Solved Possible malware in assembly folder

[Ahiggins]

I don't see a way to do this. The file looks like this:

 

[Broni]

Well, we'll have to take a look at your computer using external boot source.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Ahiggins]

I got the ComboFix folder back, if it makes any difference.

 

[Broni]

What do you mean?

 

[Ahiggins]

I have a folder located @ C:\ComboFix
It looks like this:

 

[Broni]

That won't do.

From previous logs I can see some issues which can be only fixed while logging from an outside source so please follow my reply #27.

 

[Ahiggins]

Here is the Log from FRST via System Recovery:

Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by SYSTEM at 11-06-2012 23:38:53
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [x]
HKLM-x32\...\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [143360 2008-03-26] (Sonic Focus, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1302528 2008-03-16] (Analog Devices, Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Adam\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
HKU\Adam\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
HKU\Adam\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Adam\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
HKU\Adam\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Adam\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Adam\...\Run: [Spotify Web Helper] "C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-03] ()
HKU\Adam\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-11] (BitTorrent, Inc.)
HKU\Adam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Adam\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
HKU\Mcx1\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
HKU\Mcx1\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Mcx1\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
HKU\Mcx1\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-15] (Valve Corporation)
HKU\UpdatusUser\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-18] (Google Inc.)
HKU\UpdatusUser.Adam-PC\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser.Adam-PC\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Adam\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [89600 2007-10-18] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [920064 2008-01-29] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [193024 2008-01-29] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-25] ()
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [467456 2008-03-19] (Analog Devices, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 BVRPMPR5; C:\Windows\SysWow64\Drivers\BVRPMPR5.sys [44224 2006-10-05] (BVRP Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-07-25] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
3 NVENETFD; C:\Windows\System32\Drivers\NVENETFD.sys [74496 2008-01-28] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmfdx64.sys [344680 2010-08-12] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\Drivers\nvnetbus.sys [34304 2008-01-28] (NVIDIA Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 ScreamBAudioSvc; C:\Windows\System32\drivers\ScreamingBAudio64.sys [38992 2009-12-01] (Screaming Bee LLC)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-07-25] (Duplex Secure Ltd.)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 {79007602-0CDB-4405-9DBF-1257BB3226EE}; Combo-Fix.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-11 19:10 - 2012-06-11 19:10 - 01402035 ____A C:\Users\Adam\Downloads\FRST64.exe
2012-06-11 19:01 - 2012-06-11 19:01 - 00000332 ____A C:\Start_.cmd
2012-06-11 19:01 - 2012-06-11 19:01 - 00000000 ____D C:\ComboFix
2012-06-11 18:30 - 2012-06-11 18:30 - 00000000 ___SD C:\Users\Adam\Desktop\ComboFix
2012-06-11 18:15 - 2012-06-11 18:15 - 00000369 ____A C:\Users\Adam\Desktop\CFScript.txt
2012-06-11 16:23 - 2012-06-11 16:23 - 00165376 ____A C:\Users\Adam\Desktop\SystemLook_x64.exe
2012-06-11 16:09 - 2012-06-11 16:09 - 01402035 ____A C:\Users\Adam\Desktop\FRST64.exe
2012-06-11 14:12 - 2012-06-11 15:51 - 00004787 ____A C:\Users\Adam\Documents\aswMBR.txt
2012-06-11 14:12 - 2012-06-11 15:51 - 00000512 ____A C:\Users\Adam\Documents\MBR.dat
2012-06-11 10:00 - 2012-06-11 10:00 - 04542341 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2012-06-11 08:57 - 2012-06-11 08:57 - 04731392 ____A (AVAST Software) C:\Users\Adam\Desktop\aswMBR.exe
2012-06-11 05:23 - 2012-06-11 05:23 - 00302592 ____A C:\Users\Adam\Desktop\rfghzz7h.exe
2012-06-10 09:11 - 2012-06-10 09:11 - 00001006 ____A C:\Users\Public\Desktop\Max Payne 3.lnk
2012-06-10 06:57 - 2012-06-10 21:02 - 00000000 ____D C:\Program Files (x86)\Black_Box
2012-06-10 00:54 - 2012-06-11 06:06 - 00607260 ____R (Swearware) C:\Users\Adam\Desktop\dds.scr
2012-06-10 00:53 - 2012-06-10 00:53 - 00050477 ____A C:\Users\Adam\Downloads\Defogger.exe
2012-06-09 08:13 - 2012-06-09 08:13 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 08:09 - 2012-06-09 08:09 - 01402880 ____A C:\Users\Adam\Downloads\HijackThis.msi
2012-06-09 07:08 - 2012-06-09 07:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 07:08 - 2012-06-09 07:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 07:08 - 2012-06-09 07:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-08 09:39 - 2012-06-08 09:39 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 09:39 - 2012-06-08 09:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 07:15 - 2012-06-08 07:15 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-08 07:14 - 2012-06-11 15:57 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-08 07:14 - 2012-06-08 07:14 - 00000000 ___HD C:\$AVG
2012-06-08 07:12 - 2012-06-08 07:12 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-08 07:02 - 2012-06-08 07:02 - 03879712 ____A (AVG Technologies) C:\Users\Adam\Downloads\avg_free_stb_all_2012_2178_cnet.exe
2012-06-08 06:51 - 2012-06-08 06:52 - 25907319 ____A C:\Users\Adam\Downloads\354213231432lnnfx.rar
2012-06-07 17:54 - 2012-06-07 17:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-07 17:29 - 2012-06-07 21:52 - 471786357 ____A C:\Users\Adam\Downloads\195753258dcandupd.rar
2012-06-07 16:51 - 2012-06-07 16:51 - 00363236 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0F07.txt
2012-06-07 16:51 - 2012-06-07 16:51 - 00011234 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0F07.txt
2012-06-06 17:59 - 2012-06-06 17:59 - 00000132 ____A C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-06 15:31 - 2012-06-06 15:31 - 00000031 ____A C:\Users\Adam\Documents\Email Password.txt
2012-06-06 14:26 - 2012-06-06 14:26 - 00013772 ____A C:\Users\Adam\Documents\Political problems.docx
2012-06-06 13:38 - 2012-06-06 14:26 - 00013765 ____A C:\Users\Adam\Downloads\Political problems.docx
2012-06-05 14:46 - 2012-06-05 14:46 - 00361316 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI12F6.txt
2012-06-05 14:46 - 2012-06-05 14:46 - 00011154 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI12F6.txt
2012-06-04 16:14 - 2012-06-04 16:14 - 00000000 ____D C:\Program Files (x86)\Photo Story 3 for Windows
2012-06-04 16:12 - 2012-06-04 16:11 - 05271552 ____A C:\Users\Adam\Downloads\Pstory.msi
2012-06-04 16:10 - 2012-06-04 16:10 - 00463080 ____A (CNET Download.com) C:\Users\Adam\Downloads\cnet_Pstory_msi.exe
2012-06-04 16:10 - 2012-06-04 16:10 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 46396.crdownload
2012-06-03 17:28 - 2012-06-03 17:31 - 70166650 ____A C:\Users\Adam\Downloads\CamMeekins.zip
2012-06-02 19:24 - 2012-06-09 08:17 - 00000000 ____D C:\Program Files (x86)\TightVNC
2012-06-02 19:23 - 2012-06-02 19:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Downloaded Installations
2012-06-02 19:22 - 2012-06-02 19:23 - 21178512 ____A (Wyse Technology) C:\Users\Adam\Downloads\PocketCloud Windows Companion_v2.4.19.exe
2012-06-02 17:59 - 2012-06-02 18:01 - 00000000 ____D C:\Users\Adam\Documents\eCommerce
2012-06-02 10:18 - 2012-06-02 10:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-02 08:48 - 2012-06-02 18:03 - 00000000 ____D C:\Users\Adam\Documents\12th Grade
2012-06-01 12:14 - 2012-06-01 12:14 - 05570355 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1 (2).zip
2012-06-01 12:13 - 2012-06-01 12:13 - 03491763 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1.zip
2012-05-28 18:00 - 2012-05-28 18:00 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium
2012-05-28 17:42 - 2012-05-28 17:42 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
2012-05-28 17:42 - 2012-05-28 17:42 - 00000000 ____D C:\Program Files (x86)\iPhoneBrowser
2012-05-28 17:40 - 2012-05-28 17:40 - 00564211 ____A C:\Users\Adam\Downloads\SetupiPhoneBrowser.1.93.exe
2012-05-28 17:40 - 2012-05-28 17:40 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 25141.crdownload
2012-05-26 12:16 - 2012-05-26 12:16 - 00000000 ____D C:\Users\Adam\Documents\Paradox Interactive
2012-05-26 03:45 - 2012-05-26 03:45 - 00000000 ____D C:\Users\Adam\AppData\Local\libimobiledevice
2012-05-25 15:11 - 2012-05-26 12:12 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2012-05-25 15:07 - 2011-03-25 08:17 - 00000071 ____A C:\Users\Adam\Downloads\fan-eu3c.cue
2012-05-25 15:06 - 2011-03-25 04:25 - 747573792 ____A C:\Users\Adam\Downloads\fan-eu3c.bin
2012-05-25 14:56 - 2012-05-25 15:00 - 00000000 ____D C:\Users\Adam\Documents\RCT3
2012-05-25 14:56 - 2012-05-25 14:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Atari
2012-05-25 14:45 - 2012-05-25 15:33 - 00000000 ____D C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-25 10:59 - 2012-05-25 10:59 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashRpt
2012-05-25 10:59 - 2012-05-25 10:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
2012-05-25 10:57 - 2012-05-25 10:57 - 00365992 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI083B.txt
2012-05-25 10:57 - 2012-05-25 10:57 - 00357232 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI085B.txt
2012-05-25 10:57 - 2012-05-25 10:57 - 00011690 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI085B.txt
2012-05-25 10:57 - 2012-05-25 10:57 - 00011402 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI083B.txt
2012-05-23 16:30 - 2012-05-23 16:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-05-23 16:26 - 2012-05-23 16:26 - 03857920 ____A C:\Users\Adam\Downloads\hamachi.msi
2012-05-22 15:44 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-22 15:44 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-22 15:44 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-22 15:44 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-05-22 15:44 - 2012-04-18 09:08 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
2012-05-22 15:44 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-05-22 15:39 - 2012-05-22 15:42 - 168454136 ____A (NVIDIA Corporation) C:\Users\Adam\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-22 11:15 - 2012-05-22 11:15 - 00028649 ____A C:\Users\Adam\Downloads\Joseph_Campbell_-_The_Hero's_Journey_[DivX-AC3].torrent
2012-05-21 15:40 - 2012-05-21 15:41 - 19046064 ____A (GIANTS Software ) C:\Users\Adam\Downloads\FarmingSimulator2011Patch2.2EN.exe
2012-05-21 15:30 - 2012-05-21 15:46 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2011
2012-05-21 11:43 - 2012-05-21 11:43 - 05536064 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner (1).exe
2012-05-20 18:59 - 2012-05-20 18:59 - 00000162 ___AH C:\Users\Adam\Documents\~$yisics Bike Project.docx
2012-05-19 20:17 - 2012-05-19 20:17 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC (1).pdf
2012-05-19 16:06 - 2012-05-19 16:06 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC.pdf
2012-05-19 11:48 - 2012-05-19 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft_xray
2012-05-19 11:33 - 2012-05-19 11:33 - 00000000 ____D C:\Program Files\7-Zip
2012-05-19 11:32 - 2012-05-19 11:32 - 01376768 ____A C:\Users\Adam\Downloads\7z920-x64.msi
2012-05-19 11:17 - 2012-05-19 11:17 - 00036559 ____A C:\Users\Adam\Downloads\xray_12.7.zip
2012-05-19 11:11 - 2012-05-19 11:11 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-19 11:11 - 2012-05-19 11:11 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-19 11:11 - 2012-05-19 11:11 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-19 11:11 - 2012-05-19 11:11 - 00000000 ____D C:\Program Files\Java
2012-05-19 11:09 - 2012-05-19 11:09 - 21865936 ____A (Oracle Corporation) C:\Users\Adam\Downloads\jre-7u4-windows-x64.exe
2012-05-19 10:42 - 2012-05-19 10:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bertware
2012-05-19 10:30 - 2012-05-19 10:30 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-19 10:29 - 2012-05-19 10:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-19 10:29 - 2012-05-19 10:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-19 10:29 - 2012-05-19 10:29 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-19 10:29 - 2012-04-04 14:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-19 10:28 - 2012-05-19 10:28 - 00892360 ____A (Oracle Corporation) C:\Users\Adam\Downloads\chromeinstall-7u4.exe
2012-05-19 07:00 - 2012-05-19 07:06 - 00000000 ____D C:\Windows\SysWOW64\world_the_end
2012-05-19 07:00 - 2012-05-19 07:06 - 00000000 ____D C:\Windows\SysWOW64\world_nether
2012-05-19 07:00 - 2012-05-19 07:06 - 00000000 ____D C:\Windows\SysWOW64\world
2012-05-19 07:00 - 2012-05-19 07:00 - 00003101 ____A C:\Windows\SysWOW64\server.log
2012-05-19 07:00 - 2012-05-19 07:00 - 00002576 ____A C:\Windows\SysWOW64\help.yml
2012-05-19 07:00 - 2012-05-19 07:00 - 00001311 ____A C:\Windows\SysWOW64\bukkit.yml
2012-05-19 07:00 - 2012-05-19 07:00 - 00000458 ____A C:\Windows\SysWOW64\server.properties
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____D C:\Windows\SysWOW64\plugins
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\white-list.txt
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\permissions.yml
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\ops.txt
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\banned-players.txt
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\banned-ips.txt
2012-05-19 06:07 - 2012-05-19 06:07 - 00000000 ____D C:\glassfish3
2012-05-19 06:04 - 2012-05-19 06:06 - 146771704 ____A (Oracle Corporation.) C:\Users\Adam\Downloads\java_ee_sdk-6u4-jdk-windows-x64.exe
2012-05-19 05:37 - 2012-04-04 14:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-19 05:27 - 2012-05-31 19:14 - 00000000 ____D C:\Users\Adam\Desktop\Bukkit Server
2012-05-18 18:31 - 2012-05-19 11:11 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-17 16:29 - 2012-05-17 16:51 - 00000000 ____D C:\multiAVCHD
2012-05-17 16:27 - 2012-05-17 16:29 - 38514000 ____A C:\Users\Adam\Downloads\multiAVCHD_4.1.exe
2012-05-16 15:34 - 2012-05-16 15:34 - 05507904 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner.jar
2012-05-16 14:51 - 2012-05-16 14:51 - 00803612 ____A C:\Users\Adam\Downloads\Rectagon Project v1.rar
2012-05-16 11:53 - 2012-05-16 11:53 - 00015501 ____A C:\Users\Adam\Downloads\Discovery_LP_[2009]_[Album]_DHZ_Inc_Release-[Demonoid.me]_9268303.3692.torrent
2012-05-14 22:21 - 2012-05-14 22:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 10:58 - 2012-05-14 10:59 - 00000000 ____D C:\Users\Adam\AppData\Local\SniperV2
2012-05-14 10:32 - 2012-05-14 10:32 - 00000000 ____D C:\Program Files (x86)\Rebellion
2012-05-14 10:08 - 2012-05-14 10:08 - 00000000 ____D C:\Users\Adam\Documents\Sniper Elite V2
2012-05-13 19:50 - 2012-05-13 19:50 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-13 19:50 - 2012-05-13 19:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-13 18:54 - 2012-05-13 18:54 - 00029078 ____A C:\Users\Adam\Downloads\_=Demonoid.me=_-Sniper_Elite_V2_SKIDROW_9268303.3692.torrent
2012-05-12 07:54 - 2012-05-13 10:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tropico 4
2012-05-12 07:48 - 2012-05-12 07:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kalypso Media

 

[Ahiggins]

Part 2:

============ 3 Months Modified Files and Folders =============

2012-06-11 19:28 - 2006-11-02 07:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:28 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 19:27 - 2011-06-18 09:41 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-11 19:12 - 2008-01-20 17:53 - 01272885 ____A C:\Windows\WindowsUpdate.log
2012-06-11 19:12 - 2006-11-02 07:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 19:12 - 2006-11-02 07:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 19:12 - 2006-11-02 04:46 - 00759910 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 19:10 - 2012-06-11 19:10 - 01402035 ____A C:\Users\Adam\Downloads\FRST64.exe
2012-06-11 19:07 - 2011-09-22 12:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-11 19:01 - 2012-06-11 19:01 - 00000332 ____A C:\Start_.cmd
2012-06-11 19:01 - 2012-06-11 19:01 - 00000000 ____D C:\ComboFix
2012-06-11 18:31 - 2012-04-08 06:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-11 18:30 - 2012-06-11 18:30 - 00000000 ___SD C:\Users\Adam\Desktop\ComboFix
2012-06-11 18:28 - 2012-04-21 14:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\uTorrent
2012-06-11 18:28 - 2011-10-30 13:41 - 00000000 ____D C:\Users\Adam\AppData\Local\LogMeIn Hamachi
2012-06-11 18:28 - 2011-06-18 17:49 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-11 18:28 - 2011-06-18 11:31 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype
2012-06-11 18:27 - 2011-09-22 12:35 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 18:24 - 2011-10-31 12:33 - 26948390 ____A C:\Windows\ntbtlog.txt
2012-06-11 18:15 - 2012-06-11 18:15 - 00000369 ____A C:\Users\Adam\Desktop\CFScript.txt
2012-06-11 17:26 - 2011-06-18 11:09 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000UA.job
2012-06-11 16:23 - 2012-06-11 16:23 - 00165376 ____A C:\Users\Adam\Desktop\SystemLook_x64.exe
2012-06-11 16:11 - 2011-11-09 19:26 - 00000000 ____D C:\FRST
2012-06-11 16:09 - 2012-06-11 16:09 - 01402035 ____A C:\Users\Adam\Desktop\FRST64.exe
2012-06-11 15:57 - 2012-06-08 07:14 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-11 15:57 - 2011-11-04 14:40 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-11 15:51 - 2012-06-11 14:12 - 00004787 ____A C:\Users\Adam\Documents\aswMBR.txt
2012-06-11 15:51 - 2012-06-11 14:12 - 00000512 ____A C:\Users\Adam\Documents\MBR.dat
2012-06-11 12:26 - 2011-06-18 11:09 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000Core.job
2012-06-11 10:04 - 2011-11-10 14:29 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 10:03 - 2011-11-10 14:29 - 00000000 ____D C:\Qoobox
2012-06-11 10:00 - 2012-06-11 10:00 - 04542341 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2012-06-11 08:57 - 2012-06-11 08:57 - 04731392 ____A (AVAST Software) C:\Users\Adam\Desktop\aswMBR.exe
2012-06-11 08:56 - 2011-09-19 23:02 - 00083968 ____A (Esage Lab) C:\Users\Adam\Desktop\boot_cleaner.exe
2012-06-11 06:06 - 2012-06-10 00:54 - 00607260 ____R (Swearware) C:\Users\Adam\Desktop\dds.scr
2012-06-11 05:23 - 2012-06-11 05:23 - 00302592 ____A C:\Users\Adam\Desktop\rfghzz7h.exe
2012-06-10 21:19 - 2011-10-02 17:23 - 00000000 ____D C:\Users\Adam\Documents\Rockstar Games
2012-06-10 21:05 - 2011-06-20 11:14 - 00000000 ____D C:\Users\Adam\Documents\Vuze Downloads
2012-06-10 21:02 - 2012-06-10 06:57 - 00000000 ____D C:\Program Files (x86)\Black_Box
2012-06-10 09:11 - 2012-06-10 09:11 - 00001006 ____A C:\Users\Public\Desktop\Max Payne 3.lnk
2012-06-10 06:47 - 2008-01-20 19:26 - 00086186 ____A C:\Windows\PFRO.log
2012-06-10 00:53 - 2012-06-10 00:53 - 00050477 ____A C:\Users\Adam\Downloads\Defogger.exe
2012-06-09 08:17 - 2012-06-02 19:24 - 00000000 ____D C:\Program Files (x86)\TightVNC
2012-06-09 08:13 - 2012-06-09 08:13 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 08:09 - 2012-06-09 08:09 - 01402880 ____A C:\Users\Adam\Downloads\HijackThis.msi
2012-06-09 07:08 - 2012-06-09 07:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 07:08 - 2012-06-09 07:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 07:08 - 2012-06-09 07:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-08 11:38 - 2011-06-16 18:41 - 00001460 ____A C:\Users\Adam\AppData\Local\d3d9caps64.dat
2012-06-08 09:39 - 2012-06-08 09:39 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 09:39 - 2012-06-08 09:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 07:29 - 2011-11-04 14:46 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-08 07:15 - 2012-06-08 07:15 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-08 07:14 - 2012-06-08 07:14 - 00000000 ___HD C:\$AVG
2012-06-08 07:12 - 2012-06-08 07:12 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-08 07:03 - 2011-06-18 09:41 - 00000000 ____D C:\users\UpdatusUser
2012-06-08 07:02 - 2012-06-08 07:02 - 03879712 ____A (AVG Technologies) C:\Users\Adam\Downloads\avg_free_stb_all_2012_2178_cnet.exe
2012-06-08 06:52 - 2012-06-08 06:51 - 25907319 ____A C:\Users\Adam\Downloads\354213231432lnnfx.rar
2012-06-07 21:52 - 2012-06-07 17:29 - 471786357 ____A C:\Users\Adam\Downloads\195753258dcandupd.rar
2012-06-07 17:54 - 2012-06-07 17:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-07 17:21 - 2011-07-07 12:06 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-07 16:51 - 2012-06-07 16:51 - 00363236 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0F07.txt
2012-06-07 16:51 - 2012-06-07 16:51 - 00011234 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0F07.txt
2012-06-07 16:51 - 2011-06-18 19:15 - 00202217 ____A C:\Windows\DirectX.log
2012-06-07 16:18 - 2011-11-13 05:13 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-07 16:18 - 2011-06-16 19:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-06 17:59 - 2012-06-06 17:59 - 00000132 ____A C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-06 17:16 - 2012-04-25 18:53 - 00000000 ____D C:\Users\Adam\AppData\Local\Spotify
2012-06-06 17:16 - 2012-04-25 18:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spotify
2012-06-06 15:31 - 2012-06-06 15:31 - 00000031 ____A C:\Users\Adam\Documents\Email Password.txt
2012-06-06 14:26 - 2012-06-06 14:26 - 00013772 ____A C:\Users\Adam\Documents\Political problems.docx
2012-06-06 14:26 - 2012-06-06 13:38 - 00013765 ____A C:\Users\Adam\Downloads\Political problems.docx
2012-06-05 14:46 - 2012-06-05 14:46 - 00361316 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI12F6.txt
2012-06-05 14:46 - 2012-06-05 14:46 - 00011154 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI12F6.txt
2012-06-04 16:14 - 2012-06-04 16:14 - 00000000 ____D C:\Program Files (x86)\Photo Story 3 for Windows
2012-06-04 16:11 - 2012-06-04 16:12 - 05271552 ____A C:\Users\Adam\Downloads\Pstory.msi
2012-06-04 16:10 - 2012-06-04 16:10 - 00463080 ____A (CNET Download.com) C:\Users\Adam\Downloads\cnet_Pstory_msi.exe
2012-06-04 16:10 - 2012-06-04 16:10 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 46396.crdownload
2012-06-03 17:31 - 2012-06-03 17:28 - 70166650 ____A C:\Users\Adam\Downloads\CamMeekins.zip
2012-06-02 19:33 - 2011-07-24 16:46 - 00000000 ____D C:\Users\Adam\Documents\11th Grade
2012-06-02 19:23 - 2012-06-02 19:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Downloaded Installations
2012-06-02 19:23 - 2012-06-02 19:22 - 21178512 ____A (Wyse Technology) C:\Users\Adam\Downloads\PocketCloud Windows Companion_v2.4.19.exe
2012-06-02 18:03 - 2012-06-02 08:48 - 00000000 ____D C:\Users\Adam\Documents\12th Grade
2012-06-02 18:01 - 2012-06-02 17:59 - 00000000 ____D C:\Users\Adam\Documents\eCommerce
2012-06-02 15:50 - 2011-08-04 15:23 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2012-06-02 12:02 - 2011-06-20 09:39 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Azureus
2012-06-02 10:19 - 2012-06-02 10:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-01 12:14 - 2012-06-01 12:14 - 05570355 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1 (2).zip
2012-06-01 12:13 - 2012-06-01 12:13 - 03491763 ____A C:\Users\Adam\Downloads\Attachments_2012_06_1.zip
2012-05-31 19:14 - 2012-05-19 05:27 - 00000000 ____D C:\Users\Adam\Desktop\Bukkit Server
2012-05-30 15:09 - 2011-06-21 05:35 - 00031232 ____A C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-29 17:37 - 2012-02-22 15:07 - 00000000 ____D C:\users\UpdatusUser.Adam-PC
2012-05-28 18:00 - 2012-05-28 18:00 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium
2012-05-28 17:42 - 2012-05-28 17:42 - 00000000 ____D C:\Users\Adam\AppData\Local\Cranium_Consulting_and_Cu
2012-05-28 17:42 - 2012-05-28 17:42 - 00000000 ____D C:\Program Files (x86)\iPhoneBrowser
2012-05-28 17:40 - 2012-05-28 17:40 - 00564211 ____A C:\Users\Adam\Downloads\SetupiPhoneBrowser.1.93.exe
2012-05-28 17:40 - 2012-05-28 17:40 - 00000000 ____A C:\Users\Adam\Downloads\Unconfirmed 25141.crdownload
2012-05-26 12:16 - 2012-05-26 12:16 - 00000000 ____D C:\Users\Adam\Documents\Paradox Interactive
2012-05-26 12:12 - 2012-05-25 15:11 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2012-05-26 08:49 - 2011-06-22 17:47 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-26 08:49 - 2011-06-20 16:55 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-26 03:45 - 2012-05-26 03:45 - 00000000 ____D C:\Users\Adam\AppData\Local\libimobiledevice
2012-05-25 16:48 - 2011-07-18 06:54 - 00000000 ____D C:\Users\Adam\Desktop\Shortcuts
2012-05-25 16:42 - 2011-06-20 16:55 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-25 15:33 - 2012-05-25 14:45 - 00000000 ____D C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-25 15:00 - 2012-05-25 14:56 - 00000000 ____D C:\Users\Adam\Documents\RCT3
2012-05-25 14:56 - 2012-05-25 14:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Atari
2012-05-25 13:34 - 2011-06-18 12:50 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft
2012-05-25 10:59 - 2012-05-25 10:59 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashRpt
2012-05-25 10:59 - 2012-05-25 10:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
2012-05-25 10:59 - 2011-06-20 17:02 - 00000000 ____D C:\Users\Adam\AppData\Local\PunkBuster
2012-05-25 10:58 - 2011-07-24 15:26 - 00000000 ____D C:\Users\Adam\Documents\My Games
2012-05-25 10:57 - 2012-05-25 10:57 - 00365992 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI083B.txt
2012-05-25 10:57 - 2012-05-25 10:57 - 00357232 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI085B.txt
2012-05-25 10:57 - 2012-05-25 10:57 - 00011690 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI085B.txt
2012-05-25 10:57 - 2012-05-25 10:57 - 00011402 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI083B.txt
2012-05-25 10:57 - 2011-06-20 16:55 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-23 16:31 - 2011-06-18 11:10 - 00002037 ____A C:\Users\Adam\Desktop\Google Chrome.lnk
2012-05-23 16:30 - 2012-05-23 16:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-05-23 16:26 - 2012-05-23 16:26 - 03857920 ____A C:\Users\Adam\Downloads\hamachi.msi
2012-05-22 15:54 - 2011-06-18 09:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-22 15:53 - 2011-06-16 18:41 - 00000000 ____D C:\users\Adam
2012-05-22 15:47 - 2011-06-16 19:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-22 15:42 - 2012-05-22 15:39 - 168454136 ____A (NVIDIA Corporation) C:\Users\Adam\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-22 11:15 - 2012-05-22 11:15 - 00028649 ____A C:\Users\Adam\Downloads\Joseph_Campbell_-_The_Hero's_Journey_[DivX-AC3].torrent
2012-05-21 15:46 - 2012-05-21 15:30 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2011
2012-05-21 15:41 - 2012-05-21 15:40 - 19046064 ____A (GIANTS Software ) C:\Users\Adam\Downloads\FarmingSimulator2011Patch2.2EN.exe
2012-05-21 11:43 - 2012-05-21 11:43 - 05536064 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner (1).exe
2012-05-20 18:59 - 2012-05-20 18:59 - 00000162 ___AH C:\Users\Adam\Documents\~$yisics Bike Project.docx
2012-05-19 20:45 - 2011-07-08 07:43 - 00000000 ____D C:\Program Files (x86)\Computer Tools
2012-05-19 20:17 - 2012-05-19 20:17 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC (1).pdf
2012-05-19 16:06 - 2012-05-19 16:06 - 02124398 ____A C:\Users\Adam\Downloads\OSU AFROTC.pdf
2012-05-19 11:48 - 2012-05-19 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft_xray
2012-05-19 11:33 - 2012-05-19 11:33 - 00000000 ____D C:\Program Files\7-Zip
2012-05-19 11:32 - 2012-05-19 11:32 - 01376768 ____A C:\Users\Adam\Downloads\7z920-x64.msi
2012-05-19 11:17 - 2012-05-19 11:17 - 00036559 ____A C:\Users\Adam\Downloads\xray_12.7.zip
2012-05-19 11:11 - 2012-05-19 11:11 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-19 11:11 - 2012-05-19 11:11 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-19 11:11 - 2012-05-19 11:11 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-19 11:11 - 2012-05-19 11:11 - 00000000 ____D C:\Program Files\Java
2012-05-19 11:11 - 2012-05-18 18:31 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-19 11:11 - 2011-12-06 12:35 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-19 11:09 - 2012-05-19 11:09 - 21865936 ____A (Oracle Corporation) C:\Users\Adam\Downloads\jre-7u4-windows-x64.exe
2012-05-19 10:42 - 2012-05-19 10:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bertware
2012-05-19 10:30 - 2012-05-19 10:30 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-19 10:29 - 2012-05-19 10:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-19 10:29 - 2012-05-19 10:29 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-19 10:29 - 2012-05-19 10:29 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-19 10:28 - 2012-05-19 10:28 - 00892360 ____A (Oracle Corporation) C:\Users\Adam\Downloads\chromeinstall-7u4.exe
2012-05-19 07:06 - 2012-05-19 07:00 - 00000000 ____D C:\Windows\SysWOW64\world_the_end
2012-05-19 07:06 - 2012-05-19 07:00 - 00000000 ____D C:\Windows\SysWOW64\world_nether
2012-05-19 07:06 - 2012-05-19 07:00 - 00000000 ____D C:\Windows\SysWOW64\world
2012-05-19 07:00 - 2012-05-19 07:00 - 00003101 ____A C:\Windows\SysWOW64\server.log
2012-05-19 07:00 - 2012-05-19 07:00 - 00002576 ____A C:\Windows\SysWOW64\help.yml
2012-05-19 07:00 - 2012-05-19 07:00 - 00001311 ____A C:\Windows\SysWOW64\bukkit.yml
2012-05-19 07:00 - 2012-05-19 07:00 - 00000458 ____A C:\Windows\SysWOW64\server.properties
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____D C:\Windows\SysWOW64\plugins
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\white-list.txt
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\permissions.yml
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\ops.txt
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\banned-players.txt
2012-05-19 07:00 - 2012-05-19 07:00 - 00000000 ____A C:\Windows\SysWOW64\banned-ips.txt
2012-05-19 06:07 - 2012-05-19 06:07 - 00000000 ____D C:\glassfish3
2012-05-19 06:06 - 2012-05-19 06:04 - 146771704 ____A (Oracle Corporation.) C:\Users\Adam\Downloads\java_ee_sdk-6u4-jdk-windows-x64.exe
2012-05-19 05:37 - 2011-06-16 18:42 - 00000000 ____D C:\Users\Adam\AppData\LocalLow
2012-05-17 16:51 - 2012-05-17 16:29 - 00000000 ____D C:\multiAVCHD
2012-05-17 16:29 - 2012-05-17 16:27 - 38514000 ____A C:\Users\Adam\Downloads\multiAVCHD_4.1.exe
2012-05-16 16:21 - 2011-06-16 18:43 - 00101232 ____A C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-16 16:20 - 2006-11-02 07:21 - 04931736 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-16 15:34 - 2012-05-16 15:34 - 05507904 ____A C:\Users\Adam\Downloads\MinecraftStructurePlanner.jar
2012-05-16 14:51 - 2012-05-16 14:51 - 00803612 ____A C:\Users\Adam\Downloads\Rectagon Project v1.rar
2012-05-16 11:53 - 2012-05-16 11:53 - 00015501 ____A C:\Users\Adam\Downloads\Discovery_LP_[2009]_[Album]_DHZ_Inc_Release-[Demonoid.me]_9268303.3692.torrent
2012-05-15 02:48 - 2012-05-22 15:44 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-22 15:44 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-22 15:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-02-22 15:01 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-02-22 15:01 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-08-15 17:07 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-08-15 17:07 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-06-18 09:38 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2011-06-18 09:38 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2011-06-18 09:38 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2011-06-18 09:38 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2011-06-18 09:40 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-06-18 09:40 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-06-18 09:40 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2011-06-18 09:40 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-06-18 09:40 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 22:21 - 2012-05-14 22:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 10:59 - 2012-05-14 10:58 - 00000000 ____D C:\Users\Adam\AppData\Local\SniperV2
2012-05-14 10:57 - 2011-08-26 10:57 - 00000000 ____D C:\Users\Adam\AppData\Local\SKIDROW
2012-05-14 10:32 - 2012-05-14 10:32 - 00000000 ____D C:\Program Files (x86)\Rebellion
2012-05-14 10:25 - 2011-11-14 12:10 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-05-14 10:08 - 2012-05-14 10:08 - 00000000 ____D C:\Users\Adam\Documents\Sniper Elite V2
2012-05-13 19:50 - 2012-05-13 19:50 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-13 19:50 - 2012-05-13 19:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-13 19:50 - 2011-06-16 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-13 18:54 - 2012-05-13 18:54 - 00029078 ____A C:\Users\Adam\Downloads\_=Demonoid.me=_-Sniper_Elite_V2_SKIDROW_9268303.3692.torrent
2012-05-13 10:43 - 2012-05-12 07:54 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tropico 4
2012-05-12 07:48 - 2012-05-12 07:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kalypso Media
2012-05-12 05:50 - 2011-07-04 11:06 - 00000000 ____D C:\Users\Adam\AppData\Local\ArmA 2 OA
2012-05-12 05:06 - 2012-04-21 14:10 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-12 05:06 - 2011-07-03 16:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 19:36 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-05-11 19:36 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 19:13 - 2011-07-06 14:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 19:13 - 2006-11-02 04:35 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-10 16:07 - 2012-05-10 16:07 - 00031178 ____A C:\Users\Adam\Downloads\File-SSBB_Gameplay.jpg
2012-05-08 17:33 - 2011-07-06 18:51 - 00000000 ____D C:\Users\Adam\AppData\Local\ArmA 2
2012-05-07 16:01 - 2011-06-23 12:16 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc
2012-05-07 14:14 - 2012-05-07 14:11 - 00000000 ____D C:\Users\Adam\Downloads\Torrent Files
2012-05-06 09:49 - 2012-05-06 09:49 - 00000000 ____D C:\Users\Adam\AppData\Local\Spirited_Machine
2012-05-06 09:37 - 2012-05-06 09:37 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spirited Machine
2012-05-06 09:36 - 2012-05-06 09:36 - 00000000 ____D C:\Program Files (x86)\Spirited Machine
2012-05-06 09:33 - 2012-05-06 09:33 - 01036736 ____A C:\Users\Adam\Downloads\ArmA2Launcher-1_4_0_0.zip
2012-05-06 09:22 - 2012-05-06 09:22 - 00000000 ____D C:\Users\Adam\Documents\BigBrothaThunda
2012-05-06 08:57 - 2012-05-06 08:56 - 08329892 ____A C:\Users\Adam\Downloads\ARMA2_OA_Build_92477.zip
2012-05-06 08:43 - 2011-07-07 06:36 - 00000000 ____D C:\Users\Adam\Documents\ArmA 2 Other Profiles
2012-05-05 19:44 - 2012-05-05 16:02 - 00000000 ____D C:\Users\Adam\AppData\Local\PMB Files
2012-05-05 18:18 - 2012-05-05 18:18 - 00000000 ____D C:\Users\All Users\Nexon
2012-05-05 18:18 - 2012-05-05 17:32 - 00000000 ____D C:\Users\All Users\NexonUS
2012-05-05 18:15 - 2012-05-05 18:15 - 00000000 ____D C:\Users\Adam\Documents\Vindictus
2012-05-05 17:49 - 2012-05-05 17:49 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-05-05 17:29 - 2012-05-05 16:02 - 3658157137 ____A (Nexon) C:\Program Files (x86)\VindictusSetupV152.exe
2012-05-05 16:02 - 2012-05-05 16:02 - 00000000 ____D C:\Users\All Users\PMB Files
2012-05-04 13:31 - 2012-04-08 06:31 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 13:31 - 2012-04-08 06:07 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 13:31 - 2011-06-16 19:43 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-03 18:35 - 2012-04-21 09:13 - 00000000 ____D C:\Program Files (x86)\Diablo II
2012-05-02 11:06 - 2012-05-06 08:57 - 08386848 ____A (Igor Pavlov) C:\Users\Adam\Downloads\ARMA2_OA_Build_92477.exe
2012-05-02 11:06 - 2012-05-06 08:57 - 00022246 ____A C:\Users\Adam\Downloads\changeLog.txt
2012-05-01 17:59 - 2012-05-01 17:59 - 00000267 ____A C:\Users\Adam\Downloads\wamc.pls
2012-05-01 16:56 - 2012-05-01 16:56 - 00000000 ____D C:\Users\Adam\Downloads\1773constantmotion
2012-05-01 16:45 - 2012-05-01 16:05 - 70646616 ____A C:\Users\Adam\Downloads\1773constantmotion.zip
2012-05-01 12:54 - 2011-06-20 16:39 - 00000000 ____D C:\Program Files (x86)\Activision
2012-04-30 14:20 - 2012-04-30 14:20 - 00169368 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-04-29 18:18 - 2012-04-29 18:18 - 00001743 ____A C:\Users\Adam\Downloads\cover.gif
2012-04-28 14:48 - 2012-04-28 13:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Bioshock
2012-04-28 14:01 - 2012-04-28 13:30 - 00000000 ____D C:\Users\Adam\Documents\Bioshock
2012-04-28 13:41 - 2011-07-27 11:34 - 00000000 ____D C:\Program Files (x86)\2K Games
2012-04-28 13:39 - 2012-04-28 13:39 - 00019289 ____A C:\Users\Adam\Downloads\BioShock.Update.1.1.CRACKED-DETONATiON.rar.torrent
2012-04-28 11:41 - 2012-04-28 11:41 - 00034439 ____A C:\Users\Adam\Downloads\Bioshock.torrent
2012-04-27 17:06 - 2012-04-27 17:06 - 00078680 ____A C:\Users\Adam\AppData\Roaming\icarus-dxdiag.xml
2012-04-26 17:58 - 2012-04-26 17:38 - 00000000 ____D C:\Users\Adam\Documents\Pirates of the Burning Sea
2012-04-26 14:59 - 2012-04-26 14:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-04-26 14:59 - 2012-04-26 14:59 - 00000000 ____D C:\Users\Adam\AppData\Local\SCE
2012-04-25 11:21 - 2011-06-18 11:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-25 11:21 - 2011-06-18 11:30 - 00000000 ____D C:\Users\All Users\Skype
2012-04-24 17:09 - 2012-04-24 17:09 - 00085959 ____A C:\Users\Adam\Downloads\Adam C Higgins Z00673806.pdf
2012-04-24 17:09 - 2012-04-24 17:09 - 00085959 ____A C:\Users\Adam\Downloads\Adam C Higgins Z00673806 (1).pdf
2012-04-22 05:28 - 2011-07-25 12:07 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe
2012-04-22 05:28 - 2011-06-16 19:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Adobe
2012-04-22 05:06 - 2012-04-22 05:06 - 00000000 ____D C:\Program Files\Adobe
2012-04-22 05:06 - 2012-04-22 05:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-22 05:06 - 2011-07-25 16:07 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-22 05:02 - 2012-04-22 05:02 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-04-22 05:00 - 2011-07-25 12:06 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-22 05:00 - 2011-07-25 12:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-04-22 04:59 - 2012-04-22 04:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-22 04:59 - 2012-04-22 04:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-22 04:39 - 2012-04-22 04:39 - 00000000 ____D C:\Users\Adam\AppData\Local\Octodad
2012-04-21 18:57 - 2012-04-21 18:57 - 00000000 ____D C:\Users\Adam\Documents\Remedy
2012-04-21 18:46 - 2012-04-21 18:46 - 00000000 ____D C:\Program Files (x86)\Remedy Entertainment
2012-04-21 18:38 - 2012-04-21 18:38 - 00000000 ____D C:\Users\Adam\Documents\Alan Wake
2012-04-21 18:23 - 2012-04-21 18:19 - 00000000 ____D C:\Program Files (x86)\Octodad
2012-04-21 18:14 - 2012-04-21 18:09 - 314885356 ____A C:\Users\Adam\Downloads\OctodadInstallerV1.5.3.exe
2012-04-21 17:50 - 2012-02-15 12:23 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-04-21 17:50 - 2012-02-15 12:23 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-04-21 17:43 - 2012-02-22 12:44 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-04-21 14:15 - 2012-04-21 14:15 - 00015286 ____A C:\Users\Adam\Downloads\Okamiden_USA_NDS-CKVGZ.torrent
2012-04-21 14:15 - 2012-04-21 14:15 - 00000000 ____D C:\Users\Adam\Downloads\uTorrent Files
2012-04-21 14:00 - 2012-04-21 14:00 - 00080363 ____A C:\Users\Adam\Downloads\Alan.Wake-SKIDROW.torrent
2012-04-21 11:08 - 2012-04-21 10:30 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tunngle
2012-04-21 11:04 - 2012-04-21 10:30 - 00000000 ____D C:\Users\All Users\Tunngle
2012-04-21 10:13 - 2012-04-21 09:20 - 00040494 ____A C:\Windows\DIIUnin.dat
2012-04-21 10:11 - 2012-04-21 10:08 - 00021840 ___AT C:\Windows\SysWOW64\SIntfNT.dll
2012-04-21 10:11 - 2012-04-21 10:08 - 00017212 ___AT C:\Windows\SysWOW64\SIntf32.dll
2012-04-21 10:11 - 2012-04-21 10:08 - 00012067 ___AT C:\Windows\SysWOW64\SIntf16.dll
2012-04-21 10:07 - 2012-04-21 10:07 - 00001740 ____A C:\Users\UpdatusUser.Adam-PC\Desktop\Diablo II - Lord of Destruction.lnk
2012-04-21 10:07 - 2012-04-21 10:07 - 00001740 ____A C:\Users\Mcx1\Desktop\Diablo II - Lord of Destruction.lnk
2012-04-21 09:20 - 2012-04-21 09:20 - 00094208 ____A (Blizzard Entertainment) C:\Windows\DIIUnin.exe
2012-04-21 09:20 - 2012-04-21 09:20 - 00002829 ____A C:\Windows\DIIUnin.pif
2012-04-21 03:49 - 2012-04-21 03:49 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-04-21 03:49 - 2012-04-21 03:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-21 03:49 - 2011-12-31 11:08 - 00566424 ____A C:\Users\Adam\AppData\Local\dd_dotnetfx35install.txt
2012-04-21 03:49 - 2011-12-31 11:08 - 00008210 ____A C:\Users\Adam\AppData\Local\uxeventlog.txt
2012-04-21 03:48 - 2011-12-31 11:08 - 00572172 ____A C:\Users\Adam\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-04-20 16:47 - 2012-04-20 16:47 - 00000000 ____D C:\Users\Adam\Documents\Diablo III
2012-04-20 12:01 - 2012-04-20 12:01 - 00362478 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI0A9C.txt
2012-04-20 12:01 - 2012-04-20 12:01 - 00011202 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI0A9C.txt
2012-04-20 11:53 - 2012-04-20 11:53 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-19 00:50 - 2012-04-19 00:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-18 11:40 - 2011-07-24 17:06 - 00000000 ____D C:\Users\Adam\Documents\PDF's
2012-04-18 11:39 - 2012-04-18 11:39 - 00077629 ____A C:\Users\Adam\Documents\2012-2013_Terms_and_Conditions_to_Housing.pdf
2012-04-18 09:08 - 2012-05-22 15:44 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 09:08 - 2012-05-22 15:44 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
2012-04-18 09:08 - 2012-05-22 15:44 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-18 09:08 - 2012-02-22 15:01 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-11 11:35 - 2006-11-02 04:34 - 00000286 ____A C:\Windows\win.ini
2012-04-08 16:35 - 2012-04-08 16:35 - 00194910 ____A C:\Users\Adam\Downloads\Decision_Points.exe
2012-04-08 14:14 - 2012-02-11 08:30 - 00000000 ____D C:\Users\All Users\Rosetta Stone
2012-04-04 14:47 - 2012-05-19 10:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 14:47 - 2012-05-19 05:37 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 14:47 - 2011-06-18 12:51 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 11:56 - 2011-10-30 11:27 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:22 - 2012-05-11 12:17 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 05:59 - 2012-05-11 12:17 - 02766848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-01 16:30 - 2012-04-01 16:20 - 00028608 ____A C:\Users\Adam\Documents\Paul's Game Hours 4-1-2012.docx
2012-04-01 09:05 - 2012-04-01 09:05 - 00361614 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI36F2.txt
2012-04-01 09:05 - 2012-04-01 09:05 - 00011906 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI36F2.txt
2012-04-01 08:32 - 2012-04-01 08:32 - 05385333 ____A C:\Users\Adam\Downloads\idchart.zip
2012-03-31 08:18 - 2012-03-31 08:18 - 00000870 ____A C:\Users\UpdatusUser.Adam-PC\Desktop\WinDirStat.lnk
2012-03-31 08:18 - 2012-03-31 08:18 - 00000870 ____A C:\Users\Mcx1\Desktop\WinDirStat.lnk
2012-03-31 08:18 - 2012-03-31 08:18 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2012-03-30 04:45 - 2012-05-11 12:18 - 01423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 11:12 - 2012-03-29 11:12 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-29 11:12 - 2012-03-29 11:12 - 00000000 ____D C:\Program Files\iTunes
2012-03-29 11:12 - 2012-03-29 11:12 - 00000000 ____D C:\Program Files\iPod
2012-03-29 11:12 - 2012-03-08 15:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-28 15:22 - 2012-03-28 15:22 - 00000000 ____D C:\Users\Adam\Documents\Spartan
2012-03-28 15:19 - 2012-03-28 15:19 - 00000000 ____D C:\Users\Adam\Documents\Games for Windows - LIVE Demos
2012-03-28 15:18 - 2012-03-28 15:17 - 02335524 ____A C:\Users\Adam\AppData\Local\dd_NET_Framework35_x64_MSI1B69.txt
2012-03-28 15:14 - 2012-03-28 15:14 - 00373036 ____A C:\Users\Adam\AppData\Local\dd_vcredistMSI1927.txt
2012-03-28 15:14 - 2012-03-28 15:14 - 00012890 ____A C:\Users\Adam\AppData\Local\dd_vcredistUI1927.txt
2012-03-27 14:43 - 2012-03-27 14:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\LOVE
2012-03-27 14:43 - 2012-03-27 14:42 - 05565454 ____A C:\Users\Adam\Downloads\mari0-win.zip
2012-03-26 18:54 - 2012-03-26 18:54 - 00000000 ____D C:\Users\Adam\Documents\Red Kawa
2012-03-26 18:54 - 2012-03-26 18:54 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Red Kawa
2012-03-26 18:54 - 2012-03-26 18:54 - 00000000 ____D C:\Users\Adam\AppData\Local\Geckofx
2012-03-26 18:53 - 2012-03-26 18:53 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2012-03-26 18:53 - 2012-03-26 18:53 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-03-25 12:49 - 2012-02-08 17:00 - 00000195 ____A C:\Users\Adam\Documents\ORU Vision Info.txt
2012-03-20 15:34 - 2012-05-11 12:18 - 00072576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-19 23:10 - 2011-08-31 06:20 - 00754824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-19 01:17 - 2012-03-19 01:17 - 00383808 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-03-14 13:56 - 2012-03-14 13:56 - 00000077 ____A C:\Users\Adam\Downloads\listen.pls

ZeroAccess:
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\00000004.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000004.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000008.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\000000cb.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000000.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000032.@
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2011-06-20 05:26] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4093.55 MB
Available physical RAM: 3458.54 MB
Total Pagefile: 3826.73 MB
Available Pagefile: 3437.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:380.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (More Storage) (Fixed) (Total:298.09 GB) (Free:18.62 GB) NTFS
4 Drive e: () (Fixed) (Total:465.76 GB) (Free:106.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive f: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
6 Drive g: () (Removable) (Total:29.86 GB) (Free:9.35 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 932 GB 0 B
Disk 2 Online 298 GB 0 B
Disk 3 Online 30 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E NTFS Partition 466 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 932 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D More Storag NTFS Partition 298 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 30 GB 0 B

======================================================================================================

Disk: 3
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-06-11 18:33

======================= End Of Log ==========================

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

[Ahiggins]

Here's the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-06-2012 03
Ran by SYSTEM at 2012-06-12 00:06:55 Run:2
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Mcx1\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender Value deleted successfully.
C:\Windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[Broni]

Very good.

Boot normally and post new aswMBR log.

 

[Ahiggins]

Okay here is the log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 00:14:50
-----------------------------
00:14:50.872 OS Version: Windows x64 6.0.6002 Service Pack 2
00:14:50.872 Number of processors: 4 586 0x203
00:14:50.873 ComputerName: ADAM-PC UserName: Adam
00:14:53.539 Initialize success
00:14:59.580 AVAST engine defs: 12061100
00:15:04.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
00:15:04.270 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
00:15:04.272 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
00:15:04.274 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
00:15:04.276 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
00:15:04.278 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
00:15:04.293 Disk 0 MBR read successfully
00:15:04.295 Disk 0 MBR scan
00:15:04.300 Disk 0 Windows VISTA default MBR code
00:15:04.305 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
00:15:04.322 Disk 0 scanning C:\Windows\system32\drivers
00:15:16.367 Service scanning
00:15:40.730 Modules scanning
00:15:40.736 Disk 0 trace - called modules:
00:15:40.752 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa800518f2c0]<<spzs.sys ataport.SYS pciide.sys
00:15:40.755 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800559c790]
00:15:40.759 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> [0xfffffa80053774e0]
00:15:40.763 5 acpi.sys[fffffa6000b74fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8005369060]
00:15:40.767 \Driver\atapi[0xfffffa80052d03c0] -> IRP_MJ_CREATE -> 0xfffffa800518f2c0
00:15:42.770 AVAST engine scan C:\Windows
00:15:53.484 AVAST engine scan C:\Windows\system32
00:17:59.174 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:18:03.347 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:20:53.510 AVAST engine scan C:\Windows\system32\drivers
00:21:12.576 AVAST engine scan C:\Users\Adam
01:11:55.631 AVAST engine scan C:\ProgramData
04:00:23.313 Scan finished successfully
07:10:57.936 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\12th Grade\MBR.dat"
07:10:57.936 The log file has been saved successfully to "C:\Users\Adam\Documents\12th Grade\aswMBR.txt"

 

[Broni]

Good.

Re-run Combofix now.

 

[Ahiggins]

I ran Combo Fix, but the log is quite long. Would it be okay if I uploaded it as a file?

 

[Broni]

Go ahead.

 

[Ahiggins]

Okay, here it is.

 

[Broni]

I edited it a little and I'm posting it so I can see it better.

ComboFix 12-06-12.03 - Adam 06/12/2012 20:53:41.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2283 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1320091276.bdinstall.bin
c:\users\Adam\AppData\Roaming\Love
c:\users\Adam\AppData\Roaming\Love\mari0\options.txt
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\PFRO.log
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\server.log
.
---- Previous Run -------
.
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\00000004.@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\L\201d3dde
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000004.@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\00000008.@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\000000cb.@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000000.@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000032.@
c:\windows\Installer\{407c2ae1-b9e3-f1ae-d184-4c81afaf026a}\U\80000064.@
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 01:10 . 2012-06-13 01:10 -------- d-----w- c:\users\UpdatusUser.Adam-PC\AppData\Local\temp
2012-06-13 01:10 . 2012-06-13 01:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-13 01:10 . 2012-06-13 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 01:10 . 2012-06-13 01:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-13 01:10 . 2012-06-13 01:10 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-10 14:57 . 2012-06-11 05:02 -------- d-----w- c:\program files (x86)\Black_Box
2012-06-09 16:13 . 2012-06-09 16:13 388096 ----a-r- c:\users\Adam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 16:13 . 2012-06-09 16:13 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-09 15:08 . 2012-06-09 15:08 -------- d-----w- c:\users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 15:08 . 2012-06-09 15:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-09 15:08 . 2012-06-09 15:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-08 17:39 . 2012-06-08 17:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-08 15:15 . 2012-06-08 15:15 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-08 15:14 . 2012-06-12 21:52 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-08 15:14 . 2012-06-08 15:14 -------- d-----w- C:\$AVG
2012-06-08 15:12 . 2012-06-08 15:12 -------- d-----w- c:\program files (x86)\AVG
2012-06-08 01:54 . 2012-06-08 01:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-05 19:20 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73D38E1E-10DE-4BCC-B14E-D96D751CA046}\mpengine.dll
2012-06-05 00:14 . 2012-06-05 00:14 -------- d-----w- c:\program files (x86)\Photo Story 3 for Windows
2012-06-03 03:24 . 2012-06-09 16:17 -------- d-----w- c:\program files (x86)\TightVNC
2012-06-03 03:23 . 2012-06-03 03:23 -------- d-----w- c:\users\Adam\AppData\Local\Downloaded Installations
2012-05-29 02:00 . 2012-05-29 02:00 -------- d-----w- c:\users\Adam\AppData\Local\Cranium
2012-05-29 01:42 . 2012-05-29 01:42 -------- d-----w- c:\program files (x86)\iPhoneBrowser
2012-05-26 11:45 . 2012-05-26 11:45 -------- d-----w- c:\users\Adam\AppData\Local\libimobiledevice
2012-05-25 23:11 . 2012-05-26 20:12 -------- d-----w- c:\program files (x86)\Paradox Interactive
2012-05-25 22:56 . 2012-05-25 22:56 -------- d-----w- c:\users\Adam\AppData\Roaming\Atari
2012-05-25 22:45 . 2012-05-25 23:33 -------- d-----w- c:\program files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-25 18:59 . 2012-05-25 18:59 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-05-25 18:59 . 2012-05-25 18:59 -------- d-----w- c:\users\Adam\AppData\Local\CrashRpt
2012-05-24 00:30 . 2012-05-24 00:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-05-21 23:30 . 2012-05-21 23:46 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011
2012-05-19 19:48 . 2012-05-19 19:48 -------- d-----w- c:\users\Adam\AppData\Roaming\.minecraft_xray
2012-05-19 19:33 . 2012-05-19 19:33 -------- d-----w- c:\program files\7-Zip
2012-05-18 00:29 . 2012-05-18 00:51 -------- d-----w- C:\multiAVCHD
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-14 18:58 . 2012-05-14 18:59 -------- d-----w- c:\users\Adam\AppData\Local\SniperV2
2012-05-14 18:32 . 2012-05-14 18:32 -------- d-----w- c:\program files (x86)\Rebellion
2012-05-14 03:50 . 2012-05-14 03:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-14 03:50 . 2012-05-14 03:50 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 03:50 . 2012-05-14 03:50 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 16:49 . 2011-06-23 01:47 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-26 16:49 . 2011-06-21 00:55 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-26 00:42 . 2011-06-21 00:55 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-25 18:57 . 2011-06-21 00:55 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-19 19:11 . 2011-12-06 20:35 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 10:48 . 2012-02-22 23:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 23:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-08-16 01:07 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-16 01:07 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-06-18 17:38 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-06-18 17:38 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-06-18 17:38 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-06-18 17:40 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-18 17:40 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-18 17:40 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-18 17:40 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-18 17:40 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-06 01:29 . 2012-05-06 00:02 3658157137 ----a-w- c:\program files (x86)\VindictusSetupV152.exe
2012-05-04 21:31 . 2012-04-08 14:07 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:31 . 2011-06-17 03:43 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:31 . 2012-04-08 14:31 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 18:11 . 2012-04-21 18:08 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-04-21 18:11 . 2012-04-21 18:08 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-04-21 18:11 . 2012-04-21 18:08 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-04-21 17:20 . 2012-04-21 17:20 94208 ----a-w- c:\windows\DIIUnin.exe
2012-04-21 17:20 . 2012-04-21 17:20 2829 ----a-w- c:\windows\DIIUnin.pif
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-18 17:08 . 2012-02-22 23:01 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-04 22:47 . 2011-06-18 20:51 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2011-10-30 19:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-11 20:17 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:59 . 2012-05-11 20:17 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:45 . 2012-05-11 20:18 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:34 . 2012-05-11 20:18 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2006-05-03 17:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 05:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_22.40.46 )))))))))))))))))))))))))))))))))))))))))
.
[snapshot omitted]
+ 2011-10-16 19:38 . 2011-10-16 19:38 100966912 c:\windows\Installer\1a9557e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-15 1242448]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Spotify Web Helper"="c:\users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-03 932528]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
fliptoast.lnk - c:\program files (x86)\fliptoast\fliptoast.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-7-24 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:31]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 20:35]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 20:35]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 19:09]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593570071-605911810-3574683811-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"combofix"="c:\combofix\CF5328.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\3gp9yy3b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-PocketCloud Location - c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-CraftBukkit - c:\users\Adam\Desktop\Bukkit\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-593570071-605911810-3574683811-1000\Software\SecuROM\License information*]
"datasecu"=hex:19,80,9f,79,ee,d4,bf,9e,03,64,7a,0b,e4,9c,a9,48,33,a1,d0,61,1e,
2b,a3,48,19,a7,c1,b1,45,f4,ad,3d,35,5b,ed,33,5b,3f,b6,1e,b1,31,ac,71,a3,f1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\01\14\11&2?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG2012\avgidsagent.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-06-12 21:21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 01:21
.
Pre-Run: 417,874,452,480 bytes free
Post-Run: 418,292,916,224 bytes free
.
- - End Of File - - 7F7F38405D1F5ACBB30A9754346062E3

 

[Broni]

Looks good.

How is computer doing?

Re-run aswMBR one more time.

 

[Ahiggins]

Okay I'm running aswMBR again now. The computer is working better. I can now access google via chrome, and I'm not getting redirected. Windows Firewall works again as well. I'll post the aswMBR log once it's done.

 

[Broni]

You should be fairly clean by now.

 

[Ahiggins]

Okay here is the log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 21:47:33
-----------------------------
21:47:33.592 OS Version: Windows x64 6.0.6002 Service Pack 2
21:47:33.592 Number of processors: 4 586 0x203
21:47:33.592 ComputerName: ADAM-PC UserName: Adam
21:47:39.366 Initialize success
21:48:29.978 AVAST engine defs: 12061201
21:49:18.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
21:49:18.044 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
21:49:18.046 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
21:49:18.048 Disk 1 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
21:49:18.050 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-6
21:49:18.053 Disk 2 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
21:49:18.059 Disk 0 MBR read successfully
21:49:18.061 Disk 0 MBR scan
21:49:18.065 Disk 0 Windows VISTA default MBR code
21:49:18.073 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
21:49:18.090 Disk 0 scanning C:\Windows\system32\drivers
21:49:30.003 Service scanning
21:49:57.785 Modules scanning
21:49:58.126 Disk 0 trace - called modules:
21:49:58.149 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80051ab2c0]<<sphf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:49:58.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050dc6d0]
21:49:58.159 3 CLASSPNP.SYS[fffffa6000fc4c33] -> nt!IofCallDriver -> [0xfffffa80053a9580]
21:49:58.163 5 acpi.sys[fffffa6000b6afde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8005346060]
21:49:58.168 \Driver\atapi[0xfffffa80053056c0] -> IRP_MJ_CREATE -> 0xfffffa80051ab2c0
21:50:00.189 AVAST engine scan C:\Windows
21:50:07.100 AVAST engine scan C:\Windows\system32
21:56:39.772 AVAST engine scan C:\Windows\system32\drivers
21:57:02.354 AVAST engine scan C:\Users\Adam
22:22:14.421 AVAST engine scan C:\ProgramData
22:56:21.316 Scan finished successfully
22:57:06.167 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Documents\MBR.dat"
22:57:06.192 The log file has been saved successfully to "C:\Users\Adam\Documents\aswMBR.txt"

 

[Broni]

Looks good

Any current issues?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Ahiggins]

Here are the two files.

 

[Broni]

We made an exception for Combofix log but all logs have to pasted.
If any log is too long split it between couple of replies.
Bed time here so I'll check on you tomorrow morning.

 

[Ahiggins]

Okay. I'll have them posted for you when you get a chance to look next.