Loki713
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Loki713
-
-
Hey there,
I just finished both of the updates you asked me to do and my computer seems to be running Malware clean. I'd like to thank you for your continued help over the past couple of days because I couldn't of fixed it without you.
Thank you very much,
Loki713
-
Hey there, I just ran the next batch of programs you requested and have attached the logs.
-
Here is the next set of logs, first from FRST64 then ComboFix:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-03 14:44:58 Run:1
Running from F:\Malware
==============================================
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\Loki\Software\Microsoft\Windows\CurrentVersion\Run\\XrbBrutt Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit Value was restored successfully .
C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe moved successfully.
C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe moved successfully.
C:\Users\Loki\AppData\Local\ngfuqibh.log moved successfully.
C:\Users\Loki\AppData\Local\lnoxejwe.log moved successfully.
C:\Users\Loki\AppData\Local\ruxksrxf.log moved successfully.
C:\Users\Loki\AppData\Local\blkaebve.log moved successfully.
C:\Users\Loki\AppData\Local\yxnwktlq.log moved successfully.
C:\Users\Loki\AppData\Local\aoukgqsn.log moved successfully.
C:\Users\Loki\AppData\Local\ehirmmci.log moved successfully.
C:\Users\Loki\AppData\Local\wmapvqjd.log moved successfully.
C:\Users\Loki\AppData\Local\tfdkgdhj.log moved successfully.
C:\Users\Loki\AppData\Local\pljohukd moved successfully.
C:\Users\All Users\myvriisr.log moved successfully.
C:\Users\Loki\AppData\Local\uxqvytuk.log moved successfully.
C:\Users\Loki\AppData\Local\bdcgwwec.log moved successfully.
==== End of Fixlog ====
ComboFix 12-12-02.01 - Loki 03/12/2012 14:54:55.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.16367.13914 [GMT 11:00]
Running from: c:\users\Loki\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Loki\AppData\Local\Temp\_MEI25282\_ctypes.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\_elementtree.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\_hashlib.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\_socket.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\_ssl.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\pyexpat.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\pysqlite2._sqlite.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\python26.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\pythoncom26.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\PyWinTypes26.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\select.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\unicodedata.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32api.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32com.shell.shell.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32crypt.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32event.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32file.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32inet.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32pdh.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32process.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32profile.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32security.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\win32ts.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\windows._cacheinvalidation.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._controls_.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._core_.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._gdi_.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._html2.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._misc_.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._windows_.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._wizard.pyd
c:\users\Loki\AppData\Local\Temp\_MEI25282\wxbase293u_net_vc.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\wxbase293u_vc.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_adv_vc.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_core_vc.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_html_vc.dll
c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 22:10 . 2012-12-03 22:10 -------- d-----w- C:\FRST
2012-12-03 04:07 . 2012-12-03 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 11:25 . 2012-12-02 11:25 -------- d-----w- c:\users\Loki\AppData\Roaming\SUPERAntiSpyware.com
2012-12-02 11:25 . 2012-12-02 11:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-02 11:25 . 2012-12-02 11:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-02 11:13 . 2012-12-02 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-02 11:13 . 2012-12-02 20:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-02 10:59 . 2012-12-02 10:59 -------- d-----w- c:\users\Loki\AppData\Roaming\Malwarebytes
2012-12-02 10:59 . 2012-12-02 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 10:59 . 2012-12-02 10:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 10:59 . 2012-09-29 08:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 23:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D9F745B-26D4-443B-9CDA-AC59B53D4297}\mpengine.dll
2012-11-30 05:59 . 2012-11-30 05:59 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-11-29 09:35 . 2012-11-29 20:42 -------- d-----w- c:\users\Loki\AppData\Roaming\GetRightToGo
2012-11-27 07:36 . 2012-11-27 07:36 -------- d-----w- c:\programdata\ATI
2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 07:32 . 2012-11-27 07:32 -------- d-----w- c:\program files\ATI
2012-11-27 07:31 . 2012-11-27 07:31 -------- d-----w- C:\AMD
2012-11-27 05:38 . 2012-11-27 05:38 -------- d-----w- c:\users\Loki\AppData\Roaming\ASUS
2012-11-27 05:29 . 2011-03-10 07:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2012-11-27 05:29 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2012-11-27 05:29 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2012-11-27 05:29 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2012-11-27 05:28 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll
2012-11-26 05:38 . 2012-11-26 05:38 -------- d-----w- c:\users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-26 05:31 . 2012-11-26 05:36 -------- d-----w- c:\program files (x86)\LEGO Lord Of The Rings
2012-11-24 08:36 . 2012-11-24 08:36 -------- d-----w- c:\users\Loki\AppData\Local\Sony Online Entertainment
2012-11-22 22:03 . 2012-11-22 22:03 -------- d-----w- c:\program files (x86)\Eidos
2012-11-22 22:01 . 2012-11-22 22:01 -------- d-----w- c:\program files (x86)\WB Games
2012-11-21 21:28 . 2012-11-21 21:28 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-11-21 21:18 . 2004-10-21 15:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-11-21 21:18 . 2004-10-21 15:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-11-21 21:18 . 2004-10-21 15:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-11-21 21:18 . 2004-10-21 15:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-11-21 21:18 . 2004-10-21 15:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-11-21 21:18 . 2012-11-21 21:18 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-11-21 21:18 . 2012-11-21 21:18 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-11-21 08:56 . 2012-11-21 09:03 -------- d-----w- c:\users\Loki\.ps_inception
2012-11-21 08:53 . 2012-11-21 08:53 -------- d-----w- c:\windows\.mpr_file_store_32
2012-11-21 08:53 . 2012-11-21 08:53 -------- d-----w- c:\users\Loki\.moparscape4
2012-11-20 01:20 . 2012-11-20 01:20 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-19 20:09 . 2012-11-19 20:09 -------- d-----w- c:\users\Loki\AppData\Roaming\Assassin's Creed III
2012-11-19 19:58 . 2012-11-19 20:38 -------- d-----w- c:\program files (x86)\Assassin's Creed III
2012-11-14 11:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 11:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 11:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 11:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 11:16 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 11:16 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 11:16 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 11:16 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 11:16 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 11:16 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 11:16 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 05:25 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 05:21 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 05:21 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-12 09:44 . 2012-11-12 09:44 -------- d-----w- c:\users\Loki\AppData\Local\Torch
2012-11-09 07:58 . 2012-11-09 07:58 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic
2012-11-04 08:26 . 2012-11-04 08:26 -------- d-----w- c:\program files (x86)\EA Games
2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- c:\users\Loki\AppData\Local\SCE
2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- C:\Crash
2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-11-03 09:14 . 2012-11-03 09:14 -------- d-----w- c:\users\Loki\AppData\Roaming\Autodesk
2012-11-03 09:08 . 2012-11-03 09:11 -------- d-----w- c:\programdata\FLEXnet
2012-11-03 09:08 . 2012-11-03 09:08 -------- d-----w- c:\users\Loki\AppData\Local\Autodesk
2012-11-03 09:04 . 2012-11-03 09:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-11-03 09:03 . 2012-11-03 09:04 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-11-03 09:03 . 2012-11-03 09:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-11-03 09:01 . 2012-11-03 09:14 -------- d-----w- c:\programdata\Autodesk
2012-11-03 09:01 . 2012-11-03 09:05 -------- d-----w- c:\program files\Autodesk
2012-11-03 09:01 . 2012-11-03 09:01 -------- d-----w- c:\program files (x86)\Autodesk
2012-11-03 09:01 . 2008-07-11 21:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-11-03 09:01 . 2008-07-11 21:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-11-03 09:01 . 2008-07-11 21:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-11-03 09:01 . 2008-07-11 21:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-11-03 09:01 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-11-03 09:01 . 2008-07-11 21:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 01:17 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-02 01:17 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-01 07:42 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-29 20:30 . 2012-02-03 05:47 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-14 11:18 . 2012-01-07 09:38 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 06:04 . 2012-09-04 06:09 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-30 22:51 . 2011-12-25 11:25 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-12-25 11:26 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-25 11:25 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-25 11:25 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-25 11:26 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-25 11:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-25 11:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-25 11:25 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 02:19 . 2012-10-29 02:19 148480 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2012-10-29 02:18 . 2012-10-29 02:18 617472 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2012-10-29 02:18 . 2012-10-29 02:18 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2012-10-25 02:18 . 2012-10-25 02:18 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2012-10-25 02:18 . 2012-10-25 02:18 113664 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-10-16 21:20 . 2012-11-28 05:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 05:23 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 05:23 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 15:59 . 2012-02-25 09:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-28 04:37 . 2012-09-28 04:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 04:36 . 2012-09-28 04:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 04:36 . 2012-09-28 04:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 04:36 . 2012-09-28 04:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 04:36 . 2012-09-28 04:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 04:36 . 2012-09-28 04:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 04:32 . 2012-09-28 04:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-10-26 02:04 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-10-26 01:46 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-14 19:23 . 2012-10-10 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 03:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 06:04 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-11-30 1354736]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-02 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-12-25 4942336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2010-04-28 228352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-11-15 336304]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
.
c:\users\Loki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-9 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"ANTIVIRUSDISABLENOTIFY"=dword:00000001
"FIREWALLDISABLENOTIFY"=dword:00000001
"UPDATESDISABLENOTIFY"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-25 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-25 79360]
R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2007-04-04 1495936]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-03-21 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-03 1030600]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-01-07 19952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-25 79360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-05 639512]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2009-12-21 1308160]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-12-25 15936]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ET Master Server Proxy;ET Master Server Proxy Service;c:\program files (x86)\Rudi Visser\ET Master Server Proxy Service\ETMSProxy.exe [2012-01-21 9728]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-11 66728]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-12-25 31808]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-12-16 16376]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-10-25 22016]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-15 31232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02 09:44]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02 09:44]
.
2012-12-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-21 8146944]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\et4x5xle.default\
FF - prefs.js: network.proxy.socks - 98.192.103.79
FF - prefs.js: network.proxy.socks_port - 39561
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-ArnA 2: Combined Operations - c:\program files (x86)\ArmA 2\uninstall.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye - c:\program files (x86)\CapsuleGames\ARMA II - PC\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-The Walking Dead Episode 3 © TellTale Games_is1 - c:\program files (x86)\The Walking Dead\Pack\The Walking Dead Episode 3\unins000.exe
AddRemove-The Walking Dead Episode 5 © Telltales_is1 - c:\the walking dead episode 5\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l4Ý2]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l4Ý2\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*l4Ý2]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,4c,6f,6b,69,2f,44,
65,73,6b,74,6f,70,2f,45,76,65,72,79,74,68,69,6e,67,2f,54,56,25,32,30,53,68,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,8e,9e,d5,29,b8,2b,01,66,37,bc,eb,b4,bc,fa,2e,43,32,26,6f,5a,
25,59,eb,0b,a9,a3,9a,88,7b,47,05,4d,7e,d4,f1,27,b4,f5,64,ef,6d,56,77,ae,32,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0f,a6,8f,d2,99,9e,14,46,5b,11,73,58,60,84,c8,d1,08,d4,33,98,1d,
49,de,83,9e,61,ca,07,ab,37,05,84,5d,ea,a7,57,26,f5,a5,d6,91,53,26,e0,a6,3f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:0f,a6,8f,d2,99,9e,14,46,5b,11,73,58,60,84,c8,d1,08,d4,33,98,1d,
49,de,83,9e,61,ca,07,ab,37,05,84,5d,ea,a7,57,26,f5,a5,d6,91,53,26,e0,a6,3f,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\00\1d\05\0b\01?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Completion time: 2012-12-03 15:17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-03 04:17
ComboFix2.txt 2012-12-02 21:36
.
Pre-Run: 376,034,643,968 bytes free
Post-Run: 375,998,910,464 bytes free
.
- - End Of File - - 06447BFF3A638EA15ADD25C944DC29B9
-
Hey there, I did as you requested and have pasted the log below:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 03-12-2012 14:11:09
Running from F:\Malware
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-25] (Creative Technology Ltd.)
HKLM\...\Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd [8146944 2009-12-21] (C-Media Corporation)
HKLM\...\Run: [Domino] C:\Windows\Domino.exe [49152 2006-07-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-10] ()
HKLM-x32\...\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-12-24] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [228352 2010-04-27] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [bigDogPath] C:\Windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL) [49152 2007-03-26] (Vimicro)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [336304 2012-11-15] (Razer USA Ltd)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)
HKU\Loki\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-11-29] (Valve Corporation)
HKU\Loki\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
HKU\Loki\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-07] (Google)
HKU\Loki\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-04] (Safer-Networking Ltd.)
HKU\Loki\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-02] (SUPERAntiSpyware.com)
HKU\Loki\...\Run: [XrbBrutt] C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] ()
HKLM-x32\...\Winlogon: [userinit] userinit.exe,,C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] ()
Startup: C:\Users\Loki\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe ()
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 ET Master Server Proxy; "C:\Program Files (x86)\Rudi Visser\ET Master Server Proxy Service\ETMSProxy.exe" [9728 2012-01-20] ()
2 mi-raysat_3dsmax2010_64; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe" [86016 2009-03-11] ()
3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-29] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-19] (Tunngle.net GmbH)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
==================== Drivers (Whitelisted) =====================
3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-27] (AnvSoft Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [1495936 2007-04-04] (Vimicro Corporation)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2011-12-24] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-12-24] (FNet Co., Ltd.)
3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-06] (Razer (Asia-Pacific) Pte Ltd)
3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-01-07] ()
3 rzendpt; C:\Windows\System32\Drivers\rzendpt.sys [22016 2012-10-24] (Razer USA Ltd)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [1495936 2007-04-04] (Vimicro Corporation)
3 catchme; \??\C:\lolwut\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
4 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-12-02 18:32 - 2012-12-02 18:32 - 00035200 ____A C:\Users\Loki\Desktop\dds.txt
2012-12-02 18:32 - 2012-12-02 18:32 - 00022916 ____A C:\Users\Loki\Desktop\attach.txt
2012-12-02 14:25 - 2012-12-02 18:18 - 00002289 ____A C:\Users\Loki\Desktop\Google Chrome.lnk
2012-12-02 13:54 - 2012-12-02 13:54 - 00000047 ____A C:\Users\Loki\AppData\Roaming\mbam.context.scan
2012-12-02 13:36 - 2012-12-02 13:36 - 00051147 ____A C:\ComboFix.txt
2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log
2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log
2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log
2012-12-02 13:26 - 2012-12-02 19:07 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log
2012-12-02 13:25 - 2012-12-02 19:07 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log
2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log
2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log
2012-12-02 12:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-02 12:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-02 12:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-02 12:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-02 12:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-02 12:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-02 12:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-02 12:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-02 12:52 - 2012-12-02 13:36 - 00000000 ____D C:\Qoobox
2012-12-02 12:52 - 2012-12-02 13:33 - 00000000 ____D C:\Windows\erdnt
2012-12-02 12:48 - 2012-12-02 18:14 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log
2012-12-02 12:46 - 2012-12-02 12:51 - 05009299 ____R (Swearware) C:\Users\Loki\Downloads\lolwut.exe
2012-12-02 03:25 - 2012-12-02 11:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job
2012-12-02 03:25 - 2012-12-02 07:00 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job
2012-12-02 03:25 - 2012-12-02 03:26 - 00614264 ____A C:\Users\Loki\Downloads\cbsidlm-tr1_8-Combofix-ORG2-75221073.exe
2012-12-02 03:25 - 2012-12-02 03:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-12-02 03:25 - 2012-12-02 03:25 - 00001808 ____A C:\Users\Loki\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com
2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-12-02 03:20 - 2012-12-02 03:23 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Loki\Downloads\SUPERAntiSpyware.exe
2012-12-02 03:13 - 2012-12-02 14:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-02 03:13 - 2012-12-02 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-02 03:10 - 2012-12-02 03:12 - 16409960 ____A (Safer Networking Limited ) C:\Users\Loki\Downloads\spybotsd162.exe
2012-12-02 03:07 - 2012-12-02 03:08 - 17926793 ____A C:\Users\Loki\Desktop\cce_1.6.183539.73_x32.zip
2012-12-02 03:06 - 2012-12-02 03:06 - 00373456 ____A (Softonic) C:\Users\Loki\Downloads\SoftonicDownloader_for_comodo-cleaning-essentials.exe
2012-12-02 02:59 - 2012-12-02 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-02 02:59 - 2012-12-02 02:59 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-12-02 02:59 - 2012-12-02 02:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Malwarebytes
2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-02 02:59 - 2012-09-29 00:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-02 02:57 - 2012-12-02 02:59 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Loki\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-02 02:34 - 2012-12-02 18:15 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log
2012-12-02 02:34 - 2012-12-02 17:56 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd
2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log
2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log
2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-11-29 01:45 - 2012-11-29 00:07 - 00458100 ____A (Digital River, Inc.) C:\Users\Loki\Downloads\FC3DM.exe
2012-11-29 01:44 - 2012-11-29 01:44 - 00375562 ____A C:\Users\Loki\Downloads\FC3DM.zip
2012-11-29 01:35 - 2012-11-29 12:42 - 00000000 ____D C:\Users\Loki\AppData\Roaming\GetRightToGo
2012-11-29 01:29 - 2012-11-29 01:30 - 04692341 ____A (FileZilla Project) C:\Users\Loki\Downloads\FileZilla_3.6.0.1_win32-setup.exe
2012-11-26 23:36 - 2012-11-26 23:36 - 00000000 ____D C:\Users\All Users\ATI
2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-11-26 23:32 - 2012-11-26 23:32 - 00889416 ____A (Microsoft Corporation) C:\Users\Loki\Downloads\dotNetFx40_Full_setup.exe
2012-11-26 23:32 - 2012-11-26 23:32 - 00000000 ____D C:\Program Files\ATI
2012-11-26 23:31 - 2012-11-26 23:31 - 00000000 ____D C:\AMD
2012-11-26 23:22 - 2012-11-26 23:28 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\Loki\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe
2012-11-26 22:52 - 2012-11-26 23:45 - 196924268 ____A C:\Users\Loki\Downloads\Ultra.zip
2012-11-26 21:51 - 2012-11-26 21:51 - 00274832 ____A C:\Windows\Minidump\112712-25755-01.dmp
2012-11-26 21:38 - 2012-11-26 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\ASUS
2012-11-26 21:31 - 2012-11-26 21:31 - 00042457 ____A C:\Windows\Cmicnfgp.ini.cfl
2012-11-26 21:31 - 2012-11-26 21:31 - 00000000 ____D C:\Program Files\ASUS Xonar DG Audio
2012-11-26 21:31 - 2011-10-11 00:00 - 00000053 ____N C:\Windows\System32\cmasiopx.ini
2012-11-26 21:31 - 2011-10-11 00:00 - 00000048 ____N C:\Windows\SysWOW64\cmasiop.ini
2012-11-26 21:31 - 2011-10-04 19:16 - 00465408 ____N (C-Media Electronics Inc.) C:\Windows\System32\cmasiopx.dll
2012-11-26 21:31 - 2011-10-04 19:16 - 00303104 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\cmasiop.dll
2012-11-26 21:31 - 2011-05-12 01:05 - 08769536 ____N (C-Media Corporation) C:\Windows\SysWOW64\CmiCnfgp.dll
2012-11-26 21:31 - 2011-04-18 22:56 - 00143360 ____N C:\Windows\SysWOW64\VmixP8.dll
2012-11-26 21:31 - 2011-02-24 00:52 - 00805376 ____N C:\Windows\System32\Cmeauoxy.exe
2012-11-26 21:31 - 2010-09-16 21:52 - 00217088 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv2.dll
2012-11-26 21:31 - 2010-09-16 21:52 - 00217088 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv.dll
2012-11-26 21:31 - 2008-07-23 02:59 - 00389120 ____N () C:\Windows\System32\CmiCnfgp.cpl
2012-11-26 21:31 - 2008-07-10 23:04 - 00200704 ____N C:\Windows\SysWOW64\HsMgr.exe
2012-11-26 21:31 - 2007-12-13 01:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\SysWOW64\Cm_Oal.dll
2012-11-26 21:31 - 2007-12-13 01:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\System32\Cm_Oal.dll
2012-11-26 21:31 - 2007-11-04 09:30 - 01144983 ____N C:\Windows\KB936225x64.msu
2012-11-26 21:31 - 2006-09-12 18:21 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\Cmpaoxy.dll
2012-11-26 21:29 - 2012-11-26 21:31 - 00000861 ____A C:\Windows\Cmicnfgp.ini.imi
2012-11-26 21:29 - 2011-10-04 18:54 - 00005060 ____N C:\Windows\Cmicnfgp.ini.cfg
2012-11-26 21:29 - 2011-03-09 23:44 - 02725376 ____A (C-Media Inc) C:\Windows\System32\Drivers\cmudaxp.sys
2012-11-26 21:29 - 2007-04-18 23:12 - 00032768 ____A (C-Media Electronics Inc.) C:\Windows\System32\cmudaxp.dll
2012-11-26 21:29 - 2004-04-13 19:28 - 00315392 ____A (C-Media Electronics Inc.) C:\Windows\SysWOW64\CmiFltr.dll
2012-11-26 21:28 - 2006-10-05 13:45 - 00524768 ___RA (Microsoft Corporation) C:\Windows\difxapi.dll
2012-11-25 21:38 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-25 21:31 - 2012-11-25 21:36 - 00000000 ____D C:\Program Files (x86)\LEGO Lord Of The Rings
2012-11-25 21:31 - 2012-11-25 21:31 - 00002011 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk
2012-11-25 21:31 - 2012-11-25 21:31 - 00001956 ____A C:\Users\Public\Desktop\Cat-A-Cat Games.lnk
2012-11-25 00:22 - 2012-11-25 04:25 - 1072883864 ____A C:\Users\Loki\Downloads\DayzTaviana - Final - V1.1.0.zip
2012-11-24 02:20 - 2012-11-24 02:20 - 00044799 ____A C:\Users\Loki\Downloads\DEF CON 20 updated DVD.rar.torrent
2012-11-24 00:36 - 2012-11-24 00:36 - 00000000 ____D C:\Users\Loki\AppData\Local\Sony Online Entertainment
2012-11-23 18:29 - 2012-11-23 18:29 - 00000067 ____A C:\Users\Loki\Downloads\listen.pls
2012-11-23 18:05 - 2012-11-23 18:05 - 03301633 ____A C:\Users\Loki\Downloads\IVMP-0.1-RC1.zip
2012-11-23 16:24 - 2012-11-23 16:24 - 00000045 ____A C:\Users\Loki\jagex_cl_speccollect_LIVE.dat
2012-11-23 02:48 - 2012-11-23 02:48 - 00049000 ____A C:\Users\Loki\Downloads\615639.zip
2012-11-22 17:39 - 2012-11-22 17:39 - 00000000 ____D C:\Users\Loki\Documents\Hitman Blood Money
2012-11-22 14:03 - 2012-11-22 14:03 - 00001000 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk
2012-11-22 14:03 - 2012-11-22 14:03 - 00000000 ____D C:\Program Files (x86)\Eidos
2012-11-22 14:02 - 2012-11-22 14:02 - 00002169 ____A C:\Users\Public\Desktop\Scribblenauts Unlimited.lnk
2012-11-22 14:01 - 2012-11-22 14:01 - 00000000 ____D C:\Program Files (x86)\WB Games
2012-11-21 17:19 - 2012-11-21 17:21 - 09954705 ____A C:\Users\Loki\Downloads\ARMA2_OA_Build_99202.zip
2012-11-21 13:55 - 2012-11-21 15:02 - 00377128 ____A C:\Users\Loki\Downloads\colleditor2.zip
2012-11-21 13:53 - 2012-11-21 13:53 - 00234737 ____A C:\Users\Loki\Downloads\imgtool20.zip
2012-11-21 13:52 - 2012-11-21 13:52 - 00074908 ____A C:\Users\Loki\Downloads\Drive_through_lamp_post.zip
2012-11-21 13:28 - 2012-11-21 13:28 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2012-11-21 01:47 - 2012-11-21 01:47 - 00001217 ____A C:\Users\Loki\Desktop\GTA San Andreas.lnk
2012-11-21 01:10 - 2012-11-21 01:12 - 11869040 ____A C:\Users\Loki\Downloads\sa-mp-0.3e-install.exe
2012-11-21 00:58 - 2012-11-21 00:58 - 00005755 ____A C:\Users\Loki\mmopage.html
2012-11-21 00:58 - 2012-11-21 00:58 - 00000595 ____A C:\Users\Loki\captcha.html
2012-11-21 00:56 - 2012-11-21 01:03 - 00000000 ____D C:\Users\Loki\.ps_inception
2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Windows\.mpr_file_store_32
2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Loki\.moparscape4
2012-11-19 17:20 - 2012-11-19 17:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-19 12:31 - 2012-11-19 12:44 - 00000000 ____D C:\Users\Loki\Documents\Assassin's Creed III
2012-11-19 12:09 - 2012-11-19 12:09 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Assassin's Creed III
2012-11-19 11:58 - 2012-11-19 12:38 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed III
2012-11-14 03:24 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 03:24 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 03:24 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 03:24 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 03:16 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 03:16 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 03:16 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 03:16 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 03:16 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 03:16 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 03:16 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 03:16 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-13 21:25 - 2012-10-18 10:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 21:21 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-13 21:21 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-12 01:44 - 2012-11-12 01:44 - 00000000 ____D C:\Users\Loki\AppData\Local\Torch
2012-11-08 23:58 - 2012-11-08 23:58 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic
2012-11-08 23:24 - 2012-11-08 23:24 - 00020059 ____A C:\Users\Loki\Downloads\Andrew_Skeet_-_The_Greatest_Video_Game_Music_2_{iTunes}_Album.torrent
2012-11-08 01:43 - 2012-11-08 01:43 - 00001128 ____A C:\Users\Loki\Downloads\tracert.txt
2012-11-04 22:05 - 2012-10-27 11:50 - 00000000 ____D C:\Users\Loki\Downloads\Tor Browser
2012-11-04 22:04 - 2012-11-04 22:05 - 23921701 ____A (Igor Pavlov) C:\Users\Loki\Downloads\tor-browser-2.2.39-5_en-US.exe
2012-11-04 00:36 - 2012-11-04 00:36 - 00000000 ____D C:\Users\Loki\Documents\Criterion Games
2012-11-04 00:30 - 2012-11-04 00:30 - 00002171 ____A C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
2012-11-04 00:26 - 2012-11-04 00:26 - 00000000 ____D C:\Program Files (x86)\EA Games
2012-11-03 19:59 - 2012-11-03 19:59 - 00002431 ____A C:\Users\Loki\Desktop\PlanetSide 2 Beta.lnk
2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Loki\AppData\Local\SCE
2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Crash
2012-11-03 19:57 - 2012-11-03 19:58 - 12769280 ____A C:\Users\Loki\Downloads\PlanetSide2_Beta_setup.exe
2012-11-03 01:51 - 2012-11-03 01:51 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\Documents\3dsMax
2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Autodesk
2012-11-03 01:08 - 2012-11-03 01:11 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-11-03 01:08 - 2012-11-03 01:08 - 00000000 ____D C:\Users\Loki\AppData\Local\Autodesk
2012-11-03 01:07 - 2012-11-03 01:07 - 00000000 ____D C:\Users\Loki\Documents\3ds Max 2010 Tutorials
2012-11-03 01:04 - 2012-11-03 01:04 - 00001974 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk
2012-11-03 01:04 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-11-03 01:03 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-11-03 01:01 - 2012-11-03 01:14 - 00000000 ____D C:\Users\All Users\Autodesk
2012-11-03 01:01 - 2012-11-03 01:05 - 00000000 ____D C:\Program Files\Autodesk
2012-11-03 01:01 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files (x86)\Autodesk
2012-11-03 01:01 - 2008-07-11 13:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-11-03 01:01 - 2008-07-11 13:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-11-03 01:01 - 2008-07-11 13:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-11-03 01:01 - 2008-07-11 13:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-11-03 01:01 - 2008-07-11 13:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-11-03 01:01 - 2008-07-11 13:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
==================== One Month Modified Files and Folders =======
2012-12-03 14:10 - 2012-12-03 14:10 - 00000000 ____D C:\FRST
2012-12-02 19:07 - 2012-12-02 13:26 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log
2012-12-02 19:07 - 2012-12-02 13:25 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log
2012-12-02 19:07 - 2012-03-10 19:20 - 00000000 ____D C:\Users\Loki\AppData\Local\TSVNCache
2012-12-02 18:58 - 2012-11-01 21:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-02 18:32 - 2012-12-02 18:32 - 00035200 ____A C:\Users\Loki\Desktop\dds.txt
2012-12-02 18:32 - 2012-12-02 18:32 - 00022916 ____A C:\Users\Loki\Desktop\attach.txt
2012-12-02 18:18 - 2012-12-02 14:25 - 00002289 ____A C:\Users\Loki\Desktop\Google Chrome.lnk
2012-12-02 18:15 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log
2012-12-02 18:14 - 2012-12-02 12:48 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log
2012-12-02 18:02 - 2011-12-24 23:00 - 01969321 ____A C:\Windows\WindowsUpdate.log
2012-12-02 18:00 - 2012-10-12 21:33 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Mumble
2012-12-02 17:57 - 2012-02-18 00:22 - 00000000 ____D C:\Users\Loki\AppData\Local\LogMeIn Hamachi
2012-12-02 17:57 - 2011-12-25 03:05 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-02 17:56 - 2012-12-02 02:34 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd
2012-12-02 17:56 - 2012-11-01 21:58 - 00000000 ___SD C:\Users\Loki\Google Drive
2012-12-02 17:56 - 2012-11-01 21:53 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-02 17:55 - 2011-12-24 23:09 - 00304948 ____A C:\Windows\PFRO.log
2012-12-02 17:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-02 17:55 - 2009-07-13 20:51 - 00093817 ____A C:\Windows\setupact.log
2012-12-02 14:25 - 2012-11-01 21:53 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-02 14:05 - 2012-12-02 03:13 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-02 13:54 - 2012-12-02 13:54 - 00000047 ____A C:\Users\Loki\AppData\Roaming\mbam.context.scan
2012-12-02 13:36 - 2012-12-02 13:36 - 00051147 ____A C:\ComboFix.txt
2012-12-02 13:36 - 2012-12-02 12:52 - 00000000 ____D C:\Qoobox
2012-12-02 13:36 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-12-02 13:33 - 2012-12-02 12:52 - 00000000 ____D C:\Windows\erdnt
2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log
2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log
2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log
2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log
2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log
2012-12-02 13:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-02 13:22 - 2011-12-25 23:47 - 00000000 ____D C:\Users\Loki\AppData\Roaming\vlc
2012-12-02 13:06 - 2011-12-25 03:21 - 00000000 ____D C:\Users\Loki\Desktop\Everything
2012-12-02 12:52 - 2012-12-02 03:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-02 12:52 - 2012-12-02 02:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-02 12:51 - 2012-12-02 12:46 - 05009299 ____R (Swearware) C:\Users\Loki\Downloads\lolwut.exe
2012-12-02 12:48 - 2011-12-25 02:38 - 00000000 ____D C:\Users\Loki\AppData\Local\Google
2012-12-02 12:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2012-12-02 12:43 - 2011-12-24 22:55 - 00000000 ____D C:\users\Loki
2012-12-02 11:25 - 2012-12-02 03:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job
2012-12-02 11:12 - 2012-01-27 08:02 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76698753-1703627523-2313692696-1000UA.job
2012-12-02 07:00 - 2012-12-02 03:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job
2012-12-02 03:26 - 2012-12-02 03:25 - 00614264 ____A C:\Users\Loki\Downloads\cbsidlm-tr1_8-Combofix-ORG2-75221073.exe
2012-12-02 03:26 - 2012-12-02 03:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-12-02 03:25 - 2012-12-02 03:25 - 00001808 ____A C:\Users\Loki\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com
2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-12-02 03:23 - 2012-12-02 03:20 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Loki\Downloads\SUPERAntiSpyware.exe
2012-12-02 03:12 - 2012-12-02 03:10 - 16409960 ____A (Safer Networking Limited ) C:\Users\Loki\Downloads\spybotsd162.exe
2012-12-02 03:08 - 2012-12-02 03:07 - 17926793 ____A C:\Users\Loki\Desktop\cce_1.6.183539.73_x32.zip
2012-12-02 03:06 - 2012-12-02 03:06 - 00373456 ____A (Softonic) C:\Users\Loki\Downloads\SoftonicDownloader_for_comodo-cleaning-essentials.exe
2012-12-02 02:59 - 2012-12-02 02:59 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-12-02 02:59 - 2012-12-02 02:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Malwarebytes
2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-02 02:59 - 2012-12-02 02:57 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Loki\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-02 02:59 - 2011-12-25 03:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-12-02 02:55 - 2012-02-04 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-02 02:38 - 2009-07-13 20:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-02 02:38 - 2009-07-13 20:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log
2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log
2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log
2012-12-01 23:12 - 2012-01-27 08:02 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76698753-1703627523-2313692696-1000Core.job
2012-12-01 17:17 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-12-01 17:17 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-12-01 06:35 - 2011-12-25 02:53 - 00000000 ____D C:\Users\Loki\AppData\Roaming\uTorrent
2012-11-30 23:42 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-11-29 12:53 - 2012-01-05 02:38 - 00000000 ____D C:\Users\Loki\AppData\Local\PunkBuster
2012-11-29 12:52 - 2011-12-25 07:47 - 00000000 ____D C:\Users\Loki\Documents\My Games
2012-11-29 12:42 - 2012-11-29 01:35 - 00000000 ____D C:\Users\Loki\AppData\Roaming\GetRightToGo
2012-11-29 12:30 - 2012-02-02 21:47 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-29 12:28 - 2011-12-25 05:45 - 00561494 ____A C:\Windows\DirectX.log
2012-11-29 12:14 - 2012-07-23 23:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-11-29 12:14 - 2011-12-24 22:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-29 04:33 - 2012-04-13 16:16 - 00000000 ____D C:\Users\Loki\AppData\Roaming\FileZilla
2012-11-29 02:08 - 2012-10-16 21:26 - 00000000 ____D C:\Users\Loki\Documents\Outlook Files
2012-11-29 01:44 - 2012-11-29 01:44 - 00375562 ____A C:\Users\Loki\Downloads\FC3DM.zip
2012-11-29 01:32 - 2012-04-13 16:16 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-11-29 01:30 - 2012-11-29 01:29 - 04692341 ____A (FileZilla Project) C:\Users\Loki\Downloads\FileZilla_3.6.0.1_win32-setup.exe
2012-11-29 00:07 - 2012-11-29 01:45 - 00458100 ____A (Digital River, Inc.) C:\Users\Loki\Downloads\FC3DM.exe
2012-11-27 22:58 - 2011-12-25 02:50 - 00426022 ____A C:\Windows\DPINST.LOG
2012-11-26 23:45 - 2012-11-26 22:52 - 196924268 ____A C:\Users\Loki\Downloads\Ultra.zip
2012-11-26 23:39 - 2012-02-09 22:22 - 00789938 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-11-26 23:39 - 2009-07-13 21:13 - 00789938 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-26 23:36 - 2012-11-26 23:36 - 00000000 ____D C:\Users\All Users\ATI
2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-11-26 23:35 - 2012-08-07 00:03 - 00000000 ____D C:\Users\All Users\AMD
2012-11-26 23:32 - 2012-11-26 23:32 - 00889416 ____A (Microsoft Corporation) C:\Users\Loki\Downloads\dotNetFx40_Full_setup.exe
2012-11-26 23:32 - 2012-11-26 23:32 - 00000000 ____D C:\Program Files\ATI
2012-11-26 23:31 - 2012-11-26 23:31 - 00000000 ____D C:\AMD
2012-11-26 23:29 - 2012-01-07 03:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-11-26 23:28 - 2012-11-26 23:22 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\Loki\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe
2012-11-26 22:42 - 2012-02-09 21:17 - 00000000 ____D C:\Users\Loki\AppData\Local\PMB Files
2012-11-26 22:42 - 2012-02-09 21:16 - 00000000 ____D C:\Users\All Users\PMB Files
2012-11-26 22:38 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Loki\AppData\Local\ArmA 2 OA
2012-11-26 22:00 - 2012-08-13 02:28 - 00001406 ____A C:\Users\Public\Desktop\DayZ Commander.lnk
2012-11-26 21:51 - 2012-11-26 21:51 - 00274832 ____A C:\Windows\Minidump\112712-25755-01.dmp
2012-11-26 21:51 - 2012-01-05 18:39 - 00000000 ____D C:\Windows\Minidump
2012-11-26 21:50 - 2012-01-06 22:02 - 821271828 ____A C:\Windows\MEMORY.DMP
2012-11-26 21:39 - 2009-07-13 20:45 - 05027400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-26 21:38 - 2012-11-26 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\ASUS
2012-11-26 21:38 - 2012-02-09 01:56 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-11-26 21:38 - 2011-12-24 23:19 - 00126744 ____A C:\Users\Loki\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-26 21:31 - 2012-11-26 21:31 - 00042457 ____A C:\Windows\Cmicnfgp.ini.cfl
2012-11-26 21:31 - 2012-11-26 21:31 - 00000000 ____D C:\Program Files\ASUS Xonar DG Audio
2012-11-26 21:31 - 2012-11-26 21:29 - 00000861 ____A C:\Windows\Cmicnfgp.ini.imi
2012-11-26 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2012-11-25 21:38 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-11-25 21:36 - 2012-11-25 21:31 - 00000000 ____D C:\Program Files (x86)\LEGO Lord Of The Rings
2012-11-25 21:31 - 2012-11-25 21:31 - 00002011 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk
2012-11-25 21:31 - 2012-11-25 21:31 - 00001956 ____A C:\Users\Public\Desktop\Cat-A-Cat Games.lnk
2012-11-25 04:25 - 2012-11-25 00:22 - 1072883864 ____A C:\Users\Loki\Downloads\DayzTaviana - Final - V1.1.0.zip
2012-11-24 02:20 - 2012-11-24 02:20 - 00044799 ____A C:\Users\Loki\Downloads\DEF CON 20 updated DVD.rar.torrent
2012-11-24 00:36 - 2012-11-24 00:36 - 00000000 ____D C:\Users\Loki\AppData\Local\Sony Online Entertainment
2012-11-23 18:29 - 2012-11-23 18:29 - 00000067 ____A C:\Users\Loki\Downloads\listen.pls
2012-11-23 18:09 - 2012-08-24 17:26 - 00000000 ____D C:\Program Files (x86)\IVMP
2012-11-23 18:05 - 2012-11-23 18:05 - 03301633 ____A C:\Users\Loki\Downloads\IVMP-0.1-RC1.zip
2012-11-23 16:24 - 2012-11-23 16:24 - 00000045 ____A C:\Users\Loki\jagex_cl_speccollect_LIVE.dat
2012-11-23 16:24 - 2012-06-11 19:11 - 00000000 ____D C:\Windows\.jagex_cache_32
2012-11-23 16:24 - 2012-01-23 00:33 - 00000024 ____A C:\Users\Loki\random.dat
2012-11-23 16:24 - 2012-01-23 00:33 - 00000000 ____D C:\Users\Loki\jagexcache
2012-11-23 02:48 - 2012-11-23 02:48 - 00049000 ____A C:\Users\Loki\Downloads\615639.zip
2012-11-22 17:39 - 2012-11-22 17:39 - 00000000 ____D C:\Users\Loki\Documents\Hitman Blood Money
2012-11-22 14:08 - 2012-02-18 01:34 - 00000000 ____D C:\Users\Loki\AppData\Local\SKIDROW
2012-11-22 14:03 - 2012-11-22 14:03 - 00001000 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk
2012-11-22 14:03 - 2012-11-22 14:03 - 00000000 ____D C:\Program Files (x86)\Eidos
2012-11-22 14:02 - 2012-11-22 14:02 - 00002169 ____A C:\Users\Public\Desktop\Scribblenauts Unlimited.lnk
2012-11-22 14:01 - 2012-11-22 14:01 - 00000000 ____D C:\Program Files (x86)\WB Games
2012-11-21 17:21 - 2012-11-21 17:19 - 09954705 ____A C:\Users\Loki\Downloads\ARMA2_OA_Build_99202.zip
2012-11-21 15:02 - 2012-11-21 13:55 - 00377128 ____A C:\Users\Loki\Downloads\colleditor2.zip
2012-11-21 13:53 - 2012-11-21 13:53 - 00234737 ____A C:\Users\Loki\Downloads\imgtool20.zip
2012-11-21 13:52 - 2012-11-21 13:52 - 00074908 ____A C:\Users\Loki\Downloads\Drive_through_lamp_post.zip
2012-11-21 13:28 - 2012-11-21 13:28 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2012-11-21 13:19 - 2011-12-25 04:22 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-11-21 13:16 - 2011-12-25 02:40 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Skype
2012-11-21 01:47 - 2012-11-21 01:47 - 00001217 ____A C:\Users\Loki\Desktop\GTA San Andreas.lnk
2012-11-21 01:12 - 2012-11-21 01:10 - 11869040 ____A C:\Users\Loki\Downloads\sa-mp-0.3e-install.exe
2012-11-21 01:03 - 2012-11-21 00:56 - 00000000 ____D C:\Users\Loki\.ps_inception
2012-11-21 00:58 - 2012-11-21 00:58 - 00005755 ____A C:\Users\Loki\mmopage.html
2012-11-21 00:58 - 2012-11-21 00:58 - 00000595 ____A C:\Users\Loki\captcha.html
2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Windows\.mpr_file_store_32
2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Loki\.moparscape4
2012-11-20 23:04 - 2012-05-17 23:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-11-19 18:33 - 2012-07-24 00:26 - 00000000 ____D C:\Users\Loki\AppData\Local\Ubisoft Game Launcher
2012-11-19 17:20 - 2012-11-19 17:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-19 12:44 - 2012-11-19 12:31 - 00000000 ____D C:\Users\Loki\Documents\Assassin's Creed III
2012-11-19 12:38 - 2012-11-19 11:58 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed III
2012-11-19 12:09 - 2012-11-19 12:09 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Assassin's Creed III
2012-11-19 03:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-14 03:24 - 2012-01-21 20:14 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 03:18 - 2012-01-07 01:38 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-13 00:02 - 2011-12-25 20:28 - 00000000 ____D C:\Users\Loki\AppData\Local\Skyrim
2012-11-13 00:02 - 2011-12-25 05:09 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-11-12 23:59 - 2012-02-04 21:01 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-11-12 01:44 - 2012-11-12 01:44 - 00000000 ____D C:\Users\Loki\AppData\Local\Torch
2012-11-08 23:58 - 2012-11-08 23:58 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic
2012-11-08 23:24 - 2012-11-08 23:24 - 00020059 ____A C:\Users\Loki\Downloads\Andrew_Skeet_-_The_Greatest_Video_Game_Music_2_{iTunes}_Album.torrent
2012-11-08 22:05 - 2012-06-06 19:51 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 22:04 - 2012-09-03 22:09 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-08 22:04 - 2012-06-06 19:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-08 01:43 - 2012-11-08 01:43 - 00001128 ____A C:\Users\Loki\Downloads\tracert.txt
2012-11-05 23:31 - 2012-06-06 19:55 - 00000000 ____D C:\Users\Loki\AppData\Roaming\HandBrake
2012-11-05 22:37 - 2011-12-25 03:31 - 00000000 ____D C:\Users\All Users\Origin
2012-11-05 21:59 - 2011-12-25 03:31 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-11-05 21:58 - 2011-12-25 03:30 - 00000000 ____D C:\Program Files (x86)\Origin
2012-11-04 22:05 - 2012-11-04 22:04 - 23921701 ____A (Igor Pavlov) C:\Users\Loki\Downloads\tor-browser-2.2.39-5_en-US.exe
2012-11-04 00:36 - 2012-11-04 00:36 - 00000000 ____D C:\Users\Loki\Documents\Criterion Games
2012-11-04 00:30 - 2012-11-04 00:30 - 00002171 ____A C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
2012-11-04 00:26 - 2012-11-04 00:26 - 00000000 ____D C:\Program Files (x86)\EA Games
2012-11-03 19:59 - 2012-11-03 19:59 - 00002431 ____A C:\Users\Loki\Desktop\PlanetSide 2 Beta.lnk
2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Loki\AppData\Local\SCE
2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Crash
2012-11-03 19:59 - 2011-12-26 02:01 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-03 19:59 - 2011-12-26 02:01 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-03 19:58 - 2012-11-03 19:57 - 12769280 ____A C:\Users\Loki\Downloads\PlanetSide2_Beta_setup.exe
2012-11-03 01:51 - 2012-11-03 01:51 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\Documents\3dsMax
2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Autodesk
2012-11-03 01:14 - 2012-11-03 01:01 - 00000000 ____D C:\Users\All Users\Autodesk
2012-11-03 01:11 - 2012-11-03 01:08 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-11-03 01:08 - 2012-11-03 01:08 - 00000000 ____D C:\Users\Loki\AppData\Local\Autodesk
2012-11-03 01:07 - 2012-11-03 01:07 - 00000000 ____D C:\Users\Loki\Documents\3ds Max 2010 Tutorials
2012-11-03 01:05 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files\Autodesk
2012-11-03 01:04 - 2012-11-03 01:04 - 00001974 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk
2012-11-03 01:04 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-11-03 01:04 - 2012-11-03 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-11-03 01:01 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files (x86)\Autodesk
2012-11-03 01:01 - 2009-07-13 18:34 - 00017588 ____A C:\Windows\System32\Drivers\etc\services
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-12-02 12:55:54
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16366.7 MB
Available physical RAM: 15185.66 MB
Total Pagefile: 16364.85 MB
Available Pagefile: 15179 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:350.32 GB) NTFS
3 Drive f: (LOKI) (Removable) (Total:14.93 GB) (Free:8.32 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 0 B
Disk 1 Online 14 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1862 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1862 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F LOKI FAT32 Removable 14 GB Healthy
=========================================================
Last Boot: 2012-11-25 04:37
==================== End Of Log =============================
-
Hey there,
Everytime I start up my computer I get a message from Avast saying it has found some Malware and has deleted it. But this is not the case, because everytime the pc starts I get the same message. So somehow it is recreating itself after deletion. Also this piece of malware is disabling my ability to open any Anti-Malware appliactions, I have to run my pc in safe mode just to open Malewarebytes and even after a full system scan and the deletion of this piece of malware it just recreates itself on system restart. Another annoying this is that it somehow blocks my ability to access any anti-malware websites to help me remove it.
I've attached the logs I got from DDS as well as a picture of the Avast warning and would appreciate any help given. I'm completely fed up.
-
Yesterday, randomly I started getting pop ups from adware sites and Immediately I did an AVG scan and found a few problems. I thought AVG fixed them but they kept popping up and then I did a Spyware Doctor 2010 scan. Which fixed my problems immediately. Then I shut off my computer and started it today realising that I had a bigger problem, I couldn't connect to steam, skype or MSN. But I could still surf the web. So I told my friend and he recommended I use Malwarebytes. So I did I full system scan and found 3 infections, so I preceded to delete and restart my pc. After the restart I had the same problem, any ideas on what the problem is? Or how I could fix this?
Help with annoying Malware removal
in Resolved Malware Removal Logs
Posted
Once again, thank you for your help and your security advisement.