Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Redirect vrius, AVG won't run, PC fails to boot if restarted. Help Please.


(!)

rad_man's Avatar
rad_man rad_man is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
14-Jan-2012, 11:28 PM #1
Unhappy Redirect vrius, AVG won't run, PC fails to boot if restarted. Help Please.
My PC has a redirect virus, I've scanned with malware bytes and avg in safe mode without networking, nothing. It fails to boot until system restored, which says it fails but boots up after anyway. MY AVG will not run when the system boots, it is somehow disabled, only option is to reinstall. If you see from the logs I've installed it a few times.

Logs are as follows:

HIJACK THIS

Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:51 PM, on 1/14/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Xanifur\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SDLService - Unknown owner - C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11139 bytes
DDS LOG
Quote:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Xanifur at 21:10:00 on 2012-01-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2190 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:

\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\RGSCLauncher.exe /silent
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application

\nusb3mon.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
StartupFolder: C:\Users\Xanifur\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MAGICD~1.LNK - C:

\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program

Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE03B44F-E67B-4246-B482-EE88EF49D3DA} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE195196-E8D1-40BE-A42B-D5AFDC2C7C58} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:

\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG

\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO-X64: WinZip Courier BHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application

\nusb3mon.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:

\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Xanifur\AppData\Roaming\Mozilla\Firefox\Profiles\y4evcqwl.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS

\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS

\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS

\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:

\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys

[?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows

\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

[2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows

\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10

-3 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24

55424]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe

[2011-7-10 68136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-

15 2329480]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-7-10 72304]
R2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2011-7-10 88064]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS

\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS

\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS

\AVGIDSFilter.Sys [?]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-10 30528]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys -->

C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows

\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:

\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2011-7-10 17392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS

\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

[2011-8-18 7390560]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-10

136176]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-10

136176]
.
=============== Created Last 30 ================
.
2012-01-15 02:41:00 -------- d-----w- C:\Windows\pss
2012-01-14 23:12:42 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-01-13 21:07:05 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-01-13 21:07:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-01-13 21:04:21 -------- d-----w- C:\Users\Xanifur\AppData\Roaming\AVG2012
2012-01-12 03:03:19 -------- d-----w- C:\Users\Xanifur\AppData\Roaming\Mumble
2012-01-12 03:03:19 -------- d-----w- C:\Users\Xanifur\AppData\Local\Mumble
2012-01-12 03:03:08 -------- d-----w- C:\Program Files (x86)\Mumble
2012-01-11 23:43:19 -------- d-----w- C:\Users\Xanifur\AppData\Local\Futuremark
2012-01-11 23:43:07 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-01-11 21:47:03 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-11 21:47:03 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-11 21:47:03 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 21:47:03 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 04:53:13 -------- d-----w- C:\Users\Xanifur\AppData\Local\SecondLife
2012-01-11 04:52:47 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-24 08:22:21 -------- d-----w- C:\Users\Xanifur\AppData\Roaming\Malwarebytes
2011-12-24 08:09:29 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-24 08:09:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-24 08:09:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-24 03:55:59 -------- d--h--w- C:\Windows\msdownld.tmp
2011-12-24 03:55:58 -------- d-----w- C:\Windows\SysWow64\directx
2011-12-22 01:12:38 -------- d-----we C:\Windows\system64
.
==================== Find3M ====================
.
2012-01-15 02:37:57 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-01-15 02:37:32 25640 ----a-w- C:\Windows\gdrv.sys
2012-01-12 01:24:43 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-12 01:24:43 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-12 01:24:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-10 02:29:38 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-22 01:24:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 18:10:21 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
.
============= FINISH: 21:10:21.36 ===============
See Attachment. Thanks guys.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,324 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
15-Jan-2012, 12:00 AM #2
Hi and Welcome.

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
__________________
Unanswered threads for 5 days will no longer be part of my subscriptions.
rad_man's Avatar
rad_man rad_man is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
15-Jan-2012, 03:18 AM #3
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by SYSTEM at 2012-01-15 00:46:29
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-03] (Advanced Micro Devices, Inc.)
HKU\Xanifur\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-07-22] (Valve Corporation)
HKU\Xanifur\...\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [1496528 2011-09-02] (TrueCrypt Foundation)
HKU\Xanifur\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Xanifur\...\Run: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\RGSCLauncher.exe /silent [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
HKLM-x32\...\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe [20480 2007-07-26] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7390560 2011-08-17] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
2 SDLService; "C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe" [88064 2010-02-23] ()
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]

========================== Drivers (Whitelisted) =============

3 AODDriver; \??\C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-10] (DT Soft Ltd)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-01-14] (Windows (R) Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-01-14] ()
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [115312 2010-01-27] (JMicron Technology Corp.)
3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-12] (ManyCam LLC.)
3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2009-11-20] (NEC Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [177152 2009-11-20] (NEC Electronics Corporation)
3 rtkio; \??\C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-20] (Windows (R) Codename Longhorn DDK provider)
3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-14 22:40 - 2012-01-14 22:40 - 1379549 ____A C:\Users\Xanifur\Downloads\FRST64.exe
2012-01-14 22:32 - 2012-01-14 22:32 - 0007621 ____A C:\Users\Xanifur\AppData\Local\Resmon.ResmonCfg
2012-01-14 19:38 - 2012-01-14 19:38 - 0000531 ____A C:\Windows\KB893803v2.log
2012-01-14 19:17 - 2012-01-14 19:17 - 0509440 ____A (Tech Support Guy System) C:\Users\Xanifur\Downloads\SysInfo.exe
2012-01-14 19:15 - 2012-01-14 19:20 - 0017140 ____A C:\Users\Xanifur\Desktop\DDS.txt
2012-01-14 19:14 - 2012-01-14 19:20 - 0011975 ____A C:\Users\Xanifur\Desktop\Attach.txt
2012-01-14 19:09 - 2012-01-14 19:09 - 0607260 ____R (Swearware) C:\Users\Xanifur\Downloads\dds.com
2012-01-14 18:48 - 2012-01-14 18:48 - 0011141 ____A C:\Users\Xanifur\Desktop\hijackthis.log
2012-01-14 18:46 - 2012-01-14 18:46 - 0011141 ____A C:\Users\Xanifur\Downloads\hijackthis.log
2012-01-14 18:43 - 2012-01-14 18:43 - 0388608 ____A (Trend Micro Inc.) C:\Users\Xanifur\Downloads\HijackThis.exe
2012-01-14 18:41 - 2012-01-14 18:41 - 0000000 ____D C:\Windows\pss
2012-01-14 18:40 - 2012-01-14 18:40 - 0089894 ____A C:\Users\Xanifur\Documents\cc_20120114_203949 1-14-12.reg
2012-01-14 15:12 - 2012-01-14 20:03 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-01-14 15:08 - 2012-01-14 15:09 - 163649328 ____A (AVG Technologies) C:\Users\Xanifur\Downloads\avg_free_x64_all_2012_1901a4695.exe
2012-01-14 15:07 - 2012-01-14 15:07 - 0001014 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-01-14 15:06 - 2012-01-14 15:06 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3(1).msi
2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-01-13 13:04 - 2012-01-13 13:04 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\AVG2012
2012-01-11 19:09 - 2012-01-11 19:09 - 0002378 ____A C:\Users\Xanifur\Documents\MumbleAutomaticCertificateBackup.p12
2012-01-11 19:03 - 2012-01-14 19:35 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Mumble
2012-01-11 19:03 - 2012-01-14 15:07 - 0000000 ____D C:\Program Files (x86)\Mumble
2012-01-11 19:03 - 2012-01-11 19:03 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Mumble
2012-01-11 19:01 - 2012-01-11 19:02 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3.msi
2012-01-11 15:43 - 2012-01-14 16:57 - 0000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-01-11 15:43 - 2012-01-11 15:43 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Futuremark
2012-01-10 20:53 - 2012-01-12 22:54 - 0000000 ____D C:\Users\Xanifur\AppData\Local\SecondLife
2012-01-10 20:53 - 2012-01-10 20:53 - 0001139 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk
2012-01-10 20:53 - 2012-01-10 20:53 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\SecondLife
2012-01-10 20:52 - 2012-01-14 16:57 - 0000000 ____D C:\Program Files (x86)\SecondLifeViewer
2012-01-10 20:51 - 2012-01-10 20:52 - 29343312 ____A C:\Users\Xanifur\Downloads\Second_Life_3-2-5-247236_Setup.exe
2011-12-24 02:28 - 2011-12-24 02:28 - 0000000 ____A C:\Windows\SysWOW64\4e4e104.com.b
2011-12-24 02:01 - 2012-01-14 22:27 - 0000350 ____A C:\Windows\Tasks\At2.job
2011-12-24 02:01 - 2012-01-14 22:27 - 0000348 ____A C:\Windows\Tasks\At1.job
2011-12-24 02:01 - 2012-01-14 21:27 - 0000350 ____A C:\Windows\Tasks\At48.job
2011-12-24 02:01 - 2012-01-14 21:27 - 0000348 ____A C:\Windows\Tasks\At47.job
2011-12-24 02:01 - 2012-01-14 20:27 - 0000350 ____A C:\Windows\Tasks\At46.job
2011-12-24 02:01 - 2012-01-14 20:27 - 0000348 ____A C:\Windows\Tasks\At45.job
2011-12-24 02:01 - 2012-01-14 19:27 - 0000350 ____A C:\Windows\Tasks\At44.job
2011-12-24 02:01 - 2012-01-14 19:27 - 0000348 ____A C:\Windows\Tasks\At43.job
2011-12-24 02:01 - 2012-01-14 15:02 - 0000348 ____A C:\Windows\Tasks\At39.job
2011-12-24 02:01 - 2012-01-11 18:27 - 0000350 ____A C:\Windows\Tasks\At42.job
2011-12-24 02:01 - 2012-01-11 18:27 - 0000348 ____A C:\Windows\Tasks\At41.job
2011-12-24 02:01 - 2012-01-11 17:27 - 0000350 ____A C:\Windows\Tasks\At40.job
2011-12-24 02:01 - 2012-01-11 16:27 - 0000350 ____A C:\Windows\Tasks\At38.job
2011-12-24 02:01 - 2012-01-11 16:27 - 0000348 ____A C:\Windows\Tasks\At37.job
2011-12-24 02:01 - 2012-01-11 15:27 - 0000350 ____A C:\Windows\Tasks\At36.job
2011-12-24 02:01 - 2012-01-11 15:27 - 0000348 ____A C:\Windows\Tasks\At35.job
2011-12-24 02:01 - 2012-01-11 14:27 - 0000350 ____A C:\Windows\Tasks\At34.job
2011-12-24 02:01 - 2012-01-11 14:27 - 0000348 ____A C:\Windows\Tasks\At33.job
2011-12-24 02:01 - 2012-01-11 13:27 - 0000350 ____A C:\Windows\Tasks\At32.job
2011-12-24 02:01 - 2012-01-11 13:27 - 0000348 ____A C:\Windows\Tasks\At31.job
2011-12-24 02:01 - 2012-01-11 12:27 - 0000350 ____A C:\Windows\Tasks\At30.job
2011-12-24 02:01 - 2012-01-11 12:27 - 0000348 ____A C:\Windows\Tasks\At29.job
2011-12-24 02:01 - 2012-01-11 11:27 - 0000350 ____A C:\Windows\Tasks\At28.job
2011-12-24 02:01 - 2012-01-11 11:27 - 0000348 ____A C:\Windows\Tasks\At27.job
2011-12-24 02:01 - 2012-01-11 10:27 - 0000350 ____A C:\Windows\Tasks\At26.job
2011-12-24 02:01 - 2012-01-11 10:27 - 0000348 ____A C:\Windows\Tasks\At25.job
2011-12-24 02:01 - 2012-01-11 09:27 - 0000350 ____A C:\Windows\Tasks\At24.job
2011-12-24 02:01 - 2012-01-11 09:27 - 0000348 ____A C:\Windows\Tasks\At23.job
2011-12-24 02:01 - 2012-01-11 08:27 - 0000350 ____A C:\Windows\Tasks\At22.job
2011-12-24 02:01 - 2012-01-11 08:27 - 0000348 ____A C:\Windows\Tasks\At21.job
2011-12-24 02:01 - 2012-01-11 07:27 - 0000350 ____A C:\Windows\Tasks\At20.job
2011-12-24 02:01 - 2012-01-11 07:27 - 0000348 ____A C:\Windows\Tasks\At19.job
2011-12-24 02:01 - 2012-01-11 06:27 - 0000350 ____A C:\Windows\Tasks\At18.job
2011-12-24 02:01 - 2012-01-11 06:27 - 0000348 ____A C:\Windows\Tasks\At17.job
2011-12-24 02:01 - 2012-01-11 05:27 - 0000350 ____A C:\Windows\Tasks\At16.job
2011-12-24 02:01 - 2012-01-11 05:27 - 0000348 ____A C:\Windows\Tasks\At15.job
2011-12-24 02:01 - 2012-01-11 04:27 - 0000350 ____A C:\Windows\Tasks\At14.job
2011-12-24 02:01 - 2012-01-11 04:27 - 0000348 ____A C:\Windows\Tasks\At13.job
2011-12-24 02:01 - 2012-01-11 03:27 - 0000350 ____A C:\Windows\Tasks\At12.job
2011-12-24 02:01 - 2012-01-11 03:27 - 0000348 ____A C:\Windows\Tasks\At11.job
2011-12-24 02:01 - 2012-01-11 02:27 - 0000350 ____A C:\Windows\Tasks\At10.job
2011-12-24 02:01 - 2012-01-11 02:27 - 0000348 ____A C:\Windows\Tasks\At9.job
2011-12-24 02:01 - 2012-01-11 01:27 - 0000350 ____A C:\Windows\Tasks\At8.job
2011-12-24 02:01 - 2012-01-11 01:27 - 0000348 ____A C:\Windows\Tasks\At7.job
2011-12-24 02:01 - 2012-01-11 00:27 - 0000350 ____A C:\Windows\Tasks\At6.job
2011-12-24 02:01 - 2012-01-11 00:27 - 0000348 ____A C:\Windows\Tasks\At5.job
2011-12-24 02:01 - 2012-01-10 23:27 - 0000350 ____A C:\Windows\Tasks\At4.job
2011-12-24 02:01 - 2012-01-10 23:27 - 0000348 ____A C:\Windows\Tasks\At3.job
2011-12-24 02:01 - 2011-12-24 02:29 - 0000112 ____A C:\Users\All Users\4phy5Je.dat
2011-12-24 02:01 - 2011-12-24 02:29 - 0000112 ____A C:\ProgramData\4phy5Je.dat
2011-12-24 00:22 - 2012-01-14 16:54 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Malwarebytes
2011-12-24 00:09 - 2012-01-14 16:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-24 00:09 - 2012-01-14 16:53 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-24 00:09 - 2012-01-14 16:53 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-24 00:09 - 2011-12-24 00:09 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Xanifur\Downloads\mbam-setup-1.51.2.1300.exe
2011-12-24 00:09 - 2011-12-10 13:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-23 19:55 - 2012-01-14 16:55 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-12-23 19:55 - 2011-12-23 19:55 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-12-22 01:38 - 2011-12-22 01:38 - 0001395 _RASH C:\Windows\System32\Drivers\etc\hosts
2011-12-21 17:24 - 2012-01-14 16:54 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____D C:\Windows\system64
2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____A C:\Users\Xanifur\AppData\Roaming\RVtTj.txt


============ 3 Months Modified Files and Folders =============

2012-01-15 00:46 - 2012-01-15 00:46 - 0000000 ____D C:\FRST
2012-01-14 22:43 - 2011-07-09 22:58 - 0000291 ____A C:\service.log
2012-01-14 22:43 - 2011-07-09 22:51 - 0219091 ____A C:\Windows\WindowsUpdate.log
2012-01-14 22:42 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-14 22:40 - 2012-01-14 22:40 - 1379549 ____A C:\Users\Xanifur\Downloads\FRST64.exe
2012-01-14 22:33 - 2011-07-10 16:16 - 0000000 ____D C:\Users\All Users\MFAData
2012-01-14 22:33 - 2011-07-10 16:16 - 0000000 ____D C:\ProgramData\MFAData
2012-01-14 22:32 - 2012-01-14 22:32 - 0007621 ____A C:\Users\Xanifur\AppData\Local\Resmon.ResmonCfg
2012-01-14 22:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At2.job
2012-01-14 22:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At1.job
2012-01-14 21:55 - 2011-07-10 14:11 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-14 21:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At48.job
2012-01-14 21:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At47.job
2012-01-14 21:23 - 2011-07-09 23:30 - 0000000 ____D C:\Program Files (x86)\Steam
2012-01-14 21:10 - 2011-07-29 17:42 - 1275152 ____A C:\shared.log
2012-01-14 20:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At46.job
2012-01-14 20:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At45.job
2012-01-14 20:25 - 2011-07-12 18:29 - 0281880 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-01-14 20:25 - 2011-07-12 18:28 - 0281880 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-01-14 20:25 - 2011-07-12 18:28 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-01-14 20:23 - 2011-07-10 16:50 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-01-14 20:22 - 2011-07-20 17:33 - 0000000 ____D C:\Program Files\iTunes
2012-01-14 20:22 - 2011-07-20 17:33 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\ProgramData\Apple Computer
2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files\Bonjour
2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-14 20:22 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-01-14 20:22 - 2011-07-10 16:50 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-01-14 20:22 - 2011-07-10 14:48 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Rainmeter
2012-01-14 20:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-01-14 20:19 - 2011-10-14 13:53 - 0000000 ____D C:\Users\All Users\AVG2012
2012-01-14 20:19 - 2011-10-14 13:53 - 0000000 ____D C:\ProgramData\AVG2012
2012-01-14 20:19 - 2011-07-20 17:33 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-14 20:19 - 2011-07-20 17:33 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-14 20:19 - 2011-07-20 17:33 - 0000000 ____D C:\Program Files\iPod
2012-01-14 20:19 - 2011-07-20 17:32 - 0000000 ____D C:\Users\All Users\Apple
2012-01-14 20:19 - 2011-07-20 17:32 - 0000000 ____D C:\ProgramData\Apple
2012-01-14 20:19 - 2011-07-10 16:53 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\AVG10
2012-01-14 20:19 - 2011-07-10 16:49 - 0000000 ____D C:\Program Files (x86)\AVG
2012-01-14 20:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-01-14 20:03 - 2012-01-14 15:12 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-01-14 19:38 - 2012-01-14 19:38 - 0000531 ____A C:\Windows\KB893803v2.log
2012-01-14 19:38 - 2011-10-20 21:34 - 0000983 ____A C:\Users\Public\Desktop\Origin.lnk
2012-01-14 19:38 - 2011-07-29 17:14 - 0000000 ____D C:\Program Files (x86)\Origin
2012-01-14 19:35 - 2012-01-11 19:03 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Mumble
2012-01-14 19:32 - 2011-07-11 22:13 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\BitTorrent
2012-01-14 19:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At44.job
2012-01-14 19:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At43.job
2012-01-14 19:20 - 2012-01-14 19:15 - 0017140 ____A C:\Users\Xanifur\Desktop\DDS.txt
2012-01-14 19:20 - 2012-01-14 19:14 - 0011975 ____A C:\Users\Xanifur\Desktop\Attach.txt
2012-01-14 19:17 - 2012-01-14 19:17 - 0509440 ____A (Tech Support Guy System) C:\Users\Xanifur\Downloads\SysInfo.exe
2012-01-14 19:09 - 2012-01-14 19:09 - 0607260 ____R (Swearware) C:\Users\Xanifur\Downloads\dds.com
2012-01-14 18:48 - 2012-01-14 18:48 - 0011141 ____A C:\Users\Xanifur\Desktop\hijackthis.log
2012-01-14 18:46 - 2012-01-14 18:46 - 0011141 ____A C:\Users\Xanifur\Downloads\hijackthis.log
2012-01-14 18:44 - 2009-07-13 20:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-14 18:44 - 2009-07-13 20:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-14 18:43 - 2012-01-14 18:43 - 0388608 ____A (Trend Micro Inc.) C:\Users\Xanifur\Downloads\HijackThis.exe
2012-01-14 18:41 - 2012-01-14 18:41 - 0000000 ____D C:\Windows\pss
2012-01-14 18:41 - 2011-10-18 20:10 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Winamp
2012-01-14 18:41 - 2011-07-10 16:36 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\DAEMON Tools Lite
2012-01-14 18:40 - 2012-01-14 18:40 - 0089894 ____A C:\Users\Xanifur\Documents\cc_20120114_203949 1-14-12.reg
2012-01-14 18:37 - 2011-09-12 17:08 - 0000000 ____D C:\Users\Xanifur\AppData\Local\LogMeIn Hamachi
2012-01-14 18:37 - 2011-07-10 14:11 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-14 18:37 - 2011-07-09 23:08 - 0030528 ____A C:\Windows\GVTDrv64.sys
2012-01-14 18:37 - 2011-07-09 23:08 - 0000004 ____A C:\Windows\SysWOW64\GVTunner.ref
2012-01-14 18:37 - 2011-07-09 23:07 - 0025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-01-14 18:37 - 2011-07-09 22:49 - 0000000 ____D C:\users\Xanifur
2012-01-14 18:37 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-14 18:36 - 2011-07-10 16:50 - 0000000 ____D C:\Users\All Users\AVG10
2012-01-14 18:36 - 2011-07-10 16:50 - 0000000 ____D C:\ProgramData\AVG10
2012-01-14 18:36 - 2011-07-10 00:44 - 3219300352 __ASH C:\hiberfil.sys
2012-01-14 18:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-14 16:57 - 2012-01-11 15:43 - 0000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-01-14 16:57 - 2012-01-10 20:52 - 0000000 ____D C:\Program Files (x86)\SecondLifeViewer
2012-01-14 16:57 - 2011-12-24 00:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-14 16:57 - 2011-11-13 19:16 - 0000000 ____D C:\LANoire
2012-01-14 16:57 - 2011-07-09 23:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-14 16:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-14 16:56 - 2011-07-29 17:14 - 0000000 ____D C:\Users\All Users\Origin
2012-01-14 16:56 - 2011-07-29 17:14 - 0000000 ____D C:\ProgramData\Origin
2012-01-14 16:56 - 2011-07-11 17:38 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\vlc
2012-01-14 16:56 - 2011-07-10 14:21 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Ventrilo
2012-01-14 16:55 - 2011-12-23 19:55 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-01-14 16:54 - 2011-12-24 00:22 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Malwarebytes
2012-01-14 16:54 - 2011-12-21 17:24 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-14 16:54 - 2011-11-11 17:13 - 0000000 ____D C:\Users\All Users\Rockstar Games
2012-01-14 16:54 - 2011-11-11 17:13 - 0000000 ____D C:\ProgramData\Rockstar Games
2012-01-14 16:54 - 2011-11-11 14:03 - 0000000 ____D C:\Skyrim
2012-01-14 16:54 - 2011-11-09 00:37 - 0000000 ____D C:\Users\Xanifur\Desktop\Phx_data
2012-01-14 16:54 - 2011-10-24 10:14 - 0000000 ____D C:\Users\Xanifur\Documents\Rockstar Games
2012-01-14 16:54 - 2011-10-24 10:10 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Rockstar Games
2012-01-14 16:54 - 2011-10-18 19:27 - 0000000 ____D C:\Users\Xanifur\Documents\Arktos
2012-01-14 16:54 - 2011-10-18 19:25 - 0000000 ____D C:\Users\Public\entropia universe
2012-01-14 16:54 - 2011-09-29 01:33 - 0000000 ____D C:\Users\Xanifur\Documents\Ubisoft
2012-01-14 16:54 - 2011-09-27 08:57 - 0000000 ____D C:\Users\Xanifur\Documents\Battlefield 3 Open Beta
2012-01-14 16:54 - 2011-09-26 20:04 - 0000000 ____D C:\Users\Xanifur\Documents\Alpha Protocol
2012-01-14 16:54 - 2011-09-26 20:01 - 0000000 ____D C:\Users\Xanifur\Documents\SEGA
2012-01-14 16:54 - 2011-09-18 09:27 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\StreamTorrent
2012-01-14 16:54 - 2011-08-31 17:02 - 0000000 ____D C:\Users\Xanifur\Documents\My Games
2012-01-14 16:54 - 2011-08-31 16:29 - 0000000 ____D C:\Windows\Downloaded Installations
2012-01-14 16:54 - 2011-07-22 17:04 - 0000000 ____D C:\Users\Xanifur\AppData\Local\2K Games
2012-01-14 16:54 - 2011-07-15 11:41 - 0000000 ____D C:\Users\Xanifur\Documents\Witcher 2
2012-01-14 16:54 - 2011-07-14 01:30 - 0000000 ____D C:\Users\All Users\WinZip
2012-01-14 16:54 - 2011-07-14 01:30 - 0000000 ____D C:\ProgramData\WinZip
2012-01-14 16:54 - 2011-07-12 18:29 - 0000000 ____D C:\Users\Xanifur\Documents\BFBC2
2012-01-14 16:54 - 2011-07-12 18:29 - 0000000 ____D C:\Users\Xanifur\AppData\Local\PunkBuster
2012-01-14 16:53 - 2011-12-24 00:09 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-14 16:53 - 2011-12-24 00:09 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-14 16:53 - 2011-12-08 00:30 - 0000000 ____D C:\Program Files (x86)\ManyCam
2012-01-14 16:53 - 2011-11-11 17:12 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-01-14 16:53 - 2011-11-11 14:14 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-01-14 16:53 - 2011-11-01 19:39 - 0000000 ____D C:\Program Files (x86)\Focus Home Interactive
2012-01-14 16:53 - 2011-10-18 20:10 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-01-14 16:53 - 2011-10-18 19:24 - 0000000 ____D C:\Program Files (x86)\Entropia Universe
2012-01-14 16:53 - 2011-10-11 19:10 - 0000000 ____D C:\Program Files (x86)\Demolition Inc
2012-01-14 16:53 - 2011-10-11 17:19 - 0000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2012-01-14 16:53 - 2011-10-06 17:45 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-01-14 16:53 - 2011-10-06 16:43 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-01-14 16:53 - 2011-10-03 23:49 - 0000000 ____D C:\Program Files (x86)\GameSpy Arcade
2012-01-14 16:53 - 2011-10-03 23:48 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-01-14 16:53 - 2011-09-29 01:24 - 0000000 ____D C:\Program Files (x86)\Black_Box
2012-01-14 16:53 - 2011-09-27 08:56 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-01-14 16:53 - 2011-09-21 17:30 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-14 16:53 - 2011-09-21 17:29 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-14 16:53 - 2011-09-21 17:29 - 0000000 ____D C:\ProgramData\Adobe
2012-01-14 16:53 - 2011-09-20 13:54 - 0000000 ____D C:\Program Files (x86)\Square Enix
2012-01-14 16:53 - 2011-09-20 12:29 - 0000000 ____D C:\Program Files (x86)\Tripwire Interactive
2012-01-14 16:53 - 2011-09-19 16:13 - 0000000 ____D C:\Program Files (x86)\RBO
2012-01-14 16:53 - 2011-09-18 16:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-01-14 16:53 - 2011-09-18 16:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-01-14 16:53 - 2011-09-18 16:57 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-14 16:53 - 2011-09-18 16:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-01-14 16:53 - 2011-09-18 16:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-14 16:53 - 2011-09-18 09:27 - 0000000 ____D C:\Program Files (x86)\StreamTorrent 1.0
2012-01-14 16:53 - 2011-09-17 17:03 - 0000000 ____D C:\Program Files\CCleaner
2012-01-14 16:53 - 2011-09-12 00:06 - 0000000 ____D C:\Program Files (x86)\Dead Island
2012-01-14 16:53 - 2011-09-11 15:12 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-01-14 16:53 - 2011-09-07 23:34 - 0000000 ____D C:\Program Files (x86)\CamStudio 2.6b
2012-01-14 16:53 - 2011-09-06 19:18 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-01-14 16:53 - 2011-09-05 15:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-14 16:53 - 2011-09-05 15:25 - 0000000 ____D C:\Program Files (x86)\Codemasters
2012-01-14 16:53 - 2011-08-31 16:29 - 0000000 ____D C:\Program Files (x86)\Macromedia
2012-01-14 16:53 - 2011-07-29 17:44 - 0000000 ____D C:\Program Files (x86)\BF3 Alpha Trial Web Plugins
2012-01-14 16:53 - 2011-07-29 17:14 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-01-14 16:53 - 2011-07-29 17:14 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-01-14 16:53 - 2011-07-29 17:14 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-01-14 16:53 - 2011-07-22 17:05 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-01-14 16:53 - 2011-07-22 16:55 - 0000000 ____D C:\Program Files (x86)\2K Games
2012-01-14 16:53 - 2011-07-20 19:54 - 0000000 ____D C:\Program Files\Microsoft LifeCam
2012-01-14 16:53 - 2011-07-20 19:54 - 0000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2012-01-14 16:53 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-01-14 16:53 - 2011-07-20 17:32 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-01-14 16:53 - 2011-07-15 20:19 - 0000000 ____D C:\Program Files (x86)\Lightside - Legend Ragnarok
2012-01-14 16:53 - 2011-07-15 11:31 - 0000000 ____D C:\Program Files (x86)\The Witcher 2
2012-01-14 16:53 - 2011-07-14 14:44 - 0000000 ____D C:\Program Files (x86)\Carnivores 2
2012-01-14 16:53 - 2011-07-14 01:31 - 0000000 ____D C:\Program Files (x86)\WinZip Courier
2012-01-14 16:53 - 2011-07-14 01:30 - 0000000 ____D C:\Program Files (x86)\WinZip
2012-01-14 16:52 - 2011-10-20 23:19 - 0000000 ____D C:\Games
2012-01-14 16:52 - 2011-10-06 17:40 - 0000000 ____D C:\AMD
2012-01-14 16:52 - 2011-09-18 16:56 - 0000000 __RHD C:\MSOCache
2012-01-14 15:09 - 2012-01-14 15:08 - 163649328 ____A (AVG Technologies) C:\Users\Xanifur\Downloads\avg_free_x64_all_2012_1901a4695.exe
2012-01-14 15:07 - 2012-01-14 15:07 - 0001014 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-01-14 15:07 - 2012-01-11 19:03 - 0000000 ____D C:\Program Files (x86)\Mumble
2012-01-14 15:06 - 2012-01-14 15:06 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3(1).msi
2012-01-14 15:02 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At39.job
2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-01-13 13:07 - 2012-01-13 13:07 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-01-13 13:04 - 2012-01-13 13:04 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\AVG2012
2012-01-12 22:54 - 2012-01-10 20:53 - 0000000 ____D C:\Users\Xanifur\AppData\Local\SecondLife
2012-01-11 20:23 - 2011-09-20 16:03 - 0000000 ____D C:\Users\Xanifur\AppData\Local\dxhr
2012-01-11 19:09 - 2012-01-11 19:09 - 0002378 ____A C:\Users\Xanifur\Documents\MumbleAutomaticCertificateBackup.p12
2012-01-11 19:03 - 2012-01-11 19:03 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Mumble
2012-01-11 19:02 - 2012-01-11 19:01 - 15254016 ____A C:\Users\Xanifur\Downloads\mumble-1.2.3.msi
2012-01-11 18:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At42.job
2012-01-11 18:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At41.job
2012-01-11 17:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At40.job
2012-01-11 16:39 - 2009-07-13 18:36 - 0103496 ____A C:\Windows\System32\perfc009(7218).dat
2012-01-11 16:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At38.job
2012-01-11 16:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At37.job
2012-01-11 15:43 - 2012-01-11 15:43 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Futuremark
2012-01-11 15:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At36.job
2012-01-11 15:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At35.job
2012-01-11 14:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At34.job
2012-01-11 14:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At33.job
2012-01-11 13:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At32.job
2012-01-11 13:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At31.job
2012-01-11 12:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At30.job
2012-01-11 12:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At29.job
2012-01-11 11:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At28.job
2012-01-11 11:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At27.job
2012-01-11 10:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At26.job
2012-01-11 10:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At25.job
2012-01-11 09:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At24.job
2012-01-11 09:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At23.job
2012-01-11 08:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At22.job
2012-01-11 08:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At21.job
2012-01-11 07:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At20.job
2012-01-11 07:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At19.job
2012-01-11 06:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At18.job
2012-01-11 06:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At17.job
2012-01-11 05:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At16.job
2012-01-11 05:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At15.job
2012-01-11 04:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At14.job
2012-01-11 04:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At13.job
2012-01-11 03:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At12.job
2012-01-11 03:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At11.job
2012-01-11 02:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At10.job
2012-01-11 02:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At9.job
2012-01-11 01:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At8.job
2012-01-11 01:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At7.job
2012-01-11 00:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At6.job
2012-01-11 00:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At5.job
2012-01-10 23:27 - 2011-12-24 02:01 - 0000350 ____A C:\Windows\Tasks\At4.job
2012-01-10 23:27 - 2011-12-24 02:01 - 0000348 ____A C:\Windows\Tasks\At3.job
2012-01-10 20:53 - 2012-01-10 20:53 - 0001139 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk
2012-01-10 20:53 - 2012-01-10 20:53 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\SecondLife
2012-01-10 20:52 - 2012-01-10 20:51 - 29343312 ____A C:\Users\Xanifur\Downloads\Second_Life_3-2-5-247236_Setup.exe
2012-01-10 16:34 - 2011-07-09 22:49 - 0000000 ____D C:\Users\Xanifur\AppData\LocalLow
2012-01-09 18:29 - 2011-07-12 18:28 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-24 02:29 - 2011-12-24 02:01 - 0000112 ____A C:\Users\All Users\4phy5Je.dat
2011-12-24 02:29 - 2011-12-24 02:01 - 0000112 ____A C:\ProgramData\4phy5Je.dat
2011-12-24 02:28 - 2011-12-24 02:28 - 0000000 ____A C:\Windows\SysWOW64\4e4e104.com.b
2011-12-24 00:09 - 2011-12-24 00:09 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Xanifur\Downloads\mbam-setup-1.51.2.1300.exe
2011-12-23 19:55 - 2011-12-23 19:55 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-12-22 01:38 - 2011-12-22 01:38 - 0001395 _RASH C:\Windows\System32\Drivers\etc\hosts
2011-12-21 17:24 - 2011-07-09 23:48 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-21 17:23 - 2011-12-13 01:56 - 3840632 ____A C:\Users\Xanifur\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____D C:\Windows\system64
2011-12-21 17:12 - 2011-12-21 17:12 - 0000000 ____A C:\Users\Xanifur\AppData\Roaming\RVtTj.txt
2011-12-20 17:26 - 2011-07-23 13:19 - 0000000 ____D C:\Users\Xanifur\AppData\Local\ElevatedDiagnostics
2011-12-15 23:49 - 2011-09-18 18:08 - 0000000 ____D C:\Users\Xanifur\Documents\School
2011-12-15 21:00 - 2011-09-18 16:56 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-15 21:00 - 2011-09-18 16:56 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-15 20:55 - 2011-12-15 20:55 - 0013579 ____A C:\Users\Xanifur\Downloads\Executive Summary.docx
2011-12-15 20:51 - 2011-12-15 20:51 - 1824256 ____A C:\Users\Xanifur\Downloads\For real Final Draft.doc
2011-12-12 21:44 - 2011-11-23 00:42 - 0000000 ____D C:\Program Files (x86)\Jnes
2011-12-12 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-12-10 13:24 - 2011-12-24 00:09 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 00:31 - 2011-12-08 00:31 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\ManyCam
2011-12-08 00:31 - 2011-12-08 00:31 - 0000000 ____D C:\Users\Xanifur\AppData\Local\ManyCam
2011-12-08 00:31 - 2011-12-08 00:31 - 0000000 ____D C:\Users\Xanifur\AppData\Local\APN
2011-12-08 00:29 - 2011-12-08 00:29 - 0000000 ____D C:\Users\All Users\Ask
2011-12-08 00:29 - 2011-12-08 00:29 - 0000000 ____D C:\ProgramData\Ask
2011-12-08 00:28 - 2011-12-08 00:28 - 12956640 ____A (ManyCam LLC) C:\Users\Xanifur\Downloads\ManyCam.exe
2011-12-05 02:14 - 2011-07-09 23:48 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Adobe
2011-12-05 02:13 - 2011-12-05 02:13 - 0001377 ____A C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
2011-12-04 02:47 - 2011-12-04 02:47 - 0000928 ____A C:\Users\Xanifur\Desktop\Shortcut to xc3.exe.lnk
2011-12-04 02:47 - 2011-12-04 02:46 - 0000000 ____D C:\Program Files (x86)\X-Change 3
2011-12-04 02:42 - 2011-12-04 02:10 - 0004620 ____A C:\Windows\XChange.dat
2011-12-04 02:21 - 2011-12-04 02:21 - 0000000 ____D C:\Users\Xanifur\Desktop\New folder
2011-12-04 02:21 - 2011-12-04 02:21 - 0000000 ____D C:\Users\Xanifur\Desktop\3danalyzer
2011-12-04 02:18 - 2011-12-03 20:45 - 0001199 ____A C:\Users\Xanifur\Desktop\X-change.lnk
2011-12-03 20:45 - 2011-12-03 20:45 - 0000000 ____D C:\Program Files (x86)\Peach Princess
2011-11-23 00:42 - 2011-11-23 00:42 - 0350979 ____A C:\Users\Xanifur\Downloads\jnes_1_0_2.exe
2011-11-23 00:42 - 2011-11-23 00:42 - 0000955 ____A C:\Users\Xanifur\Desktop\Jnes.lnk
2011-11-19 01:44 - 2011-11-19 01:39 - 50949552 ____A C:\Users\Xanifur\Downloads\SkyrimNudeFemales-FullDownload.zip
2011-11-17 14:35 - 2011-09-20 12:38 - 0000000 ____D C:\Users\Xanifur\AppData\Local\SKIDROW
2011-11-15 02:56 - 2011-11-15 02:56 - 0002218 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-15 02:56 - 2011-07-10 14:11 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-15 01:48 - 2011-11-15 01:37 - 0000000 ____D C:\Users\Xanifur\Documents\draw
2011-11-13 19:28 - 2011-11-13 19:28 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Chromium
2011-11-13 19:17 - 2011-07-09 22:58 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-11-12 23:23 - 2011-09-03 23:44 - 0000000 ____D C:\Program Files\PeerBlock
2011-11-12 23:01 - 2011-11-12 23:00 - 0000000 ____D C:\Users\Xanifur\Desktop\flash drive 2gb
2011-11-11 14:28 - 2011-11-11 14:20 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Skyrim
2011-11-11 14:13 - 2011-11-11 14:13 - 0018160 ____A C:\Users\Xanifur\Desktop\Phx_bugreport.txt
2011-11-11 14:13 - 2011-11-09 00:37 - 0012710 ____A C:\Users\Xanifur\Desktop\Phx_debug_log.txt
2011-11-11 14:13 - 2011-11-09 00:37 - 0002014 ____A C:\Users\Xanifur\Desktop\Phx_settings.ini
2011-11-09 21:49 - 2011-11-09 00:36 - 0000000 ____D C:\MW3
2011-11-09 00:37 - 2011-11-09 00:07 - 0000673 ____A C:\Users\Public\Desktop\Phoenix.lnk
2011-11-09 00:06 - 2011-11-09 00:06 - 14986068 ____A C:\Users\Xanifur\Downloads\Phoenix_15beta8.rar
2011-11-07 15:58 - 2011-11-07 15:43 - 0012464 ____A C:\Users\Xanifur\Documents\part3 Ryan Walters.docx
2011-11-04 08:16 - 2011-11-04 08:16 - 3840608 ____A C:\Users\Xanifur\Downloads\battlelog-web-plugins-1.102.0-retail-prod.exe
2011-11-04 01:55 - 2011-07-14 01:31 - 0000000 ____D C:\Users\Xanifur\AppData\Local\WinZip
2011-11-03 00:43 - 2011-07-20 17:33 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Apple Computer
2011-11-01 19:46 - 2011-11-01 19:46 - 0002285 ____A C:\Users\Public\Desktop\Cities XL 2011.lnk
2011-11-01 19:44 - 2011-11-01 19:44 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Focus Home Interactive
2011-10-31 01:21 - 2011-07-29 17:15 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Origin
2011-10-25 20:28 - 2011-10-25 20:28 - 0642881 ____A C:\Users\Xanifur\Documents\The Role of Theory in Aesthetics (Weitz).pdf
2011-10-24 20:03 - 2011-10-24 20:03 - 0000000 ____D C:\Users\Xanifur\Documents\Battlefield 3
2011-10-24 20:02 - 2011-10-24 20:02 - 3830848 ____A C:\Users\Xanifur\Downloads\battlelog-web-plugins-1.96.0-retail-prod.exe
2011-10-24 10:13 - 2011-10-24 10:13 - 0000000 ____D C:\Users\Xanifur\Documents\Games for Windows - LIVE Demos
2011-10-24 10:11 - 2011-10-24 10:11 - 0000000 __SHD C:\Users\All Users\SecuROM
2011-10-24 10:11 - 2011-10-24 10:11 - 0000000 __SHD C:\ProgramData\SecuROM
2011-10-24 10:10 - 2011-10-24 10:10 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2011-10-24 10:10 - 2011-10-24 10:10 - 0000000 __RHD C:\Users\Xanifur\AppData\Roaming\SecuROM
2011-10-24 10:08 - 2011-10-24 10:08 - 57280976 ____A C:\Users\Xanifur\Downloads\gtaiv_patch_1040.zip
2011-10-24 10:08 - 2011-10-24 10:08 - 2796287 ____A C:\Users\Xanifur\Downloads\RGSC_1_1_3_0.rar
2011-10-24 10:03 - 2011-10-24 10:03 - 0000000 ____D C:\Users\Xanifur\Desktop\gta spark
2011-10-24 10:02 - 2011-10-24 10:02 - 0455532 ____A C:\Users\Xanifur\Downloads\SparkIV0.6.2.3forGTAIVv1.0.0.4.rar
2011-10-23 22:57 - 2011-10-23 22:57 - 9393096 ____A C:\Users\Xanifur\Downloads\1319424560_WEAPONS.rar
2011-10-23 22:45 - 2011-10-23 22:45 - 8471261 ____A C:\Users\Xanifur\Downloads\1313683772_iCEnhancer13N.rar
2011-10-21 00:33 - 2011-10-21 00:02 - 0000000 ____D C:\Users\Xanifur\Documents\GrayMatter
2011-10-20 23:31 - 2011-10-20 23:31 - 0000721 ____A C:\Users\Xanifur\Desktop\Gray Matter.lnk
2011-10-20 21:34 - 2011-07-29 17:15 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\Origin
2011-10-19 18:43 - 2011-10-19 14:05 - 0000000 ____D C:\Users\All Users\boost_interprocess
2011-10-19 18:43 - 2011-10-19 14:05 - 0000000 ____D C:\ProgramData\boost_interprocess
2011-10-18 20:26 - 2011-10-18 20:26 - 0000000 ____D C:\Users\Xanifur\AppData\Roaming\mm
2011-10-18 20:10 - 2011-10-18 20:10 - 0000000 ____D C:\Program Files (x86)\Winamp Detect
2011-10-18 20:08 - 2011-10-18 20:08 - 12383832 ____A (Nullsoft, Inc.) C:\Users\Xanifur\Downloads\winamp5621_full_bundle_emusic-7plus_en-us.exe
2011-10-18 19:27 - 2011-10-18 19:27 - 0000000 ____D C:\Users\Xanifur\AppData\Local\CrashRpt
2011-10-18 19:27 - 2011-10-18 19:27 - 0000000 ____D C:\Users\Xanifur\AppData\Local\Arktos
2011-10-18 19:25 - 2011-10-18 19:24 - 0002116 ____A C:\Users\Public\Desktop\Entropia Universe.lnk
2011-10-18 19:25 - 2011-10-18 19:24 - 0000000 ____D C:\Windows\Entropia Universe
2011-10-18 19:25 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-10-18 19:24 - 2011-10-18 19:24 - 0000000 ____D C:\Users\Xanifur\Documents\Entropia Universe
2011-10-18 19:23 - 2011-10-18 19:22 - 4672440 ____A (MindArk PE AB) C:\Users\Xanifur\Downloads\entropia_universe_setup-euweb.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4093.55 MB
Available physical RAM: 3509.51 MB
Total Pagefile: 4091.7 MB
Available Pagefile: 3487.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:544.23 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive d: (Xani's Slave) (Fixed) (Total:931.51 GB) (Free:202.18 GB) NTFS
5 Drive f: (Jun 23 2003) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS
6 Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Xani's Slav NTFS Partition 931 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1907 MB Healthy

==========================================================

Last Boot: 2012-01-09 22:48

======================= End Of Log ==========================
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,324 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
15-Jan-2012, 01:31 PM #4
Download the enclosed file. Save it in the USB drive. Run FRST64 as you did before. This time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post the contents of this report in your reply.

If successful, boot in Normal Mode and run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
rad_man's Avatar
rad_man rad_man is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
15-Jan-2012, 06:33 PM #5
Combofix log attached.

Quote:
Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.2)
Ran by SYSTEM at 2012-01-15 16:09:35 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Users\All Users\4phy5Je.dat moved successfully.
C:\ProgramData\4phy5Je.dat not found.
C:\Windows\system64 moved successfully.

==== End of Fixlog ====
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,324 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
15-Jan-2012, 07:07 PM #6
Perform a scan with Malwarebytes' Anti-Malware.
  • Launch and update Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Lets try ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
rad_man's Avatar
rad_man rad_man is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
15-Jan-2012, 09:07 PM #7
MWBytes finds nothing.

Quote:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Xanifur :: XANIFUR-PC [administrator]

1/15/2012 5:27:45 PM
mbam-log-2012-01-15 (17-27-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183313
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Quote:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c204da841760c34da8ae206b8ba23c63
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-16 01:03:01
# local_time=2012-01-15 07:03:01 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 94 15465717 78214282 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=343434
# found=4
# cleaned=4
# scan_time=4949
C:\FRST\Quarantine\system64\consrv.dll Win64/Sirefef.G trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Xanifur\Downloads\winamp5621_full_bundle_emusic-7plus_en-us.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Xanifur\Downloads\winzip155.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,324 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
15-Jan-2012, 10:54 PM #8
How is the computer doing?
rad_man's Avatar
rad_man rad_man is offline
Computer Specs
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
15-Jan-2012, 11:27 PM #9
Everything seems stable. AVG isn't bugging me about anything, and haven't gotten any popups. Thanks a lot, really appreciate it!
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,324 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
15-Jan-2012, 11:40 PM #10
You are welcome.

Rename Combofix to Uninstall and click on it. That should remove the application.

Delete the C:\FRST folder as it contains FRST quarantine.

The following is a list of tools and utilities that I like to suggest to people.
  1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
  2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  3. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  4. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  5. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
redirect

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑