Jump to content

Help with annoying Malware removal


Loki713
 Share

Recommended Posts

Hey there,

Everytime I start up my computer I get a message from Avast saying it has found some Malware and has deleted it. But this is not the case, because everytime the pc starts I get the same message. So somehow it is recreating itself after deletion. Also this piece of malware is disabling my ability to open any Anti-Malware appliactions, I have to run my pc in safe mode just to open Malewarebytes and even after a full system scan and the deletion of this piece of malware it just recreates itself on system restart. Another annoying this is that it somehow blocks my ability to access any anti-malware websites to help me remove it.

I've attached the logs I got from DDS as well as a picture of the Avast warning and would appreciate any help given. I'm completely fed up.

Attach.txt

DDS.txt

post-43351-0-93424400-1354502794.jpg

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Hey there, I did as you requested and have pasted the log below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012

Ran by SYSTEM at 03-12-2012 14:11:09

Running from F:\Malware

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-25] (Creative Technology Ltd.)

HKLM\...\Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd [8146944 2009-12-21] (C-Media Corporation)

HKLM\...\Run: [Domino] C:\Windows\Domino.exe [49152 2006-07-03] ()

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation)

HKLM\...\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-10] ()

HKLM\...\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-10] ()

HKLM-x32\...\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-12-24] (FNet Co., Ltd.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [228352 2010-04-27] ()

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]

HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-20] (Microsoft Corporation)

HKLM-x32\...\Run: [bigDogPath] C:\Windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL) [49152 2007-03-26] (Vimicro)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-24] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-24] (Adobe Systems Inc.)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [336304 2012-11-15] (Razer USA Ltd)

HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] ()

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)

HKU\Loki\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-11-29] (Valve Corporation)

HKU\Loki\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)

HKU\Loki\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-07] (Google)

HKU\Loki\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-04] (Safer-Networking Ltd.)

HKU\Loki\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-02] (SUPERAntiSpyware.com)

HKU\Loki\...\Run: [XrbBrutt] C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] ()

HKLM-x32\...\Winlogon: [userinit] userinit.exe,,C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] ()

Startup: C:\Users\Loki\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

Startup: C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe ()

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)

2 ET Master Server Proxy; "C:\Program Files (x86)\Rudi Visser\ET Master Server Proxy Service\ETMSProxy.exe" [9728 2012-01-20] ()

2 mi-raysat_3dsmax2010_64; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe" [86016 2009-03-11] ()

3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] ()

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-29] ()

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)

4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)

3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-19] (Tunngle.net GmbH)

2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-27] (AnvSoft Inc.)

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)

3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)

3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [1495936 2007-04-04] (Vimicro Corporation)

3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2011-12-24] (FNet Co., Ltd.)

1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-12-24] (FNet Co., Ltd.)

3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-06] (Razer (Asia-Pacific) Pte Ltd)

3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-01-07] ()

3 rzendpt; C:\Windows\System32\Drivers\rzendpt.sys [22016 2012-10-24] (Razer USA Ltd)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)

3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [1495936 2007-04-04] (Vimicro Corporation)

3 catchme; \??\C:\lolwut\catchme.sys [x]

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

4 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-02 18:32 - 2012-12-02 18:32 - 00035200 ____A C:\Users\Loki\Desktop\dds.txt

2012-12-02 18:32 - 2012-12-02 18:32 - 00022916 ____A C:\Users\Loki\Desktop\attach.txt

2012-12-02 14:25 - 2012-12-02 18:18 - 00002289 ____A C:\Users\Loki\Desktop\Google Chrome.lnk

2012-12-02 13:54 - 2012-12-02 13:54 - 00000047 ____A C:\Users\Loki\AppData\Roaming\mbam.context.scan

2012-12-02 13:36 - 2012-12-02 13:36 - 00051147 ____A C:\ComboFix.txt

2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log

2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log

2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log

2012-12-02 13:26 - 2012-12-02 19:07 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log

2012-12-02 13:25 - 2012-12-02 19:07 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log

2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log

2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log

2012-12-02 12:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-12-02 12:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-12-02 12:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-12-02 12:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-12-02 12:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-12-02 12:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-12-02 12:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-12-02 12:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-12-02 12:52 - 2012-12-02 13:36 - 00000000 ____D C:\Qoobox

2012-12-02 12:52 - 2012-12-02 13:33 - 00000000 ____D C:\Windows\erdnt

2012-12-02 12:48 - 2012-12-02 18:14 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log

2012-12-02 12:46 - 2012-12-02 12:51 - 05009299 ____R (Swearware) C:\Users\Loki\Downloads\lolwut.exe

2012-12-02 03:25 - 2012-12-02 11:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job

2012-12-02 03:25 - 2012-12-02 07:00 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job

2012-12-02 03:25 - 2012-12-02 03:26 - 00614264 ____A C:\Users\Loki\Downloads\cbsidlm-tr1_8-Combofix-ORG2-75221073.exe

2012-12-02 03:25 - 2012-12-02 03:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-12-02 03:25 - 2012-12-02 03:25 - 00001808 ____A C:\Users\Loki\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com

2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-12-02 03:20 - 2012-12-02 03:23 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Loki\Downloads\SUPERAntiSpyware.exe

2012-12-02 03:13 - 2012-12-02 14:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-12-02 03:13 - 2012-12-02 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-12-02 03:10 - 2012-12-02 03:12 - 16409960 ____A (Safer Networking Limited ) C:\Users\Loki\Downloads\spybotsd162.exe

2012-12-02 03:07 - 2012-12-02 03:08 - 17926793 ____A C:\Users\Loki\Desktop\cce_1.6.183539.73_x32.zip

2012-12-02 03:06 - 2012-12-02 03:06 - 00373456 ____A (Softonic) C:\Users\Loki\Downloads\SoftonicDownloader_for_comodo-cleaning-essentials.exe

2012-12-02 02:59 - 2012-12-02 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-02 02:59 - 2012-12-02 02:59 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-12-02 02:59 - 2012-12-02 02:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Malwarebytes

2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-02 02:59 - 2012-09-29 00:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-12-02 02:57 - 2012-12-02 02:59 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Loki\Downloads\mbam-setup-1.65.1.1000.exe

2012-12-02 02:34 - 2012-12-02 18:15 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log

2012-12-02 02:34 - 2012-12-02 17:56 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd

2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log

2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log

2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2012-11-29 01:45 - 2012-11-29 00:07 - 00458100 ____A (Digital River, Inc.) C:\Users\Loki\Downloads\FC3DM.exe

2012-11-29 01:44 - 2012-11-29 01:44 - 00375562 ____A C:\Users\Loki\Downloads\FC3DM.zip

2012-11-29 01:35 - 2012-11-29 12:42 - 00000000 ____D C:\Users\Loki\AppData\Roaming\GetRightToGo

2012-11-29 01:29 - 2012-11-29 01:30 - 04692341 ____A (FileZilla Project) C:\Users\Loki\Downloads\FileZilla_3.6.0.1_win32-setup.exe

2012-11-26 23:36 - 2012-11-26 23:36 - 00000000 ____D C:\Users\All Users\ATI

2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD APP

2012-11-26 23:32 - 2012-11-26 23:32 - 00889416 ____A (Microsoft Corporation) C:\Users\Loki\Downloads\dotNetFx40_Full_setup.exe

2012-11-26 23:32 - 2012-11-26 23:32 - 00000000 ____D C:\Program Files\ATI

2012-11-26 23:31 - 2012-11-26 23:31 - 00000000 ____D C:\AMD

2012-11-26 23:22 - 2012-11-26 23:28 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\Loki\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe

2012-11-26 22:52 - 2012-11-26 23:45 - 196924268 ____A C:\Users\Loki\Downloads\Ultra.zip

2012-11-26 21:51 - 2012-11-26 21:51 - 00274832 ____A C:\Windows\Minidump\112712-25755-01.dmp

2012-11-26 21:38 - 2012-11-26 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\ASUS

2012-11-26 21:31 - 2012-11-26 21:31 - 00042457 ____A C:\Windows\Cmicnfgp.ini.cfl

2012-11-26 21:31 - 2012-11-26 21:31 - 00000000 ____D C:\Program Files\ASUS Xonar DG Audio

2012-11-26 21:31 - 2011-10-11 00:00 - 00000053 ____N C:\Windows\System32\cmasiopx.ini

2012-11-26 21:31 - 2011-10-11 00:00 - 00000048 ____N C:\Windows\SysWOW64\cmasiop.ini

2012-11-26 21:31 - 2011-10-04 19:16 - 00465408 ____N (C-Media Electronics Inc.) C:\Windows\System32\cmasiopx.dll

2012-11-26 21:31 - 2011-10-04 19:16 - 00303104 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\cmasiop.dll

2012-11-26 21:31 - 2011-05-12 01:05 - 08769536 ____N (C-Media Corporation) C:\Windows\SysWOW64\CmiCnfgp.dll

2012-11-26 21:31 - 2011-04-18 22:56 - 00143360 ____N C:\Windows\SysWOW64\VmixP8.dll

2012-11-26 21:31 - 2011-02-24 00:52 - 00805376 ____N C:\Windows\System32\Cmeauoxy.exe

2012-11-26 21:31 - 2010-09-16 21:52 - 00217088 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv2.dll

2012-11-26 21:31 - 2010-09-16 21:52 - 00217088 ____N (C-Media Electronics Inc.) C:\Windows\SysWOW64\HsSrv.dll

2012-11-26 21:31 - 2008-07-23 02:59 - 00389120 ____N () C:\Windows\System32\CmiCnfgp.cpl

2012-11-26 21:31 - 2008-07-10 23:04 - 00200704 ____N C:\Windows\SysWOW64\HsMgr.exe

2012-11-26 21:31 - 2007-12-13 01:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\SysWOW64\Cm_Oal.dll

2012-11-26 21:31 - 2007-12-13 01:12 - 00122880 ____N (CMedia Electronics Inc.) C:\Windows\System32\Cm_Oal.dll

2012-11-26 21:31 - 2007-11-04 09:30 - 01144983 ____N C:\Windows\KB936225x64.msu

2012-11-26 21:31 - 2006-09-12 18:21 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\Cmpaoxy.dll

2012-11-26 21:29 - 2012-11-26 21:31 - 00000861 ____A C:\Windows\Cmicnfgp.ini.imi

2012-11-26 21:29 - 2011-10-04 18:54 - 00005060 ____N C:\Windows\Cmicnfgp.ini.cfg

2012-11-26 21:29 - 2011-03-09 23:44 - 02725376 ____A (C-Media Inc) C:\Windows\System32\Drivers\cmudaxp.sys

2012-11-26 21:29 - 2007-04-18 23:12 - 00032768 ____A (C-Media Electronics Inc.) C:\Windows\System32\cmudaxp.dll

2012-11-26 21:29 - 2004-04-13 19:28 - 00315392 ____A (C-Media Electronics Inc.) C:\Windows\SysWOW64\CmiFltr.dll

2012-11-26 21:28 - 2006-10-05 13:45 - 00524768 ___RA (Microsoft Corporation) C:\Windows\difxapi.dll

2012-11-25 21:38 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment

2012-11-25 21:31 - 2012-11-25 21:36 - 00000000 ____D C:\Program Files (x86)\LEGO Lord Of The Rings

2012-11-25 21:31 - 2012-11-25 21:31 - 00002011 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk

2012-11-25 21:31 - 2012-11-25 21:31 - 00001956 ____A C:\Users\Public\Desktop\Cat-A-Cat Games.lnk

2012-11-25 00:22 - 2012-11-25 04:25 - 1072883864 ____A C:\Users\Loki\Downloads\DayzTaviana - Final - V1.1.0.zip

2012-11-24 02:20 - 2012-11-24 02:20 - 00044799 ____A C:\Users\Loki\Downloads\DEF CON 20 updated DVD.rar.torrent

2012-11-24 00:36 - 2012-11-24 00:36 - 00000000 ____D C:\Users\Loki\AppData\Local\Sony Online Entertainment

2012-11-23 18:29 - 2012-11-23 18:29 - 00000067 ____A C:\Users\Loki\Downloads\listen.pls

2012-11-23 18:05 - 2012-11-23 18:05 - 03301633 ____A C:\Users\Loki\Downloads\IVMP-0.1-RC1.zip

2012-11-23 16:24 - 2012-11-23 16:24 - 00000045 ____A C:\Users\Loki\jagex_cl_speccollect_LIVE.dat

2012-11-23 02:48 - 2012-11-23 02:48 - 00049000 ____A C:\Users\Loki\Downloads\615639.zip

2012-11-22 17:39 - 2012-11-22 17:39 - 00000000 ____D C:\Users\Loki\Documents\Hitman Blood Money

2012-11-22 14:03 - 2012-11-22 14:03 - 00001000 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk

2012-11-22 14:03 - 2012-11-22 14:03 - 00000000 ____D C:\Program Files (x86)\Eidos

2012-11-22 14:02 - 2012-11-22 14:02 - 00002169 ____A C:\Users\Public\Desktop\Scribblenauts Unlimited.lnk

2012-11-22 14:01 - 2012-11-22 14:01 - 00000000 ____D C:\Program Files (x86)\WB Games

2012-11-21 17:19 - 2012-11-21 17:21 - 09954705 ____A C:\Users\Loki\Downloads\ARMA2_OA_Build_99202.zip

2012-11-21 13:55 - 2012-11-21 15:02 - 00377128 ____A C:\Users\Loki\Downloads\colleditor2.zip

2012-11-21 13:53 - 2012-11-21 13:53 - 00234737 ____A C:\Users\Loki\Downloads\imgtool20.zip

2012-11-21 13:52 - 2012-11-21 13:52 - 00074908 ____A C:\Users\Loki\Downloads\Drive_through_lamp_post.zip

2012-11-21 13:28 - 2012-11-21 13:28 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll

2012-11-21 01:47 - 2012-11-21 01:47 - 00001217 ____A C:\Users\Loki\Desktop\GTA San Andreas.lnk

2012-11-21 01:10 - 2012-11-21 01:12 - 11869040 ____A C:\Users\Loki\Downloads\sa-mp-0.3e-install.exe

2012-11-21 00:58 - 2012-11-21 00:58 - 00005755 ____A C:\Users\Loki\mmopage.html

2012-11-21 00:58 - 2012-11-21 00:58 - 00000595 ____A C:\Users\Loki\captcha.html

2012-11-21 00:56 - 2012-11-21 01:03 - 00000000 ____D C:\Users\Loki\.ps_inception

2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Windows\.mpr_file_store_32

2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Loki\.moparscape4

2012-11-19 17:20 - 2012-11-19 17:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 12:31 - 2012-11-19 12:44 - 00000000 ____D C:\Users\Loki\Documents\Assassin's Creed III

2012-11-19 12:09 - 2012-11-19 12:09 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Assassin's Creed III

2012-11-19 11:58 - 2012-11-19 12:38 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed III

2012-11-14 03:24 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-11-14 03:24 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2012-11-14 03:24 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2012-11-14 03:24 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2012-11-14 03:16 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

2012-11-14 03:16 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

2012-11-14 03:16 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

2012-11-14 03:16 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

2012-11-14 03:16 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 03:16 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

2012-11-14 03:16 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

2012-11-14 03:16 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2012-11-13 21:25 - 2012-10-18 10:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-13 21:21 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-13 21:21 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-12 01:44 - 2012-11-12 01:44 - 00000000 ____D C:\Users\Loki\AppData\Local\Torch

2012-11-08 23:58 - 2012-11-08 23:58 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic

2012-11-08 23:24 - 2012-11-08 23:24 - 00020059 ____A C:\Users\Loki\Downloads\Andrew_Skeet_-_The_Greatest_Video_Game_Music_2_{iTunes}_Album.torrent

2012-11-08 01:43 - 2012-11-08 01:43 - 00001128 ____A C:\Users\Loki\Downloads\tracert.txt

2012-11-04 22:05 - 2012-10-27 11:50 - 00000000 ____D C:\Users\Loki\Downloads\Tor Browser

2012-11-04 22:04 - 2012-11-04 22:05 - 23921701 ____A (Igor Pavlov) C:\Users\Loki\Downloads\tor-browser-2.2.39-5_en-US.exe

2012-11-04 00:36 - 2012-11-04 00:36 - 00000000 ____D C:\Users\Loki\Documents\Criterion Games

2012-11-04 00:30 - 2012-11-04 00:30 - 00002171 ____A C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk

2012-11-04 00:26 - 2012-11-04 00:26 - 00000000 ____D C:\Program Files (x86)\EA Games

2012-11-03 19:59 - 2012-11-03 19:59 - 00002431 ____A C:\Users\Loki\Desktop\PlanetSide 2 Beta.lnk

2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment

2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Loki\AppData\Local\SCE

2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Crash

2012-11-03 19:57 - 2012-11-03 19:58 - 12769280 ____A C:\Users\Loki\Downloads\PlanetSide2_Beta_setup.exe

2012-11-03 01:51 - 2012-11-03 01:51 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\Documents\3dsMax

2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Autodesk

2012-11-03 01:08 - 2012-11-03 01:11 - 00000000 ____D C:\Users\All Users\FLEXnet

2012-11-03 01:08 - 2012-11-03 01:08 - 00000000 ____D C:\Users\Loki\AppData\Local\Autodesk

2012-11-03 01:07 - 2012-11-03 01:07 - 00000000 ____D C:\Users\Loki\Documents\3ds Max 2010 Tutorials

2012-11-03 01:04 - 2012-11-03 01:04 - 00001974 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk

2012-11-03 01:04 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared

2012-11-03 01:03 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared

2012-11-03 01:01 - 2012-11-03 01:14 - 00000000 ____D C:\Users\All Users\Autodesk

2012-11-03 01:01 - 2012-11-03 01:05 - 00000000 ____D C:\Program Files\Autodesk

2012-11-03 01:01 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files (x86)\Autodesk

2012-11-03 01:01 - 2008-07-11 13:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll

2012-11-03 01:01 - 2008-07-11 13:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2012-11-03 01:01 - 2008-07-11 13:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll

2012-11-03 01:01 - 2008-07-11 13:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-11-03 01:01 - 2008-07-11 13:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll

2012-11-03 01:01 - 2008-07-11 13:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

==================== One Month Modified Files and Folders =======

2012-12-03 14:10 - 2012-12-03 14:10 - 00000000 ____D C:\FRST

2012-12-02 19:07 - 2012-12-02 13:26 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log

2012-12-02 19:07 - 2012-12-02 13:25 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log

2012-12-02 19:07 - 2012-03-10 19:20 - 00000000 ____D C:\Users\Loki\AppData\Local\TSVNCache

2012-12-02 18:58 - 2012-11-01 21:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-02 18:32 - 2012-12-02 18:32 - 00035200 ____A C:\Users\Loki\Desktop\dds.txt

2012-12-02 18:32 - 2012-12-02 18:32 - 00022916 ____A C:\Users\Loki\Desktop\attach.txt

2012-12-02 18:18 - 2012-12-02 14:25 - 00002289 ____A C:\Users\Loki\Desktop\Google Chrome.lnk

2012-12-02 18:15 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log

2012-12-02 18:14 - 2012-12-02 12:48 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log

2012-12-02 18:02 - 2011-12-24 23:00 - 01969321 ____A C:\Windows\WindowsUpdate.log

2012-12-02 18:00 - 2012-10-12 21:33 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Mumble

2012-12-02 17:57 - 2012-02-18 00:22 - 00000000 ____D C:\Users\Loki\AppData\Local\LogMeIn Hamachi

2012-12-02 17:57 - 2011-12-25 03:05 - 00000000 ____D C:\Program Files (x86)\Steam

2012-12-02 17:56 - 2012-12-02 02:34 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd

2012-12-02 17:56 - 2012-11-01 21:58 - 00000000 ___SD C:\Users\Loki\Google Drive

2012-12-02 17:56 - 2012-11-01 21:53 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-02 17:55 - 2011-12-24 23:09 - 00304948 ____A C:\Windows\PFRO.log

2012-12-02 17:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-02 17:55 - 2009-07-13 20:51 - 00093817 ____A C:\Windows\setupact.log

2012-12-02 14:25 - 2012-11-01 21:53 - 00000000 ____D C:\Program Files (x86)\Google

2012-12-02 14:05 - 2012-12-02 03:13 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-12-02 13:54 - 2012-12-02 13:54 - 00000047 ____A C:\Users\Loki\AppData\Roaming\mbam.context.scan

2012-12-02 13:36 - 2012-12-02 13:36 - 00051147 ____A C:\ComboFix.txt

2012-12-02 13:36 - 2012-12-02 12:52 - 00000000 ____D C:\Qoobox

2012-12-02 13:36 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2012-12-02 13:33 - 2012-12-02 12:52 - 00000000 ____D C:\Windows\erdnt

2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log

2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log

2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log

2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log

2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log

2012-12-02 13:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-12-02 13:22 - 2011-12-25 23:47 - 00000000 ____D C:\Users\Loki\AppData\Roaming\vlc

2012-12-02 13:06 - 2011-12-25 03:21 - 00000000 ____D C:\Users\Loki\Desktop\Everything

2012-12-02 12:52 - 2012-12-02 03:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-12-02 12:52 - 2012-12-02 02:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-02 12:51 - 2012-12-02 12:46 - 05009299 ____R (Swearware) C:\Users\Loki\Downloads\lolwut.exe

2012-12-02 12:48 - 2011-12-25 02:38 - 00000000 ____D C:\Users\Loki\AppData\Local\Google

2012-12-02 12:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources

2012-12-02 12:43 - 2011-12-24 22:55 - 00000000 ____D C:\users\Loki

2012-12-02 11:25 - 2012-12-02 03:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job

2012-12-02 11:12 - 2012-01-27 08:02 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76698753-1703627523-2313692696-1000UA.job

2012-12-02 07:00 - 2012-12-02 03:25 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job

2012-12-02 03:26 - 2012-12-02 03:25 - 00614264 ____A C:\Users\Loki\Downloads\cbsidlm-tr1_8-Combofix-ORG2-75221073.exe

2012-12-02 03:26 - 2012-12-02 03:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-12-02 03:25 - 2012-12-02 03:25 - 00001808 ____A C:\Users\Loki\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com

2012-12-02 03:25 - 2012-12-02 03:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-12-02 03:23 - 2012-12-02 03:20 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Loki\Downloads\SUPERAntiSpyware.exe

2012-12-02 03:12 - 2012-12-02 03:10 - 16409960 ____A (Safer Networking Limited ) C:\Users\Loki\Downloads\spybotsd162.exe

2012-12-02 03:08 - 2012-12-02 03:07 - 17926793 ____A C:\Users\Loki\Desktop\cce_1.6.183539.73_x32.zip

2012-12-02 03:06 - 2012-12-02 03:06 - 00373456 ____A (Softonic) C:\Users\Loki\Downloads\SoftonicDownloader_for_comodo-cleaning-essentials.exe

2012-12-02 02:59 - 2012-12-02 02:59 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-12-02 02:59 - 2012-12-02 02:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Malwarebytes

2012-12-02 02:59 - 2012-12-02 02:59 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-02 02:59 - 2012-12-02 02:57 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Loki\Downloads\mbam-setup-1.65.1.1000.exe

2012-12-02 02:59 - 2011-12-25 03:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-12-02 02:55 - 2012-02-04 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-02 02:38 - 2009-07-13 20:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-02 02:38 - 2009-07-13 20:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log

2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log

2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log

2012-12-01 23:12 - 2012-01-27 08:02 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76698753-1703627523-2313692696-1000Core.job

2012-12-01 17:17 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-12-01 17:17 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-12-01 06:35 - 2011-12-25 02:53 - 00000000 ____D C:\Users\Loki\AppData\Roaming\uTorrent

2012-11-30 23:42 - 2012-02-02 21:47 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle

2012-11-29 21:59 - 2012-11-29 21:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2012-11-29 12:53 - 2012-01-05 02:38 - 00000000 ____D C:\Users\Loki\AppData\Local\PunkBuster

2012-11-29 12:52 - 2011-12-25 07:47 - 00000000 ____D C:\Users\Loki\Documents\My Games

2012-11-29 12:42 - 2012-11-29 01:35 - 00000000 ____D C:\Users\Loki\AppData\Roaming\GetRightToGo

2012-11-29 12:30 - 2012-02-02 21:47 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-11-29 12:28 - 2011-12-25 05:45 - 00561494 ____A C:\Windows\DirectX.log

2012-11-29 12:14 - 2012-07-23 23:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2012-11-29 12:14 - 2011-12-24 22:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-11-29 04:33 - 2012-04-13 16:16 - 00000000 ____D C:\Users\Loki\AppData\Roaming\FileZilla

2012-11-29 02:08 - 2012-10-16 21:26 - 00000000 ____D C:\Users\Loki\Documents\Outlook Files

2012-11-29 01:44 - 2012-11-29 01:44 - 00375562 ____A C:\Users\Loki\Downloads\FC3DM.zip

2012-11-29 01:32 - 2012-04-13 16:16 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

2012-11-29 01:30 - 2012-11-29 01:29 - 04692341 ____A (FileZilla Project) C:\Users\Loki\Downloads\FileZilla_3.6.0.1_win32-setup.exe

2012-11-29 00:07 - 2012-11-29 01:45 - 00458100 ____A (Digital River, Inc.) C:\Users\Loki\Downloads\FC3DM.exe

2012-11-27 22:58 - 2011-12-25 02:50 - 00426022 ____A C:\Windows\DPINST.LOG

2012-11-26 23:45 - 2012-11-26 22:52 - 196924268 ____A C:\Users\Loki\Downloads\Ultra.zip

2012-11-26 23:39 - 2012-02-09 22:22 - 00789938 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-11-26 23:39 - 2009-07-13 21:13 - 00789938 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-26 23:36 - 2012-11-26 23:36 - 00000000 ____D C:\Users\All Users\ATI

2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2012-11-26 23:35 - 2012-11-26 23:35 - 00000000 ____D C:\Program Files (x86)\AMD APP

2012-11-26 23:35 - 2012-08-07 00:03 - 00000000 ____D C:\Users\All Users\AMD

2012-11-26 23:32 - 2012-11-26 23:32 - 00889416 ____A (Microsoft Corporation) C:\Users\Loki\Downloads\dotNetFx40_Full_setup.exe

2012-11-26 23:32 - 2012-11-26 23:32 - 00000000 ____D C:\Program Files\ATI

2012-11-26 23:31 - 2012-11-26 23:31 - 00000000 ____D C:\AMD

2012-11-26 23:29 - 2012-01-07 03:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2012-11-26 23:28 - 2012-11-26 23:22 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\Loki\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe

2012-11-26 22:42 - 2012-02-09 21:17 - 00000000 ____D C:\Users\Loki\AppData\Local\PMB Files

2012-11-26 22:42 - 2012-02-09 21:16 - 00000000 ____D C:\Users\All Users\PMB Files

2012-11-26 22:38 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Loki\AppData\Local\ArmA 2 OA

2012-11-26 22:00 - 2012-08-13 02:28 - 00001406 ____A C:\Users\Public\Desktop\DayZ Commander.lnk

2012-11-26 21:51 - 2012-11-26 21:51 - 00274832 ____A C:\Windows\Minidump\112712-25755-01.dmp

2012-11-26 21:51 - 2012-01-05 18:39 - 00000000 ____D C:\Windows\Minidump

2012-11-26 21:50 - 2012-01-06 22:02 - 821271828 ____A C:\Windows\MEMORY.DMP

2012-11-26 21:39 - 2009-07-13 20:45 - 05027400 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-26 21:38 - 2012-11-26 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\ASUS

2012-11-26 21:38 - 2012-02-09 01:56 - 00000000 ____D C:\Program Files (x86)\OpenAL

2012-11-26 21:38 - 2011-12-24 23:19 - 00126744 ____A C:\Users\Loki\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-26 21:31 - 2012-11-26 21:31 - 00042457 ____A C:\Windows\Cmicnfgp.ini.cfl

2012-11-26 21:31 - 2012-11-26 21:31 - 00000000 ____D C:\Program Files\ASUS Xonar DG Audio

2012-11-26 21:31 - 2012-11-26 21:29 - 00000861 ____A C:\Windows\Cmicnfgp.ini.imi

2012-11-26 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system

2012-11-25 21:38 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment

2012-11-25 21:36 - 2012-11-25 21:31 - 00000000 ____D C:\Program Files (x86)\LEGO Lord Of The Rings

2012-11-25 21:31 - 2012-11-25 21:31 - 00002011 ____A C:\Users\Public\Desktop\LEGO Lord Of The Rings.lnk

2012-11-25 21:31 - 2012-11-25 21:31 - 00001956 ____A C:\Users\Public\Desktop\Cat-A-Cat Games.lnk

2012-11-25 04:25 - 2012-11-25 00:22 - 1072883864 ____A C:\Users\Loki\Downloads\DayzTaviana - Final - V1.1.0.zip

2012-11-24 02:20 - 2012-11-24 02:20 - 00044799 ____A C:\Users\Loki\Downloads\DEF CON 20 updated DVD.rar.torrent

2012-11-24 00:36 - 2012-11-24 00:36 - 00000000 ____D C:\Users\Loki\AppData\Local\Sony Online Entertainment

2012-11-23 18:29 - 2012-11-23 18:29 - 00000067 ____A C:\Users\Loki\Downloads\listen.pls

2012-11-23 18:09 - 2012-08-24 17:26 - 00000000 ____D C:\Program Files (x86)\IVMP

2012-11-23 18:05 - 2012-11-23 18:05 - 03301633 ____A C:\Users\Loki\Downloads\IVMP-0.1-RC1.zip

2012-11-23 16:24 - 2012-11-23 16:24 - 00000045 ____A C:\Users\Loki\jagex_cl_speccollect_LIVE.dat

2012-11-23 16:24 - 2012-06-11 19:11 - 00000000 ____D C:\Windows\.jagex_cache_32

2012-11-23 16:24 - 2012-01-23 00:33 - 00000024 ____A C:\Users\Loki\random.dat

2012-11-23 16:24 - 2012-01-23 00:33 - 00000000 ____D C:\Users\Loki\jagexcache

2012-11-23 02:48 - 2012-11-23 02:48 - 00049000 ____A C:\Users\Loki\Downloads\615639.zip

2012-11-22 17:39 - 2012-11-22 17:39 - 00000000 ____D C:\Users\Loki\Documents\Hitman Blood Money

2012-11-22 14:08 - 2012-02-18 01:34 - 00000000 ____D C:\Users\Loki\AppData\Local\SKIDROW

2012-11-22 14:03 - 2012-11-22 14:03 - 00001000 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk

2012-11-22 14:03 - 2012-11-22 14:03 - 00000000 ____D C:\Program Files (x86)\Eidos

2012-11-22 14:02 - 2012-11-22 14:02 - 00002169 ____A C:\Users\Public\Desktop\Scribblenauts Unlimited.lnk

2012-11-22 14:01 - 2012-11-22 14:01 - 00000000 ____D C:\Program Files (x86)\WB Games

2012-11-21 17:21 - 2012-11-21 17:19 - 09954705 ____A C:\Users\Loki\Downloads\ARMA2_OA_Build_99202.zip

2012-11-21 15:02 - 2012-11-21 13:55 - 00377128 ____A C:\Users\Loki\Downloads\colleditor2.zip

2012-11-21 13:53 - 2012-11-21 13:53 - 00234737 ____A C:\Users\Loki\Downloads\imgtool20.zip

2012-11-21 13:52 - 2012-11-21 13:52 - 00074908 ____A C:\Users\Loki\Downloads\Drive_through_lamp_post.zip

2012-11-21 13:28 - 2012-11-21 13:28 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll

2012-11-21 13:19 - 2011-12-25 04:22 - 00000000 ____D C:\Program Files (x86)\Rockstar Games

2012-11-21 13:16 - 2011-12-25 02:40 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Skype

2012-11-21 01:47 - 2012-11-21 01:47 - 00001217 ____A C:\Users\Loki\Desktop\GTA San Andreas.lnk

2012-11-21 01:12 - 2012-11-21 01:10 - 11869040 ____A C:\Users\Loki\Downloads\sa-mp-0.3e-install.exe

2012-11-21 01:03 - 2012-11-21 00:56 - 00000000 ____D C:\Users\Loki\.ps_inception

2012-11-21 00:58 - 2012-11-21 00:58 - 00005755 ____A C:\Users\Loki\mmopage.html

2012-11-21 00:58 - 2012-11-21 00:58 - 00000595 ____A C:\Users\Loki\captcha.html

2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Windows\.mpr_file_store_32

2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Loki\.moparscape4

2012-11-20 23:04 - 2012-05-17 23:53 - 00000000 ____D C:\Program Files (x86)\Diablo III

2012-11-19 18:33 - 2012-07-24 00:26 - 00000000 ____D C:\Users\Loki\AppData\Local\Ubisoft Game Launcher

2012-11-19 17:20 - 2012-11-19 17:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 12:44 - 2012-11-19 12:31 - 00000000 ____D C:\Users\Loki\Documents\Assassin's Creed III

2012-11-19 12:38 - 2012-11-19 11:58 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed III

2012-11-19 12:09 - 2012-11-19 12:09 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Assassin's Creed III

2012-11-19 03:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-11-14 03:24 - 2012-01-21 20:14 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-14 03:18 - 2012-01-07 01:38 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-11-13 00:02 - 2011-12-25 20:28 - 00000000 ____D C:\Users\Loki\AppData\Local\Skyrim

2012-11-13 00:02 - 2011-12-25 05:09 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim

2012-11-12 23:59 - 2012-02-04 21:01 - 00000000 ____D C:\Program Files\Nexus Mod Manager

2012-11-12 01:44 - 2012-11-12 01:44 - 00000000 ____D C:\Users\Loki\AppData\Local\Torch

2012-11-08 23:58 - 2012-11-08 23:58 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic

2012-11-08 23:24 - 2012-11-08 23:24 - 00020059 ____A C:\Users\Loki\Downloads\Andrew_Skeet_-_The_Greatest_Video_Game_Music_2_{iTunes}_Album.torrent

2012-11-08 22:05 - 2012-06-06 19:51 - 00000000 ____D C:\Users\All Users\AVG Secure Search

2012-11-08 22:04 - 2012-09-03 22:09 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2012-11-08 22:04 - 2012-06-06 19:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2012-11-08 01:43 - 2012-11-08 01:43 - 00001128 ____A C:\Users\Loki\Downloads\tracert.txt

2012-11-05 23:31 - 2012-06-06 19:55 - 00000000 ____D C:\Users\Loki\AppData\Roaming\HandBrake

2012-11-05 22:37 - 2011-12-25 03:31 - 00000000 ____D C:\Users\All Users\Origin

2012-11-05 21:59 - 2011-12-25 03:31 - 00000000 ____D C:\Program Files (x86)\Origin Games

2012-11-05 21:58 - 2011-12-25 03:30 - 00000000 ____D C:\Program Files (x86)\Origin

2012-11-04 22:05 - 2012-11-04 22:04 - 23921701 ____A (Igor Pavlov) C:\Users\Loki\Downloads\tor-browser-2.2.39-5_en-US.exe

2012-11-04 00:36 - 2012-11-04 00:36 - 00000000 ____D C:\Users\Loki\Documents\Criterion Games

2012-11-04 00:30 - 2012-11-04 00:30 - 00002171 ____A C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk

2012-11-04 00:26 - 2012-11-04 00:26 - 00000000 ____D C:\Program Files (x86)\EA Games

2012-11-03 19:59 - 2012-11-03 19:59 - 00002431 ____A C:\Users\Loki\Desktop\PlanetSide 2 Beta.lnk

2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Public\Sony Online Entertainment

2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Users\Loki\AppData\Local\SCE

2012-11-03 19:59 - 2012-11-03 19:59 - 00000000 ____D C:\Crash

2012-11-03 19:59 - 2011-12-26 02:01 - 00000000 ___HD C:\Windows\msdownld.tmp

2012-11-03 19:59 - 2011-12-26 02:01 - 00000000 ____D C:\Windows\SysWOW64\directx

2012-11-03 19:58 - 2012-11-03 19:57 - 12769280 ____A C:\Users\Loki\Downloads\PlanetSide2_Beta_setup.exe

2012-11-03 01:51 - 2012-11-03 01:51 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\Documents\3dsMax

2012-11-03 01:14 - 2012-11-03 01:14 - 00000000 ____D C:\Users\Loki\AppData\Roaming\Autodesk

2012-11-03 01:14 - 2012-11-03 01:01 - 00000000 ____D C:\Users\All Users\Autodesk

2012-11-03 01:11 - 2012-11-03 01:08 - 00000000 ____D C:\Users\All Users\FLEXnet

2012-11-03 01:08 - 2012-11-03 01:08 - 00000000 ____D C:\Users\Loki\AppData\Local\Autodesk

2012-11-03 01:07 - 2012-11-03 01:07 - 00000000 ____D C:\Users\Loki\Documents\3ds Max 2010 Tutorials

2012-11-03 01:05 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files\Autodesk

2012-11-03 01:04 - 2012-11-03 01:04 - 00001974 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2010 64-bit.lnk

2012-11-03 01:04 - 2012-11-03 01:04 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared

2012-11-03 01:04 - 2012-11-03 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared

2012-11-03 01:01 - 2012-11-03 01:01 - 00000000 ____D C:\Program Files (x86)\Autodesk

2012-11-03 01:01 - 2009-07-13 18:34 - 00017588 ____A C:\Windows\System32\Drivers\etc\services

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-02 12:55:54

==================== Memory info ===========================

Percentage of memory in use: 7%

Total physical RAM: 16366.7 MB

Available physical RAM: 15185.66 MB

Total Pagefile: 16364.85 MB

Available Pagefile: 15179 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:350.32 GB) NTFS

3 Drive f: (LOKI) (Removable) (Total:14.93 GB) (Free:8.32 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1863 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 1862 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 1862 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 1024 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F LOKI FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-11-25 04:37

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
HKU\Loki\...\Run: [XrbBrutt] C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] ()
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe [102176 2012-12-02] ()
Startup: C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe ()
C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe
2012-12-02 13:27 - 2012-12-02 13:27 - 00455142 ____A C:\Users\Loki\AppData\Local\ngfuqibh.log
2012-12-02 13:27 - 2012-12-02 13:27 - 00003307 ____A C:\Users\Loki\AppData\Local\lnoxejwe.log
2012-12-02 13:27 - 2012-12-02 13:27 - 00003247 ____A C:\Users\Loki\AppData\Local\ruxksrxf.log
2012-12-02 13:26 - 2012-12-02 19:07 - 00500583 ____A C:\Users\Loki\AppData\Local\blkaebve.log
2012-12-02 13:25 - 2012-12-02 19:07 - 00000028 ____A C:\Users\Loki\AppData\Local\yxnwktlq.log
2012-12-02 13:25 - 2012-12-02 13:25 - 00446448 ____A C:\Users\Loki\AppData\Local\aoukgqsn.log
2012-12-02 13:25 - 2012-12-02 13:25 - 00005370 ____A C:\Users\Loki\AppData\Local\ehirmmci.log
2012-12-02 12:48 - 2012-12-02 18:14 - 00000000 ____A C:\Users\Loki\AppData\Local\wmapvqjd.log
2012-12-02 02:34 - 2012-12-02 18:15 - 00000000 ____A C:\Users\Loki\AppData\Local\tfdkgdhj.log
2012-12-02 02:34 - 2012-12-02 17:56 - 00000000 ____D C:\Users\Loki\AppData\Local\pljohukd
2012-12-02 02:34 - 2012-12-02 02:34 - 00000064 ____A C:\Users\All Users\myvriisr.log
2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\uxqvytuk.log
2012-12-02 02:34 - 2012-12-02 02:34 - 00000000 ____A C:\Users\Loki\AppData\Local\bdcgwwec.log
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here is the next set of logs, first from FRST64 then ComboFix:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012

Ran by SYSTEM at 2012-12-03 14:44:58 Run:1

Running from F:\Malware

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

HKEY_USERS\Loki\Software\Microsoft\Windows\CurrentVersion\Run\\XrbBrutt Value deleted successfully.

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit Value was restored successfully .

C:\Users\Loki\Start Menu\Programs\Startup\xrbbrutt.exe moved successfully.

C:\Users\Loki\AppData\Local\pljohukd\xrbbrutt.exe moved successfully.

C:\Users\Loki\AppData\Local\ngfuqibh.log moved successfully.

C:\Users\Loki\AppData\Local\lnoxejwe.log moved successfully.

C:\Users\Loki\AppData\Local\ruxksrxf.log moved successfully.

C:\Users\Loki\AppData\Local\blkaebve.log moved successfully.

C:\Users\Loki\AppData\Local\yxnwktlq.log moved successfully.

C:\Users\Loki\AppData\Local\aoukgqsn.log moved successfully.

C:\Users\Loki\AppData\Local\ehirmmci.log moved successfully.

C:\Users\Loki\AppData\Local\wmapvqjd.log moved successfully.

C:\Users\Loki\AppData\Local\tfdkgdhj.log moved successfully.

C:\Users\Loki\AppData\Local\pljohukd moved successfully.

C:\Users\All Users\myvriisr.log moved successfully.

C:\Users\Loki\AppData\Local\uxqvytuk.log moved successfully.

C:\Users\Loki\AppData\Local\bdcgwwec.log moved successfully.

==== End of Fixlog ====

ComboFix 12-12-02.01 - Loki 03/12/2012 14:54:55.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.16367.13914 [GMT 11:00]

Running from: c:\users\Loki\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Loki\AppData\Local\Temp\_MEI25282\_ctypes.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\_elementtree.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\_hashlib.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\_socket.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\_ssl.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\pyexpat.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\pysqlite2._sqlite.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\python26.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\pythoncom26.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\PyWinTypes26.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\select.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\unicodedata.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32api.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32com.shell.shell.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32crypt.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32event.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32file.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32inet.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32pdh.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32process.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32profile.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32security.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\win32ts.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\windows._cacheinvalidation.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._controls_.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._core_.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._gdi_.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._html2.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._misc_.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._windows_.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wx._wizard.pyd

c:\users\Loki\AppData\Local\Temp\_MEI25282\wxbase293u_net_vc.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\wxbase293u_vc.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_adv_vc.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_core_vc.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_html_vc.dll

c:\users\Loki\AppData\Local\Temp\_MEI25282\wxmsw293u_webview_vc.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))

.

.

2012-12-03 22:10 . 2012-12-03 22:10 -------- d-----w- C:\FRST

2012-12-03 04:07 . 2012-12-03 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 11:25 . 2012-12-02 11:25 -------- d-----w- c:\users\Loki\AppData\Roaming\SUPERAntiSpyware.com

2012-12-02 11:25 . 2012-12-02 11:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-12-02 11:25 . 2012-12-02 11:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-12-02 11:13 . 2012-12-02 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-02 11:13 . 2012-12-02 20:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-12-02 10:59 . 2012-12-02 10:59 -------- d-----w- c:\users\Loki\AppData\Roaming\Malwarebytes

2012-12-02 10:59 . 2012-12-02 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-02 10:59 . 2012-12-02 10:59 -------- d-----w- c:\programdata\Malwarebytes

2012-12-02 10:59 . 2012-09-29 08:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-30 23:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D9F745B-26D4-443B-9CDA-AC59B53D4297}\mpengine.dll

2012-11-30 05:59 . 2012-11-30 05:59 -------- d-----w- c:\users\Default\AppData\Local\Google

2012-11-29 09:35 . 2012-11-29 20:42 -------- d-----w- c:\users\Loki\AppData\Roaming\GetRightToGo

2012-11-27 07:36 . 2012-11-27 07:36 -------- d-----w- c:\programdata\ATI

2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\AMD AVT

2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\AMD APP

2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-11-27 07:35 . 2012-11-27 07:35 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-11-27 07:32 . 2012-11-27 07:32 -------- d-----w- c:\program files\ATI

2012-11-27 07:31 . 2012-11-27 07:31 -------- d-----w- C:\AMD

2012-11-27 05:38 . 2012-11-27 05:38 -------- d-----w- c:\users\Loki\AppData\Roaming\ASUS

2012-11-27 05:29 . 2011-03-10 07:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys

2012-11-27 05:29 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll

2012-11-27 05:29 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll

2012-11-27 05:29 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll

2012-11-27 05:28 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll

2012-11-26 05:38 . 2012-11-26 05:38 -------- d-----w- c:\users\Loki\AppData\Roaming\Warner Bros. Interactive Entertainment

2012-11-26 05:31 . 2012-11-26 05:36 -------- d-----w- c:\program files (x86)\LEGO Lord Of The Rings

2012-11-24 08:36 . 2012-11-24 08:36 -------- d-----w- c:\users\Loki\AppData\Local\Sony Online Entertainment

2012-11-22 22:03 . 2012-11-22 22:03 -------- d-----w- c:\program files (x86)\Eidos

2012-11-22 22:01 . 2012-11-22 22:01 -------- d-----w- c:\program files (x86)\WB Games

2012-11-21 21:28 . 2012-11-21 21:28 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll

2012-11-21 21:18 . 2004-10-21 15:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-11-21 21:18 . 2004-10-21 15:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-11-21 21:18 . 2004-10-21 15:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-11-21 21:18 . 2004-10-21 15:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-11-21 21:18 . 2004-10-21 15:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-11-21 21:18 . 2012-11-21 21:18 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-11-21 21:18 . 2012-11-21 21:18 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-11-21 08:56 . 2012-11-21 09:03 -------- d-----w- c:\users\Loki\.ps_inception

2012-11-21 08:53 . 2012-11-21 08:53 -------- d-----w- c:\windows\.mpr_file_store_32

2012-11-21 08:53 . 2012-11-21 08:53 -------- d-----w- c:\users\Loki\.moparscape4

2012-11-20 01:20 . 2012-11-20 01:20 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-19 20:09 . 2012-11-19 20:09 -------- d-----w- c:\users\Loki\AppData\Roaming\Assassin's Creed III

2012-11-19 19:58 . 2012-11-19 20:38 -------- d-----w- c:\program files (x86)\Assassin's Creed III

2012-11-14 11:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 11:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 11:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 11:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 11:16 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 11:16 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 11:16 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 11:16 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 11:16 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 11:16 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 11:16 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 05:25 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 05:21 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 05:21 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-12 09:44 . 2012-11-12 09:44 -------- d-----w- c:\users\Loki\AppData\Local\Torch

2012-11-09 07:58 . 2012-11-09 07:58 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic

2012-11-04 08:26 . 2012-11-04 08:26 -------- d-----w- c:\program files (x86)\EA Games

2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- c:\users\Loki\AppData\Local\SCE

2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- C:\Crash

2012-11-04 03:59 . 2012-11-04 03:59 -------- d-----w- c:\users\Public\Sony Online Entertainment

2012-11-03 09:14 . 2012-11-03 09:14 -------- d-----w- c:\users\Loki\AppData\Roaming\Autodesk

2012-11-03 09:08 . 2012-11-03 09:11 -------- d-----w- c:\programdata\FLEXnet

2012-11-03 09:08 . 2012-11-03 09:08 -------- d-----w- c:\users\Loki\AppData\Local\Autodesk

2012-11-03 09:04 . 2012-11-03 09:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-11-03 09:03 . 2012-11-03 09:04 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared

2012-11-03 09:03 . 2012-11-03 09:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2012-11-03 09:01 . 2012-11-03 09:14 -------- d-----w- c:\programdata\Autodesk

2012-11-03 09:01 . 2012-11-03 09:05 -------- d-----w- c:\program files\Autodesk

2012-11-03 09:01 . 2012-11-03 09:01 -------- d-----w- c:\program files (x86)\Autodesk

2012-11-03 09:01 . 2008-07-11 21:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2012-11-03 09:01 . 2008-07-11 21:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2012-11-03 09:01 . 2008-07-11 21:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-11-03 09:01 . 2008-07-11 21:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2012-11-03 09:01 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2012-11-03 09:01 . 2008-07-11 21:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-02 01:17 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-02 01:17 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-01 07:42 . 2012-02-03 05:47 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-11-29 20:30 . 2012-02-03 05:47 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-11-14 11:18 . 2012-01-07 09:38 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-09 06:04 . 2012-09-04 06:09 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-10-30 22:51 . 2011-12-25 11:25 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-12-25 11:26 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-12-25 11:25 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-12-25 11:25 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2011-12-25 11:26 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-12-25 11:24 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-12-25 11:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2011-12-25 11:25 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-29 02:19 . 2012-10-29 02:19 148480 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2012-10-29 02:18 . 2012-10-29 02:18 617472 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

2012-10-29 02:18 . 2012-10-29 02:18 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2012-10-25 02:18 . 2012-10-25 02:18 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys

2012-10-25 02:18 . 2012-10-25 02:18 113664 ----a-w- c:\windows\system32\drivers\rzudd.sys

2012-10-16 21:20 . 2012-11-28 05:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-11-28 05:23 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-11-28 05:23 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 15:59 . 2012-02-25 09:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-28 04:37 . 2012-09-28 04:37 221696 ----a-w- c:\windows\system32\clinfo.exe

2012-09-28 04:36 . 2012-09-28 04:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-09-28 04:36 . 2012-09-28 04:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-09-28 04:36 . 2012-09-28 04:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-09-28 04:36 . 2012-09-28 04:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-09-28 04:36 . 2012-09-28 04:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll

2012-09-28 04:32 . 2012-09-28 04:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll

2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll

2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll

2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-09-28 01:41 . 2011-10-26 02:04 1120768 ----a-w- c:\windows\system32\aticfx64.dll

2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe

2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll

2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll

2012-09-28 01:22 . 2011-10-26 01:46 7167488 ----a-w- c:\windows\system32\atidxx64.dll

2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll

2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll

2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-09-14 19:23 . 2012-10-10 03:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 03:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-01-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]

"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-11-09 06:04 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]

"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-11-30 1354736]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-02 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-12-25 4942336]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]

"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2010-04-28 228352]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-11-15 336304]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

.

c:\users\Loki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-9 107720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"ANTIVIRUSDISABLENOTIFY"=dword:00000001

"FIREWALLDISABLENOTIFY"=dword:00000001

"UPDATESDISABLENOTIFY"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-25 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-25 79360]

R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2007-04-04 1495936]

R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-03-21 131912]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-03 1030600]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-01-07 19952]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-25 79360]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-05 639512]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2009-12-21 1308160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-12-25 15936]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 ET Master Server Proxy;ET Master Server Proxy Service;c:\program files (x86)\Rudi Visser\ET Master Server Proxy Service\ETMSProxy.exe [2012-01-21 9728]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]

S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-11 66728]

S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-12-25 31808]

S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-12-16 16376]

S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-10-25 22016]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-15 31232]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02 09:44]

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02 09:44]

.

2012-12-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3a6a128f-10b8-4271-b364-4bb2e69466c0.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c74c53f-daff-434d-a5d8-8bdfcd5f1db4.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 05:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]

"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-21 8146944]

"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608]

"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]

"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]

"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\et4x5xle.default\

FF - prefs.js: network.proxy.socks - 98.192.103.79

FF - prefs.js: network.proxy.socks_port - 39561

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)

AddRemove-ArnA 2: Combined Operations - c:\program files (x86)\ArmA 2\uninstall.exe

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-BattlEye - c:\program files (x86)\CapsuleGames\ARMA II - PC\BattlEye\UnInstallBE.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-The Walking Dead Episode 3 © TellTale Games_is1 - c:\program files (x86)\The Walking Dead\Pack\The Walking Dead Episode 3\unins000.exe

AddRemove-The Walking Dead Episode 5 © Telltales_is1 - c:\the walking dead episode 5\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l4Ý2]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l4Ý2\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*l4Ý2]

@Allowed: (Read) (RestrictedCode)

"0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,4c,6f,6b,69,2f,44,

65,73,6b,74,6f,70,2f,45,76,65,72,79,74,68,69,6e,67,2f,54,56,25,32,30,53,68,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

.

[HKEY_USERS\S-1-5-21-76698753-1703627523-2313692696-1000\Software\SecuROM\License information*]

"datasecu"=hex:26,8e,9e,d5,29,b8,2b,01,66,37,bc,eb,b4,bc,fa,2e,43,32,26,6f,5a,

25,59,eb,0b,a9,a3,9a,88,7b,47,05,4d,7e,d4,f1,27,b4,f5,64,ef,6d,56,77,ae,32,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:0f,a6,8f,d2,99,9e,14,46,5b,11,73,58,60,84,c8,d1,08,d4,33,98,1d,

49,de,83,9e,61,ca,07,ab,37,05,84,5d,ea,a7,57,26,f5,a5,d6,91,53,26,e0,a6,3f,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:0f,a6,8f,d2,99,9e,14,46,5b,11,73,58,60,84,c8,d1,08,d4,33,98,1d,

49,de,83,9e,61,ca,07,ab,37,05,84,5d,ea,a7,57,26,f5,a5,d6,91,53,26,e0,a6,3f,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\00\1d\05\0b\01?"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Razer\Diamondback 3G\razerofa.exe

.

**************************************************************************

.

Completion time: 2012-12-03 15:17:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-03 04:17

ComboFix2.txt 2012-12-02 21:36

.

Pre-Run: 376,034,643,968 bytes free

Post-Run: 375,998,910,464 bytes free

.

- - End Of File - - 06447BFF3A638EA15ADD25C944DC29B9

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

  • Staff

Please do the following:

javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Please advise how the computer is running now and if there any any outstanding issues

Link to post
Share on other sites

  • Staff

We just have some housekeeping to do now,

Please do the following:

You can delete the DDS, JRT and the FRST logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.