Inactive [A] Persistant Trojan.Agent svchost.exe virus! please help!

Status
Not open for further replies.
Ritsuka

Ritsuka

Posts: 12   +0
I am in major need of some help! I am not nearly as technologically adept as I wish :'(
Not too long ago I got attacked by three things: Rootkit, .PUP toolbar of some sort, and trojan.agent disguised as a svchost.exe. By the grace of God and a lot of helpful malware forums, I seem to have gotten rid of the .PUP and the rootkit; they no longer show up as threats when I run Malwarebytes Anti-Malware's full scan. I also managed to get rid of what was named the "process" of the trojan.agent svchost.exe? BUT the file of it is still there. Someone please save my poor laptop!! :(
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you for the warm welcome and for coming to my rescue!! :D

Well, suddenly Malwarebytes is now telling me that firefox.exe is being troublesome as well... :confused:
From the quick scan, it found nothing malicious, but when I do the full scans, it shows the svchost.exe still.

Here's today's log:
2012/08/06 13:15:15 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/06 13:15:20 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/06 13:15:23 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/06 13:15:27 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49739, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49741, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49743, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49744, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49746, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49747, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49748, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49754, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49755, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49758, Process: firefox.exe)
2012/08/06 13:19:48 -0400 ADMIN123-HP Admin123 IP-BLOCK 208.87.32.71 (Type: outgoing, Port: 49759, Process: firefox.exe)

Yesterday's log:
2012/08/05 00:00:05 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:00:16 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:00:26 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:00:36 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:00:47 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:00:57 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:01:07 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:01:17 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:01:27 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:01:37 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:01:48 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:01:58 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:02:08 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:02:18 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:02:29 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:02:39 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:02:50 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:03:00 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:03:10 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:03:20 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:03:30 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:03:40 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:03:51 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:04:01 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:04:11 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:04:22 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:04:32 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:04:43 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:04:53 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:05:04 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:05:14 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:05:24 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:05:34 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:05:45 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:05:55 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:06:05 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:06:15 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:06:25 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:06:35 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:06:46 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:06:56 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:07:06 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:07:16 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:07:27 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:07:37 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:07:47 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:07:57 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:08:07 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:08:17 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:08:28 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:08:38 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:08:48 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:08:58 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:09:08 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 00:09:18 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/08/05 00:12:35 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 00:12:39 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 00:12:42 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 00:12:46 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 01:00:19 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 50894, Process: svchost.exe)
2012/08/05 01:00:19 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50895, Process: svchost.exe)
2012/08/05 01:00:43 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 50908, Process: svchost.exe)
2012/08/05 01:00:43 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 50909, Process: svchost.exe)
2012/08/05 01:00:43 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 50912, Process: svchost.exe)
2012/08/05 01:01:07 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50922, Process: svchost.exe)
2012/08/05 01:01:07 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 50923, Process: svchost.exe)
2012/08/05 01:01:07 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 50924, Process: svchost.exe)
2012/08/05 01:01:08 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 50928, Process: svchost.exe)
2012/08/05 01:01:08 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50929, Process: svchost.exe)
2012/08/05 01:01:40 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 51006, Process: svchost.exe)
2012/08/05 01:01:40 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 51007, Process: svchost.exe)
2012/08/05 01:01:40 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 51008, Process: svchost.exe)
2012/08/05 01:01:40 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 51009, Process: svchost.exe)
2012/08/05 01:01:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 51095, Process: svchost.exe)
2012/08/05 01:01:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 51096, Process: svchost.exe)
2012/08/05 01:01:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 51097, Process: svchost.exe)
2012/08/05 01:01:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 51098, Process: svchost.exe)
2012/08/05 01:02:37 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 51212, Process: svchost.exe)
2012/08/05 01:02:37 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 51213, Process: svchost.exe)
2012/08/05 01:03:49 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 51417, Process: svchost.exe)
2012/08/05 01:09:21 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 52386, Process: svchost.exe)
2012/08/05 01:10:41 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 52500, Process: svchost.exe)
2012/08/05 01:17:09 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 53127, Process: svchost.exe)
2012/08/05 01:18:13 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 53175, Process: svchost.exe)
2012/08/05 01:20:22 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 53418, Process: svchost.exe)
2012/08/05 01:23:20 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 54095, Process: svchost.exe)
2012/08/05 01:33:39 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 01:33:41 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 01:33:44 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 01:33:48 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 02:15:37 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50806, Process: svchost.exe)
2012/08/05 02:39:17 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 52365, Process: svchost.exe)
2012/08/05 02:40:14 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 52485, Process: svchost.exe)
2012/08/05 02:40:14 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 52486, Process: svchost.exe)
2012/08/05 02:48:46 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 52954, Process: svchost.exe)
2012/08/05 02:59:19 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 53192, Process: svchost.exe)
2012/08/05 02:59:19 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 53193, Process: svchost.exe)
2012/08/05 02:59:19 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 53194, Process: svchost.exe)
2012/08/05 03:01:20 -0400 ADMIN123-HP Admin123 IP-BLOCK 64.34.127.185 (Type: outgoing, Port: 53621, Process: svchost.exe)
2012/08/05 03:02:33 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 53919, Process: svchost.exe)
2012/08/05 03:04:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 54311, Process: svchost.exe)
2012/08/05 03:05:14 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 54329, Process: svchost.exe)
2012/08/05 03:05:47 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 54473, Process: svchost.exe)
2012/08/05 03:05:47 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 54486, Process: svchost.exe)
2012/08/05 03:06:59 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 54938, Process: svchost.exe)
2012/08/05 03:08:28 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55336, Process: svchost.exe)
2012/08/05 03:08:28 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55338, Process: svchost.exe)
2012/08/05 03:08:28 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55340, Process: svchost.exe)
2012/08/05 03:08:44 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55390, Process: svchost.exe)
2012/08/05 03:09:01 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55564, Process: svchost.exe)
2012/08/05 03:09:09 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55590, Process: svchost.exe)
2012/08/05 03:09:09 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 55622, Process: svchost.exe)
2012/08/05 03:11:42 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 56501, Process: svchost.exe)
2012/08/05 03:12:31 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 56983, Process: svchost.exe)
2012/08/05 03:15:37 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 57830, Process: svchost.exe)
2012/08/05 03:15:37 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 57831, Process: svchost.exe)
2012/08/05 03:15:37 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 57832, Process: svchost.exe)
2012/08/05 03:15:45 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 57843, Process: svchost.exe)
2012/08/05 03:15:45 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 57844, Process: svchost.exe)
2012/08/05 03:18:10 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 58654, Process: svchost.exe)
2012/08/05 03:18:10 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 58655, Process: svchost.exe)
2012/08/05 03:18:10 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 58656, Process: svchost.exe)
2012/08/05 03:18:19 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 58783, Process: svchost.exe)
2012/08/05 03:19:31 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 59397, Process: svchost.exe)
2012/08/05 03:20:44 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 59757, Process: svchost.exe)
2012/08/05 03:21:00 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 59973, Process: svchost.exe)
2012/08/05 03:21:00 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 59977, Process: svchost.exe)
2012/08/05 03:21:00 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 59978, Process: svchost.exe)
2012/08/05 03:21:01 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 59979, Process: svchost.exe)
2012/08/05 16:48:48 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 16:48:51 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 16:48:54 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 16:48:59 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 16:59:10 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 59374, Process: svchost.exe)
2012/08/05 16:59:18 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 59412, Process: svchost.exe)
2012/08/05 16:59:18 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 59413, Process: svchost.exe)
2012/08/05 17:09:57 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 60235, Process: svchost.exe)
2012/08/05 17:16:44 -0400 ADMIN123-HP Admin123 IP-BLOCK 89.46.251.131 (Type: outgoing, Port: 62006, Process: svchost.exe)
2012/08/05 17:19:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 62890, Process: svchost.exe)
2012/08/05 17:19:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 62891, Process: svchost.exe)
2012/08/05 17:19:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 62892, Process: svchost.exe)
2012/08/05 17:19:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 62893, Process: svchost.exe)
2012/08/05 17:35:03 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 17:35:07 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 17:35:10 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 17:35:14 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 17:35:24 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/08/05 17:35:35 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:35:46 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:35:58 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:36:09 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:36:19 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:36:30 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:36:42 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:36:53 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:37:04 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:37:14 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:37:24 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:37:34 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:37:44 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:37:55 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:38:05 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:38:15 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:38:25 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:38:35 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:38:45 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:38:55 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:39:06 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:39:16 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:39:26 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:39:36 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:39:46 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:39:56 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:40:06 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:40:16 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:40:27 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:40:37 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:40:47 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:40:57 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:41:08 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:41:18 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:41:28 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:41:38 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:41:48 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:41:59 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:42:09 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:42:19 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:42:30 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:42:40 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:42:51 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:43:02 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:43:13 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:43:24 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:43:35 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:43:47 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:43:57 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:44:09 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:44:22 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:44:34 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:44:49 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:45:02 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:45:14 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:45:25 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:45:37 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:45:47 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:45:58 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:46:09 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:46:20 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:46:30 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:46:41 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:46:51 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:47:01 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:47:12 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:47:23 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:47:33 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:47:44 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:47:55 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:48:06 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:48:16 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:48:27 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:48:37 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:48:47 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:48:57 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:49:07 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:49:18 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:49:28 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:49:38 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:49:48 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:49:58 -0400 ADMIN123-HP Admin123 DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:50:10 -0400 ADMIN123-HP (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 17:50:21 -0400 ADMIN123-HP (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/08/05 18:27:40 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 18:27:45 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 18:27:48 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 18:27:51 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 19:03:20 -0400 ADMIN123-HP Admin123 IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 50695, Process: svchost.exe)
2012/08/05 19:46:30 -0400 ADMIN123-HP Admin123 IP-BLOCK 217.23.13.130 (Type: outgoing, Port: 62680, Process: svchost.exe)
2012/08/05 20:14:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.122 (Type: outgoing, Port: 51446, Process: svchost.exe)
2012/08/05 20:14:50 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 51447, Process: svchost.exe)
2012/08/05 20:17:17 -0400 ADMIN123-HP (null) IP-BLOCK 78.41.203.120 (Type: outgoing, Port: 52156, Process: svchost.exe)
2012/08/05 20:28:29 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 20:28:32 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 20:28:35 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 20:28:38 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 20:49:05 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 50922, Process: svchost.exe)
2012/08/05 20:49:05 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 50923, Process: svchost.exe)
2012/08/05 20:49:05 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50924, Process: svchost.exe)
2012/08/05 20:49:05 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 50954, Process: svchost.exe)
2012/08/05 20:49:21 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 51093, Process: svchost.exe)
2012/08/05 20:49:29 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 51124, Process: svchost.exe)
2012/08/05 20:49:29 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 51125, Process: svchost.exe)
2012/08/05 20:49:46 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 51437, Process: svchost.exe)
2012/08/05 20:49:46 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 51438, Process: svchost.exe)
2012/08/05 20:49:46 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 51439, Process: svchost.exe)
2012/08/05 20:50:02 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 51633, Process: svchost.exe)
2012/08/05 21:17:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 58345, Process: svchost.exe)
2012/08/05 21:17:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 58346, Process: svchost.exe)
2012/08/05 21:17:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 58347, Process: svchost.exe)
2012/08/05 21:17:56 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 58349, Process: svchost.exe)
2012/08/05 21:18:20 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 58357, Process: svchost.exe)
2012/08/05 21:18:20 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 58358, Process: svchost.exe)
2012/08/05 21:18:20 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 58359, Process: svchost.exe)
2012/08/05 21:31:41 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 59200, Process: svchost.exe)
2012/08/05 21:31:41 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 59201, Process: svchost.exe)
2012/08/05 21:31:41 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 59202, Process: svchost.exe)
2012/08/05 21:31:41 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 59204, Process: svchost.exe)
2012/08/05 21:32:06 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 59210, Process: svchost.exe)
2012/08/05 21:32:06 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 59211, Process: svchost.exe)
2012/08/05 21:32:06 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 59212, Process: svchost.exe)
2012/08/05 21:32:14 -0400 ADMIN123-HP Admin123 IP-BLOCK 206.161.121.123 (Type: outgoing, Port: 59221, Process: svchost.exe)
2012/08/05 21:48:18 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 21:48:20 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 21:48:23 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 21:48:27 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
2012/08/05 22:38:20 -0400 ADMIN123-HP Admin123 MESSAGE Starting protection
2012/08/05 22:38:24 -0400 ADMIN123-HP Admin123 MESSAGE Protection started successfully
2012/08/05 22:38:27 -0400 ADMIN123-HP Admin123 MESSAGE Starting IP protection
2012/08/05 22:38:31 -0400 ADMIN123-HP Admin123 MESSAGE IP Protection started successfully
 
I downloaded GMER and tried to run it, and it did seem to scan that automatic quick scan...however, when I saved and opened the gmer.log, there was nothing there... :(

Also, I think that it may be helpful to know that I used Combofix, DDS, TSDDRKiller(?) to get rid of the .PUP virus and the rootkit...I know that I'm not supposed to use these by myself NOW, but when I was trying to relieve the situation myself, I was desperate to do anything :(
 
Here's the DDS.txt and Attach.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Admin123 at 13:49:32 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2000 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Admin123\Downloads\dd978q08.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.deviantart.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [EPSON011DA5] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S4A29.tmp" /EF "HKCU"
uRun: [FreeScreenSharing] "C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B} : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\9556C6C6F677D4F6F63756D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\C696E6B6379737F5750535F586167656 : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin123\AppData\Roaming\Mozilla\Firefox\Profiles\pbt687ag.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0dd404fe-1f66-4a03-a407-58c6b3d8f6a5%7D&mid=2d57263ed15e47d08182359c7b1a361b-77582ebb37624dca34eebc43c116d9fe623beda2&ds=AVG&v=12.1.0.21&lang=en&pr=pr&d=2012-08-05%2017%3A47%3A34&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-17 2424424]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-5 655944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-19 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-19 487280]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-5 830048]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-24 250056]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
S3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-06 02:45:49 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-06 01:43:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-06 01:26:46 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-08-06 01:20:28 -------- d-----w- C:\Users\Admin123\temp
2012-08-06 01:20:27 -------- d-----w- C:\Users\Admin123\AppData\Roaming\TeamViewer
2012-08-05 23:03:57 -------- d-----w- C:\Users\Admin123\AppData\Roaming\AVG
2012-08-05 21:48:11 -------- d-----w- C:\Users\Admin123\AppData\Roaming\AVG2012
2012-08-05 21:47:47 -------- d-----w- C:\Users\Admin123\AppData\Local\AVG Secure Search
2012-08-05 21:47:38 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-05 21:47:32 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-05 21:47:29 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-05 21:47:28 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-05 21:46:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-05 21:44:43 -------- d--h--w- C:\$AVG
2012-08-05 21:44:41 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-05 21:44:41 -------- d-----w- C:\ProgramData\AVG2012
2012-08-05 21:43:41 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-05 21:24:40 -------- d--h--w- C:\ProgramData\Common Files
2012-08-05 21:24:40 -------- d-----w- C:\ProgramData\MFAData
2012-08-05 19:50:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-05 19:44:21 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F37733ED-2048-4C0A-BF88-BEA4CE3E8EB1}\mpengine.dll
2012-08-05 19:40:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{BF53B6B7-32C5-4C80-8A46-119A00218050}
2012-08-05 19:40:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{A8F26326-87D4-482D-9A33-CF2973CB06FE}
2012-08-05 15:10:15 -------- d-----w- C:\Users\Admin123\AppData\Local\{DA5E432D-9A7D-4E1F-917D-C759764C9213}
2012-08-05 15:10:05 -------- d-----w- C:\Users\Admin123\AppData\Local\{600970A0-5505-4D92-86EA-E67FFF715770}
2012-08-05 04:49:34 -------- d-----w- C:\FRST
2012-08-05 00:29:02 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2}
2012-08-05 00:28:49 -------- d-----w- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97}
2012-08-04 21:38:49 -------- d-----w- C:\Program Files\GIMP 2
2012-08-04 21:24:31 -------- d-----w- C:\Users\Admin123\AppData\Roaming\OpenOffice.org
2012-08-04 18:43:13 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-08-04 18:42:32 -------- d-----w- C:\ProgramData\Tarma Installer
2012-08-04 18:40:19 -------- d-----w- C:\ProgramData\WeCareReminder
2012-08-04 17:36:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868}
2012-08-04 17:36:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E}
2012-08-04 00:31:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F}
2012-08-04 00:31:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE}
2012-08-01 01:48:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586}
2012-08-01 01:48:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F}
2012-08-01 01:46:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E}
2012-08-01 01:45:57 -------- d-----w- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4}
2012-07-30 21:45:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE}
2012-07-30 21:45:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E}
2012-07-30 06:09:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-30 03:54:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-30 03:54:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-30 02:24:13 -------- d-----w- C:\Users\Admin123\AppData\Local\Google
2012-07-30 02:05:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417}
2012-07-30 02:05:31 -------- d-----w- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846}
2012-07-30 02:00:27 -------- d-----w- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78}
2012-07-30 02:00:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83}
2012-07-29 19:05:13 -------- d-----w- C:\Program Files (x86)\McAfee
2012-07-29 18:59:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42}
2012-07-29 18:59:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA}
2012-07-26 02:57:01 -------- d-----w- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67}
2012-07-26 02:56:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044}
2012-07-25 14:51:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3}
2012-07-25 14:51:43 -------- d-----w- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A}
2012-07-24 17:40:09 -------- d-----w- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5}
2012-07-24 17:39:59 -------- d-----w- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D}
2012-07-24 06:58:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 06:58:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-24 05:39:32 -------- d-----w- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0}
2012-07-24 05:39:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23}
2012-07-23 22:06:44 -------- d-----w- C:\Users\Admin123\AppData\Local\Diagnostics
2012-07-23 17:42:31 -------- d-----w- C:\ProgramData\Blio
2012-07-23 17:42:28 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Blio
2012-07-23 17:38:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77}
2012-07-23 17:38:38 -------- d-----w- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920}
2012-07-23 02:15:26 -------- d-----w- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2}
2012-07-23 02:15:13 -------- d-----w- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25}
2012-07-21 22:54:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C}
2012-07-21 22:54:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2}
2012-07-20 02:13:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91}
2012-07-20 02:13:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F}
2012-07-18 20:38:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59}
2012-07-18 20:38:04 -------- d-----w- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B}
2012-07-18 03:00:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C}
2012-07-18 03:00:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834}
2012-07-16 23:26:37 -------- d-----w- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF}
2012-07-16 23:26:24 -------- d-----w- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0}
2012-07-16 05:40:19 -------- d-----w- C:\Users\Admin123\AppData\Local\CrashRpt
2012-07-16 05:40:13 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Windows Live Writer
2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Local\Windows Live Writer
2012-07-16 04:45:30 -------- d-----w- C:\Users\Admin123\.freescreensharing
2012-07-16 04:45:15 -------- d-----w- C:\Users\Admin123\AppData\Local\FreeScreenSharing
2012-07-15 23:26:00 -------- d-----w- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149}
2012-07-15 23:25:48 -------- d-----w- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF}
2012-07-14 21:29:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA}
2012-07-14 21:29:08 -------- d-----w- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF}
2012-07-14 01:03:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D}
2012-07-14 01:03:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398}
2012-07-12 15:52:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320}
2012-07-12 15:52:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641}
2012-07-12 15:47:20 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 02:09:25 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-11 19:04:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 19:04:54 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 19:04:54 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 19:04:54 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 19:04:54 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 19:04:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 18:46:47 -------- d-----w- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD}
2012-07-11 18:46:30 -------- d-----w- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B}
2012-07-11 05:10:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C}
2012-07-11 05:09:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9}
2012-07-11 02:31:24 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Malwarebytes
2012-07-11 02:31:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 02:31:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 20:33:34 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-10 20:33:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-10 20:32:56 -------- d-----w- C:\Program Files (x86)\EpsonNet
2012-07-10 20:32:18 -------- d-----w- C:\Program Files\EpsonNet
2012-07-10 20:31:41 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2012-07-10 20:29:59 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-07-10 20:29:59 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-07-10 20:29:59 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-07-10 20:29:59 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-07-10 20:29:58 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2012-07-10 20:27:52 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-07-10 20:25:18 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-07-10 20:24:43 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL
2012-07-10 20:24:40 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL
2012-07-10 20:24:23 -------- d-----w- C:\ProgramData\EPSON
2012-07-10 20:24:06 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2012-07-10 20:24:06 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2012-07-10 20:24:06 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2012-07-10 20:24:04 -------- d-----w- C:\Program Files (x86)\epson
2012-07-10 17:09:18 -------- d-----w- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C}
2012-07-10 17:09:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0}
2012-07-09 18:53:19 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242}
2012-07-09 18:53:06 -------- d-----w- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38}
2012-07-08 07:26:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D}
2012-07-08 07:26:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B}
2012-07-08 01:04:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{36A69F17-B550-4BE5-8B84-990B06DF9791}
.
==================== Find3M ====================
.
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-19 17:06:35 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-19 17:06:35 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 13:50:54.38 ===============
 
{Part 2: the Attach.txt}
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2012 8:29:36 PM
System Uptime: 8/6/2012 1:12:29 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 169B
Processor: AMD A4-3320M APU with Radeon(tm) HD Graphics | Socket FS1 | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 224.842 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.256 GiB free.
F: is CDROM ()
G: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 8/3/2012 9:26:25 PM - Removed Java(TM) 6 Update 32
RP65: 8/4/2012 2:06:52 PM - Removed Adobe Photoshop Elements 8.0.
RP66: 8/4/2012 5:13:28 PM - Removed InstallIQ Updater
RP67: 8/4/2012 5:16:21 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.17.4
RP68: 8/4/2012 8:31:30 PM - Windows Update
RP69: 8/5/2012 11:02:07 AM - Windows Update
RP70: 8/5/2012 3:43:33 PM - Windows Update
RP71: 8/5/2012 4:08:41 PM - Removed Windows Live Mesh ActiveX Control for Remote Connections
RP72: 8/5/2012 4:19:41 PM - Windows Live Essentials
RP73: 8/5/2012 4:21:16 PM - WLSetup
RP74: 8/5/2012 5:43:07 PM - Installed AVG 2012
RP75: 8/5/2012 5:43:57 PM - Installed AVG 2012
RP76: 8/5/2012 7:17:50 PM - Removed Java(TM) 6 Update 32
RP77: 8/5/2012 8:15:41 PM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
AMD VISION Engine Control Center
AVG PC Tuneup
Bamboo
Bejeweled 3
Blackhawk Striker 2
Blio
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cradle of Rome 2
CyberLink YouCam
Dora's World Adventure
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Setup
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
FreeScreenSharing
Hewlett-Packard ACLM.NET v1.1.2.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Java Auto Updater
Java(TM) 6 Update 32
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
K-Lite Codec Pack 7.0.0 (Standard)
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 1.7.0105.14.0
ooVoo
OpenOffice.org 3.3
opensource
Penguins!
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
swMSM
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games App (HP Games)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 1:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/5/2012 5:53:08 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/5/2012 5:51:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/5/2012 5:51:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/5/2012 5:51:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/5/2012 5:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2012 5:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/5/2012 5:51:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2012 5:51:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2012 5:35:07 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/5/2012 5:35:06 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/5/2012 5:29:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/5/2012 1:36:33 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/4/2012 9:31:57 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/4/2012 9:25:19 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/4/2012 9:15:22 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
8/4/2012 8:31:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/4/2012 8:27:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
8/4/2012 8:21:51 PM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x45B.
8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/4/2012 8:06:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/4/2012 7:25:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/4/2012 7:25:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/4/2012 2:03:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808e539728, 0x0000000000000001, 0xfffffa8004b0e2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-43118-01.
7/30/2012 9:49:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
7/30/2012 3:00:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808c35f728, 0x0000000000000001, 0xfffffa80055472e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-37221-01.
7/30/2012 12:16:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808b354928, 0x0000000000000001, 0xfffffa80051f52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-57080-01.
7/30/2012 12:07:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808f8b7128, 0x0000000000000001, 0xfffffa80051d62e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-62369-01.
.
==== End Of File ===========================
 
Nope. Those were MBAM alerts.

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
 
When I did the quick scan, it said no malicious items were found D:
But when I do the full scan, it shows up??
 
Sorry...I honestly don't know what I'm doing.... :(

Is it this?

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin123 :: ADMIN123-HP [administrator]

Protection: Enabled

8/4/2012 5:36:03 PM
mbam-log-2012-08-04 (17-36-03).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326788
Time elapsed: 42 minute(s), 13 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5464 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 15
C:\$Recycle.Bin\S-1-5-21-1641636118-1598163892-1382682310-1001\$RB0MXYN.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-1641636118-1598163892-1382682310-1001\$REPY3GT.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-1641636118-1598163892-1382682310-1001\$RL12EPT.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\179KQB38\openfreely_1296.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\Users\Admin123\Downloads\SoftonicDownloader_for_picasa.exe (PUP.ToolbarDownloader) -> No action taken.
C:\ProgramData\Microsoft\Windows\DRM\7345.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\7355.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\Users\Admin123\AppData\Local\Temp\73E3.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{29d9bd97-a400-c327-ec45-0e2f68899581}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Admin123\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
Some items are marked as "No action taken".
Re-run MBAM, fix ALL issues and post new log.

Next...

You're infected with ZeroAccess rootkit.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
So I ran MBAM multiple times...both quick AND full scans...and they're not showing up as threats anymore? :((
 
Well...I did the FRST thing...

Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 06-08-2012 22:45:47
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1147488 2012-08-05] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Admin123\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized [25249400 2012-05-29] (ooVoo LLC)
HKU\Admin123\...\Run: [EPSON011DA5] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S4A29.tmp" /EF "HKCU" [223232 2009-02-22] (SEIKO EPSON CORPORATION)
HKU\Admin123\...\Run: [FreeScreenSharing] "C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" [2204488 2011-11-22] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.33.1
Lsa: [Notification Packages] scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-08-05] ()
4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-05] (AVG Technologies)
3 bcbtums; C:\Windows\System32\Drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
3 BTWDPAN; C:\Windows\System32\Drivers\BTWDPAN.sys [89640 2011-09-20] (Broadcom Corporation.)
3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-01] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-31] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 18:38 - 2012-08-06 18:38 - 01439659 ____A (Farbar) C:\Users\Admin123\Downloads\FRST64.exe
2012-08-06 17:12 - 2012-08-06 17:12 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-06 17:12 - 2012-08-06 17:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-06 17:12 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-06 17:11 - 2012-08-06 17:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin123\Downloads\mbam-setup-1.62.0.1300(1).exe
2012-08-06 17:08 - 2012-08-06 17:08 - 00005318 ____A C:\Windows\PFRO.log
2012-08-06 09:48 - 2012-08-06 09:48 - 00607260 ____R (Swearware) C:\Users\Admin123\Downloads\dds.com
2012-08-06 09:40 - 2012-08-06 09:40 - 00000000 ____A C:\Users\Admin123\Documents\gmer.log
2012-08-06 09:25 - 2012-08-06 09:25 - 00302592 ____A C:\Users\Admin123\Downloads\dd978q08.exe
2012-08-06 09:13 - 2012-08-06 18:41 - 00000224 ____A C:\Windows\setupact.log
2012-08-06 09:13 - 2012-08-06 09:13 - 00000000 ____A C:\Windows\setuperr.log
2012-08-05 18:45 - 2012-08-05 18:45 - 02322184 ____A (ESET) C:\Users\Admin123\Downloads\esetsmartinstaller_enu.exe
2012-08-05 17:43 - 2012-08-05 17:43 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-05 17:40 - 2012-08-05 17:41 - 00000000 ____D C:\Users\Admin123\Downloads\tdsskiller
2012-08-05 17:39 - 2012-08-05 17:40 - 02117108 ____A C:\Users\Admin123\Downloads\tdsskiller.zip
2012-08-05 17:26 - 2012-08-05 17:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-08-05 17:20 - 2012-08-05 17:20 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\TeamViewer
2012-08-05 15:03 - 2012-08-05 15:05 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\AVG
2012-08-05 15:02 - 2012-08-05 15:02 - 00001146 ____A C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk
2012-08-05 14:58 - 2012-08-05 15:01 - 08351040 ____A (AVG ) C:\Users\Admin123\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-08-05 13:52 - 2012-08-05 14:22 - 00000609 ____A C:\Users\Admin123\Desktop\avgrep.txt
2012-08-05 13:48 - 2012-08-05 13:48 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\AVG2012
2012-08-05 13:47 - 2012-08-05 13:47 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-05 13:47 - 2012-08-05 13:47 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-05 13:47 - 2012-08-05 13:47 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-05 13:47 - 2012-08-05 13:47 - 00000000 ____D C:\Users\Admin123\AppData\Local\AVG Secure Search
2012-08-05 13:47 - 2012-08-05 13:47 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-05 13:46 - 2012-08-05 13:46 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-05 13:44 - 2012-08-06 17:00 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-05 13:44 - 2012-08-05 14:26 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-05 13:44 - 2012-08-05 13:44 - 00000000 ___HD C:\$AVG
2012-08-05 13:43 - 2012-08-05 15:02 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-05 13:36 - 2012-08-06 18:40 - 00070797 ____A C:\Windows\WindowsUpdate.log
2012-08-05 13:24 - 2012-08-06 17:00 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-05 13:23 - 2012-08-05 13:24 - 03879800 ____A (AVG Technologies) C:\Users\Admin123\Downloads\avg_isct_stb_all_2012_2197_free.exe
2012-08-05 12:54 - 2012-08-05 12:54 - 00000033 ____A C:\Users\Admin123\AppData\Roaming\mbam.context.scan
2012-08-05 12:50 - 2012-08-05 12:51 - 03907920 ____A (Piriform Ltd) C:\Users\Admin123\Downloads\ccsetup321.exe
2012-08-05 12:24 - 2012-08-05 12:24 - 00000020 ____A C:\Windows\ÈóF
2012-08-05 11:47 - 2012-08-05 11:50 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin123\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-05 11:40 - 2012-08-05 11:40 - 00000000 ____D C:\Users\Admin123\AppData\Local\{BF53B6B7-32C5-4C80-8A46-119A00218050}
2012-08-05 11:40 - 2012-08-05 11:40 - 00000000 ____D C:\Users\Admin123\AppData\Local\{A8F26326-87D4-482D-9A33-CF2973CB06FE}
2012-08-05 07:10 - 2012-08-05 07:10 - 00000000 ____D C:\Users\Admin123\AppData\Local\{DA5E432D-9A7D-4E1F-917D-C759764C9213}
2012-08-05 07:10 - 2012-08-05 07:10 - 00000000 ____D C:\Users\Admin123\AppData\Local\{600970A0-5505-4D92-86EA-E67FFF715770}
2012-08-04 20:49 - 2012-08-04 20:49 - 00000000 ____D C:\FRST
2012-08-04 18:11 - 2012-08-04 18:11 - 00016613 ____A C:\ComboFix.txt
2012-08-04 17:15 - 2012-08-05 10:56 - 00000000 ____D C:\Windows\erdnt
2012-08-04 17:15 - 2012-08-04 18:12 - 00000000 ____D C:\Qoobox
2012-08-04 16:29 - 2012-08-04 16:29 - 00000000 ____D C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2}
2012-08-04 16:28 - 2012-08-04 16:28 - 00000000 ____D C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97}
2012-08-04 15:56 - 2012-08-04 15:56 - 00002164 ____A C:\Users\Admin123\Desktop\RKreport[2].txt
2012-08-04 15:48 - 2012-08-04 15:48 - 00125228 ____A C:\Users\Admin123\Downloads\OTL.Txt
2012-08-04 15:48 - 2012-08-04 15:48 - 00059090 ____A C:\Users\Admin123\Downloads\Extras.Txt
2012-08-04 15:25 - 2012-08-04 15:25 - 00003384 ____A C:\Users\Admin123\Desktop\RKreport[1].txt
2012-08-04 13:38 - 2012-08-04 20:19 - 00000000 ____D C:\Program Files\GIMP 2
2012-08-04 13:24 - 2012-08-04 13:24 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\OpenOffice.org
2012-08-04 10:43 - 2012-08-04 20:19 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-08-04 10:40 - 2012-08-04 13:16 - 00000000 ____D C:\Users\All Users\WeCareReminder
2012-08-04 09:36 - 2012-08-04 09:36 - 00000000 ____D C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E}
2012-08-04 09:36 - 2012-08-04 09:36 - 00000000 ____D C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868}
2012-08-03 16:31 - 2012-08-03 16:31 - 00000000 ____D C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F}
2012-08-03 16:31 - 2012-08-03 16:31 - 00000000 ____D C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE}
2012-07-31 17:48 - 2012-07-31 17:48 - 00000000 ____D C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F}
2012-07-31 17:48 - 2012-07-31 17:48 - 00000000 ____D C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586}
2012-07-31 17:46 - 2012-07-31 17:46 - 00000000 ____D C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E}
2012-07-31 17:45 - 2012-07-31 17:46 - 00000000 ____D C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4}
2012-07-30 13:45 - 2012-07-30 13:46 - 00000000 ____D C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE}
2012-07-30 13:45 - 2012-07-30 13:45 - 00000000 ____D C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E}
2012-07-29 22:09 - 2012-07-29 22:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-29 19:55 - 2012-07-29 19:55 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-29 19:54 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-29 19:54 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-29 18:24 - 2012-07-29 20:11 - 00000000 ____D C:\Users\Admin123\AppData\Local\Google
2012-07-29 18:23 - 2012-07-29 20:13 - 00000000 ____D C:\Program Files (x86)\Google
2012-07-29 18:05 - 2012-07-29 18:05 - 00000000 ____D C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846}
2012-07-29 18:05 - 2012-07-29 18:05 - 00000000 ____D C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417}
2012-07-29 18:00 - 2012-07-29 18:00 - 00000000 ____D C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83}
2012-07-29 18:00 - 2012-07-29 18:00 - 00000000 ____D C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78}
2012-07-29 11:05 - 2012-07-29 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-07-29 10:59 - 2012-07-29 11:00 - 00000000 ____D C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42}
2012-07-29 10:59 - 2012-07-29 10:59 - 00000000 ____D C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA}
2012-07-25 18:57 - 2012-07-25 18:57 - 00000000 ____D C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67}
2012-07-25 18:56 - 2012-07-25 18:57 - 00000000 ____D C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044}
2012-07-25 06:51 - 2012-07-25 06:52 - 00000000 ____D C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3}
2012-07-25 06:51 - 2012-07-25 06:51 - 00000000 ____D C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A}
2012-07-24 09:40 - 2012-07-24 09:40 - 00000000 ____D C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5}
2012-07-24 09:39 - 2012-07-24 09:40 - 00000000 ____D C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D}
2012-07-24 06:56 - 2012-07-24 06:56 - 00000000 ____D C:\Windows\Sun
2012-07-23 22:58 - 2012-08-06 17:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 22:58 - 2012-08-05 12:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 22:58 - 2012-08-05 12:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 22:58 - 2012-07-29 11:05 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-23 21:39 - 2012-07-23 21:39 - 00000000 ____D C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0}
2012-07-23 21:39 - 2012-07-23 21:39 - 00000000 ____D C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23}
2012-07-23 14:53 - 2012-07-23 18:04 - 10361235 ____A C:\Users\Admin123\Downloads\NejiKari Couple Development Meme.psd
2012-07-23 09:42 - 2012-07-23 09:44 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\Blio
2012-07-23 09:42 - 2012-07-23 09:42 - 00000000 ____D C:\Users\All Users\Blio
2012-07-23 09:42 - 2012-07-23 09:42 - 00000000 ____D C:\Users\Admin123\Documents\Blio
2012-07-23 09:38 - 2012-07-23 09:38 - 00000000 ____D C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920}
2012-07-23 09:38 - 2012-07-23 09:38 - 00000000 ____D C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77}
2012-07-22 18:15 - 2012-07-22 18:15 - 00000000 ____D C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2}
2012-07-22 18:15 - 2012-07-22 18:15 - 00000000 ____D C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25}
2012-07-21 14:54 - 2012-07-21 14:54 - 00000000 ____D C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C}
2012-07-21 14:54 - 2012-07-21 14:54 - 00000000 ____D C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2}
2012-07-19 18:13 - 2012-07-19 18:13 - 00000000 ____D C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F}
2012-07-19 18:13 - 2012-07-19 18:13 - 00000000 ____D C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91}
2012-07-18 12:38 - 2012-07-18 12:38 - 00000000 ____D C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59}
2012-07-18 12:38 - 2012-07-18 12:38 - 00000000 ____D C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B}
2012-07-17 19:00 - 2012-07-17 19:01 - 00000000 ____D C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C}
2012-07-17 19:00 - 2012-07-17 19:00 - 00000000 ____D C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834}
2012-07-16 16:34 - 2012-07-16 16:35 - 00992352 ____A (Solid State Networks) C:\Users\Admin123\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-07-16 15:26 - 2012-07-16 15:26 - 00000000 ____D C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF}
2012-07-16 15:26 - 2012-07-16 15:26 - 00000000 ____D C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0}
2012-07-15 21:40 - 2012-08-04 13:15 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-07-15 21:40 - 2012-07-15 21:40 - 00000000 ____D C:\Users\Admin123\AppData\Local\CrashRpt
2012-07-15 21:35 - 2012-07-15 21:37 - 18199256 ____A (Procaster) C:\Users\Admin123\Downloads\LivestreamProcaster.exe
2012-07-15 20:59 - 2012-07-15 20:59 - 00000000 ____D C:\Users\Admin123\Documents\Mikogo4
2012-07-15 20:56 - 2012-07-15 20:59 - 09812648 ____A C:\Users\Admin123\Downloads\mikogo-starter.exe
2012-07-15 20:50 - 2012-07-15 20:51 - 00000000 ____D C:\Users\Admin123\AppData\Local\Windows Live Writer
2012-07-15 20:50 - 2012-07-15 20:50 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\Windows Live Writer
2012-07-15 20:45 - 2012-07-15 20:45 - 00000000 ____D C:\Users\Admin123\AppData\Local\FreeScreenSharing
2012-07-15 20:45 - 2012-07-15 20:45 - 00000000 ____D C:\Users\Admin123\.freescreensharing
2012-07-15 15:26 - 2012-07-15 15:26 - 00000000 ____D C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149}
2012-07-15 15:25 - 2012-07-15 15:25 - 00000000 ____D C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF}
2012-07-14 13:29 - 2012-07-14 13:29 - 00000000 ____D C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA}
2012-07-14 13:29 - 2012-07-14 13:29 - 00000000 ____D C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF}
2012-07-13 17:03 - 2012-07-13 17:03 - 00000000 ____D C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398}
2012-07-13 17:03 - 2012-07-13 17:03 - 00000000 ____D C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D}
2012-07-12 07:52 - 2012-07-12 07:53 - 00000000 ____D C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320}
2012-07-12 07:52 - 2012-07-12 07:52 - 00000000 ____D C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641}
2012-07-12 07:47 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 07:41 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 07:41 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 07:41 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 07:41 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 07:41 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 07:41 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 07:41 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 07:41 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 07:41 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 07:41 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 07:41 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 07:41 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 07:41 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 07:41 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 07:41 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 07:41 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 07:41 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 07:41 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 07:41 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 07:41 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 07:41 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 07:41 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 07:41 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 07:41 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 07:41 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 07:41 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 07:41 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 07:41 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 11:05 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 11:05 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 11:05 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 11:05 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 11:05 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 11:05 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 11:05 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 11:05 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 11:05 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 11:05 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 11:05 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 11:04 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 11:04 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 11:04 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 11:04 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 11:04 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 11:04 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 10:46 - 2012-07-11 10:46 - 00000000 ____D C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD}
2012-07-11 10:46 - 2012-07-11 10:46 - 00000000 ____D C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B}
2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C}
2012-07-10 21:09 - 2012-07-10 21:10 - 00000000 ____D C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9}
2012-07-10 19:48 - 2012-08-05 12:53 - 00000000 ____D C:\Windows\Minidump
2012-07-10 18:31 - 2012-07-10 18:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-10 18:31 - 2012-07-10 18:31 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\Malwarebytes
2012-07-10 12:35 - 2012-07-10 12:35 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\Leadertech
2012-07-10 12:33 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 12:33 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 12:32 - 2012-07-10 12:32 - 00000000 ____D C:\Program Files\EpsonNet
2012-07-10 12:32 - 2012-07-10 12:32 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2012-07-10 12:30 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\Epson
2012-07-10 12:29 - 2012-07-10 12:29 - 00000000 ____D C:\Users\Admin123\AppData\Roaming\InstallShield
2012-07-10 12:29 - 2006-10-30 20:10 - 00051360 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2012-07-10 12:29 - 2006-10-30 20:10 - 00051360 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicMgr.dll
2012-07-10 12:29 - 2006-10-30 20:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2012-07-10 12:29 - 2006-10-19 20:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2012-07-10 12:29 - 2006-10-19 20:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2012-07-10 12:29 - 2006-10-19 20:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2012-07-10 12:29 - 2004-03-03 02:10 - 00073220 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00029114 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00021021 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00015670 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00013280 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00012669 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2012-07-10 12:29 - 2004-03-03 02:10 - 00010673 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00006478 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2012-07-10 12:29 - 2004-03-03 02:10 - 00006478 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2012-07-10 12:29 - 2004-03-03 02:10 - 00006366 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2012-07-10 12:29 - 2004-03-03 02:10 - 00006366 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2012-07-10 12:29 - 2004-03-03 02:10 - 00006226 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2012-07-10 12:29 - 2004-03-03 02:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00001140 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00001140 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00001137 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00001130 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00001130 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2012-07-10 12:29 - 2004-03-03 02:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2012-07-10 12:25 - 2012-07-29 20:02 - 00000000 ____D C:\Program Files (x86)\Epson Software
2012-07-10 12:24 - 2012-07-10 12:27 - 00000000 ____D C:\Program Files (x86)\epson
2012-07-10 12:24 - 2012-07-10 12:26 - 00000000 ____D C:\Users\All Users\EPSON
2012-07-10 12:24 - 2009-04-30 20:00 - 00128392 ____A (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2012-07-10 12:24 - 2009-04-30 20:00 - 00017408 ____A (SEIKO EPSON CORP.) C:\Windows\System32\esxcdev.dll
2012-07-10 12:24 - 2008-11-16 20:00 - 00459776 ____A (Seiko Epson Corporation) C:\Windows\System32\esxwiaud.dll
2012-07-10 12:24 - 2008-11-11 19:00 - 00118784 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMFRA.DLL
2012-07-10 12:24 - 2008-11-11 19:00 - 00081920 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBFRA.DLL
2012-07-10 12:22 - 2012-07-10 12:31 - 00000060 ____A C:\Windows\EPART810.ini
2012-07-10 09:09 - 2012-07-10 09:09 - 00000000 ____D C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C}
2012-07-10 09:09 - 2012-07-10 09:09 - 00000000 ____D C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0}
2012-07-10 09:07 - 2012-07-10 09:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-09 10:53 - 2012-07-09 10:53 - 00000000 ____D C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38}
2012-07-09 10:53 - 2012-07-09 10:53 - 00000000 ____D C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242}
2012-07-07 23:26 - 2012-07-07 23:26 - 00000000 ____D C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D}
2012-07-07 23:26 - 2012-07-07 23:26 - 00000000 ____D C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B}
2012-07-07 17:04 - 2012-07-07 17:04 - 00000000 ____D C:\Users\Admin123\AppData\Local\{36A69F17-B550-4BE5-8B84-990B06DF9791}

============ 3 Months Modified Files ========================

2012-08-06 18:41 - 2012-08-06 09:13 - 00000224 ____A C:\Windows\setupact.log
2012-08-06 18:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 18:41 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-06 18:41 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-06 18:40 - 2012-08-05 13:36 - 00070797 ____A C:\Windows\WindowsUpdate.log
2012-08-06 18:39 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-06 18:38 - 2012-08-06 18:38 - 01439659 ____A (Farbar) C:\Users\Admin123\Downloads\FRST64.exe
2012-08-06 17:59 - 2012-07-23 22:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-06 17:12 - 2012-08-06 17:12 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-06 17:11 - 2012-08-06 17:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin123\Downloads\mbam-setup-1.62.0.1300(1).exe
2012-08-06 17:08 - 2012-08-06 17:08 - 00005318 ____A C:\Windows\PFRO.log
2012-08-06 09:48 - 2012-08-06 09:48 - 00607260 ____R (Swearware) C:\Users\Admin123\Downloads\dds.com
2012-08-06 09:40 - 2012-08-06 09:40 - 00000000 ____A C:\Users\Admin123\Documents\gmer.log
2012-08-06 09:25 - 2012-08-06 09:25 - 00302592 ____A C:\Users\Admin123\Downloads\dd978q08.exe
2012-08-06 09:13 - 2012-08-06 09:13 - 00000000 ____A C:\Windows\setuperr.log
2012-08-05 18:45 - 2012-08-05 18:45 - 02322184 ____A (ESET) C:\Users\Admin123\Downloads\esetsmartinstaller_enu.exe
2012-08-05 18:35 - 2012-06-15 09:08 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForADMIN123-HP$.job
2012-08-05 17:40 - 2012-08-05 17:39 - 02117108 ____A C:\Users\Admin123\Downloads\tdsskiller.zip
2012-08-05 15:02 - 2012-08-05 15:02 - 00001146 ____A C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk
2012-08-05 15:01 - 2012-08-05 14:58 - 08351040 ____A (AVG ) C:\Users\Admin123\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-08-05 14:22 - 2012-08-05 13:52 - 00000609 ____A C:\Users\Admin123\Desktop\avgrep.txt
2012-08-05 13:47 - 2012-08-05 13:47 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-05 13:47 - 2012-08-05 13:47 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-05 13:24 - 2012-08-05 13:23 - 03879800 ____A (AVG Technologies) C:\Users\Admin123\Downloads\avg_isct_stb_all_2012_2197_free.exe
2012-08-05 12:54 - 2012-08-05 12:54 - 00000033 ____A C:\Users\Admin123\AppData\Roaming\mbam.context.scan
2012-08-05 12:51 - 2012-08-05 12:50 - 03907920 ____A (Piriform Ltd) C:\Users\Admin123\Downloads\ccsetup321.exe
2012-08-05 12:24 - 2012-08-05 12:24 - 00000020 ____A C:\Windows\ÈóF
2012-08-05 12:02 - 2012-07-23 22:58 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-05 12:02 - 2012-07-23 22:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-05 11:53 - 2012-05-19 09:16 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-05 11:50 - 2012-08-05 11:47 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin123\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 18:11 - 2012-08-04 18:11 - 00016613 ____A C:\ComboFix.txt
2012-08-04 16:30 - 2012-05-11 16:35 - 00116056 ____A C:\Users\Admin123\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-04 15:56 - 2012-08-04 15:56 - 00002164 ____A C:\Users\Admin123\Desktop\RKreport[2].txt
2012-08-04 15:48 - 2012-08-04 15:48 - 00125228 ____A C:\Users\Admin123\Downloads\OTL.Txt
2012-08-04 15:48 - 2012-08-04 15:48 - 00059090 ____A C:\Users\Admin123\Downloads\Extras.Txt
2012-08-04 15:25 - 2012-08-04 15:25 - 00003384 ____A C:\Users\Admin123\Desktop\RKreport[1].txt
2012-07-29 19:55 - 2012-07-29 19:55 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-29 18:23 - 2012-05-20 10:21 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-23 18:04 - 2012-07-23 14:53 - 10361235 ____A C:\Users\Admin123\Downloads\NejiKari Couple Development Meme.psd
2012-07-22 18:14 - 2012-05-28 11:00 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForAdmin123.job
2012-07-16 16:35 - 2012-07-16 16:34 - 00992352 ____A (Solid State Networks) C:\Users\Admin123\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-07-15 21:37 - 2012-07-15 21:35 - 18199256 ____A (Procaster) C:\Users\Admin123\Downloads\LivestreamProcaster.exe
2012-07-15 20:59 - 2012-07-15 20:56 - 09812648 ____A C:\Users\Admin123\Downloads\mikogo-starter.exe
2012-07-12 07:51 - 2009-07-13 20:45 - 00441184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 07:46 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-12 04:50 - 2012-05-11 17:20 - 00000039 ____A C:\Windows\vbaddin.ini
2012-07-11 10:50 - 2012-05-11 18:04 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 12:31 - 2012-07-10 12:22 - 00000060 ____A C:\Windows\EPART810.ini
2012-07-10 09:07 - 2012-07-10 09:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-04 20:06 - 2012-07-04 18:57 - 10477156 ____A C:\Users\Admin123\Downloads\Fu Hasegawa.psd
2012-07-03 21:30 - 2012-07-03 21:30 - 00001857 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-07-03 21:28 - 2012-07-03 21:28 - 01633360 ____A (ooVoo LLC) C:\Users\Admin123\Downloads\ooVooSetup.exe
2012-07-03 21:09 - 2012-07-03 19:27 - 34210252 ____A C:\Users\Admin123\Downloads\SasuShiori.psd
2012-07-03 09:46 - 2012-08-06 17:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 16:02 - 2012-06-30 16:00 - 15267728 ____A (Google Inc.) C:\Users\Admin123\Downloads\picasa39-setup.exe
2012-06-26 19:49 - 2012-06-26 18:41 - 13010673 ____A C:\Users\Admin123\Downloads\KakaKaiya.psd
2012-06-18 22:37 - 2012-06-18 19:27 - 03789958 ____A C:\Users\Admin123\Downloads\NNG Mock Cover.psd
2012-06-18 19:55 - 2012-06-18 19:08 - 12740630 ____A C:\Users\Admin123\Downloads\IKR Tower.psd
2012-06-18 19:47 - 2012-06-18 19:47 - 00113837 ____A C:\Users\Admin123\Downloads\anim_ace.zip
2012-06-11 19:08 - 2012-07-12 07:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 11:05 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 11:05 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 11:04 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 11:04 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 12:33 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 11:04 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 11:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 11:05 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-18 17:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 17:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 17:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 17:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 17:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 17:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 17:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-18 17:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-18 17:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 07:41 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 07:41 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 07:41 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 07:41 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 07:41 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 07:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 07:41 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 07:41 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 07:41 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 07:41 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 07:41 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 07:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 07:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 07:41 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 07:41 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 07:41 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 07:41 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 07:41 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 07:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 07:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 07:41 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 07:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 07:41 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 07:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 07:41 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 07:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 07:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 07:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 11:05 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 11:05 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 11:05 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 11:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 11:05 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 11:05 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 11:05 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 12:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 11:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-26 04:42 - 2012-05-26 04:42 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-22 17:38 - 2012-05-22 17:38 - 00605090 ____A C:\Users\Admin123\Downloads\rose_brushes_set_1_by_vaia.zip
2012-05-20 10:39 - 2012-05-20 10:39 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-19 09:39 - 2012-05-19 09:39 - 00001213 ____A C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
2012-05-19 09:17 - 2012-05-19 09:17 - 00000002 ____A C:\Users\Admin123\.bdockinstall.log
2012-05-19 09:06 - 2012-05-19 09:07 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-19 09:06 - 2012-05-19 09:07 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-19 09:06 - 2012-05-19 09:07 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-19 09:06 - 2012-05-19 09:07 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-19 09:06 - 2012-05-11 16:42 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-11 17:20 - 2012-05-11 17:20 - 00000376 ____A C:\Windows\ODBC.INI
2012-05-11 16:43 - 2012-05-11 16:43 - 00001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
2012-05-11 16:34 - 2012-05-11 16:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-11 16:29 - 2012-05-11 16:29 - 00000020 ___SH C:\Users\Admin123\ntuser.ini

ZeroAccess:
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3562.91 MB
Available physical RAM: 2858.91 MB
Total Pagefile: 3561.05 MB
Available Pagefile: 2848.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:273.01 GB) (Free:224 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:20.92 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
5 Drive h: (LIL' BUDDY) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3812 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 273 GB 200 MB
Partition 3 Primary 20 GB 273 GB
Partition 4 Primary 4063 MB 294 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 273 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 20 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3808 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H LIL' BUDDY FAT32 Removable 3808 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-04 22:40

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-06 22:48:16
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    131 bytes · Views: 0
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
B
Help with PUBG Mobile Pc
Replies
0
Views
441
basitdogar
B
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni

Latest posts

Back