21 12:58 - 2010-12-01 15:45 - 00000915 ____A C:\Users\Public\Desktop\AVG 2011.lnk
2012-09-16 23:45 - 2012-09-16 23:45 - 02353512 ____A C:\Users\Travis\Downloads\LeagueofLegends.exe
2012-09-14 11:19 - 2012-10-09 22:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 22:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-04 19:07 - 2012-09-04 19:07 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-31 10:19 - 2012-10-25 19:34 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:03 - 2012-10-09 22:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 22:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 22:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-09 22:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 10:05 - 2012-09-21 16:10 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-09-21 16:10 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-09-21 16:10 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:03 - 2012-09-21 16:11 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:03 - 2012-09-21 16:10 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:03 - 2012-09-21 16:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:03 - 2012-09-21 16:10 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-09-21 16:10 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:02 - 2012-09-21 16:10 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:02 - 2012-09-21 16:10 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:57 - 2012-10-09 22:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 08:57 - 2012-09-21 16:10 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:57 - 2012-09-21 16:10 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 08:57 - 2012-09-21 16:10 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 08:57 - 2012-09-21 16:10 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 08:57 - 2012-09-21 16:10 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 08:57 - 2012-09-21 16:10 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 08:56 - 2012-09-21 16:10 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 08:56 - 2012-09-21 16:10 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 08:56 - 2012-09-21 16:10 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 08:56 - 2012-09-21 16:10 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:59 - 2012-09-21 16:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:20 - 2012-09-21 16:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 17:48 - 2012-08-23 17:44 - 819146956 ____A C:\Users\Travis\Downloads\Red Alert 2 Yuri's Revenge 1.001.rar
2012-08-22 10:12 - 2012-10-25 19:34 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 18:56 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 18:56 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 18:56 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-10-25 19:34 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-25 19:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-25 19:37 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-25 19:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-25 19:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-25 19:37 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-25 19:37 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-25 19:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-25 19:37 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-25 19:37 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-25 19:37 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-25 19:37 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-25 19:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-25 19:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-25 19:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-25 19:37 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-25 19:37 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-25 19:37 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-25 19:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-25 19:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-25 19:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 22:03 - 2010-11-26 05:40 - 00000129 ____A C:\Users\Travis\jagex_runescape_preferences2.dat
2012-08-17 22:02 - 2012-08-17 22:02 - 00000050 ____A C:\Users\Travis\jagex_cl_runescape_LIVE_BETA.dat
2012-08-17 22:02 - 2010-11-26 05:39 - 00000035 ____A C:\Users\Travis\jagex_runescape_preferences.dat
2012-08-10 16:56 - 2012-10-09 22:30 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 22:30 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 09:58 - 2012-10-25 19:34 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-10-25 19:34 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll


ZeroAccess:
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\00000004.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\201d3dde
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\00000004.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\00000008.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\000000cb.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\80000000.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\80000032.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

 

[d3tached]

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-18 08:22:21
Restore point made on: 2012-10-25 17:57:33
Restore point made on: 2012-10-25 19:21:48
Restore point made on: 2012-10-25 19:37:57
Restore point made on: 2012-10-25 20:31:56
Restore point made on: 2012-10-25 23:31:03

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2814.49 MB
Available physical RAM: 2149.78 MB
Total Pagefile: 2812.64 MB
Available Pagefile: 2139.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:286.37 GB) (Free:202.93 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.62 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 286 GB 101 MB
Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 286 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2012-10-15 23:55

==================== End Of Log =============================



Farbar Recovery Scan Tool (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-28 18:00:49
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

==============================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===========================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===========================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[d3tached]

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Travis [Admin rights]
Mode : Remove -- Date : 10/28/2012 19:35:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00AAJS-60Z0A SCSI Disk Device +++++
--- User ---
[MBR] 49480a67dccc10f424066b8df6ee89eb
[BSP] 2c388948e3b0ebd3961a39838d700c83 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 293239 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600760320 | Size: 11904 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: SanDisk Cruzer Switch USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt