Jump to content

PC got wrecked by rootkit.0access


Recommended Posts

Hi! I was browsing around google.com and a problem with my soundcard appeared, so I decided I'd google that to I came across a site that seemed to have the exact same issue as me and decided to go to it, it was a very bland forum and the question was asked with no replies, HOWEVER my other antivirus (not MBAM) went nuts and said it was a malicious URL, seconds later a randomly named and numbered exe tried to connect to the internet then my PC crashed. I booted up into safemode straight away and did a quick scan with both antiviruses then a full scan with MBAM, in the quick scan MBAM found one instance of "rootkit.0access" which was removed successfully, then in the full scan it found another instance of rootkit.0access and a trojan.dropper in the same folder, attached is my DDS log!Attach.txtDDS.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jake [Admin rights]

Mode: Scan -- Date: 07/30/2012 07:36:04

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST315003 41AS SATA Disk Device +++++

--- User ---

[MBR] 5803beb5b57a1e0640dbce950ddc21e1

[bSP] a69242f73d572ad8e0f93af1985c5cda : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430695 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

I apologize for the late response, been a little busy today with work and parents, here's the FRST log!

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by Jake at 30-07-2012 08:47:35

Running from C:\Users\Jake\Desktop

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-07-30 07:43 - 2012-07-30 07:43 - 01438391 ____A (Farbar) C:\Users\Jake\Desktop\FRST64.exe

2012-07-30 07:36 - 2012-07-30 07:36 - 00003339 ____A C:\Users\Jake\Desktop\RKreport[1].txt

2012-07-30 07:35 - 2012-07-30 07:36 - 00000000 ____D C:\Users\Jake\Desktop\RK_Quarantine

2012-07-30 07:18 - 2012-07-30 07:19 - 01552384 ____A C:\Users\Jake\Desktop\RogueKiller.exe

2012-07-30 05:00 - 2012-07-30 05:00 - 00146694 ____A C:\Users\Jake\Desktop\OTL.Txt

2012-07-30 04:53 - 2012-07-30 04:53 - 00881494 ____A C:\Users\Jake\Desktop\SecurityCheck.exe

2012-07-30 04:53 - 2012-07-30 04:53 - 00596480 ____A (OldTimer Tools) C:\Users\Jake\Desktop\OTL.exe

2012-07-30 04:47 - 2012-07-30 04:47 - 00044465 ____A C:\Users\Jake\Desktop\DDS.txt

2012-07-30 04:47 - 2012-07-30 04:47 - 00021226 ____A C:\Users\Jake\Desktop\Attach.txt

2012-07-30 04:43 - 2012-07-30 04:43 - 00607260 ____R (Swearware) C:\Users\Jake\Desktop\dds.com

2012-07-29 23:56 - 2012-07-29 23:56 - 00000000 ____D C:\Program Files (x86)\Screaming Bee

2012-07-29 23:55 - 2012-07-29 23:56 - 05221800 ____A C:\Users\Jake\Downloads\MorphVOXPro4_Install-1.exe

2012-07-29 23:48 - 2012-07-29 23:49 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Nico Mak Computing

2012-07-29 23:48 - 2012-07-29 23:48 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk

2012-07-29 23:48 - 2011-11-10 10:33 - 00018760 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot64.exe

2012-07-29 23:38 - 2012-07-29 23:38 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Avnex

2012-07-29 23:37 - 2012-07-29 23:47 - 00000000 ____D C:\Program Files (x86)\AV Vcs 7.0 DIAMOND

2012-07-29 23:37 - 2008-12-26 12:56 - 00021504 ____A (Avnex) C:\Windows\System32\Drivers\vcsvad.sys

2012-07-29 19:03 - 2012-07-29 19:03 - 01552078 ____A (Toshiyuki Masui ) C:\Users\Jake\Downloads\Gyazo-1.0.exe

2012-07-29 19:03 - 2012-07-29 19:03 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Gyazo

2012-07-29 19:03 - 2012-07-29 19:03 - 00000000 ____D C:\Program Files (x86)\Gyazo

2012-07-29 18:34 - 2012-07-29 18:34 - 00000000 ____D C:\Users\Jake\AppData\Local\{15E2F146-90F0-4C9C-95D6-1900F5E5BF8F}

2012-07-29 18:22 - 2012-07-29 18:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{B9CB18BA-9434-4899-A61A-48F5232903CE}

2012-07-29 18:20 - 2012-07-29 18:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{6A0F40FE-78BA-41E2-BDA2-081C55AB1985}

2012-07-29 18:16 - 2012-07-29 18:16 - 463412638 ____A C:\Windows\MEMORY.DMP

2012-07-29 18:16 - 2012-07-29 18:16 - 00275680 ____A C:\Windows\Minidump\072912-29343-01.dmp

2012-07-29 18:16 - 2012-07-29 18:16 - 00000000 ____D C:\Windows\Minidump

2012-07-28 08:53 - 2012-07-28 08:55 - 00000000 ____D C:\srcds_css

2012-07-28 08:53 - 2012-07-28 08:53 - 00703533 ____A C:\Users\Jake\Downloads\hldsupdatetool.exe

2012-07-27 05:17 - 2012-07-27 05:17 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs

2012-07-27 00:11 - 2012-07-27 00:12 - 00000000 ____D C:\Users\Jake\AppData\Local\{8C5558BD-1217-47EC-8348-B4FC7B181222}

2012-07-27 00:11 - 2012-07-27 00:11 - 00000000 ____D C:\Users\Jake\AppData\Local\{B53E15A2-5606-4E17-A74B-2222D584AA1A}

2012-07-25 17:15 - 2012-07-25 17:15 - 00000000 ____D C:\Users\Jake\AppData\Local\{5221ECD6-70AC-4189-8533-4C96BEB1BF92}

2012-07-25 17:14 - 2012-07-25 17:15 - 00000000 ____D C:\Users\Jake\AppData\Local\{109EBE23-8930-4CA4-9942-17FB586F0DC8}

2012-07-25 08:03 - 2012-07-25 08:03 - 00000000 ____A C:\Windows\SysWOW64\sho7B8C.tmp

2012-07-24 07:23 - 2012-07-24 07:23 - 00000000 ____D C:\Users\Jake\Autodesk

2012-07-24 07:21 - 2009-07-08 13:31 - 02361541 ____A C:\Users\Jake\Desktop\ValveSource.6.02.xsiaddon

2012-07-24 07:13 - 2012-07-24 07:18 - 466912227 ____A (Softimage ) C:\Users\Jake\Downloads\setup_XSIDEMO_Mod Tool_7_5_203_win32.exe

2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\Jake\Softimage

2012-07-23 22:56 - 2012-07-24 01:32 - 00000000 ____D C:\Decompiled Models

2012-07-23 22:54 - 2012-07-23 22:55 - 00000000 ____D C:\Users\Jake\Documents\Source SDK Models

2012-07-23 22:47 - 2012-07-24 07:33 - 00000000 ____D C:\Softimage

2012-07-23 22:47 - 2012-07-23 22:47 - 00000000 ____D C:\Program Files\Common Files\Softimage

2012-07-23 22:44 - 2007-08-14 18:12 - 00045056 ____N C:\Windows\SysWOW64\XSIChooser.exe

2012-07-23 22:43 - 2012-07-23 22:43 - 00000000 ____D C:\Program Files\Blender Foundation

2012-07-23 22:43 - 2009-06-10 14:00 - 00017463 ____A C:\Windows\System32\Drivers\etc\SERVICES_XSI_6 Mod Tool_7-23-2012_22-43-49.backup

2012-07-23 22:41 - 2012-07-23 22:43 - 00000000 ____D C:\XSI6

2012-07-23 22:41 - 2012-07-23 22:42 - 33231558 ____A C:\Users\Jake\Downloads\blender-2.63a-release-windows64.exe

2012-07-23 22:41 - 2012-07-23 22:41 - 00000000 ____D C:\Program Files (x86)\XSI6

2012-07-23 22:40 - 2012-07-23 22:40 - 00000000 ____D C:\Users\Jake\AppData\Roaming\InstallShield

2012-07-23 22:37 - 2012-07-23 22:37 - 01429503 ____A C:\Users\Jake\Downloads\StudioCompilerSetup.V0.4A.exe

2012-07-23 22:37 - 2012-07-23 22:37 - 00000000 ____D C:\Program Files\StudioCompiler

2012-07-23 22:35 - 2012-07-23 22:40 - 452859502 ____A (Softimage ) C:\Users\Jake\Downloads\SOFTIMAGE_XSI_6_ModTool.exe

2012-07-23 22:35 - 2012-07-23 22:35 - 00561878 ____A (Ryan Gregg ) C:\Users\Jake\Downloads\gcfscape182.exe

2012-07-23 02:30 - 2012-07-23 04:26 - 00000000 ____D C:\Users\Jake\AppData\Local\SingularityViewer

2012-07-23 02:30 - 2012-07-23 02:31 - 00000000 ____D C:\Users\Jake\AppData\Roaming\SecondLife

2012-07-23 02:25 - 2012-07-23 02:26 - 00000000 ____D C:\Program Files (x86)\Singularity

2012-07-23 02:25 - 2012-07-23 02:25 - 24985451 ____A C:\Users\Jake\Downloads\Singularity_1-7-0-2621_Setup.exe

2012-07-22 18:07 - 2012-07-22 18:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{DBDD9AC0-9198-46B1-9E23-2FB13656B9FD}

2012-07-22 18:06 - 2012-07-22 18:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{4D44C76F-5237-4F1B-8EF2-B1C7D1ABAE74}

2012-07-21 19:22 - 2012-07-21 19:22 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Downloaded Installations

2012-07-21 19:22 - 2012-07-21 01:55 - 00000000 ____D C:\Program Files (x86)\osu!

2012-07-21 19:21 - 2012-07-21 19:22 - 24610144 ____A (peppy) C:\Users\Jake\Downloads\osu!install.exe

2012-07-21 16:20 - 2012-07-21 16:20 - 00000000 ____D C:\Users\Jake\AppData\Local\{6C9420D7-0894-4E63-9A59-2A4D0A8F91F8}

2012-07-21 16:20 - 2012-07-21 16:20 - 00000000 ____D C:\Users\Jake\AppData\Local\{169F9A77-D2EE-4BBD-B327-83899DDDBD5D}

2012-07-21 14:59 - 2012-07-21 14:59 - 00000000 ____D C:\Users\Jake\AppData\Local\{6124433F-593F-4EDA-8B83-C60789FC2E55}

2012-07-21 14:58 - 2012-07-21 14:59 - 00000000 ____D C:\Users\Jake\AppData\Local\{DF885A2D-8130-4769-8A60-9278568BE80D}

2012-07-20 22:20 - 2012-07-20 22:20 - 00000000 ____D C:\Users\Jake\Desktop\basewars

2012-07-20 15:07 - 2012-07-20 15:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{A7FE924A-30D6-40DE-B38C-3600F7857282}

2012-07-19 14:08 - 2012-07-19 14:08 - 00000000 ____D C:\Users\Jake\AppData\Local\{4C86C355-6F79-416E-9835-71DF5F093C2F}

2012-07-19 14:07 - 2012-07-19 14:08 - 00000000 ____D C:\Users\Jake\AppData\Local\{8224FEA0-23DE-44B6-9BAE-974BAD46EC68}

2012-07-18 19:21 - 2012-07-18 19:54 - 00000000 ____D C:\Users\Jake\Desktop\reichbot

2012-07-18 17:30 - 2012-07-18 17:30 - 00000000 ____D C:\Users\Jake\AppData\Local\{9A84C62B-9A0A-4CED-A34C-64546C42D723}

2012-07-18 17:29 - 2012-07-18 17:30 - 00000000 ____D C:\Users\Jake\AppData\Local\{2DE247D8-D16B-4A99-BBF9-AEF85DB8E267}

2012-07-18 13:28 - 2012-07-18 13:28 - 00000000 ____D C:\Users\Jake\AppData\Local\{EB0E8DF2-A3C9-4350-BA48-48C0B7DD4171}

2012-07-18 13:28 - 2012-07-18 13:28 - 00000000 ____D C:\Users\Jake\AppData\Local\{5DB41283-DFB5-4EA5-86C4-AA75AD931B53}

2012-07-17 14:03 - 2012-07-17 14:03 - 00000000 ____D C:\Users\Jake\AppData\Local\{DFC91A96-136D-45F3-803E-8CF57F28A854}

2012-07-17 14:03 - 2012-07-17 14:03 - 00000000 ____D C:\Users\Jake\AppData\Local\{390FF505-96DD-4B44-993C-53ABB063F4B6}

2012-07-17 00:02 - 2012-07-17 00:02 - 01282568 ____A (Avira Operations GmbH & Co. KG) C:\Users\Jake\Downloads\AviraDNSRepairEN.exe

2012-07-16 15:25 - 2012-07-16 15:25 - 00000000 ____D C:\Users\Jake\AppData\Local\{F5CC4687-3CAA-4B95-84CB-8CD8B13D0A93}

2012-07-16 15:25 - 2012-07-16 15:25 - 00000000 ____D C:\Users\Jake\AppData\Local\{29876460-1A67-4F59-B949-0F1D67F772D1}

2012-07-15 16:37 - 2012-07-15 16:37 - 00000000 ____D C:\Users\Jake\AppData\Local\{ED171093-46CD-4AC5-890D-A65D0DAB8DD3}

2012-07-15 13:37 - 2012-07-15 13:37 - 00000000 ____D C:\Users\Jake\AppData\Local\{D77CAAA4-CAE8-4B13-AFC2-098266D40AD2}

2012-07-14 12:30 - 2012-07-14 12:30 - 00000000 ____D C:\Users\All Users\ATI

2012-07-14 12:29 - 2012-07-14 12:29 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2012-07-14 12:29 - 2012-07-14 12:29 - 00000000 ____D C:\Program Files (x86)\AMD APP

2012-07-14 12:15 - 2012-07-14 12:16 - 00000000 ____D C:\Users\Jake\AppData\Local\{167DB4D3-FFEE-49E8-952B-5D3FACAC2333}

2012-07-14 12:15 - 2012-07-14 12:15 - 00000000 ____D C:\Users\Jake\AppData\Local\{A206A152-F748-49FB-BC13-272CBB36E247}

2012-07-13 15:10 - 2012-07-14 16:42 - 00000023 ____A C:\Windows\BlendSettings.ini

2012-07-13 15:02 - 2012-07-13 15:02 - 00000000 ____D C:\Users\Jake\AppData\Local\Oblivion

2012-07-13 14:02 - 2012-07-13 14:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{9DD37776-51BF-4B75-8669-22970B86F8F3}

2012-07-13 14:02 - 2012-07-13 14:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{4DF57284-19D7-4BDD-9E27-069F08A1110F}

2012-07-12 19:48 - 2012-07-12 19:48 - 00000000 ____D C:\Users\Jake\Documents\CommView

2012-07-12 19:48 - 2012-07-12 19:48 - 00000000 ____D C:\Users\All Users\TamoSoft

2012-07-12 19:47 - 2012-07-12 19:51 - 00000000 ____D C:\Program Files (x86)\CommView

2012-07-12 11:53 - 2012-07-12 11:53 - 03878112 ____A C:\Users\Jake\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe

2012-07-12 11:30 - 2012-07-12 11:30 - 00000000 ____D C:\Windows\pss

2012-07-12 11:20 - 2012-07-12 11:20 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.5

2012-07-12 11:20 - 2012-06-18 13:34 - 02966720 ____A C:\Windows\System32\pwNative.exe

2012-07-12 11:20 - 2012-06-18 13:34 - 00019032 ____N C:\Windows\System32\pwdrvio.sys

2012-07-12 11:20 - 2012-06-18 13:34 - 00012384 ____N C:\Windows\System32\pwdspio.sys

2012-07-12 11:19 - 2012-07-12 11:19 - 11724064 ____A (MiniTool Solution Ltd. ) C:\Users\Jake\Downloads\pwhe75.exe

2012-07-12 11:18 - 2012-07-12 11:18 - 00000000 ____D C:\Program Files (x86)\Xiph.Org

2012-07-12 11:18 - 2012-07-12 11:18 - 00000000 ____D C:\Program Files (x86)\Ta0 Software

2012-07-12 11:17 - 2012-07-12 11:17 - 03415322 ____A C:\Users\Jake\Downloads\Steamp3Setup_1.0.96.exe

2012-07-12 11:02 - 2012-07-12 11:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{AAC2F57F-E5EA-4C4F-B0C4-D1DEB3C6BFC1}

2012-07-12 11:02 - 2012-07-12 11:02 - 00000000 ____D C:\Users\Jake\AppData\Local\{44E0ACBA-CE4B-4B51-8EA1-18368089BBC3}

2012-07-11 20:35 - 2012-06-11 20:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 17:07 - 2012-06-08 22:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 17:07 - 2012-06-08 21:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 17:07 - 2012-06-05 23:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 17:07 - 2012-06-05 23:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 17:07 - 2012-06-05 23:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 17:07 - 2012-06-05 22:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 17:07 - 2012-06-05 22:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 17:07 - 2012-06-05 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-11 17:07 - 2012-06-01 22:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 17:07 - 2012-06-01 22:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 17:07 - 2012-06-01 22:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 17:07 - 2012-06-01 22:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 17:07 - 2012-06-01 22:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 17:07 - 2012-06-01 21:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 17:07 - 2012-06-01 21:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 17:07 - 2012-06-01 21:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 17:07 - 2012-06-01 21:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-11 17:07 - 2010-06-25 20:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 17:07 - 2010-06-25 20:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-11 16:55 - 2012-07-11 16:55 - 00000000 ____D C:\Users\Jake\AppData\Local\{4159D3ED-4596-4A25-BB63-EE1CDA9DBED0}

2012-07-11 16:54 - 2012-07-11 16:55 - 00000000 ____D C:\Users\Jake\AppData\Local\{FBE64093-A59A-4552-8ECF-0B38709D1AAD}

2012-07-10 21:23 - 2012-07-10 21:23 - 00000000 ____D C:\Users\Jake\AppData\Local\{CCC02259-012F-4740-8348-AC951C10BD61}

2012-07-10 21:22 - 2012-07-10 21:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{90C5A115-0EF9-4DE6-AB33-49E583185F8F}

2012-07-10 21:11 - 2012-07-10 21:11 - 00000000 ____D C:\Users\Jake\AppData\Roaming\QFX Software

2012-07-10 21:11 - 2012-07-10 21:11 - 00000000 ____D C:\Users\All Users\QFX Software

2012-07-10 21:10 - 2012-07-10 21:10 - 00000000 ____D C:\Program Files (x86)\KeyScrambler

2012-07-10 21:10 - 2011-12-14 17:46 - 00222904 ____A (QFX Software Corporation) C:\Windows\System32\Drivers\keyscrambler.sys

2012-07-10 21:09 - 2012-07-10 21:09 - 01328096 ____A C:\Users\Jake\Downloads\KeyScrambler_Setup.exe

2012-07-10 20:43 - 2011-02-24 22:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe

2012-07-10 16:40 - 2012-07-10 16:40 - 00000000 ____D C:\Users\Jake\AppData\Local\{4C6DF4D7-766A-43B6-B0E6-EECB527A5A80}

2012-07-10 16:36 - 2012-07-10 16:40 - 00000000 ____D C:\Users\Jake\AppData\Local\{4B99D7C4-37AF-44D7-B914-67CA83F83682}

2012-07-10 12:14 - 2012-07-10 12:14 - 00000000 ____D C:\Users\Jake\AppData\Local\{EC85FCB7-800D-4376-B0D8-4913E3A6C255}

2012-07-10 00:35 - 2012-07-10 00:35 - 00000000 ____D C:\Users\Jake\AppData\Local\{F79F155A-3F8D-45C3-A8CE-85D2CFD2B1B3}

2012-07-09 03:45 - 2012-07-09 03:45 - 00000000 ____D C:\Users\Jake\AppData\Local\{9BB8086E-8884-4210-861E-A0B188B52996}

2012-07-09 03:44 - 2012-07-09 03:45 - 00000000 ____D C:\Users\Jake\AppData\Local\{8F569553-5D9C-4934-8BA2-4114959A8DC5}

2012-07-09 00:59 - 2012-07-09 00:59 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk

2012-07-08 02:02 - 2012-07-08 02:02 - 01121818 ____A C:\Users\Jake\Documents\stuff.psd

2012-07-07 23:12 - 2012-07-07 23:12 - 26586887 ____A (Wireshark development team) C:\Users\Jake\Downloads\Wireshark-win64-1.8.0.exe

2012-07-07 22:48 - 2012-07-07 22:48 - 02029704 ____A C:\Users\Jake\Downloads\join.me.exe

2012-07-07 20:41 - 2012-07-07 20:42 - 00000000 ____D C:\Users\Jake\AppData\Local\{0F44F311-86D5-4D58-9563-7B6508400C52}

2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Jake\AppData\Local\{62789D9F-D0FC-4F44-855E-9A85D9102B41}

2012-07-06 12:36 - 2012-07-06 12:36 - 00000000 ____D C:\Users\Jake\Documents\4A Games

2012-07-06 12:34 - 2012-07-06 12:34 - 00000000 ____D C:\Users\Jake\AppData\Local\4A Games

2012-07-06 10:54 - 2012-07-29 23:49 - 00000000 ____D C:\Users\Jake\Downloads\Metro2033

2012-07-06 10:21 - 2012-07-06 10:21 - 00000000 ____D C:\Users\Jake\AppData\Local\My Games

2012-07-06 10:11 - 2012-07-06 11:39 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2012-07-06 09:13 - 2012-07-06 09:13 - 00000000 ____D C:\Users\Jake\Downloads\Civ5

2012-07-05 23:21 - 2012-07-05 23:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{C544EAF0-D3C5-4CC9-AD39-443A8F1CAF7A}

2012-07-05 23:21 - 2012-07-05 23:21 - 00000000 ____D C:\Users\Jake\AppData\Local\{CF7AC9A3-9886-413F-838C-6019C8F2FBDF}

2012-07-05 06:21 - 2012-07-05 06:22 - 00000000 ____D C:\Users\Jake\Desktop\Audiosurf

2012-07-05 02:49 - 2012-07-05 06:21 - 00000000 ____D C:\Users\Jake\Downloads\Audiosurf

2012-07-04 21:44 - 2012-07-04 21:44 - 00000000 ____D C:\Users\Jake\AppData\Local\{FF8AB0BD-4CA8-426A-B249-5ACCF0458ADF}

2012-07-04 21:43 - 2012-07-04 21:44 - 00000000 ____D C:\Users\Jake\AppData\Local\{68809A42-C788-409A-A66D-A0B82DC343CB}

2012-07-04 04:30 - 2012-07-04 04:30 - 00000000 ____D C:\Users\Jake\Documents\My Cheat Tables

2012-07-04 04:30 - 2012-07-04 04:30 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2

2012-07-04 04:28 - 2012-07-04 04:28 - 07275072 ____A (Dark Byte ) C:\Users\Jake\Downloads\CheatEngine62.exe

2012-07-03 17:22 - 2012-07-03 17:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{E60B90A2-A7AB-43B0-8566-740F1009520B}

2012-07-03 17:21 - 2012-07-03 17:22 - 00000000 ____D C:\Users\Jake\AppData\Local\{5E67E9E1-C56A-4521-9B5A-71D1A29967F0}

2012-07-03 09:53 - 2012-07-03 09:53 - 00000000 ____D C:\Users\Jake\AppData\Local\{1DCE1934-15AA-4905-A44C-58D16BA4942B}

2012-07-02 21:51 - 2012-07-09 00:59 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk

2012-07-02 21:33 - 2012-07-06 16:09 - 00000000 ____D C:\Users\Jake\Desktop\SCDS-Lite

2012-07-02 17:07 - 2012-07-02 17:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{1C9944AA-09F5-4D8F-991E-3FC66CA08171}

2012-07-02 17:06 - 2012-07-02 17:07 - 00000000 ____D C:\Users\Jake\AppData\Local\{2FE16230-4C01-4E65-A31C-2F7C8FEEFC9F}

2012-07-02 04:36 - 2012-07-02 04:36 - 00000000 ____D C:\Users\Jake\AppData\Local\{FCDD2055-20E2-474C-A151-74D9DC98024F}

2012-07-02 04:36 - 2012-07-02 04:36 - 00000000 ____D C:\Users\Jake\AppData\Local\{72985C87-F34C-4D84-99E0-DD9CDD363F82}

2012-07-01 19:43 - 2012-07-01 19:43 - 00000000 ____D C:\Users\Jake\AppData\Local\{CCDBD5D4-4CEC-45AE-B1D4-B0201E63D263}

2012-07-01 00:03 - 2012-07-01 00:03 - 00000000 ____D C:\Program Files (x86)\LG Electronics

2012-07-01 00:03 - 2010-12-07 14:12 - 00034304 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgandmodem64.sys

2012-07-01 00:03 - 2010-12-07 14:12 - 00027648 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lganddiag64.sys

2012-07-01 00:03 - 2010-12-07 14:12 - 00027136 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgandgps64.sys

2012-07-01 00:03 - 2010-12-07 14:12 - 00019456 ____A (LG Electronics Inc.) C:\Windows\System32\Drivers\lgandbus64.sys

2012-07-01 00:02 - 2012-07-01 00:02 - 10749912 ____A (Acresso Software Inc. ) C:\Users\Jake\Downloads\LGUnitedMobileDriver_S498MA22_WHQL_ML_Ver_2.2.exe

2012-06-30 18:36 - 2012-06-30 18:36 - 00235936 ____A (Tagès SA) C:\Users\Jake\Downloads\TagesSetup_x64.exe

2012-06-30 18:36 - 2012-06-30 18:36 - 00088480 ____A C:\Windows\System32\Drivers\atksgt.sys

2012-06-30 18:36 - 2012-06-30 18:36 - 00046400 ____A C:\Windows\System32\Drivers\lirsgt.sys

2012-06-30 18:19 - 2012-06-30 18:20 - 00000000 ____D C:\Users\Jake\Documents\stalker-cs

2012-06-30 18:12 - 2012-06-30 18:12 - 00000778 ____A C:\Windows\DXError.log

2012-06-30 16:48 - 2012-06-30 16:48 - 00000000 ____D C:\Users\Jake\AppData\Local\{F2BB0D2C-CD21-4B82-99F6-151A643082AE}

2012-06-30 16:48 - 2012-06-30 16:48 - 00000000 ____D C:\Users\Jake\AppData\Local\{EAAFDC22-6C83-4434-A777-A8BABDD37C74}

============ 3 Months Modified Files ========================

2012-07-30 08:42 - 2009-07-13 21:45 - 00014288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-30 08:42 - 2009-07-13 21:45 - 00014288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-30 08:36 - 2012-01-06 20:02 - 00020252 ____A C:\Users\All Users\Gpu.log

2012-07-30 08:33 - 2009-07-13 21:51 - 00043329 ____A C:\Windows\setupact.log

2012-07-30 08:32 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-30 07:44 - 2009-07-13 22:13 - 00886966 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-30 07:43 - 2012-07-30 07:43 - 01438391 ____A (Farbar) C:\Users\Jake\Desktop\FRST64.exe

2012-07-30 07:41 - 2012-01-06 19:40 - 01876835 ____A C:\Windows\WindowsUpdate.log

2012-07-30 07:36 - 2012-07-30 07:36 - 00003339 ____A C:\Users\Jake\Desktop\RKreport[1].txt

2012-07-30 07:31 - 2012-03-19 03:46 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job

2012-07-30 07:24 - 2012-03-23 22:19 - 00000924 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job

2012-07-30 07:19 - 2012-07-30 07:18 - 01552384 ____A C:\Users\Jake\Desktop\RogueKiller.exe

2012-07-30 06:55 - 2012-05-05 17:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-30 05:00 - 2012-07-30 05:00 - 00146694 ____A C:\Users\Jake\Desktop\OTL.Txt

2012-07-30 04:53 - 2012-07-30 04:53 - 00881494 ____A C:\Users\Jake\Desktop\SecurityCheck.exe

2012-07-30 04:53 - 2012-07-30 04:53 - 00596480 ____A (OldTimer Tools) C:\Users\Jake\Desktop\OTL.exe

2012-07-30 04:47 - 2012-07-30 04:47 - 00044465 ____A C:\Users\Jake\Desktop\DDS.txt

2012-07-30 04:47 - 2012-07-30 04:47 - 00021226 ____A C:\Users\Jake\Desktop\Attach.txt

2012-07-30 04:43 - 2012-07-30 04:43 - 00607260 ____R (Swearware) C:\Users\Jake\Desktop\dds.com

2012-07-30 04:36 - 2012-01-06 20:41 - 00026900 ____A C:\Windows\PFRO.log

2012-07-29 23:56 - 2012-07-29 23:55 - 05221800 ____A C:\Users\Jake\Downloads\MorphVOXPro4_Install-1.exe

2012-07-29 23:48 - 2012-07-29 23:48 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk

2012-07-29 22:24 - 2012-03-23 22:19 - 00000872 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job

2012-07-29 22:14 - 2012-01-10 22:54 - 00570265 ____A C:\Windows\DirectX.log

2012-07-29 19:03 - 2012-07-29 19:03 - 01552078 ____A (Toshiyuki Masui ) C:\Users\Jake\Downloads\Gyazo-1.0.exe

2012-07-29 18:16 - 2012-07-29 18:16 - 463412638 ____A C:\Windows\MEMORY.DMP

2012-07-29 18:16 - 2012-07-29 18:16 - 00275680 ____A C:\Windows\Minidump\072912-29343-01.dmp

2012-07-29 18:16 - 2012-01-17 23:26 - 00415916 ____A C:\Windows\System32\Drivers\vsconfig.xml

2012-07-28 17:54 - 2012-02-04 16:16 - 00002002 ___AH C:\Users\Jake\Documents\Default.rdp

2012-07-28 17:31 - 2012-03-19 03:46 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job

2012-07-28 08:53 - 2012-07-28 08:53 - 00703533 ____A C:\Users\Jake\Downloads\hldsupdatetool.exe

2012-07-26 01:55 - 2012-05-05 17:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-26 01:55 - 2012-01-06 20:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-25 08:03 - 2012-07-25 08:03 - 00000000 ____A C:\Windows\SysWOW64\sho7B8C.tmp

2012-07-24 07:18 - 2012-07-24 07:13 - 466912227 ____A (Softimage ) C:\Users\Jake\Downloads\setup_XSIDEMO_Mod Tool_7_5_203_win32.exe

2012-07-23 23:58 - 2012-06-24 20:49 - 00001560 ____A C:\Windows\Sandboxie.ini

2012-07-23 22:43 - 2009-07-13 19:34 - 00017510 ____A C:\Windows\System32\Drivers\etc\services

2012-07-23 22:42 - 2012-07-23 22:41 - 33231558 ____A C:\Users\Jake\Downloads\blender-2.63a-release-windows64.exe

2012-07-23 22:40 - 2012-07-23 22:35 - 452859502 ____A (Softimage ) C:\Users\Jake\Downloads\SOFTIMAGE_XSI_6_ModTool.exe

2012-07-23 22:37 - 2012-07-23 22:37 - 01429503 ____A C:\Users\Jake\Downloads\StudioCompilerSetup.V0.4A.exe

2012-07-23 22:35 - 2012-07-23 22:35 - 00561878 ____A (Ryan Gregg ) C:\Users\Jake\Downloads\gcfscape182.exe

2012-07-23 02:25 - 2012-07-23 02:25 - 24985451 ____A C:\Users\Jake\Downloads\Singularity_1-7-0-2621_Setup.exe

2012-07-21 19:22 - 2012-07-21 19:21 - 24610144 ____A (peppy) C:\Users\Jake\Downloads\osu!install.exe

2012-07-18 22:57 - 2012-03-14 18:41 - 00032772 ____A C:\Users\Jake\Desktop\gmcl_imakeSEsqueal.dll

2012-07-17 00:02 - 2012-07-17 00:02 - 01282568 ____A (Avira Operations GmbH & Co. KG) C:\Users\Jake\Downloads\AviraDNSRepairEN.exe

2012-07-14 16:42 - 2012-07-13 15:10 - 00000023 ____A C:\Windows\BlendSettings.ini

2012-07-12 12:10 - 2012-03-24 22:48 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-12 12:10 - 2012-03-24 02:49 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-12 12:06 - 2012-03-24 02:49 - 00282864 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-12 11:53 - 2012-07-12 11:53 - 03878112 ____A C:\Users\Jake\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe

2012-07-12 11:19 - 2012-07-12 11:19 - 11724064 ____A (MiniTool Solution Ltd. ) C:\Users\Jake\Downloads\pwhe75.exe

2012-07-12 11:17 - 2012-07-12 11:17 - 03415322 ____A C:\Users\Jake\Downloads\Steamp3Setup_1.0.96.exe

2012-07-12 10:58 - 2009-07-13 21:45 - 04828472 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 20:32 - 2012-01-18 00:01 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 21:09 - 2012-07-10 21:09 - 01328096 ____A C:\Users\Jake\Downloads\KeyScrambler_Setup.exe

2012-07-09 00:59 - 2012-07-09 00:59 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk

2012-07-09 00:59 - 2012-07-02 21:51 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk

2012-07-08 04:47 - 2012-01-06 20:42 - 00059976 ____A C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-08 02:21 - 2012-04-15 11:08 - 00000132 ____A C:\Users\Jake\AppData\Roaming\Adobe PNG Format CS5 Prefs

2012-07-08 02:02 - 2012-07-08 02:02 - 01121818 ____A C:\Users\Jake\Documents\stuff.psd

2012-07-07 23:12 - 2012-07-07 23:12 - 26586887 ____A (Wireshark development team) C:\Users\Jake\Downloads\Wireshark-win64-1.8.0.exe

2012-07-07 22:48 - 2012-07-07 22:48 - 02029704 ____A C:\Users\Jake\Downloads\join.me.exe

2012-07-05 23:37 - 2012-02-21 23:13 - 00010752 ____A C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-05 23:21 - 2012-01-17 23:24 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-04 04:28 - 2012-07-04 04:28 - 07275072 ____A (Dark Byte ) C:\Users\Jake\Downloads\CheatEngine62.exe

2012-07-03 13:46 - 2012-01-17 22:58 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 09:21 - 2012-02-24 15:01 - 00142128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys

2012-07-03 09:21 - 2012-02-24 15:00 - 00266776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys

2012-07-03 09:21 - 2012-02-24 15:00 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-03 09:21 - 2012-02-24 15:00 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys

2012-07-03 09:21 - 2012-01-17 23:51 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-03 09:21 - 2012-01-17 23:51 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-03 09:21 - 2012-01-17 23:51 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-03 09:21 - 2012-01-17 23:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-03 09:21 - 2012-01-17 23:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-03 09:21 - 2012-01-17 23:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-03 09:21 - 2012-01-17 23:50 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-03 09:21 - 2012-01-17 23:24 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-01 00:02 - 2012-07-01 00:02 - 10749912 ____A (Acresso Software Inc. ) C:\Users\Jake\Downloads\LGUnitedMobileDriver_S498MA22_WHQL_ML_Ver_2.2.exe

2012-06-30 18:36 - 2012-06-30 18:36 - 00235936 ____A (Tagès SA) C:\Users\Jake\Downloads\TagesSetup_x64.exe

2012-06-30 18:36 - 2012-06-30 18:36 - 00088480 ____A C:\Windows\System32\Drivers\atksgt.sys

2012-06-30 18:36 - 2012-06-30 18:36 - 00046400 ____A C:\Windows\System32\Drivers\lirsgt.sys

2012-06-30 18:12 - 2012-06-30 18:12 - 00000778 ____A C:\Windows\DXError.log

2012-06-27 17:05 - 2012-06-27 17:05 - 00003491 ____A C:\Users\Jake\Desktop\Criminal DoX.txt

2012-06-26 18:02 - 2012-06-26 18:02 - 00889840 ____A C:\Users\Jake\Desktop\Avox-Gaming Metro2033.rar

2012-06-24 20:49 - 2012-06-24 20:49 - 02402064 ____A (SANDBOXIE L.T.D) C:\Users\Jake\Downloads\SandboxieInstall.exe

2012-06-23 18:43 - 2012-06-23 18:43 - 00000020 ____A C:\Users\Jake\Downloads\start.bat.txt

2012-06-22 04:40 - 2012-06-22 04:40 - 10295128 ____A (DevAge, Vestris Inc. & Contributors) C:\Users\Jake\Downloads\Setup.exe

2012-06-20 21:17 - 2012-06-20 21:17 - 00000012 ____A C:\Users\Jake\Desktop\CS GO account.txt

2012-06-18 13:34 - 2012-07-12 11:20 - 02966720 ____A C:\Windows\System32\pwNative.exe

2012-06-18 13:34 - 2012-07-12 11:20 - 00019032 ____N C:\Windows\System32\pwdrvio.sys

2012-06-18 13:34 - 2012-07-12 11:20 - 00012384 ____N C:\Windows\System32\pwdspio.sys

2012-06-16 02:37 - 2012-06-16 02:38 - 00130566 ____A C:\Users\Jake\Desktop\gmcl_midol.dll

2012-06-15 06:44 - 2012-06-15 06:44 - 00002601 ____A C:\Users\Jake\Downloads\Revoltgaming_HL2RP_MySQL.sql

2012-06-11 20:08 - 2012-07-11 20:35 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-11 13:50 - 2012-06-11 13:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll

2012-06-11 13:50 - 2012-06-11 13:50 - 00187392 ____A C:\Windows\System32\clinfo.exe

2012-06-11 13:50 - 2012-06-11 13:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll

2012-06-11 13:50 - 2012-06-11 13:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll

2012-06-11 13:50 - 2012-06-11 13:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll

2012-06-11 13:50 - 2012-06-11 13:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll

2012-06-11 13:49 - 2012-06-11 13:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

2012-06-11 11:59 - 2012-06-11 11:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys

2012-06-11 11:35 - 2012-06-11 11:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll

2012-06-11 11:29 - 2012-06-11 11:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll

2012-06-11 11:00 - 2012-06-11 11:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2012-06-11 10:26 - 2012-06-11 10:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb

2012-06-11 10:26 - 2012-06-11 10:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb

2012-06-11 10:25 - 2012-06-11 10:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe

2012-06-11 10:24 - 2011-11-09 20:16 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2012-06-11 10:23 - 2011-11-09 20:15 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll

2012-06-11 10:20 - 2012-06-11 10:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll

2012-06-11 10:19 - 2012-06-11 10:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe

2012-06-11 10:19 - 2012-06-11 10:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe

2012-06-11 10:17 - 2012-06-11 10:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll

2012-06-11 10:17 - 2012-06-11 10:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll

2012-06-11 10:17 - 2012-06-11 10:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll

2012-06-11 10:17 - 2012-06-11 10:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll

2012-06-11 10:16 - 2011-11-09 20:06 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2012-06-11 10:01 - 2011-11-09 19:51 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll

2012-06-11 09:51 - 2011-11-09 19:40 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll

2012-06-11 09:50 - 2012-06-11 09:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap

2012-06-11 09:45 - 2012-06-11 09:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll

2012-06-11 09:45 - 2012-06-11 09:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll

2012-06-11 09:45 - 2012-06-11 09:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

2012-06-11 09:45 - 2012-06-11 09:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll

2012-06-11 09:45 - 2012-06-11 09:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

2012-06-11 09:45 - 2011-11-09 19:33 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2012-06-11 09:43 - 2011-11-09 19:29 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2012-06-11 09:41 - 2012-06-11 09:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap

2012-06-11 09:40 - 2012-06-11 09:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

2012-06-11 09:36 - 2011-11-09 19:24 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll

2012-06-11 09:27 - 2012-06-11 09:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys

2012-06-11 09:26 - 2012-06-11 09:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll

2012-06-11 09:25 - 2011-11-09 19:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll

2012-06-11 09:25 - 2011-11-09 19:11 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll

2012-06-11 09:25 - 2011-11-09 19:11 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2012-06-11 09:24 - 2012-06-11 09:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll

2012-06-11 09:24 - 2011-11-09 19:11 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2012-06-11 09:23 - 2012-06-11 09:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2012-06-11 09:23 - 2012-06-11 09:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2012-06-11 09:23 - 2012-06-11 09:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll

2012-06-11 09:23 - 2012-06-11 09:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll

2012-06-11 05:41 - 2012-06-11 05:41 - 12522891 ____A (The [s.o.E] team ) C:\Users\Jake\Downloads\lea-installer-1-3-56.exe

2012-06-09 22:11 - 2012-06-09 22:11 - 10983288 ____A (Oleg N. Scherbakov) C:\Users\Jake\Downloads\Six Updater v2.9.6pre16 setup.exe

2012-06-08 22:43 - 2012-07-11 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 21:41 - 2012-07-11 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 03:51 - 2012-06-08 03:38 - 1280748357 ____A (Igor Pavlov) C:\Users\Jake\Downloads\ec_complete_content.exe

2012-06-05 23:06 - 2012-07-11 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 23:06 - 2012-07-11 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 23:02 - 2012-07-11 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 22:05 - 2012-07-11 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 22:05 - 2012-07-11 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 22:03 - 2012-07-11 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 21:12 - 2012-06-05 21:12 - 00002138 ____A C:\Users\Jake\Downloads\DayZbeta.cmd

2012-06-02 16:51 - 2012-06-02 16:51 - 04586776 ____A (Check Point Software Technologies LTD) C:\Users\Jake\Downloads\zaSetupWeb_101_101_000_en.exe

2012-06-02 15:19 - 2012-06-22 02:04 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 15:19 - 2012-06-22 02:04 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 15:19 - 2012-06-22 02:04 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 15:19 - 2012-06-22 02:04 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 15:19 - 2012-06-22 02:04 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 15:19 - 2012-06-22 02:04 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 15:15 - 2012-06-22 02:04 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 15:15 - 2012-06-22 02:04 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 15:15 - 2012-06-22 02:04 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 22:50 - 2012-07-11 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 22:48 - 2012-07-11 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 22:48 - 2012-07-11 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 22:45 - 2012-07-11 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 22:44 - 2012-07-11 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 21:40 - 2012-07-11 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 21:40 - 2012-07-11 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 21:39 - 2012-07-11 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 21:34 - 2012-07-11 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 11:43 - 2012-06-01 11:43 - 00164869 ____A C:\Users\Jake\Downloads\watch(2).htm

2012-05-31 12:25 - 2012-01-06 20:39 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-29 23:15 - 2012-05-29 23:15 - 02717432 ____A C:\Users\Jake\Downloads\vpn-client-2.1.7-release.exe

2012-05-28 01:08 - 2012-05-28 01:07 - 66445364 ____A C:\Users\Jake\Downloads\theater_nexmultiplex_1m.bsp

2012-05-26 22:29 - 2012-05-26 22:28 - 00091617 ____A C:\Users\Jake\Desktop\faphack_bot.txt

2012-05-26 18:24 - 2012-05-26 18:24 - 00055869 ____A C:\Users\Jake\Downloads\Videos.htm

2012-05-26 14:58 - 2012-05-26 22:28 - 00091786 ____A C:\Users\Jake\Desktop\FapHack.lua

2012-05-25 16:14 - 2012-05-25 16:14 - 02288128 ____A C:\Users\Jake\Downloads\LeagueofLegends.exe

2012-05-23 19:38 - 2012-05-23 19:38 - 00150240 ____A C:\Users\Jake\Downloads\watch.htm

2012-05-21 03:54 - 2012-05-21 03:53 - 13042799 ____A C:\Users\Jake\Downloads\ESEAClientInstall.exe

2012-05-21 00:41 - 2012-03-24 02:49 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-05-19 16:13 - 2012-05-19 16:13 - 01030872 ____A ( ) C:\Users\Jake\Downloads\LibraInstall.exe

2012-05-17 21:01 - 2012-05-17 21:01 - 00889219 ____A C:\Windows\OccupationCS_ Source Uninstaller.exe

2012-05-14 21:01 - 2012-06-12 19:52 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-14 20:59 - 2012-06-12 19:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-14 20:03 - 2012-06-12 19:52 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-14 20:00 - 2012-06-12 19:52 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-11 14:06 - 2012-05-11 02:23 - 00004388 ____A C:\Users\Jake\Desktop\epidemic.sql

2012-05-11 04:26 - 2012-03-25 22:31 - 02250024 ____A C:\Windows\SysWOW64\Pbsvc.exe

2012-05-10 16:35 - 2012-05-10 16:35 - 00043520 ____A C:\Windows\System32\kdbsdk64.dll

2012-05-10 16:35 - 2012-05-10 16:35 - 00029184 ____A C:\Windows\SysWOW64\kdbsdk32.dll

2012-05-09 20:43 - 2012-05-09 20:43 - 00002377 ____A C:\Users\Jake\Documents\MumbleAutomaticCertificateBackup.p12

2012-05-09 20:38 - 2012-05-09 20:36 - 17904640 ____A C:\Users\Jake\Downloads\mumble-1.2.3a.msi

2012-05-08 21:13 - 2012-05-08 21:13 - 00108249 ____A C:\Users\Jake\Documents\Untitled.wma

2012-05-05 20:19 - 2012-05-05 20:19 - 00000326 ____A C:\Users\Jake\Desktop\Ghost Recon Online (NCSA-Live).appref-ms

2012-05-04 04:06 - 2012-06-12 19:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 03:03 - 2012-06-12 19:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 03:03 - 2012-06-12 19:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-02 02:26 - 2012-05-07 19:46 - 02288128 ____A C:\Users\Jake\Documents\LeagueofLegends.exe

ZeroAccess:

C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}

C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@

C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L

C:\Windows\Installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U

ZeroAccess:

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L\00000004.@

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\00000004.@

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\000000cb.@

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000000.@

C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 31%

Total physical RAM: 8152.29 MB

Available physical RAM: 5564.43 MB

Total Pagefile: 16302.76 MB

Available Pagefile: 13379.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1397.16 GB) (Free:992.34 GB) NTFS

3 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1397 GB 2048 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 1397 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 1397 GB Healthy Boot

==================================================================================

==========================================================

Last Boot: 2012-07-28 20:33

======================= End Of Log ==========================

Link to post
Share on other sites

OK, please do this.............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here's the log from ComboFix.

ComboFix 12-07-30.01 - Jake 07/30/2012 8:56.1.6 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.5301 [GMT -7:00]

Running from: c:\users\Jake\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1049328536

c:\programdata\1071462648

c:\programdata\1100453104

c:\programdata\1416091096

c:\programdata\1423299904

c:\programdata\1439640296

c:\programdata\150538824

c:\programdata\1674503584

c:\programdata\1750229800

c:\programdata\2007857088

c:\programdata\2013857328

c:\programdata\2075215336

c:\programdata\2294935064

c:\programdata\2337409904

c:\programdata\2409023008

c:\programdata\2591855232

c:\programdata\2832576568

c:\programdata\2833106928

c:\programdata\2945740288

c:\programdata\2983350544

c:\programdata\3134729072

c:\programdata\315938136

c:\programdata\3279682208

c:\programdata\3322803440

c:\programdata\3415614408

c:\programdata\3420621328

c:\programdata\3518799800

c:\programdata\3556148592

c:\programdata\3594091064

c:\programdata\3663386168

c:\programdata\3771992848

c:\programdata\3834173464

c:\programdata\3924327912

c:\programdata\3964628648

c:\programdata\4018372208

c:\programdata\4184667248

c:\programdata\4214289392

c:\programdata\423347920

c:\programdata\4241437696

c:\programdata\433129112

c:\programdata\472542592

c:\programdata\544034144

c:\programdata\57711568

c:\programdata\627053344

c:\programdata\688815448

c:\programdata\84420680

c:\users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0ECAF8DC-DB31-4545-9115-D60B5E29D7A1}.xps

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\SysWow64\tmp46A0.tmp

c:\windows\SysWow64\tmp46DF.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

.

.

2012-07-30 16:43 . 2012-07-30 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-30 15:47 . 2012-07-30 15:47 -------- d-----w- C:\FRST

2012-07-30 06:56 . 2012-07-30 06:56 -------- d-----w- c:\program files (x86)\Screaming Bee

2012-07-30 06:48 . 2012-07-30 06:49 -------- d-----w- c:\users\Jake\AppData\Roaming\Nico Mak Computing

2012-07-30 06:48 . 2011-11-10 17:33 18760 ----a-w- c:\windows\system32\roboot64.exe

2012-07-30 06:43 . 2012-07-30 06:43 -------- d-----w- C:\AV_LOGS

2012-07-30 06:38 . 2012-07-30 06:38 -------- d-----w- c:\users\Jake\AppData\Roaming\Avnex

2012-07-30 06:37 . 2008-12-26 19:56 21504 ----a-w- c:\windows\system32\drivers\vcsvad.sys

2012-07-30 06:37 . 2012-07-30 06:47 -------- d-----w- c:\program files (x86)\AV Vcs 7.0 DIAMOND

2012-07-30 02:03 . 2012-07-30 02:03 -------- d-----w- c:\users\Jake\AppData\Roaming\Gyazo

2012-07-30 02:03 . 2012-07-30 02:03 -------- d-----w- c:\program files (x86)\Gyazo

2012-07-28 15:53 . 2012-07-28 15:55 -------- d-----w- C:\srcds_css

2012-07-27 12:17 . 2012-07-27 12:17 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-07-27 07:17 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71AFBCE6-5224-4057-9161-CAE12920C093}\mpengine.dll

2012-07-25 15:03 . 2012-07-25 15:03 0 ----a-w- c:\windows\SysWow64\sho7B8C.tmp

2012-07-24 14:23 . 2012-07-24 14:23 -------- d-----w- c:\users\Jake\Autodesk

2012-07-24 06:03 . 2012-07-24 06:03 -------- d-----w- c:\users\Jake\Softimage

2012-07-24 05:56 . 2012-07-24 08:32 -------- d-----w- C:\Decompiled Models

2012-07-24 05:47 . 2012-07-24 05:47 -------- d-----w- c:\program files\Common Files\Softimage

2012-07-24 05:47 . 2012-07-24 14:33 -------- d-----w- C:\Softimage

2012-07-24 05:46 . 2012-07-24 14:22 -------- d-----w- c:\program files (x86)\Common Files\Softimage

2012-07-24 05:44 . 2007-08-15 01:12 45056 ------w- c:\windows\SysWow64\XSIChooser.exe

2012-07-24 05:43 . 2012-07-24 05:43 -------- d-----w- c:\program files\Blender Foundation

2012-07-24 05:41 . 2012-07-24 05:43 -------- d-----w- C:\XSI6

2012-07-24 05:41 . 2012-07-24 05:41 -------- d-----w- c:\program files (x86)\XSI6

2012-07-24 05:40 . 2012-07-24 05:40 -------- d-----w- c:\users\Jake\AppData\Roaming\InstallShield

2012-07-24 05:37 . 2012-07-24 05:37 -------- d-----w- c:\program files\StudioCompiler

2012-07-23 09:30 . 2012-07-23 11:26 -------- d-----w- c:\users\Jake\AppData\Local\SingularityViewer

2012-07-23 09:30 . 2012-07-23 09:31 -------- d-----w- c:\users\Jake\AppData\Roaming\SecondLife

2012-07-23 09:25 . 2012-07-23 09:26 -------- d-----w- c:\program files (x86)\Singularity

2012-07-22 02:22 . 2012-07-21 08:55 -------- d-----w- c:\program files (x86)\osu!

2012-07-22 02:22 . 2012-07-22 02:22 -------- d-----w- c:\users\Jake\AppData\Roaming\Downloaded Installations

2012-07-14 19:30 . 2012-07-14 19:30 -------- d-----w- c:\programdata\ATI

2012-07-14 19:29 . 2012-07-14 19:29 -------- d-----w- c:\program files (x86)\AMD AVT

2012-07-14 19:29 . 2012-07-14 19:29 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-13 22:02 . 2012-07-13 22:02 -------- d-----w- c:\users\Jake\AppData\Local\Oblivion

2012-07-13 02:48 . 2012-07-13 02:48 -------- d-----w- c:\programdata\TamoSoft

2012-07-13 02:47 . 2012-07-13 02:51 -------- d-----w- c:\program files (x86)\CommView

2012-07-12 20:43 . 2012-07-12 20:43 -------- d-----w- c:\users\Jake\temp

2012-07-12 18:20 . 2012-06-18 20:34 19032 ------w- c:\windows\system32\pwdrvio.sys

2012-07-12 18:20 . 2012-06-18 20:34 2966720 ----a-w- c:\windows\system32\pwNative.exe

2012-07-12 18:20 . 2012-06-18 20:34 12384 ------w- c:\windows\system32\pwdspio.sys

2012-07-12 18:20 . 2012-07-12 18:20 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5

2012-07-12 18:18 . 2012-07-12 18:18 -------- d-----w- c:\program files (x86)\Xiph.Org

2012-07-12 18:18 . 2012-07-12 18:18 -------- d-----w- c:\program files (x86)\Ta0 Software

2012-07-12 03:35 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 04:11 . 2012-07-11 04:11 -------- d-----w- c:\users\Jake\AppData\Roaming\QFX Software

2012-07-11 04:11 . 2012-07-11 04:11 -------- d-----w- c:\programdata\QFX Software

2012-07-11 04:10 . 2012-07-11 04:10 -------- d-----w- c:\program files (x86)\KeyScrambler

2012-07-11 04:10 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2012-07-11 03:43 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\system32\explorer.exe

2012-07-06 19:34 . 2012-07-06 19:34 -------- d-----w- c:\users\Jake\AppData\Local\4A Games

2012-07-06 17:21 . 2012-07-06 17:21 -------- d-----w- c:\users\Jake\AppData\Local\My Games

2012-07-06 17:11 . 2012-07-06 18:39 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V

2012-07-04 11:30 . 2012-07-04 11:30 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2

2012-07-01 07:03 . 2010-12-07 21:12 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys

2012-07-01 07:03 . 2010-12-07 21:12 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys

2012-07-01 07:03 . 2010-12-07 21:12 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys

2012-07-01 07:03 . 2010-12-07 21:12 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys

2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\program files (x86)\LG Electronics

2012-07-01 01:36 . 2012-07-01 01:36 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys

2012-07-01 01:36 . 2012-07-01 01:36 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-26 08:55 . 2012-05-06 00:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-26 08:55 . 2012-01-07 03:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 19:10 . 2012-03-25 05:48 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-12 19:10 . 2012-03-24 09:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-12 19:06 . 2012-03-24 09:49 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-12 03:32 . 2012-01-18 07:01 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 20:46 . 2012-01-18 05:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2012-02-24 22:01 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-07-03 16:21 . 2012-02-24 22:00 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-03 16:21 . 2012-02-24 22:00 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-07-03 16:21 . 2012-02-24 22:00 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-03 16:21 . 2012-01-18 06:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2012-01-18 06:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-01-18 06:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2012-01-18 06:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2012-01-18 06:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2012-01-18 06:50 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2012-01-18 06:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2012-01-18 06:24 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-11 20:50 . 2012-06-11 20:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 20:50 . 2012-06-11 20:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 20:50 . 2012-06-11 20:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 20:50 . 2012-06-11 20:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-11-10 03:16 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2011-11-10 03:15 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2011-11-10 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2011-11-10 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2011-11-10 02:40 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-11-10 02:33 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-11-10 02:29 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2011-11-10 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2011-11-10 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2011-11-10 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-11-10 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-02 22:19 . 2012-06-22 09:04 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 09:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 09:04 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 09:04 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 09:04 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-22 09:04 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 09:04 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 09:04 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-22 09:04 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-05-31 19:25 . 2012-01-07 03:39 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-21 07:41 . 2012-03-24 09:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-05-18 04:01 . 2012-05-18 04:01 889219 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe

2012-05-15 04:01 . 2012-06-13 02:52 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-13 02:52 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-13 02:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-11 11:26 . 2012-03-26 05:31 2250024 ----a-w- c:\windows\SysWow64\Pbsvc.exe

2012-05-10 23:35 . 2012-05-10 23:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-05-10 23:35 . 2012-05-10 23:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-05-04 11:06 . 2012-06-13 02:52 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 02:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 02:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 22:29 . 2012-05-01 22:29 0 ----a-w- c:\windows\SysWow64\pro98CB.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-05-28 1242448]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"Spotify Web Helper"="c:\users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-30 1193176]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"GPU TweakIt Server Execute"="c:\program files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" [2011-05-03 1384064]

"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]

"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-12 1349632]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-19 241789]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-20 73360]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

.

c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]

R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]

R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2011-02-21 31336]

R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2011-02-21 157288]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-07 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-07 79360]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-16 32872]

S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-05-24 171688]

S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]

S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-03-16 33672]

S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-03-16 827520]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-10 2673064]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 e1qexpress;Intel® PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [2011-06-21 336048]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-02-02 66728]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-10-15 674304]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [2010-04-29 45160]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]

S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]

S3 USBUAA;USB Audio Class 2.0 Device Driver;c:\windows\system32\DRIVERS\USBUAA.SYS [2011-01-24 97024]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 08:55]

.

2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job

- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 10:46]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job

- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 10:46]

.

2012-07-30 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000Core.job

- c:\users\Jake\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-24 05:19]

.

2012-07-30 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3825957713-1901933741-4195240163-1000UA.job

- c:\users\Jake\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-24 05:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]

"Cm6620Sound"="c:\program files\ROG Thunderbolt Audio\CPL\ROG ThunderBolt Audio.exe" [2011-02-24 311296]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 1126528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\dnk3buf3.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-GX_Hook - c:\program files\ROG Thunderbolt Audio\CPL\HsMgr.exe

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe

AddRemove-Libra_is1 - c:\program files (x86)\Libra\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Sandbox - c:\program files (x86)\Steam\steamapps\common\Battlefield 2\mods\sandbox\uninstall_sandbox.exe

AddRemove-{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1 - c:\program files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3825957713-1901933741-4195240163-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92424D96-8710-044E-768D-AC50BFF36B82}*]

"ialekogmnimibogleo"=hex:6a,61,65,64,70,6c,64,62,6d,70,6b,64,68,6f,6b,6f,67,6f,

66,70,00,00

"hajeaohnmlidkail"=hex:6a,61,70,63,69,6c,65,61,64,70,69,61,6c,69,65,67,6d,6a,

61,66,00,00

"iapacdaeeccgogddaf"=hex:63,61,61,64,61,6a,00,00

.

[HKEY_USERS\S-1-5-21-3825957713-1901933741-4195240163-1000\Software\SecuROM\License information*]

"datasecu"=hex:0c,57,e7,e9,b7,73,a3,76,c2,e5,7d,8b,c4,0d,bc,5e,f9,47,29,38,bb,

47,d1,1d,a0,ac,53,4e,a5,e1,67,36,00,f2,d4,70,2a,f3,14,f9,bf,71,55,37,3d,9e,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\DAODx.exe

c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\xampp\mysql\bin\mysqld.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe

.

**************************************************************************

.

Completion time: 2012-07-30 09:54:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-30 16:54

.

Pre-Run: 1,065,325,658,112 bytes free

Post-Run: 1,068,293,672,960 bytes free

.

- - End Of File - - 3052EB4B5698A51DF3946A9F2A9AF046

Link to post
Share on other sites

ComboFix didn't even touch it, most likely because they're new file/folder names:

f65588fc-e4e4-fe8f-d281-b293b010f4a1

-------------------------

Please do this:

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Registry Entries: 6 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jake\AppData\Local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\n.) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Files tab and put a check next to these and uncheck the rest.

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

Now click Delete on the right hand column under Options

-------------

Reboot and run another scan with RogueKiller and post the new log, MrC

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jake [Admin rights]

Mode: Remove -- Date: 07/30/2012 10:19:13

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> NOT SELECTED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED

[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> REMOVED

[ZeroAccess][FOLDER] U : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> REMOVED

[ZeroAccess][FOLDER] L : c:\windows\installer\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> REMOVED

[ZeroAccess][FILE] @ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\@ --> REMOVED

[Del.Parent][FILE] 00000004.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\00000004.@ --> REMOVED

[Del.Parent][FILE] 000000cb.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\000000cb.@ --> REMOVED

[Del.Parent][FILE] 80000000.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000000.@ --> REMOVED

[Del.Parent][FILE] 80000064.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U\80000064.@ --> REMOVED

[ZeroAccess][FOLDER] U : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\U --> REMOVED

[Del.Parent][FILE] 00000004.@ : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L\00000004.@ --> REMOVED

[ZeroAccess][FOLDER] L : c:\users\jake\appdata\local\{f65588fc-e4e4-fe8f-d281-b293b010f4a1}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST315003 41AS SATA Disk Device +++++

--- User ---

[MBR] 5803beb5b57a1e0640dbce950ddc21e1

[bSP] a69242f73d572ad8e0f93af1985c5cda : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430695 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jake [Admin rights]

Mode: Scan -- Date: 07/30/2012 10:30:06

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST315003 41AS SATA Disk Device +++++

--- User ---

[MBR] 5803beb5b57a1e0640dbce950ddc21e1

[bSP] a69242f73d572ad8e0f93af1985c5cda : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430695 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.30.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Jake :: JAKE-PC [administrator]

7/30/2012 10:33:08 AM

mbam-log-2012-07-30 (10-33-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199435

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Seems to be pretty good, nothing unusual happening anymore not that there was much from the start other than ZoneAlarm and Avast! going nuts about it connecting to the internet, seems to have been toasted. Thanks!

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.