Loki713

Once again, thank you for your help and your security advisement.

Hey there, I just finished both of the updates you asked me to do and my computer seems to be running Malware clean. I'd like to thank you for your continued help over the past couple of days because I couldn't of fixed it without you. Thank you very much, Loki713

Hey there, I just ran the next batch of programs you requested and have attached the logs. AdwCleanerS1.txt ESETSCAN.txt JRT.txt mbam-log-2012-12-04 (11-01-06).txt

Here is the next set of logs, first from FRST64 then ComboFix: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012 Ran by SYSTEM at 2012-12-03 14:44:58 Run:1 Running from F:\Malware ============================================== HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully. HKEY_USERS\Loki\Software\Microsoft\Windows\CurrentVersion\Run\\XrbBrutt Value deleted successfully. HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit Value was restored successfully . C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe moved successfully. C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe moved successfully. C:\Users\Loki\AppData\Local\ngfuqibh.log moved successfully. C:\Users\Loki\AppData\Local\lnoxejwe.log moved successfully. C:\Users\Loki\AppData\Local\ruxksrxf.log moved successfully. C:\Users\Loki\AppData\Local\blkaebve.log moved successfully. C:\Users\Loki\AppData\Local\yxnwktlq.log moved successfully. C:\Users\Loki\AppData\Local\aoukgqsn.log moved successfully. C:\Users\Loki\AppData\Local\ehirmmci.log moved successfully. C:\Users\Loki\AppData\Local\wmapvqjd.log moved successfully. C:\Users\Loki\AppData\Local\tfdkgdhj.log moved successfully. C:\Users\Loki\AppData\Local\pljohukd moved successfully. C:\Users\All Users\myvriisr.log moved successfully. C:\Users\Loki\AppData\Local\uxqvytuk.log moved successfully. C:\Users\Loki\AppData\Local\bdcgwwec.log moved successfully. ==== End of Fixlog ==== ComboFix 12-12-02.01 - Loki 03/12/2012 14:54:55.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.16367.13914 [GMT 11:00] Running from: c:\users\Loki\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Loki\AppData\Local\Temp\_MEI25282\_ctypes.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\_elementtree.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\_hashlib.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\_socket.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\_ssl.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\pyexpat.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\pysqlite2._sqlite.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\python26.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\pythoncom26.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\PyWinTypes26.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\select.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\unicodedata.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32api.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32com.shell.shell.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32crypt.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32event.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32file.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32inet.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32pdh.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32process.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32profile.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32security.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\win32ts.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\windows._cacheinvalidation.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._controls_.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._core_.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._gdi_.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._html2.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._misc_.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._windows_.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._wizard.pyd c:\users\Loki\AppData\Local\Temp\_MEI25282\wxbase293u_net_vc.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\wxbase293u_vc.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_adv_vc.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_core_vc.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_html_vc.dll c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_webview_vc.dll . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 22:10 . 2012-12-03 22:10 -------- d-----w- C:\FRST 2012-12-03 04:07 . 2012-12-03 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-02 11:25 . 2012-12-02 11:25 -------- d-----w- c:\users\Loki\AppData\Roaming\SUPERAntiSpyware.com 2012-12-02 11:25 . 2012-12-02 11:26 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-02 11:25 . 2012-12-02 11:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-12-02 11:13 . 2012-12-02 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-02 11:13 . 2012-12-02 20:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-02 10:59 . 2012-12-02 10:59 -------- d-----w- c:\users\Loki\AppData\Roaming\Malwarebytes 2012-12-02 10:59 . 2012-12-02 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-02 10:59 . 2012-12-02 10:59 -------- d-----w- c:\programdata\Malwarebytes 2012-12-02 10:59 . 2012-09-29 08:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 23:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D9F745B-26D4-443B-9CDA-AC59B53D4297}\mpengine.dll 2012-11-30 05:59 . 2012-11-30 05:59 -------- d-----w- c:\users\Default\AppData\Local\Google 2012-11-29 09:35 . 2012-11-29 20:42 -------- d-----w- c:\users\Loki\AppData\Roaming\GetRightToGo 2012-11-27 07:36 . 2012-11-27 07:36 -------- d-----w- c:\programdata\ATI 2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\AMD APP 2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-11-27 07:32 . 2012-11-27 07:32 -------- d-----w- c:\program files\ATI 2012-11-27 07:31 . 2012-11-27 07:31 -------- d-----w- C:\AMD 2012-11-27 05:38 . 2012-11-27 05:38 -------- d-----w- c:\users\Loki\AppData\Roaming\ASUS 2012-11-27 05:29 . 2011-03-10 07:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys 2012-11-27 05:29 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll 2012-11-27 05:29 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll 2012-11-27 05:29 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll 2012-11-27 05:28 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll 2012-11-26 05:38 . 2012-11-26 05:38 -------- d-----w- c:\users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment 2012-11-26 05:31 . 2012-11-26 05:36 -------- d-----w- c:\program files (x86)\LEGO Lord Of The Rings 2012-11-24 08:36 . 2012-11-24 08:36 -------- d-----w- c:\users\Loki\AppData\Local\Sony Online Entertainment 2012-11-22 22:03 . 2012-11-22 22:03 -------- d-----w- c:\program files (x86)\Eidos 2012-11-22 22:01 . 2012-11-22 22:01 -------- d-----w- c:\program files (x86)\WB Games 2012-11-21 21:28 . 2012-11-21 21:28 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll 2012-11-21 21:18 . 2004-10-21 15:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-11-21 21:18 . 2004-10-21 15:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-11-21 21:18 . 2004-10-21 15:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-11-21 21:18 . 2004-10-21 15:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-11-21 21:18 . 2004-10-21 15:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-11-21 21:18 . 2012-11-21 21:18 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-11-21 21:18 . 2012-11-21 21:18 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-11-21 08:56 . 2012-11-21 09:03 -------- d-----w- c:\users\Loki\.ps_inception 2012-11-21 08:53 . 2012-11-21 08:53 -------- d-----w- c:\windows\.mpr_file_store_32 2012-11-21 08:53 . 2012-11-21 08:53 -------- d-----w- c:\users\Loki\.moparscape4 2012-11-20 01:20 . 2012-11-20 01:20 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-19 20:09 . 2012-11-19 20:09 -------- d-----w- c:\users\Loki\AppData\Roaming\Assassin's Creed III 2012-11-19 19:58 . 2012-11-19 20:38 -------- d-----w- c:\program files (x86)\Assassin's Creed III 2012-11-14 11:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 11:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 11:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 11:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 11:16 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 11:16 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 11:16 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 11:16 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 11:16 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 11:16 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-14 11:16 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 05:25 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 05:21 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 05:21 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-12 09:44 . 2012-11-12 09:44 -------- d-----w- c:\users\Loki\AppData\Local\Torch 2012-11-09 07:58 . 2012-11-09 07:58 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic 2012-11-04 08:26 . 2012-11-04 08:26 -------- d-----w- c:\program files (x86)\EA Games 2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- c:\users\Loki\AppData\Local\SCE 2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- C:\Crash 2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- c:\users\Public\Sony Online Entertainment 2012-11-03 09:14 . 2012-11-03 09:14 -------- d-----w- c:\users\Loki\AppData\Roaming\Autodesk 2012-11-03 09:08 . 2012-11-03 09:11 -------- d-----w- c:\programdata\FLEXnet 2012-11-03 09:08 . 2012-11-03 09:08 -------- d-----w- c:\users\Loki\AppData\Local\Autodesk 2012-11-03 09:04 . 2012-11-03 09:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-11-03 09:03 . 2012-11-03 09:04 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2012-11-03 09:03 . 2012-11-03 09:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-11-03 09:01 . 2012-11-03 09:14 -------- d-----w- c:\programdata\Autodesk 2012-11-03 09:01 . 2012-11-03 09:05 -------- d-----w- c:\program files\Autodesk 2012-11-03 09:01 . 2012-11-03 09:01 -------- d-----w- c:\program files (x86)\Autodesk 2012-11-03 09:01 . 2008-07-11 21:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2012-11-03 09:01 . 2008-07-11 21:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2012-11-03 09:01 . 2008-07-11 21:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-11-03 09:01 . 2008-07-11 21:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-11-03 09:01 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2012-11-03 09:01 . 2008-07-11 21:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-02 01:17 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-12-02 01:17 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-01 07:42 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-11-29 20:30 . 2012-02-03 05:47 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-11-14 11:18 . 2012-01-07 09:38 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-09 06:04 . 2012-09-04 06:09 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-10-30 22:51 . 2011-12-25 11:25 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-12-25 11:26 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-12-25 11:25 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-12-25 11:25 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-12-25 11:26 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-12-25 11:24 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-12-25 11:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-12-25 11:25 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-29 02:19 . 2012-10-29 02:19 148480 ----a-w- c:\windows\SysWow64\rztouchdll.dll 2012-10-29 02:18 . 2012-10-29 02:18 617472 ----a-w- c:\windows\SysWow64\rzdevicedll.dll 2012-10-29 02:18 . 2012-10-29 02:18 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll 2012-10-25 02:18 . 2012-10-25 02:18 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys 2012-10-25 02:18 . 2012-10-25 02:18 113664 ----a-w- c:\windows\system32\drivers\rzudd.sys 2012-10-16 21:20 . 2012-11-28 05:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-11-28 05:23 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-11-28 05:23 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 15:59 . 2012-02-25 09:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-09-28 04:37 . 2012-09-28 04:37 221696 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 04:36 . 2012-09-28 04:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-09-28 04:36 . 2012-09-28 04:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-09-28 04:36 . 2012-09-28 04:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-09-28 04:36 . 2012-09-28 04:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-09-28 04:36 . 2012-09-28 04:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll 2012-09-28 04:32 . 2012-09-28 04:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll 2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-09-28 01:41 . 2011-10-26 02:04 1120768 ----a-w- c:\windows\system32\aticfx64.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll 2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll 2012-09-28 01:22 . 2011-10-26 01:46 7167488 ----a-w- c:\windows\system32\atidxx64.dll 2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll 2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll 2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-14 19:23 . 2012-10-10 03:17 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:30 . 2012-10-10 03:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-01-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-11-09 06:04 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-11-30 1354736] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-02 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-12-25 4942336] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384] "Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2010-04-28 228352] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SPIRunE"="SPIRunE.dll" [2009-03-05 18432] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-11-15 336304] "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768] . c:\users\Loki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-9 107720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 "ANTIVIRUSDISABLENOTIFY"=dword:00000001 "FIREWALLDISABLENOTIFY"=dword:00000001 "UPDATESDISABLENOTIFY"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-25 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-25 79360] R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2007-04-04 1495936] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-03-21 131912] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-03 1030600] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-01-07 19952] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-25 79360] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-05 639512] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2009-12-21 1308160] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-12-25 15936] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 ET Master Server Proxy;ET Master Server Proxy Service;c:\program files (x86)\Rudi Visser\ET Master Server Proxy Service\ETMSProxy.exe [2012-01-21 9728] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112] S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-11 66728] S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-12-25 31808] S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-12-16 16376] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-10-25 22016] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-15 31232] . . Contents of the 'Scheduled Tasks' folder . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02 09:44] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02 09:44] . 2012-12-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-21 8146944] "Domino"="c:\windows\Domino.exe" [2006-07-04 49152] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608] "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536] "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704] "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\et4x5xle.default\ FF - prefs.js: network.proxy.socks - 98.192.103.79 FF - prefs.js: network.proxy.socks_port - 39561 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) AddRemove-ArnA 2: Combined Operations - c:\program files (x86)\ArmA 2\uninstall.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-BattlEye - c:\program files (x86)\CapsuleGames\ARMA II - PC\BattlEye\UnInstallBE.exe AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe AddRemove-The Walking Dead Episode 3 © TellTale Games_is1 - c:\program files (x86)\The Walking Dead\Pack\The Walking Dead Episode 3\unins000.exe AddRemove-The Walking Dead Episode 5 © Telltales_is1 - c:\the walking dead episode 5\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l4Ý2] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l4Ý2\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*l4Ý2] @Allowed: (Read) (RestrictedCode) "0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,4c,6f,6b,69,2f,44, 65,73,6b,74,6f,70,2f,45,76,65,72,79,74,68,69,6e,67,2f,54,56,25,32,30,53,68,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\SecuROM\License information*] "datasecu"=hex:26,8e,9e,d5,29,b8,2b,01,66,37,bc,eb,b4,bc,fa,2e,43,32,26,6f,5a, 25,59,eb,0b,a9,a3,9a,88,7b,47,05,4d,7e,d4,f1,27,b4,f5,64,ef,6d,56,77,ae,32,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:0f,a6,8f,d2,99,9e,14,46,5b,11,73,58,60,84,c8,d1,08,d4,33,98,1d, 49,de,83,9e,61,ca,07,ab,37,05,84,5d,ea,a7,57,26,f5,a5,d6,91,53,26,e0,a6,3f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:0f,a6,8f,d2,99,9e,14,46,5b,11,73,58,60,84,c8,d1,08,d4,33,98,1d, 49,de,83,9e,61,ca,07,ab,37,05,84,5d,ea,a7,57,26,f5,a5,d6,91,53,26,e0,a6,3f,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\00\1d\05\0b\01?" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\rundll32.exe c:\program files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Razer\Diamondback 3G\razerofa.exe . ************************************************************************** . Completion time: 2012-12-03 15:17:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-03 04:17 ComboFix2.txt 2012-12-02 21:36 . Pre-Run: 376,034,643,968 bytes free Post-Run: 375,998,910,464 bytes free . - - End Of File - - 06447BFF3A638EA15ADD25C944DC29B9

Hey there, I did as you requested and have pasted the log below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012 Ran by SYSTEM at 03-12-2012 14:11:09 Running from F:\Malware Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-25] (Creative Technology Ltd.) HKLM\...\Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd [8146944 2009-12-21] (C-Media Corporation) HKLM\...\Run: [Domino] C:\Windows\Domino.exe [49152 2006-07-03] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation) HKLM\...\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-10] () HKLM\...\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-10] () HKLM-x32\...\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-12-24] (FNet Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [228352 2010-04-27] () HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software) HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x] HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-20] (Microsoft Corporation) HKLM-x32\...\Run: [bigDogPath] C:\Windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL) [49152 2007-03-26] (Vimicro) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-24] (Adobe Systems Inc.) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [336304 2012-11-15] (Razer USA Ltd) HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.) HKU\Loki\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-11-29] (Valve Corporation) HKU\Loki\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.) HKU\Loki\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-07] (Google) HKU\Loki\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-04] (Safer-Networking Ltd.) HKU\Loki\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-02] (SUPERAntiSpyware.com) HKU\Loki\...\Run: [XrbBrutt] C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] () HKLM-x32\...\Winlogon: [userinit] userinit.exe,,C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] () Startup: C:\Users\Loki\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () Startup: C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe () ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com) 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software) 2 ET Master Server Proxy; "C:\Program Files (x86)\Rudi Visser\ET Master Server Proxy Service\ETMSProxy.exe" [9728 2012-01-20] () 2 mi-raysat_3dsmax2010_64; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe" [86016 2009-03-11] () 3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-29] () 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.) 4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation) 3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-19] (Tunngle.net GmbH) 2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () ==================== Drivers (Whitelisted) ===================== 3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-27] (AnvSoft Inc.) 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies) 3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc) 3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [1495936 2007-04-04] (Vimicro Corporation) 3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2011-12-24] (FNet Co., Ltd.) 1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-12-24] (FNet Co., Ltd.) 3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-06] (Razer (Asia-Pacific) Pte Ltd) 3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-01-07] () 3 rzendpt; C:\Windows\System32\Drivers\rzendpt.sys [22016 2012-10-24] (Razer USA Ltd) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net) 3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [1495936 2007-04-04] (Vimicro Corporation) 3 catchme; \??\C:\lolwut\catchme.sys [x] 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 4 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-02 18:32 - 2012-12-02 18:32 - 00035200 ____A C:\Users\Loki\Desktop\dds.txt 2012-12-02 18:32 - 2012-12-02 18:32 - 00022916 ____A C:\Users\Loki\Desktop\attach.txt 2012-12-02 14:25 - 2012-12-02 18:18 - 00002289 ____A C:\Users\Loki\Desktop\Google Chrome.lnk 2012-12-02 13:54 - 2012-12-02 13:54 - 00000047 ____A C:\Users\Loki\AppData\Roaming\mbam.context.scan 2012-12-02 13:36 - 2012-12-02 13:36 - 00051147 ____A C:\ComboFix.txt 2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log 2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log 2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log 2012-12-02 13:26 - 2012-12-02 19:07 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log 2012-12-02 13:25 - 2012-12-02 19:07 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log 2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log 2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log 2012-12-02 12:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-12-02 12:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-12-02 12:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-12-02 12:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-12-02 12:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-12-02 12:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-12-02 12:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-12-02 12:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-12-02 12:52 - 2012-12-02 13:36 - 00000000 ____D C:\Qoobox 2012-12-02 12:52 - 2012-12-02 13:33 - 00000000 ____D C:\Windows\erdnt 2012-12-02 12:48 - 2012-12-02 18:14 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log 2012-12-02 12:46 - 2012-12-02 12:51 - 05009299 ____R (Swearware) C:\Users\Loki\Downloads\lolwut.exe 2012-12-02 03:25 - 2012-12-02 11:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job 2012-12-02 03:25 - 2012-12-02 07:00 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job 2012-12-02 03:25 - 2012-12-02 03:26 - 00614264 ____A C:\Users\Loki\Downloads\cbsidlm-tr1_8-Combofix-ORG2-75221073.exe 2012-12-02 03:25 - 2012-12-02 03:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-12-02 03:25 - 2012-12-02 03:25 - 00001808 ____A C:\Users\Loki\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com 2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-12-02 03:20 - 2012-12-02 03:23 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Loki\Downloads\SUPERAntiSpyware.exe 2012-12-02 03:13 - 2012-12-02 14:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-02 03:13 - 2012-12-02 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-02 03:10 - 2012-12-02 03:12 - 16409960 ____A (Safer Networking Limited ) C:\Users\Loki\Downloads\spybotsd162.exe 2012-12-02 03:07 - 2012-12-02 03:08 - 17926793 ____A C:\Users\Loki\Desktop\cce_1.6.183539.73_x32.zip 2012-12-02 03:06 - 2012-12-02 03:06 - 00373456 ____A (Softonic) C:\Users\Loki\Downloads\SoftonicDownloader_for_comodo-cleaning-essentials.exe 2012-12-02 02:59 - 2012-12-02 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-02 02:59 - 2012-12-02 02:59 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-12-02 02:59 - 2012-12-02 02:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Malwarebytes 2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-02 02:59 - 2012-09-29 00:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-02 02:57 - 2012-12-02 02:59 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Loki\Downloads\mbam-setup-1.65.1.1000.exe 2012-12-02 02:34 - 2012-12-02 18:15 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log 2012-12-02 02:34 - 2012-12-02 17:56 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd 2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log 2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log 2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2012-11-29 01:45 - 2012-11-29 00:07 - 00458100 ____A (Digital River, Inc.) C:\Users\Loki\Downloads\FC3DM.exe 2012-11-29 01:44 - 2012-11-29 01:44 - 00375562 ____A C:\Users\Loki\Downloads\FC3DM.zip 2012-11-29 01:35 - 2012-11-29 12:42 - 00000000 ____D C:\Users\Loki\AppData\Roaming\GetRightToGo 2012-11-29 01:29 - 2012-11-29 01:30 - 04692341 ____A (FileZilla Project) C:\Users\Loki\Downloads\FileZilla_3.6.0.1_win32-setup.exe 2012-11-26 23:36 - 2012-11-26 23:36 - 00000000 ____D C:\Users\All Users\ATI 2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD APP 2012-11-26 23:32 - 2012-11-26 23:32 - 00889416 ____A (Microsoft Corporation) C:\Users\Loki\Downloads\dotNetFx40_Full_setup.exe 2012-11-26 23:32 - 2012-11-26 23:32 - 00000000 ____D C:\Program Files\ATI 2012-11-26 23:31 - 2012-11-26 23:31 - 00000000 ____D C:\AMD 2012-11-26 23:22 - 2012-11-26 23:28 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\Loki\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe 2012-11-26 22:52 - 2012-11-26 23:45 - 196924268 ____A C:\Users\Loki\Downloads\Ultra.zip 2012-11-26 21:51 - 2012-11-26 21:51 - 00274832 ____A C:\Windows\Minidump\112712-25755-01.dmp 2012-11-26 21:38 - 2012-11-26 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\ASUS 2012-11-26 21:31 - 2012-11-26 21:31 - 00042457 ____A C:\Windows\Cmicnfgp.ini.cfl 2012-11-26 21:31 - 2012-11-26 21:31 - 00000000 ____D C:\Program Files\ASUS Xonar DG Audio 2012-11-26 21:31 - 2011-10-11 00:00 - 00000053 ____N C:\Windows\System32\cmasiopx.ini 2012-11-26 21:31 - 2011-10-11 00:00 - 00000048 ____N C:\Windows\SysWOW64\cmasiop.ini 2012-11-26 21:31 - 2011-10-04 19:16 - 00465408 ____N (C-Media Electronics Inc.) C:\Windows\System32\cmasiopx.dll 2012-11-26 21:31 - 2011-10-04 19:16 - 00303104 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\cmasiop.dll 2012-11-26 21:31 - 2011-05-12 01:05 - 08769536 ____N (C-Media Corporation) C:\Windows\SysWOW64\CmiCnfgp.dll 2012-11-26 21:31 - 2011-04-18 22:56 - 00143360 ____N C:\Windows\SysWOW64\VmixP8.dll 2012-11-26 21:31 - 2011-02-24 00:52 - 00805376 ____N C:\Windows\System32\Cmeauoxy.exe 2012-11-26 21:31 - 2010-09-16 21:52 - 00217088 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv2.dll 2012-11-26 21:31 - 2010-09-16 21:52 - 00217088 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv.dll 2012-11-26 21:31 - 2008-07-23 02:59 - 00389120 ____N () C:\Windows\System32\CmiCnfgp.cpl 2012-11-26 21:31 - 2008-07-10 23:04 - 00200704 ____N C:\Windows\SysWOW64\HsMgr.exe 2012-11-26 21:31 - 2007-12-13 01:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\SysWOW64\Cm_Oal.dll 2012-11-26 21:31 - 2007-12-13 01:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\System32\Cm_Oal.dll 2012-11-26 21:31 - 2007-11-04 09:30 - 01144983 ____N C:\Windows\KB936225x64.msu 2012-11-26 21:31 - 2006-09-12 18:21 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\Cmpaoxy.dll 2012-11-26 21:29 - 2012-11-26 21:31 - 00000861 ____A C:\Windows\Cmicnfgp.ini.imi 2012-11-26 21:29 - 2011-10-04 18:54 - 00005060 ____N C:\Windows\Cmicnfgp.ini.cfg 2012-11-26 21:29 - 2011-03-09 23:44 - 02725376 ____A (C-Media Inc) C:\Windows\System32\Drivers\cmudaxp.sys 2012-11-26 21:29 - 2007-04-18 23:12 - 00032768 ____A (C-Media Electronics Inc.) C:\Windows\System32\cmudaxp.dll 2012-11-26 21:29 - 2004-04-13 19:28 - 00315392 ____A (C-Media Electronics Inc.) C:\Windows\SysWOW64\CmiFltr.dll 2012-11-26 21:28 - 2006-10-05 13:45 - 00524768 ___RA (Microsoft Corporation) C:\Windows\difxapi.dll 2012-11-25 21:38 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment 2012-11-25 21:31 - 2012-11-25 21:36 - 00000000 ____D C:\Program Files (x86)\LEGO Lord Of The Rings 2012-11-25 21:31 - 2012-11-25 21:31 - 00002011 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk 2012-11-25 21:31 - 2012-11-25 21:31 - 00001956 ____A C:\Users\Public\Desktop\Cat-A-Cat Games.lnk 2012-11-25 00:22 - 2012-11-25 04:25 - 1072883864 ____A C:\Users\Loki\Downloads\DayzTaviana - Final - V1.1.0.zip 2012-11-24 02:20 - 2012-11-24 02:20 - 00044799 ____A C:\Users\Loki\Downloads\DEF CON 20 updated DVD.rar.torrent 2012-11-24 00:36 - 2012-11-24 00:36 - 00000000 ____D C:\Users\Loki\AppData\Local\Sony Online Entertainment 2012-11-23 18:29 - 2012-11-23 18:29 - 00000067 ____A C:\Users\Loki\Downloads\listen.pls 2012-11-23 18:05 - 2012-11-23 18:05 - 03301633 ____A C:\Users\Loki\Downloads\IVMP-0.1-RC1.zip 2012-11-23 16:24 - 2012-11-23 16:24 - 00000045 ____A C:\Users\Loki\jagex_cl_speccollect_LIVE.dat 2012-11-23 02:48 - 2012-11-23 02:48 - 00049000 ____A C:\Users\Loki\Downloads\615639.zip 2012-11-22 17:39 - 2012-11-22 17:39 - 00000000 ____D C:\Users\Loki\Documents\Hitman Blood Money 2012-11-22 14:03 - 2012-11-22 14:03 - 00001000 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk 2012-11-22 14:03 - 2012-11-22 14:03 - 00000000 ____D C:\Program Files (x86)\Eidos 2012-11-22 14:02 - 2012-11-22 14:02 - 00002169 ____A C:\Users\Public\Desktop\Scribblenauts Unlimited.lnk 2012-11-22 14:01 - 2012-11-22 14:01 - 00000000 ____D C:\Program Files (x86)\WB Games 2012-11-21 17:19 - 2012-11-21 17:21 - 09954705 ____A C:\Users\Loki\Downloads\ARMA2_OA_Build_99202.zip 2012-11-21 13:55 - 2012-11-21 15:02 - 00377128 ____A C:\Users\Loki\Downloads\colleditor2.zip 2012-11-21 13:53 - 2012-11-21 13:53 - 00234737 ____A C:\Users\Loki\Downloads\imgtool20.zip 2012-11-21 13:52 - 2012-11-21 13:52 - 00074908 ____A C:\Users\Loki\Downloads\Drive_through_lamp_post.zip 2012-11-21 13:28 - 2012-11-21 13:28 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll 2012-11-21 01:47 - 2012-11-21 01:47 - 00001217 ____A C:\Users\Loki\Desktop\GTA San Andreas.lnk 2012-11-21 01:10 - 2012-11-21 01:12 - 11869040 ____A C:\Users\Loki\Downloads\sa-mp-0.3e-install.exe 2012-11-21 00:58 - 2012-11-21 00:58 - 00005755 ____A C:\Users\Loki\mmopage.html 2012-11-21 00:58 - 2012-11-21 00:58 - 00000595 ____A C:\Users\Loki\captcha.html 2012-11-21 00:56 - 2012-11-21 01:03 - 00000000 ____D C:\Users\Loki\.ps_inception 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Windows\.mpr_file_store_32 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Loki\.moparscape4 2012-11-19 17:20 - 2012-11-19 17:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-19 12:31 - 2012-11-19 12:44 - 00000000 ____D C:\Users\Loki\Documents\Assassin's Creed III 2012-11-19 12:09 - 2012-11-19 12:09 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Assassin's Creed III 2012-11-19 11:58 - 2012-11-19 12:38 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed III 2012-11-14 03:24 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-14 03:24 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-14 03:24 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-14 03:24 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-14 03:16 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-14 03:16 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-14 03:16 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-14 03:16 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-14 03:16 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 03:16 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-14 03:16 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-14 03:16 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-13 21:25 - 2012-10-18 10:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-13 21:21 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-13 21:21 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-12 01:44 - 2012-11-12 01:44 - 00000000 ____D C:\Users\Loki\AppData\Local\Torch 2012-11-08 23:58 - 2012-11-08 23:58 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic 2012-11-08 23:24 - 2012-11-08 23:24 - 00020059 ____A C:\Users\Loki\Downloads\Andrew_Skeet_-_The_Greatest_Video_Game_Music_2_{iTunes}_Album.torrent 2012-11-08 01:43 - 2012-11-08 01:43 - 00001128 ____A C:\Users\Loki\Downloads\tracert.txt 2012-11-04 22:05 - 2012-10-27 11:50 - 00000000 ____D C:\Users\Loki\Downloads\Tor Browser 2012-11-04 22:04 - 2012-11-04 22:05 - 23921701 ____A (Igor Pavlov) C:\Users\Loki\Downloads\tor-browser-2.2.39-5_en-US.exe 2012-11-04 00:36 - 2012-11-04 00:36 - 00000000 ____D C:\Users\Loki\Documents\Criterion Games 2012-11-04 00:30 - 2012-11-04 00:30 - 00002171 ____A C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk 2012-11-04 00:26 - 2012-11-04 00:26 - 00000000 ____D C:\Program Files (x86)\EA Games 2012-11-03 19:59 - 2012-11-03 19:59 - 00002431 ____A C:\Users\Loki\Desktop\PlanetSide 2 Beta.lnk 2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment 2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Loki\AppData\Local\SCE 2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Crash 2012-11-03 19:57 - 2012-11-03 19:58 - 12769280 ____A C:\Users\Loki\Downloads\PlanetSide2_Beta_setup.exe 2012-11-03 01:51 - 2012-11-03 01:51 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\Documents\3dsMax 2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Autodesk 2012-11-03 01:08 - 2012-11-03 01:11 - 00000000 ____D C:\Users\All Users\FLEXnet 2012-11-03 01:08 - 2012-11-03 01:08 - 00000000 ____D C:\Users\Loki\AppData\Local\Autodesk 2012-11-03 01:07 - 2012-11-03 01:07 - 00000000 ____D C:\Users\Loki\Documents\3ds Max 2010 Tutorials 2012-11-03 01:04 - 2012-11-03 01:04 - 00001974 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk 2012-11-03 01:04 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2012-11-03 01:03 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2012-11-03 01:01 - 2012-11-03 01:14 - 00000000 ____D C:\Users\All Users\Autodesk 2012-11-03 01:01 - 2012-11-03 01:05 - 00000000 ____D C:\Program Files\Autodesk 2012-11-03 01:01 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files (x86)\Autodesk 2012-11-03 01:01 - 2008-07-11 13:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll 2012-11-03 01:01 - 2008-07-11 13:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2012-11-03 01:01 - 2008-07-11 13:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll 2012-11-03 01:01 - 2008-07-11 13:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2012-11-03 01:01 - 2008-07-11 13:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll 2012-11-03 01:01 - 2008-07-11 13:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll ==================== One Month Modified Files and Folders ======= 2012-12-03 14:10 - 2012-12-03 14:10 - 00000000 ____D C:\FRST 2012-12-02 19:07 - 2012-12-02 13:26 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log 2012-12-02 19:07 - 2012-12-02 13:25 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log 2012-12-02 19:07 - 2012-03-10 19:20 - 00000000 ____D C:\Users\Loki\AppData\Local\TSVNCache 2012-12-02 18:58 - 2012-11-01 21:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-02 18:32 - 2012-12-02 18:32 - 00035200 ____A C:\Users\Loki\Desktop\dds.txt 2012-12-02 18:32 - 2012-12-02 18:32 - 00022916 ____A C:\Users\Loki\Desktop\attach.txt 2012-12-02 18:18 - 2012-12-02 14:25 - 00002289 ____A C:\Users\Loki\Desktop\Google Chrome.lnk 2012-12-02 18:15 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log 2012-12-02 18:14 - 2012-12-02 12:48 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log 2012-12-02 18:02 - 2011-12-24 23:00 - 01969321 ____A C:\Windows\WindowsUpdate.log 2012-12-02 18:00 - 2012-10-12 21:33 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Mumble 2012-12-02 17:57 - 2012-02-18 00:22 - 00000000 ____D C:\Users\Loki\AppData\Local\LogMeIn Hamachi 2012-12-02 17:57 - 2011-12-25 03:05 - 00000000 ____D C:\Program Files (x86)\Steam 2012-12-02 17:56 - 2012-12-02 02:34 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd 2012-12-02 17:56 - 2012-11-01 21:58 - 00000000 ___SD C:\Users\Loki\Google Drive 2012-12-02 17:56 - 2012-11-01 21:53 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-02 17:55 - 2011-12-24 23:09 - 00304948 ____A C:\Windows\PFRO.log 2012-12-02 17:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-02 17:55 - 2009-07-13 20:51 - 00093817 ____A C:\Windows\setupact.log 2012-12-02 14:25 - 2012-11-01 21:53 - 00000000 ____D C:\Program Files (x86)\Google 2012-12-02 14:05 - 2012-12-02 03:13 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-02 13:54 - 2012-12-02 13:54 - 00000047 ____A C:\Users\Loki\AppData\Roaming\mbam.context.scan 2012-12-02 13:36 - 2012-12-02 13:36 - 00051147 ____A C:\ComboFix.txt 2012-12-02 13:36 - 2012-12-02 12:52 - 00000000 ____D C:\Qoobox 2012-12-02 13:36 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2012-12-02 13:33 - 2012-12-02 12:52 - 00000000 ____D C:\Windows\erdnt 2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log 2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log 2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log 2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log 2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log 2012-12-02 13:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-12-02 13:22 - 2011-12-25 23:47 - 00000000 ____D C:\Users\Loki\AppData\Roaming\vlc 2012-12-02 13:06 - 2011-12-25 03:21 - 00000000 ____D C:\Users\Loki\Desktop\Everything 2012-12-02 12:52 - 2012-12-02 03:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-02 12:52 - 2012-12-02 02:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-02 12:51 - 2012-12-02 12:46 - 05009299 ____R (Swearware) C:\Users\Loki\Downloads\lolwut.exe 2012-12-02 12:48 - 2011-12-25 02:38 - 00000000 ____D C:\Users\Loki\AppData\Local\Google 2012-12-02 12:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources 2012-12-02 12:43 - 2011-12-24 22:55 - 00000000 ____D C:\users\Loki 2012-12-02 11:25 - 2012-12-02 03:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job 2012-12-02 11:12 - 2012-01-27 08:02 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76698753-1703627523-2313692696-1000UA.job 2012-12-02 07:00 - 2012-12-02 03:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job 2012-12-02 03:26 - 2012-12-02 03:25 - 00614264 ____A C:\Users\Loki\Downloads\cbsidlm-tr1_8-Combofix-ORG2-75221073.exe 2012-12-02 03:26 - 2012-12-02 03:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-12-02 03:25 - 2012-12-02 03:25 - 00001808 ____A C:\Users\Loki\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com 2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-12-02 03:23 - 2012-12-02 03:20 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Loki\Downloads\SUPERAntiSpyware.exe 2012-12-02 03:12 - 2012-12-02 03:10 - 16409960 ____A (Safer Networking Limited ) C:\Users\Loki\Downloads\spybotsd162.exe 2012-12-02 03:08 - 2012-12-02 03:07 - 17926793 ____A C:\Users\Loki\Desktop\cce_1.6.183539.73_x32.zip 2012-12-02 03:06 - 2012-12-02 03:06 - 00373456 ____A (Softonic) C:\Users\Loki\Downloads\SoftonicDownloader_for_comodo-cleaning-essentials.exe 2012-12-02 02:59 - 2012-12-02 02:59 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-12-02 02:59 - 2012-12-02 02:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Malwarebytes 2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-02 02:59 - 2012-12-02 02:57 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Loki\Downloads\mbam-setup-1.65.1.1000.exe 2012-12-02 02:59 - 2011-12-25 03:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-12-02 02:55 - 2012-02-04 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-02 02:38 - 2009-07-13 20:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-02 02:38 - 2009-07-13 20:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log 2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log 2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log 2012-12-01 23:12 - 2012-01-27 08:02 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76698753-1703627523-2313692696-1000Core.job 2012-12-01 17:17 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-12-01 17:17 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-12-01 06:35 - 2011-12-25 02:53 - 00000000 ____D C:\Users\Loki\AppData\Roaming\uTorrent 2012-11-30 23:42 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle 2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2012-11-29 12:53 - 2012-01-05 02:38 - 00000000 ____D C:\Users\Loki\AppData\Local\PunkBuster 2012-11-29 12:52 - 2011-12-25 07:47 - 00000000 ____D C:\Users\Loki\Documents\My Games 2012-11-29 12:42 - 2012-11-29 01:35 - 00000000 ____D C:\Users\Loki\AppData\Roaming\GetRightToGo 2012-11-29 12:30 - 2012-02-02 21:47 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2012-11-29 12:28 - 2011-12-25 05:45 - 00561494 ____A C:\Windows\DirectX.log 2012-11-29 12:14 - 2012-07-23 23:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2012-11-29 12:14 - 2011-12-24 22:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-11-29 04:33 - 2012-04-13 16:16 - 00000000 ____D C:\Users\Loki\AppData\Roaming\FileZilla 2012-11-29 02:08 - 2012-10-16 21:26 - 00000000 ____D C:\Users\Loki\Documents\Outlook Files 2012-11-29 01:44 - 2012-11-29 01:44 - 00375562 ____A C:\Users\Loki\Downloads\FC3DM.zip 2012-11-29 01:32 - 2012-04-13 16:16 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2012-11-29 01:30 - 2012-11-29 01:29 - 04692341 ____A (FileZilla Project) C:\Users\Loki\Downloads\FileZilla_3.6.0.1_win32-setup.exe 2012-11-29 00:07 - 2012-11-29 01:45 - 00458100 ____A (Digital River, Inc.) C:\Users\Loki\Downloads\FC3DM.exe 2012-11-27 22:58 - 2011-12-25 02:50 - 00426022 ____A C:\Windows\DPINST.LOG 2012-11-26 23:45 - 2012-11-26 22:52 - 196924268 ____A C:\Users\Loki\Downloads\Ultra.zip 2012-11-26 23:39 - 2012-02-09 22:22 - 00789938 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-11-26 23:39 - 2009-07-13 21:13 - 00789938 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-26 23:36 - 2012-11-26 23:36 - 00000000 ____D C:\Users\All Users\ATI 2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD APP 2012-11-26 23:35 - 2012-08-07 00:03 - 00000000 ____D C:\Users\All Users\AMD 2012-11-26 23:32 - 2012-11-26 23:32 - 00889416 ____A (Microsoft Corporation) C:\Users\Loki\Downloads\dotNetFx40_Full_setup.exe 2012-11-26 23:32 - 2012-11-26 23:32 - 00000000 ____D C:\Program Files\ATI 2012-11-26 23:31 - 2012-11-26 23:31 - 00000000 ____D C:\AMD 2012-11-26 23:29 - 2012-01-07 03:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2012-11-26 23:28 - 2012-11-26 23:22 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\Loki\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe 2012-11-26 22:42 - 2012-02-09 21:17 - 00000000 ____D C:\Users\Loki\AppData\Local\PMB Files 2012-11-26 22:42 - 2012-02-09 21:16 - 00000000 ____D C:\Users\All Users\PMB Files 2012-11-26 22:38 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Loki\AppData\Local\ArmA 2 OA 2012-11-26 22:00 - 2012-08-13 02:28 - 00001406 ____A C:\Users\Public\Desktop\DayZ Commander.lnk 2012-11-26 21:51 - 2012-11-26 21:51 - 00274832 ____A C:\Windows\Minidump\112712-25755-01.dmp 2012-11-26 21:51 - 2012-01-05 18:39 - 00000000 ____D C:\Windows\Minidump 2012-11-26 21:50 - 2012-01-06 22:02 - 821271828 ____A C:\Windows\MEMORY.DMP 2012-11-26 21:39 - 2009-07-13 20:45 - 05027400 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-26 21:38 - 2012-11-26 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\ASUS 2012-11-26 21:38 - 2012-02-09 01:56 - 00000000 ____D C:\Program Files (x86)\OpenAL 2012-11-26 21:38 - 2011-12-24 23:19 - 00126744 ____A C:\Users\Loki\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-26 21:31 - 2012-11-26 21:31 - 00042457 ____A C:\Windows\Cmicnfgp.ini.cfl 2012-11-26 21:31 - 2012-11-26 21:31 - 00000000 ____D C:\Program Files\ASUS Xonar DG Audio 2012-11-26 21:31 - 2012-11-26 21:29 - 00000861 ____A C:\Windows\Cmicnfgp.ini.imi 2012-11-26 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system 2012-11-25 21:38 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment 2012-11-25 21:36 - 2012-11-25 21:31 - 00000000 ____D C:\Program Files (x86)\LEGO Lord Of The Rings 2012-11-25 21:31 - 2012-11-25 21:31 - 00002011 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk 2012-11-25 21:31 - 2012-11-25 21:31 - 00001956 ____A C:\Users\Public\Desktop\Cat-A-Cat Games.lnk 2012-11-25 04:25 - 2012-11-25 00:22 - 1072883864 ____A C:\Users\Loki\Downloads\DayzTaviana - Final - V1.1.0.zip 2012-11-24 02:20 - 2012-11-24 02:20 - 00044799 ____A C:\Users\Loki\Downloads\DEF CON 20 updated DVD.rar.torrent 2012-11-24 00:36 - 2012-11-24 00:36 - 00000000 ____D C:\Users\Loki\AppData\Local\Sony Online Entertainment 2012-11-23 18:29 - 2012-11-23 18:29 - 00000067 ____A C:\Users\Loki\Downloads\listen.pls 2012-11-23 18:09 - 2012-08-24 17:26 - 00000000 ____D C:\Program Files (x86)\IVMP 2012-11-23 18:05 - 2012-11-23 18:05 - 03301633 ____A C:\Users\Loki\Downloads\IVMP-0.1-RC1.zip 2012-11-23 16:24 - 2012-11-23 16:24 - 00000045 ____A C:\Users\Loki\jagex_cl_speccollect_LIVE.dat 2012-11-23 16:24 - 2012-06-11 19:11 - 00000000 ____D C:\Windows\.jagex_cache_32 2012-11-23 16:24 - 2012-01-23 00:33 - 00000024 ____A C:\Users\Loki\random.dat 2012-11-23 16:24 - 2012-01-23 00:33 - 00000000 ____D C:\Users\Loki\jagexcache 2012-11-23 02:48 - 2012-11-23 02:48 - 00049000 ____A C:\Users\Loki\Downloads\615639.zip 2012-11-22 17:39 - 2012-11-22 17:39 - 00000000 ____D C:\Users\Loki\Documents\Hitman Blood Money 2012-11-22 14:08 - 2012-02-18 01:34 - 00000000 ____D C:\Users\Loki\AppData\Local\SKIDROW 2012-11-22 14:03 - 2012-11-22 14:03 - 00001000 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk 2012-11-22 14:03 - 2012-11-22 14:03 - 00000000 ____D C:\Program Files (x86)\Eidos 2012-11-22 14:02 - 2012-11-22 14:02 - 00002169 ____A C:\Users\Public\Desktop\Scribblenauts Unlimited.lnk 2012-11-22 14:01 - 2012-11-22 14:01 - 00000000 ____D C:\Program Files (x86)\WB Games 2012-11-21 17:21 - 2012-11-21 17:19 - 09954705 ____A C:\Users\Loki\Downloads\ARMA2_OA_Build_99202.zip 2012-11-21 15:02 - 2012-11-21 13:55 - 00377128 ____A C:\Users\Loki\Downloads\colleditor2.zip 2012-11-21 13:53 - 2012-11-21 13:53 - 00234737 ____A C:\Users\Loki\Downloads\imgtool20.zip 2012-11-21 13:52 - 2012-11-21 13:52 - 00074908 ____A C:\Users\Loki\Downloads\Drive_through_lamp_post.zip 2012-11-21 13:28 - 2012-11-21 13:28 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll 2012-11-21 13:19 - 2011-12-25 04:22 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2012-11-21 13:16 - 2011-12-25 02:40 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Skype 2012-11-21 01:47 - 2012-11-21 01:47 - 00001217 ____A C:\Users\Loki\Desktop\GTA San Andreas.lnk 2012-11-21 01:12 - 2012-11-21 01:10 - 11869040 ____A C:\Users\Loki\Downloads\sa-mp-0.3e-install.exe 2012-11-21 01:03 - 2012-11-21 00:56 - 00000000 ____D C:\Users\Loki\.ps_inception 2012-11-21 00:58 - 2012-11-21 00:58 - 00005755 ____A C:\Users\Loki\mmopage.html 2012-11-21 00:58 - 2012-11-21 00:58 - 00000595 ____A C:\Users\Loki\captcha.html 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Windows\.mpr_file_store_32 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Loki\.moparscape4 2012-11-20 23:04 - 2012-05-17 23:53 - 00000000 ____D C:\Program Files (x86)\Diablo III 2012-11-19 18:33 - 2012-07-24 00:26 - 00000000 ____D C:\Users\Loki\AppData\Local\Ubisoft Game Launcher 2012-11-19 17:20 - 2012-11-19 17:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-19 12:44 - 2012-11-19 12:31 - 00000000 ____D C:\Users\Loki\Documents\Assassin's Creed III 2012-11-19 12:38 - 2012-11-19 11:58 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed III 2012-11-19 12:09 - 2012-11-19 12:09 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Assassin's Creed III 2012-11-19 03:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-11-14 03:24 - 2012-01-21 20:14 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-14 03:18 - 2012-01-07 01:38 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-13 00:02 - 2011-12-25 20:28 - 00000000 ____D C:\Users\Loki\AppData\Local\Skyrim 2012-11-13 00:02 - 2011-12-25 05:09 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim 2012-11-12 23:59 - 2012-02-04 21:01 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2012-11-12 01:44 - 2012-11-12 01:44 - 00000000 ____D C:\Users\Loki\AppData\Local\Torch 2012-11-08 23:58 - 2012-11-08 23:58 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic 2012-11-08 23:24 - 2012-11-08 23:24 - 00020059 ____A C:\Users\Loki\Downloads\Andrew_Skeet_-_The_Greatest_Video_Game_Music_2_{iTunes}_Album.torrent 2012-11-08 22:05 - 2012-06-06 19:51 - 00000000 ____D C:\Users\All Users\AVG Secure Search 2012-11-08 22:04 - 2012-09-03 22:09 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2012-11-08 22:04 - 2012-06-06 19:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2012-11-08 01:43 - 2012-11-08 01:43 - 00001128 ____A C:\Users\Loki\Downloads\tracert.txt 2012-11-05 23:31 - 2012-06-06 19:55 - 00000000 ____D C:\Users\Loki\AppData\Roaming\HandBrake 2012-11-05 22:37 - 2011-12-25 03:31 - 00000000 ____D C:\Users\All Users\Origin 2012-11-05 21:59 - 2011-12-25 03:31 - 00000000 ____D C:\Program Files (x86)\Origin Games 2012-11-05 21:58 - 2011-12-25 03:30 - 00000000 ____D C:\Program Files (x86)\Origin 2012-11-04 22:05 - 2012-11-04 22:04 - 23921701 ____A (Igor Pavlov) C:\Users\Loki\Downloads\tor-browser-2.2.39-5_en-US.exe 2012-11-04 00:36 - 2012-11-04 00:36 - 00000000 ____D C:\Users\Loki\Documents\Criterion Games 2012-11-04 00:30 - 2012-11-04 00:30 - 00002171 ____A C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk 2012-11-04 00:26 - 2012-11-04 00:26 - 00000000 ____D C:\Program Files (x86)\EA Games 2012-11-03 19:59 - 2012-11-03 19:59 - 00002431 ____A C:\Users\Loki\Desktop\PlanetSide 2 Beta.lnk 2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment 2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Loki\AppData\Local\SCE 2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Crash 2012-11-03 19:59 - 2011-12-26 02:01 - 00000000 ___HD C:\Windows\msdownld.tmp 2012-11-03 19:59 - 2011-12-26 02:01 - 00000000 ____D C:\Windows\SysWOW64\directx 2012-11-03 19:58 - 2012-11-03 19:57 - 12769280 ____A C:\Users\Loki\Downloads\PlanetSide2_Beta_setup.exe 2012-11-03 01:51 - 2012-11-03 01:51 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\Documents\3dsMax 2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Autodesk 2012-11-03 01:14 - 2012-11-03 01:01 - 00000000 ____D C:\Users\All Users\Autodesk 2012-11-03 01:11 - 2012-11-03 01:08 - 00000000 ____D C:\Users\All Users\FLEXnet 2012-11-03 01:08 - 2012-11-03 01:08 - 00000000 ____D C:\Users\Loki\AppData\Local\Autodesk 2012-11-03 01:07 - 2012-11-03 01:07 - 00000000 ____D C:\Users\Loki\Documents\3ds Max 2010 Tutorials 2012-11-03 01:05 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files\Autodesk 2012-11-03 01:04 - 2012-11-03 01:04 - 00001974 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk 2012-11-03 01:04 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2012-11-03 01:04 - 2012-11-03 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2012-11-03 01:01 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files (x86)\Autodesk 2012-11-03 01:01 - 2009-07-13 18:34 - 00017588 ____A C:\Windows\System32\Drivers\etc\services ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-02 12:55:54 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16366.7 MB Available physical RAM: 15185.66 MB Total Pagefile: 16364.85 MB Available Pagefile: 15179 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:350.32 GB) NTFS 3 Drive f: (LOKI) (Removable) (Total:14.93 GB) (Free:8.32 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 1862 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 1862 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F LOKI FAT32 Removable 14 GB Healthy ========================================================= Last Boot: 2012-11-25 04:37 ==================== End Of Log =============================

Hey there, Everytime I start up my computer I get a message from Avast saying it has found some Malware and has deleted it. But this is not the case, because everytime the pc starts I get the same message. So somehow it is recreating itself after deletion. Also this piece of malware is disabling my ability to open any Anti-Malware appliactions, I have to run my pc in safe mode just to open Malewarebytes and even after a full system scan and the deletion of this piece of malware it just recreates itself on system restart. Another annoying this is that it somehow blocks my ability to access any anti-malware websites to help me remove it. I've attached the logs I got from DDS as well as a picture of the Avast warning and would appreciate any help given. I'm completely fed up. Attach.txt DDS.txt

Yesterday, randomly I started getting pop ups from adware sites and Immediately I did an AVG scan and found a few problems. I thought AVG fixed them but they kept popping up and then I did a Spyware Doctor 2010 scan. Which fixed my problems immediately. Then I shut off my computer and started it today realising that I had a bigger problem, I couldn't connect to steam, skype or MSN. But I could still surf the web. So I told my friend and he recommended I use Malwarebytes. So I did I full system scan and found 3 infections, so I preceded to delete and restart my pc. After the restart I had the same problem, any ideas on what the problem is? Or how I could fix this?