ARRGH9

Members
  • Content count

    13
  • Joined

  • Last visited

About ARRGH9

  • Rank
    New Member
  1. And to think... I could have completely reinstalled windows and put most of my files and programs back in place by now...
  2. Now I have a desktop full of scanners you had me download, and devoid of any of my missing folders and files
  3. C:\Qoobox\Quarantine\C\Program Files (x86)\Vid-Saver Extension\ViD-saver extension.dll.vir a variant of Win32/Toolbar.CrossRider.A application
  4. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.07.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Girrard :: G-COM [administrator] 3/6/2013 7:28:25 PM mbam-log-2013-03-06 (19-28-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213030 Time elapsed: 1 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.9 (03.06.2013:1) OS: Windows 7 Professional x64 Ran by Girrard on Wed 03/06/2013 at 18:13:24.46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\firstsearch Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.BHO Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.BHO Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.Sandbox.1 Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\installmate" Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 03/06/2013 at 18:21:32.59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.114 - Logfile created 03/06/2013 at 18:49:13 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Professional (64 bits) # User : Girrard - G-COM # Boot Mode : Normal # Running from : C:\Users\Girrard\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\Speedbit ***** [Registry] ***** Key Deleted : HKCU\Software\GreenTree Applications Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181108} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181108} Key Deleted : HKCU\Software\SpeedBit Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181108} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181108} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181108} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181108} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181108} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Girrard\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2149 octets] - [06/03/2013 18:49:13] ########## EOF - C:\AdwCleaner[s1].txt - [2209 octets] ##########
  6. ---*Please note, I did disable all Comodo applications upon reading the prompt they were still on*--- ComboFix 13-03-05.01 - Girrard 03/06/2013 17:49:24.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.6700 [GMT -7:00] Running from: c:\users\Girrard\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Vid-Saver Extension\ViD-saver extension.dll . . ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 ))))))))))))))))))))))))))))))) . . 2013-03-07 01:13 . 2013-03-07 01:13 -------- d-----w- C:\FRST 2013-03-07 00:52 . 2013-03-07 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-06 18:52 . 2013-03-06 18:52 -------- d-----w- c:\users\Girrard\AppData\Roaming\GlarySoft 2013-03-06 16:17 . 2013-03-06 18:52 -------- d-----w- c:\program files (x86)\Glary Undelete 2013-03-06 13:16 . 2009-02-12 22:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys 2013-03-06 00:36 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-06 00:36 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-06 00:22 . 2013-03-06 00:22 -------- d-----w- c:\users\Girrard\AppData\Roaming\WinPatrol 2013-03-06 00:22 . 2013-03-06 18:11 -------- d-----w- c:\programdata\InstallMate 2013-03-06 00:13 . 2013-03-06 00:14 -------- d-----w- c:\users\Girrard\MP3 Rocket 2013-02-22 21:00 . 2013-02-22 21:01 -------- d-----w- c:\users\Girrard\Startup Inspector for Windows 2013-02-12 13:08 . 2013-03-06 00:28 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-09 19:16 . 2013-02-09 19:16 -------- d-----w- c:\programdata\McAfee 2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- C:\Downloads 2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\users\Girrard\AppData\Roaming\ProgSense 2013-02-06 21:26 . 2013-03-05 18:15 -------- d-----w- c:\users\Girrard\AppData\Roaming\Orbit 2013-02-06 21:21 . 2013-02-06 21:21 -------- d-----w- c:\windows\Sun 2013-02-06 21:05 . 2013-02-06 21:05 -------- d-----w- c:\users\Girrard\AppData\Roaming\AnvSoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-28 08:36 . 2012-12-18 02:04 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-02-28 08:36 . 2012-12-18 02:04 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-02-28 08:36 . 2012-12-18 02:04 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-02-28 08:36 . 2012-12-18 02:04 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-02-28 08:36 . 2012-12-18 02:04 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-02-28 08:36 . 2012-12-18 02:04 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-02-28 08:36 . 2012-12-18 02:03 41664 ----a-w- c:\windows\avastSS.scr 2013-02-28 08:35 . 2012-12-18 02:04 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-26 21:03 . 2012-12-18 03:23 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 21:03 . 2012-12-18 03:23 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-12 13:08 . 2012-12-18 03:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-12 13:08 . 2012-12-18 03:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-02 00:08 . 2013-01-02 00:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-01-02 00:08 . 2013-01-02 00:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-02 00:08 . 2013-01-02 00:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-02 00:08 . 2013-01-02 00:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-12-24 22:30 . 2012-12-24 04:10 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys 2012-12-19 22:45 . 2012-12-19 22:45 222720 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 22:44 . 2012-12-19 22:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-12-19 22:44 . 2012-12-19 22:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-12-19 22:44 . 2012-12-19 22:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2012-12-19 22:44 . 2012-12-19 22:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-12-19 22:44 . 2012-12-19 22:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll 2012-12-19 22:38 . 2012-12-19 22:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-12-19 22:34 . 2012-12-19 22:34 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-19 22:34 . 2012-12-19 22:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll 2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-12-19 20:08 . 2011-04-20 02:07 1151488 ----a-w- c:\windows\system32\aticfx64.dll 2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll 2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-12-19 19:49 . 2011-04-20 01:49 7370752 ----a-w- c:\windows\system32\atidxx64.dll 2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2011-04-20 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll 2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-12-19 19:31 . 2012-12-19 19:31 104448 ----a-w- c:\windows\system32\atiu9p64.dll 2012-12-19 19:30 . 2012-12-19 19:30 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-18 16:16 . 2012-12-18 16:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-12-18 16:16 . 2012-12-18 16:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-12-18 16:16 . 2012-12-18 16:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-12-18 16:16 . 2012-12-18 16:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-12-18 16:16 . 2012-12-18 16:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-12-18 16:16 . 2012-12-18 16:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-12-18 16:16 . 2012-12-18 16:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-12-18 16:16 . 2012-12-18 16:16 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-12-18 16:16 . 2012-12-18 16:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-12-18 16:16 . 2012-12-18 16:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-18 16:16 . 2012-12-18 16:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-12-18 16:16 . 2012-12-18 16:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-12-18 16:16 . 2012-12-18 16:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-12-18 16:16 . 2012-12-18 16:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-12-18 16:16 . 2012-12-18 16:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-12-18 16:16 . 2012-12-18 16:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-12-18 16:16 . 2012-12-18 16:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-12-18 16:16 . 2012-12-18 16:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-12-18 16:16 . 2012-12-18 16:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-12-18 16:16 . 2012-12-18 16:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-12-18 16:16 . 2012-12-18 16:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-12-18 16:16 . 2012-12-18 16:16 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-18 16:16 . 2012-12-18 16:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-12-18 16:16 . 2012-12-18 16:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-12-18 16:16 . 2012-12-18 16:16 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-12-18 16:16 . 2012-12-18 16:16 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-12-18 16:16 . 2012-12-18 16:16 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-12-18 16:16 . 2012-12-18 16:16 82432 ----a-w- c:\windows\system32\icardie.dll 2012-12-18 16:16 . 2012-12-18 16:16 816640 ----a-w- c:\windows\system32\jscript.dll 2012-12-18 16:16 . 2012-12-18 16:16 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-12-18 16:16 . 2012-12-18 16:16 729088 ----a-w- c:\windows\system32\msfeeds.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-04-20 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-12-24 276256] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-08 584056] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-08 38144] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560] S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 848384] . . Contents of the 'Scheduled Tasks' folder . 2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 21:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/?ilc=14 mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5}: NameServer = 8.26.56.26,156.154.70.22 . - - - - ORPHANS REMOVED - - - - . BHO-{11111111-1111-1111-1111-110211181108} - c:\program files (x86)\Vid-Saver Extension\Vid-Saver Extension.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\debut.exe AddRemove-Free DVD ISO Burner (by minidvdsoft)_is1 - c:\users\Girrard\Desktop\Audio-Video\Free DVD ISO Burner\unins000.exe AddRemove-PS3 Media Server - c:\users\Girrard\Desktop\Audio-Video\PS3 Media Server\uninst.exe AddRemove-Total Video Converter 3.71_is1 - c:\users\Girrard\Desktop\Audio-Video\Total Video Converter\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-06 17:55:08 ComboFix-quarantined-files.txt 2013-03-07 00:55 . Pre-Run: 795,066,892,288 bytes free Post-Run: 794,510,708,736 bytes free . - - End Of File - - EE2FDAB2BB8DEF4C09BAB49289CAABAC
  7. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01 Ran by SYSTEM at 06-03-2013 17:14:12 Running from F:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-16] (Realtek Semiconductor) HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-02-28] (AVAST Software) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKU\Girrard\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-04-19] (AMD) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 AppInit_DLLs: C:\Windows\system32\guard64.dll Tcpip\..\Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}: [NameServer]8.26.56.26,156.154.70.22 Tcpip\..\Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5}: [NameServer]8.26.56.26,156.154.70.22 ==================== Services (Whitelisted) =================== 3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 2013-02-28] (AVAST Software) 2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO) ==================== Drivers (Whitelisted) ===================== 1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-02] () 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software) 0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] () 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software) 0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] () 1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO) 1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [38144 2012-11-07] (COMODO) 3 DigiartyVirtualCDBus; C:\Windows\System32\Drivers\DigiartyVirtualCDBus.sys [276256 2012-12-24] (Digiarty Software, Inc.) 1 inspect; C:\Windows\System32\Drivers\inspect.sys [94288 2012-11-07] (COMODO) 3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation ) 3 gdrv; \??\C:\Windows\gdrv.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-03-06 17:13 - 2013-03-06 17:13 - 00000000 ____D C:\FRST 2013-03-06 15:53 - 2013-03-06 15:53 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\Girrard\Desktop\unhide.exe 2013-03-06 15:52 - 2013-03-06 15:54 - 00002506 ____A C:\Users\Girrard\Desktop\unhide.txt 2013-03-06 12:05 - 2013-03-06 12:05 - 00015981 ____A C:\Users\Girrard\Desktop\dds.txt 2013-03-06 12:05 - 2013-03-06 12:05 - 00011788 ____A C:\Users\Girrard\Desktop\attach.txt 2013-03-06 10:52 - 2013-03-06 10:52 - 00001009 ____A C:\Users\Girrard\Desktop\Glary Undelete.lnk 2013-03-06 10:52 - 2013-03-06 10:52 - 00000170 ____A C:\Users\Girrard\Desktop\Glarysoft Freeware.url 2013-03-06 10:52 - 2013-03-06 10:52 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\GlarySoft 2013-03-06 08:32 - 2013-03-06 11:37 - 00000000 ____D C:\Users\Girrard\Desktop\various music recov 2013-03-06 08:32 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\aoe3 recov 2013-03-06 08:32 - 2013-03-06 09:06 - 00000000 ____D C:\Users\Girrard\Desktop\other recov 2013-03-06 08:17 - 2013-03-06 10:52 - 00000000 ____D C:\Program Files (x86)\Glary Undelete 2013-03-06 07:23 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\Malwarebytes' Anti-Malware 2013-03-06 05:16 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\Remo Recover 4.0 2013-03-06 05:16 - 2009-02-12 14:11 - 00026024 ____A (EldoS Corporation) C:\Windows\System32\Drivers\rsdrvx64.sys 2013-03-05 18:31 - 2013-03-05 18:31 - 00579488 ____A C:\Users\Girrard\Desktop\Presentation1.pptx 2013-03-05 17:26 - 2013-03-06 10:13 - 00000000 ____D C:\Users\Girrard\Desktop\Age of Empires III 2013-03-05 17:18 - 2013-03-05 20:02 - 00000000 ____D C:\Users\Girrard\Documents\DESKTOP STUFF 2013-03-05 16:36 - 2013-02-28 00:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-03-05 16:36 - 2013-02-28 00:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-03-05 16:22 - 2013-03-06 10:11 - 00000000 ____D C:\ProgramData\InstallMate 2013-03-05 16:22 - 2013-03-05 16:22 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\WinPatrol 2013-03-05 16:13 - 2013-03-05 16:14 - 00000000 ____D C:\Users\Girrard\MP3 Rocket 2013-03-05 10:29 - 2013-03-05 13:19 - 00000000 ____D C:\Users\Girrard\Desktop\player 2013-02-27 10:21 - 2013-03-05 16:38 - 00004438 ____A C:\Windows\PFRO.log 2013-02-27 10:01 - 2013-03-06 16:07 - 00005436 ____A C:\Windows\setupact.log 2013-02-27 10:01 - 2013-02-27 10:01 - 00000000 ____A C:\Windows\setuperr.log 2013-02-22 13:00 - 2013-02-22 13:00 - 00000000 ____D C:\Users\Girrard\Documents\wsInspector 2013-02-19 15:49 - 2013-03-05 13:01 - 00000000 ____D C:\Users\Girrard\Desktop\Movies 2013-02-09 11:16 - 2013-02-09 11:16 - 00000000 ____D C:\ProgramData\McAfee 2013-02-06 13:28 - 2013-02-06 13:28 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\ProgSense 2013-02-06 13:26 - 2013-03-05 10:15 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\Orbit 2013-02-06 13:21 - 2013-02-06 13:21 - 00000000 ____D C:\Windows\Sun 2013-02-06 13:20 - 2013-02-06 13:20 - 00000000 ____D C:\Users\Girrard\Documents\MyFlash 2013-02-06 13:05 - 2013-02-06 13:05 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\AnvSoft ==================== One Month Modified Files and Folders ======= 2013-03-06 17:13 - 2013-03-06 17:13 - 00000000 ____D C:\FRST 2013-03-06 16:10 - 2012-12-17 13:15 - 01136936 ____A C:\Windows\WindowsUpdate.log 2013-03-06 16:10 - 2009-07-13 20:45 - 00020512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-06 16:10 - 2009-07-13 20:45 - 00020512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-06 16:07 - 2013-02-27 10:01 - 00005436 ____A C:\Windows\setupact.log 2013-03-06 16:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-06 15:55 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-06 15:54 - 2013-03-06 15:52 - 00002506 ____A C:\Users\Girrard\Desktop\unhide.txt 2013-03-06 15:53 - 2013-03-06 15:53 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\Girrard\Desktop\unhide.exe 2013-03-06 15:03 - 2012-12-17 19:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-06 12:13 - 2012-12-18 13:40 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\uTorrent 2013-03-06 12:05 - 2013-03-06 12:05 - 00015981 ____A C:\Users\Girrard\Desktop\dds.txt 2013-03-06 12:05 - 2013-03-06 12:05 - 00011788 ____A C:\Users\Girrard\Desktop\attach.txt 2013-03-06 11:37 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\various music recov 2013-03-06 11:13 - 2012-12-17 20:04 - 00000000 ____D C:\Users\Girrard\Desktop\Docs 2013-03-06 10:52 - 2013-03-06 10:52 - 00001009 ____A C:\Users\Girrard\Desktop\Glary Undelete.lnk 2013-03-06 10:52 - 2013-03-06 10:52 - 00000170 ____A C:\Users\Girrard\Desktop\Glarysoft Freeware.url 2013-03-06 10:52 - 2013-03-06 10:52 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\GlarySoft 2013-03-06 10:52 - 2013-03-06 08:17 - 00000000 ____D C:\Program Files (x86)\Glary Undelete 2013-03-06 10:13 - 2013-03-05 17:26 - 00000000 ____D C:\Users\Girrard\Desktop\Age of Empires III 2013-03-06 10:13 - 2012-12-17 13:16 - 00000000 ____D C:\users\Girrard 2013-03-06 10:12 - 2013-01-11 23:33 - 00000000 ____D C:\Users\Girrard\Desktop\Civ IV 2013-03-06 10:12 - 2012-12-18 17:18 - 00000000 ____D C:\Users\Girrard\Desktop\hijackthis 2013-03-06 10:12 - 2012-12-18 13:36 - 00000000 ____D C:\Users\Girrard\Desktop\League of Legends 2013-03-06 10:12 - 2012-12-17 18:33 - 00000000 ____D C:\Users\Girrard\Desktop\Comodo 2013-03-06 10:11 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\aoe3 recov 2013-03-06 10:11 - 2013-03-06 07:23 - 00000000 ____D C:\Users\Girrard\Desktop\Malwarebytes' Anti-Malware 2013-03-06 10:11 - 2013-03-06 05:16 - 00000000 ____D C:\Users\Girrard\Desktop\Remo Recover 4.0 2013-03-06 10:11 - 2013-03-05 16:22 - 00000000 ____D C:\ProgramData\InstallMate 2013-03-06 10:11 - 2012-12-17 13:16 - 00000000 ____D C:\Users\Girrard\AppData\Local\VirtualStore 2013-03-06 10:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-03-06 09:06 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\other recov 2013-03-05 20:02 - 2013-03-05 17:18 - 00000000 ____D C:\Users\Girrard\Documents\DESKTOP STUFF 2013-03-05 18:31 - 2013-03-05 18:31 - 00579488 ____A C:\Users\Girrard\Desktop\Presentation1.pptx 2013-03-05 16:44 - 2012-12-17 19:22 - 00000000 ____D C:\ProgramData\Adobe 2013-03-05 16:38 - 2013-02-27 10:21 - 00004438 ____A C:\Windows\PFRO.log 2013-03-05 16:36 - 2012-12-17 18:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-03-05 16:30 - 2012-12-17 19:38 - 00000000 ____D C:\Program Files (x86)\Java 2013-03-05 16:30 - 2012-12-17 19:12 - 00003981 ____A C:\Windows\SysWOW64\jupdate-1.6.0_01-b06.log 2013-03-05 16:22 - 2013-03-05 16:22 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\WinPatrol 2013-03-05 16:14 - 2013-03-05 16:13 - 00000000 ____D C:\Users\Girrard\MP3 Rocket 2013-03-05 16:07 - 2012-12-17 19:09 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\MP3Rocket 2013-03-05 13:19 - 2013-03-05 10:29 - 00000000 ____D C:\Users\Girrard\Desktop\player 2013-03-05 13:01 - 2013-02-19 15:49 - 00000000 ____D C:\Users\Girrard\Desktop\Movies 2013-03-05 10:15 - 2013-02-06 13:26 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\Orbit 2013-03-03 19:33 - 2012-12-17 19:21 - 00000000 ____D C:\Users\Girrard\Incomplete 2013-03-03 18:34 - 2012-12-23 19:21 - 00000000 ____D C:\ProgramData\DVD Shrink 2013-03-03 17:25 - 2012-12-18 06:36 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\NCH Software 2013-03-03 17:25 - 2012-12-18 06:36 - 00000000 ____D C:\ProgramData\NCH Software 2013-02-28 00:36 - 2013-03-05 16:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-02-28 00:36 - 2013-03-05 16:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-02-28 00:36 - 2012-12-17 18:04 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-02-28 00:36 - 2012-12-17 18:04 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-02-28 00:36 - 2012-12-17 18:04 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-02-28 00:36 - 2012-12-17 18:04 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2013-02-28 00:36 - 2012-12-17 18:04 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-02-28 00:36 - 2012-12-17 18:04 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-02-28 00:36 - 2012-12-17 18:03 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-02-28 00:35 - 2012-12-17 18:04 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-02-27 10:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-02-27 10:01 - 2013-02-27 10:01 - 00000000 ____A C:\Windows\setuperr.log 2013-02-27 07:09 - 2013-01-25 20:18 - 00000000 ____D C:\Windows\Minidump 2013-02-27 07:09 - 2012-12-17 14:06 - 00000000 ____D C:\Windows\Panther 2013-02-27 07:03 - 2013-01-06 11:04 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\wsInspector 2013-02-26 13:03 - 2012-12-17 19:23 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-02-26 13:03 - 2012-12-17 19:23 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-02-22 13:00 - 2013-02-22 13:00 - 00000000 ____D C:\Users\Girrard\Documents\wsInspector 2013-02-20 07:44 - 2013-01-17 07:36 - 00000000 ____D C:\ProgramData\YTD Video Downloader 2013-02-16 12:10 - 2012-12-20 13:52 - 00000000 ____D C:\!~dvdAuthorTempDir~ 2013-02-13 07:35 - 2012-12-18 10:39 - 00000000 ____D C:\Users\Girrard\Desktop\PS3 2013-02-12 05:08 - 2012-12-17 19:39 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-02-12 05:08 - 2012-12-17 19:39 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-02-09 11:16 - 2013-02-09 11:16 - 00000000 ____D C:\ProgramData\McAfee 2013-02-06 13:28 - 2013-02-06 13:28 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\ProgSense 2013-02-06 13:21 - 2013-02-06 13:21 - 00000000 ____D C:\Windows\Sun 2013-02-06 13:20 - 2013-02-06 13:20 - 00000000 ____D C:\Users\Girrard\Documents\MyFlash 2013-02-06 13:05 - 2013-02-06 13:05 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\AnvSoft 2013-02-06 12:38 - 2013-01-29 07:12 - 00000000 ____A C:\Windows\Infob.dat 2013-02-06 12:38 - 2013-01-29 07:12 - 00000000 ____A C:\Windows\Infoa.dat ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-06 05:00:12 Restore point made on: 2013-03-06 10:08:53 Restore point made on: 2013-03-06 10:19:51 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8189.55 MB Available physical RAM: 7404.34 MB Total Pagefile: 8187.7 MB Available Pagefile: 7393.14 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:740.48 GB) NTFS 3 Drive f: (USB20FD) (Removable) (Total:14.92 GB) (Free:14.87 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Disk ID: 9AF280C4 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 931 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 04030201 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 5272 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F USB20FD FAT32 Removable 14 GB Healthy ========================================================= Last Boot: 2013-03-05 13:42 ==================== End Of Log =============================
  8. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Girrard at 13:04:39 on 2013-03-06 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.5929 [GMT -7:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Users\Girrard\Desktop\uTorrent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Glary Undelete\undelete.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\mmc.exe C:\Windows\explorer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?ilc=14 uWindow Title = Internet Explorer, optimized for Bing and MSN mWinlogon: Userinit = userinit.exe BHO: Vid-Saver Extension: {11111111-1111-1111-1111-110211181108} - C:\Program Files (x86)\Vid-Saver Extension\Vid-Saver Extension.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" uRun: [uTorrent] "C:\Users\Girrard\Desktop\uTorrent.exe" /MINIMIZED mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Download by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5} : NameServer = 8.26.56.26,156.154.70.22 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-5 65408] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-5 177672] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-17 21616] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-17 1025880] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-17 377992] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-7 38144] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-17 33472] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-17 80888] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-5 45248] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-17 104560] R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;C:\Windows\System32\drivers\rtl8192cu.sys [2012-12-17 848384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-17 46136] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2012-12-23 276256] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-1-9 97040] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] . =============== Created Last 30 ================ . 2013-03-06 18:52:17 -------- d-----w- C:\Users\Girrard\AppData\Roaming\GlarySoft 2013-03-06 16:17:47 -------- d-----w- C:\Program Files (x86)\Glary Undelete 2013-03-06 13:16:58 26024 ----a-w- C:\Windows\System32\drivers\rsdrvx64.sys 2013-03-06 00:36:36 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 00:36:35 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-03-06 00:22:55 -------- d-----w- C:\Users\Girrard\AppData\Roaming\WinPatrol 2013-03-06 00:22:52 -------- d-----w- C:\ProgramData\InstallMate 2013-03-06 00:13:30 -------- d-----w- C:\Users\Girrard\MP3 Rocket 2013-02-22 21:00:44 -------- d-----w- C:\Users\Girrard\Startup Inspector for Windows 2013-02-06 21:28:05 -------- d-----w- C:\Downloads 2013-02-06 21:28:04 -------- d-----w- C:\Users\Girrard\AppData\Roaming\ProgSense 2013-02-06 21:05:14 -------- d-----w- C:\Users\Girrard\AppData\Roaming\AnvSoft . ==================== Find3M ==================== . 2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-02-28 08:36:07 41664 ----a-w- C:\Windows\avastSS.scr 2013-02-26 21:03:28 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 21:03:28 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-12 13:08:00 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-12 13:08:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-24 22:30:49 276256 ----a-w- C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys 2012-12-19 22:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe 2012-12-19 22:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-12-19 22:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-12-19 22:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-12-19 22:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-12-19 22:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll 2012-12-19 22:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-12-19 22:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-12-19 22:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll 2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll 2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll 2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe 2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll 2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll 2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-12-18 02:25:01 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-12-18 02:25:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-12-18 02:25:00 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-12-17 22:09:59 0 ----a-w- C:\Windows\ativpsrm.bin . ============= FINISH: 13:05:07.32 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/17/2012 2:15:56 PM System Uptime: 3/6/2013 11:13:13 AM (2 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 749.394 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 0 GiB total, 0.031 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP78: 3/6/2013 6:00:03 AM - Installed Java 6 Update 39 RP79: 3/6/2013 11:08:42 AM - Restore Operation RP80: 3/6/2013 11:19:40 AM - Windows Backup . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 (x64 edition) Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Age of Empires III AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI AVIVO64 Codecs avast! Free Antivirus Belkin N300 Micro USB Wireless Adapter Canon iP2700 series Printer Driver Canon iP2700 series User Registration Canon Utilities My Printer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Spanish COMODO Internet Security Debut Video Capture Software DVD43 Plug-in v1.0.0.5 ffdshow v1.1.4369 [2012-03-03] Free DVD ISO Burner version 1.2 Glary Undelete 1.8.0.468 HydraVision Java 7 Update 17 Java Auto Updater Java SE Runtime Environment 6 Update 1 League of Legends Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft VC9 runtime libraries Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MP3 Rocket neroxml ON_OFF Charge B11.1102.1 PS3 Media Server Realtek High Definition Audio Driver Sid Meier's Civilization 4 Complete Sid Meier's Civilization IV Colonization The Lord of the Rings FREE Trial Total Video Converter 3.71 100812 Vid-Saver Extension WinPatrol Xiph.Org Open Codecs 0.85.17777 . ==== Event Viewer Messages From Past Week ======== . 3/6/2013 9:24:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 3/6/2013 11:01:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/6/2013 11:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/6/2013 11:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/6/2013 11:01:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/6/2013 11:01:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/6/2013 11:01:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/6/2013 11:01:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/6/2013 11:01:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp CSC DfsC discache ElRawDisk inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/6/2013 10:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 3/6/2013 10:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 3/6/2013 1:56:28 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 3/5/2013 2:57:51 PM, Error: Service Control Manager [7034] - The PS3 Media Server service terminated unexpectedly. It has done this 1 time(s). 3/5/2013 10:29:15 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error The system cannot join or substitute a drive to or for a directory on the same drive.. 2/27/2013 8:36:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADDISON-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}. The master browser is stopping or an election is being forced. 2/27/2013 2:55:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}. The master browser is stopping or an election is being forced. 2/27/2013 11:17:10 AM, Error: Service Control Manager [7030] - The PS3 Media Server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/27/2013 11:12:03 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error Incorrect function.. 2/27/2013 10:29:22 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/27/2013 10:29:22 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/27/2013 10:29:22 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 2/27/2013 10:29:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} . ==== End Of File ===========================
  9. So, two days ago: business as usual. Yesterday morning, SOME (not all) random programs (MP3 Rocket, PS3 Media Server, and some others) would not open. Yesteday late-afternoon. Some file folders went missing (Age Of Empires III, all of me Media Dowload files and folders.) No sign of Malware. Today, MORE Folders are gone-- practically everything. I tried a System restore point-- only one exists-- from yesterday morning. (I never deleted any old restore points, and had set the maximum amount of memory allotment.) First, HiJackThis log came back fine. Then,I tried several antivirus software in Safe Mode (Malwarebytes, Avast, and SuperAntiSpyware) as well as many undelete programs. More files wound up missing upon restart and boot into Normal Mode. Used the only system restore point and got back several EMPTY folders! Now, ALL of my really important files are GONE! All backup options seem to be gone, and there is STILL no sign of Malware!!! HELP.... please?
  10. Affirmative. Long time without issue, now I'm sinking fast. I've been busy restoring existing folders to previous versions, and during that time, other files have been lost (no restarting needed)
  11. So, two days ago: business as usual. Yesterday morning, SOME (not all) random programs (MP3 Rocket, PS3 Media Server, and some others) would not open. Yesteday late-afternoon. Some file folders went missing (Age Of Empires III, all of me Media Dowload files and folders.) No sign of Malware. Today, MORE Folders are gone-- practically everything. I tried a System restore point-- only one exists-- from yesterday morning. (I never deleted any old restore points, and had set the maximum amount of memory allotment.) First, HiJackThis log came back fine. Then,I tried several antivirus software in Safe Mode (Malwarebytes, Avast, and SuperAntiSpyware) as well as many undelete programs. More files wound up missing upon restart and boot into Normal Mode. Used the only system restore point and got back several EMPTY folders! Now, ALL of my really important files are GONE! All backup options seem to be gone, and there is STILL no sign of Malware!!! HELP.... please?
  12. Nope, no dice... I've run several virus/'malware scans... nothing detected anywhere.
  13. First of all I am running Win 7. I was attempting to delete some files with the filename "irunin" .exe, and two others. While attempting to delete through cmd.exe I was advised to stop the explorer.exe process. In doing so, many of my icons were lost (including several GB worth of videos.) The files still would not delete, and I noticed my homepage was changed as well. I determined a virus was the culprit and did a system restore from a point two days ago when everything was fine. The desktop items are still gone, and I've fond no way to reclaim them, even though they have been on my computer for months. Any help would be appreciated.