1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System 32 Services.exe Infected

Discussion in 'Virus & Other Malware Removal' started by heartlessdeath0, Jan 30, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. heartlessdeath0

    heartlessdeath0 Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    6
    AVG Anti-Virus Free is detecting that my services.exe is infected by Win64/Patched.A. Not sure what that is but help would be appreciated.

    Here are the logs you request.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:36:20 AM, on 1/30/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\UVC Video Camera\UVCSti.exe
    C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Heartless\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: CouponAmazing - {A2ACB108-446D-4D93-B2F9-998A9534C288} - C:\Users\Heartless\AppData\Local\couponamazing\ie\couponamazing_1355522574.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe"
    O4 - HKLM\..\Run: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Realtek11nCU - Realtek - C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.3.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10546 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Heartless at 5:40:27 on 2013-01-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5494 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
    C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Program Files (x86)\UVC Video Camera\UVCSti.exe
    C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.msn.com
    uDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: CouponAmazing: {A2ACB108-446D-4D93-B2F9-998A9534C288} - C:\Users\Heartless\AppData\Local\couponamazing\ie\couponamazing_1355522574.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe"
    mRun: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{686B5A04-3082-4EDF-9205-25BEB8C070AB} : DHCPNameServer = 192.168.2.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.msn.com
    x64-mDefault_Page_URL = hxxp://www.msn.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-24 21616]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-14 30568]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
    R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-30 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-30 682344]
    R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2012-12-13 36864]
    R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]
    R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 Cam3820;Cam3820 PC Camera Driver;C:\Windows\System32\drivers\cam3820a.sys [2010-6-14 433536]
    R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-10 30528]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-30 24176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-24 565352]
    R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2012-12-13 762472]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-11-24 38456]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-14 25640]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-11-24 130976]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-12-10 160256]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-10 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-01-30 11:27:50 -------- d-----w- C:\Users\Heartless\AppData\Roaming\Malwarebytes
    2013-01-30 11:26:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-30 11:26:35 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-30 11:26:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-30 11:26:25 -------- d-----w- C:\Users\Heartless\AppData\Local\Programs
    2013-01-30 10:51:50 -------- d-----w- C:\Users\Heartless\AppData\Local\Adobe
    2013-01-30 10:34:52 -------- d-----w- C:\Program Files (x86)\Bonjour
    2013-01-30 10:31:09 -------- d-----w- C:\Windows\SysWow64\spool
    2013-01-30 10:27:21 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
    2013-01-29 07:24:39 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2013-01-29 07:24:39 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2013-01-29 07:24:35 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
    2013-01-29 07:10:48 -------- d-----w- C:\Program Files (x86)\Steam
    2013-01-25 07:29:52 -------- d-----w- C:\Users\Heartless\AppData\Local\WSplit
    2013-01-24 07:18:30 -------- d-----w- C:\Users\Heartless\Tracing
    2013-01-24 07:16:57 -------- d-----w- C:\Windows\en
    2013-01-24 07:05:33 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2013-01-24 07:05:33 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2013-01-24 07:04:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DSETUP.dll
    2013-01-24 07:04:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DXSETUP.exe
    2013-01-24 07:04:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\dsetup32.dll
    2013-01-24 07:04:50 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DSETUP.dll
    2013-01-24 07:04:50 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DXSETUP.exe
    2013-01-24 07:04:50 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\dsetup32.dll
    2013-01-24 07:04:40 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DSETUP.dll
    2013-01-24 07:04:40 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DXSETUP.exe
    2013-01-24 07:04:40 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\dsetup32.dll
    2013-01-24 07:04:21 -------- d-----w- C:\Users\Heartless\AppData\Local\Windows Live
    2013-01-24 04:13:13 40960 ----a-r- C:\Users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2013-01-24 04:13:13 40960 ----a-r- C:\Users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2013-01-24 04:13:11 -------- d-----w- C:\Program Files (x86)\Project64 1.6
    2013-01-20 05:54:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-13 06:17:32 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2013-01-13 06:17:32 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2013-01-13 06:17:31 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
    2013-01-13 06:17:31 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
    2013-01-13 06:17:31 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2013-01-13 06:17:14 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2013-01-12 11:06:40 8282192 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2013-01-10 11:04:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-01-10 11:04:35 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-01-10 11:04:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-01-10 11:04:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-01-10 11:04:34 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-01-10 11:04:34 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-01-10 11:04:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-01-10 11:04:34 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-01-10 11:04:34 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-01-09 23:24:45 -------- d-----w- C:\Users\Heartless\AppData\Local\CrashDumps
    2013-01-09 22:54:45 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-09 22:53:33 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-09 22:53:33 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-09 11:53:38 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
    2013-01-09 11:53:38 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
    2013-01-09 11:53:36 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
    2013-01-09 11:53:36 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
    2013-01-09 09:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2013-01-02 10:04:51 696832 ----a-w- C:\Windows\System32\xvidcore.dll
    2013-01-02 10:04:51 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2013-01-02 10:04:51 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
    2013-01-02 10:04:51 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2013-01-02 10:04:51 173568 ----a-w- C:\Windows\System32\xvid.ax
    2013-01-02 10:04:51 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
    2013-01-02 10:04:48 -------- d-----w- C:\Program Files (x86)\Xvid
    2013-01-02 09:52:20 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2013-01-02 09:41:07 -------- d-----w- C:\Program Files (x86)\x264vfw
    2013-01-02 08:56:20 -------- d-----w- C:\Program Files (x86)\AVIcodec
    .
    ==================== Find3M ====================
    .
    2013-01-30 11:10:08 30528 ----a-w- C:\Windows\GVTDrv64.sys
    2013-01-30 11:09:58 25640 ----a-w- C:\Windows\gdrv.sys
    2013-01-09 01:01:42 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 01:01:42 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 12:12:51 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-12-14 12:12:51 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-14 06:26:26 25640 ----a-w- C:\Windows\etdrv.sys
    2012-12-14 06:24:40 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-16 05:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 5:40:47.78 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/10/2012 3:22:11 PM
    System Uptime: 1/30/2013 5:08:52 AM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2
    Processor: AMD FX(tm)-4100 Quad-Core Processor | Socket M2 | 3600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 408.979 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP31: 1/13/2013 2:11:09 AM - Windows Update
    RP32: 1/19/2013 11:52:52 PM - Installed Java 7 Update 11
    RP33: 1/23/2013 10:12:58 PM - Installed Project64 1.6
    RP34: 1/24/2013 1:04:21 AM - Windows Live Essentials
    RP35: 1/24/2013 1:04:57 AM - Installed DirectX
    RP36: 1/24/2013 1:05:17 AM - Installed DirectX
    RP37: 1/24/2013 1:05:43 AM - Installed DirectX
    RP38: 1/24/2013 1:07:44 AM - WLSetup
    RP39: 1/29/2013 1:09:20 AM - Removed Steam
    RP40: 1/29/2013 1:10:36 AM - Installed Steam
    RP41: 1/29/2013 1:24:22 AM - Installed Path of Exile
    .
    ==== Installed Programs ======================
    .
    @BIOS
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Setup
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    ATI AVIVO64 Codecs
    Audacity 2.0.2
    AutoGreen B12.0206.1
    AVG 2013
    AVIcodec (remove only)
    AviSynth 2.6
    Bing Bar
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    couponamazing
    D3DX10
    Easy Tune 6 B12.0509.1
    Edimax Wireless LAN Driver and Utility
    Futuremark SystemInfo
    Google Chrome
    Google Update Helper
    HydraVision
    Java 7 Update 11
    Java Auto Updater
    Junk Mail filter update
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Movie Maker
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    ON_OFF Charge B11.1102.1
    ooVoo
    Path of Exile
    Photo Common
    Photo Gallery
    Project64 1.6
    Realtek Ethernet Controller Driver
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Steam
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    UVC Video Camera
    Visual Studio 2010 x64 Redistributables
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (64-bit)
    World of Warcraft
    x264vfw - H.264/MPEG-4 AVC codec (remove only)
    XSplit
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/30/2013 5:23:19 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    1/30/2013 5:23:19 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    1/30/2013 5:09:51 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    1/30/2013 5:09:37 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/30/2013 5:09:37 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/30/2013 5:09:30 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/30/2013 4:31:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OPTIMUSPRIME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{48C2548E-EA54-4BB1-B0B7-A204445F586B}. The master browser is stopping or an election is being forced.
    1/30/2013 4:19:36 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.7 with the system having network hardware address 20-64-32-46-DB-DB. Network operations on this system may be disrupted as a result.
    1/29/2013 4:57:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OPTIMUSPRIME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{686B5A04-3082-4EDF-9205-25BEB8C070AB}. The master browser is stopping or an election is being forced.
    1/29/2013 4:33:30 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    1/29/2013 3:37:47 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.4. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
    1/25/2013 1:34:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer WARMACHINE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{48C2548E-EA54-4BB1-B0B7-A204445F586B}. The master browser is stopping or an election is being forced.
    1/25/2013 1:27:59 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.13. The computer with the IP address 192.168.2.11 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================



    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-30 05:50:55
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 Hitachi_ rev.MS1O 465.76GB
    Running: ius91chq.exe; Driver: C:\Users\HEARTL~1\AppData\Local\Temp\fwddauog.sys


    ---- User code sections - GMER 2.0 ----

    .reloc C:\Windows\system32\services.exe [932] section is executable [0x4A8, 0xA0000020] 0000000100052000
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
    .text ... * 9
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
    .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
    .text ... * 9
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
    .text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000074a711a8 2 bytes [A7, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000074a7127d 2 bytes [A7, 74]
    .text ... * 6
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000074a713a8 2 bytes [A7, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074a71422 2 bytes [A7, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074a71498 2 bytes [A7, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000074a81825 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000074a81830 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000074a8183b 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000074a81846 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000074a81851 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000074a8185c 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000074a81867 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000074a81872 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000074a8187d 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000074a81888 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000074a81893 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000074a8189e 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000074a818a9 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000074a818b4 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000074a818bf 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000074a818ca 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000074a818d5 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000074a818e0 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000074a818eb 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000074a818f6 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000074a81901 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000074a8190c 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000074a81917 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000074a81922 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000074a8192d 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000074a81938 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000074a81943 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000074a8194e 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000074a81959 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000074a81964 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000074a8196f 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000074a8197a 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000074a81985 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000074a81990 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000074a8199b 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000074a819a6 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000074a819b1 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000074a819bc 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000074a819c7 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000074a819d2 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000074a819dd 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000074a819e8 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000074a819f3 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000074a819fe 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000074a81a09 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000074a81a14 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000074a81a1f 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000074a81a2a 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000074a81a35 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000074a81a40 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000074a81a4b 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000074a81a56 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000074a81a61 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000074a81a6c 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000074a81a77 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000074a81a82 2 bytes [A8, 74]
    .text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000074a81ab2 2 bytes [A8, 74]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8e02750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8e02b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8e07de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8e08130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8e01908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8e01c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef8e081d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8e02878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8e07a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8e06c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef8e077bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8e07064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8e06544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8e05e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\system32\services.exe [932:964] 00000000002b1e58
    ---- Processes - GMER 2.0 ----

    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [828] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [940] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [820] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1112] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1184] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1428] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1696] 000007fefcea0000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [1472] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1904] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Bonjour\mDNSResponder.exe [1440] 0000000073250000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2096] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2360] 000007fefcea0000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\ooVoo\ooVoo.exe [3648] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3800] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG Secure Search\vprot.exe [3812] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3832] 0000000073250000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [1060] 000007fefcea0000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3184] 000007fefcea0000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [168] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2468] 0000000073250000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [980] 0000000073250000

    ---- EOF - GMER 2.0 ----




    Thank you very much for your time.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,150
    Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Also do the following to search for services.exe:

    Boot to System Recovery Options and run FRST as you did to get the log.

    Type the following in the edit box after "Search:".

    services.exe

    It then should look like:

    [​IMG]

    Click Search button and post the log (Search.txt) it makes to your reply.

    Post both logs...

    Kevin
     
  3. heartlessdeath0

    heartlessdeath0 Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    6
    Okay here are the logs.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2013 02
    Ran by SYSTEM at 31-01-2013 00:36:44
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe" [245760 2010-03-25] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [7548928 2010-06-18] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1046984 2012-12-13] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
    HKU\Heartless\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-01-20] (ooVoo LLC)
    HKU\Heartless\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\Heartless\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272640 2012-09-12] (Microsoft Corporation)
    HKU\Heartless\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2013-01-28] (Valve Corporation)
    HKLM-x32\...\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-02-01] ()
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    ==================== Services (Whitelisted) ===================

    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
    2 vToolbarUpdater13.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [894920 2012-12-13] ()

    ==================== Drivers (Whitelisted) =====================

    3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-02] ()
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-12-13] (AVG Technologies)
    3 Cam3820; C:\Windows\System32\Drivers\cam3820a.sys [433536 2010-06-14] (CamVendor)
    3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2013-01-30] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [762472 2010-08-05] (Realtek Semiconductor Corporation )
    3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-31 00:36 - 2013-01-31 00:36 - 00000000 ____D C:\FRST
    2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Downloads\vbzz9b7n.exe
    2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Desktop\vbzz9b7n.exe
    2013-01-30 03:50 - 2013-01-30 03:50 - 00044855 ____A C:\Users\Heartless\Desktop\ark.txt
    2013-01-30 03:42 - 2013-01-30 03:42 - 00365568 ____A C:\Users\Heartless\Downloads\ius91chq.exe
    2013-01-30 03:40 - 2013-01-30 03:40 - 00688992 ____R (Swearware) C:\Users\Heartless\Desktop\dds.scr
    2013-01-30 03:40 - 2013-01-30 03:40 - 00022409 ____A C:\Users\Heartless\Desktop\dds.txt
    2013-01-30 03:40 - 2013-01-30 03:40 - 00009118 ____A C:\Users\Heartless\Desktop\attach.txt
    2013-01-30 03:36 - 2013-01-30 03:36 - 00010548 ____A C:\Users\Heartless\Downloads\hijackthis.log
    2013-01-30 03:35 - 2013-01-30 03:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Heartless\Desktop\HijackThis.exe
    2013-01-30 03:27 - 2013-01-30 03:27 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Malwarebytes
    2013-01-30 03:26 - 2013-01-30 03:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-30 03:26 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-30 03:24 - 2013-01-30 03:24 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Heartless\Downloads\mbam-setup-1.70.0.1100.exe
    2013-01-30 02:52 - 2013-01-30 02:52 - 00000000 ____D C:\Users\All Users\Adobe
    2013-01-30 02:51 - 2013-01-30 02:52 - 00000000 ____D C:\Users\Heartless\AppData\Local\Adobe
    2013-01-30 02:47 - 2013-01-30 02:47 - 00156320 ____A C:\Users\Heartless\Downloads\Adobe.Premiere.Pro.CS3.keygen.by.Inferno.zip
    2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\Heartless\Documents\Adobe
    2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\All Users\FLEXnet
    2013-01-30 02:36 - 2013-01-30 02:36 - 00001203 ____A C:\Users\Heartless\Desktop\Adobe Premiere Pro CS3.lnk
    2013-01-30 02:34 - 2013-01-30 02:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-01-30 02:31 - 2013-01-30 02:31 - 00000000 ____D C:\Windows\SysWOW64\spool
    2013-01-30 02:27 - 2013-01-30 02:35 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-01-30 02:22 - 2013-01-30 02:49 - 00000000 ____D C:\Users\Heartless\Desktop\New folder (2)
    2013-01-28 23:24 - 2013-01-28 23:25 - 00002106 ____A C:\Users\Public\Desktop\Path of Exile.lnk
    2013-01-28 23:24 - 2013-01-28 23:24 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
    2013-01-28 23:24 - 2009-09-04 15:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2013-01-28 23:24 - 2009-09-04 15:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2013-01-28 23:23 - 2013-01-28 23:24 - 06987776 ____A C:\Users\Heartless\Downloads\PathOfExileInstaller.msi
    2013-01-28 23:10 - 2013-01-30 03:10 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-01-28 23:10 - 2013-01-28 23:10 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    2013-01-28 02:10 - 2013-01-28 02:10 - 00000000 ____D C:\Users\Heartless\Desktop\N64 Roms
    2013-01-28 01:07 - 2013-01-28 01:10 - 00000072 ____A C:\Users\Heartless\Downloads\ZELDA.jsf
    2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\Documents\W-Split
    2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\AppData\Local\WSplit
    2013-01-24 23:25 - 2013-01-24 23:25 - 00066114 ____A C:\Users\Heartless\Downloads\wsplit-1.4.4.7z
    2013-01-24 23:25 - 2013-01-24 23:25 - 00000000 ____D C:\Users\Heartless\Desktop\WSPLIT
    2013-01-24 20:48 - 2013-01-28 05:06 - 00002088 ____A C:\Users\Heartless\Desktop\Xpadder.ini
    2013-01-23 23:18 - 2013-01-30 03:10 - 00000000 ____D C:\Users\Heartless\Tracing
    2013-01-23 23:16 - 2013-01-23 23:16 - 00000000 ____D C:\Windows\en
    2013-01-23 23:08 - 2013-01-23 23:08 - 00000000 ____D C:\Program Files\Windows Live
    2013-01-23 23:05 - 2009-09-04 15:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2013-01-23 23:05 - 2009-09-04 15:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2013-01-23 23:04 - 2013-01-28 22:59 - 00000000 ____D C:\Users\Heartless\AppData\Local\Windows Live
    2013-01-23 23:03 - 2013-01-23 23:03 - 01239552 ____A (Microsoft Corporation) C:\Users\Heartless\Downloads\wlsetup-web.exe
    2013-01-23 22:58 - 2013-01-23 22:58 - 00379064 ____A (Softonic) C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe
    2013-01-23 22:14 - 2013-01-28 00:41 - 00000000 ____D C:\Users\Heartless\Documents\oot saves
    2013-01-23 20:51 - 2013-01-23 20:51 - 00000000 ____D C:\Users\Heartless\Desktop\X-Padder
    2013-01-23 20:51 - 2009-11-02 01:33 - 01189376 ____A C:\Users\Heartless\Desktop\Xpadder.exe
    2013-01-23 20:46 - 2013-01-23 20:46 - 00002087 ____A C:\Users\Heartless\Desktop\Project64 1.6.lnk
    2013-01-23 20:44 - 2013-01-23 20:44 - 00000072 ____A C:\Users\Heartless\Downloads\hnjkhl.jsf
    2013-01-23 20:13 - 2013-01-23 20:34 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
    2013-01-23 20:12 - 2013-01-23 20:12 - 02080797 ____A (Project64 ) C:\Users\Heartless\Downloads\project64_1.6.exe
    2013-01-23 17:40 - 2013-01-23 17:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2013-01-20 23:32 - 2013-01-20 23:32 - 00000000 ____A C:\Users\Heartless\Desktop\LogisticsPipes-Request.log
    2013-01-19 21:54 - 2013-01-12 01:30 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-01-19 21:54 - 2013-01-12 01:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-01-19 21:54 - 2013-01-12 01:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-01-19 21:53 - 2013-01-19 21:54 - 00004434 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
    2013-01-18 01:13 - 2013-01-18 01:22 - 81468907 ____A C:\Users\Heartless\Downloads\dgblack2ap_bafe7.7z
    2013-01-18 01:09 - 2013-01-18 01:09 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched) (1).zip
    2013-01-18 01:08 - 2013-01-18 01:08 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched).zip
    2013-01-18 01:00 - 2013-01-18 01:00 - 00052672 ____A C:\Users\Heartless\Downloads\pbw2app.7z
    2013-01-14 20:31 - 2013-01-14 20:34 - 71349192 ____A C:\Users\Heartless\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip
    2013-01-14 20:23 - 2013-01-14 20:30 - 106084622 ____A C:\Users\Heartless\Downloads\Dragon Quest IX - Sentinels of the Starry Skies.zip
    2013-01-14 20:02 - 2013-01-14 20:04 - 59782202 ____A C:\Users\Heartless\Downloads\Pokemon SoulSilver.zip
    2013-01-14 19:50 - 2013-01-14 20:01 - 88052844 ____A C:\Users\Heartless\Downloads\Lunar Knights.zip
    2013-01-14 19:40 - 2013-01-14 19:46 - 19808359 ____A C:\Users\Heartless\Downloads\Lunar - Dragon Song.zip
    2013-01-13 22:34 - 2013-01-13 22:34 - 05818005 ____A C:\Users\Heartless\Downloads\Final Fantasy VI Advance.zip
    2013-01-12 22:17 - 2013-01-28 23:25 - 00000000 ____D C:\Users\Heartless\Documents\My Games
    2013-01-12 22:17 - 2013-01-12 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2013-01-12 22:17 - 2010-02-04 08:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2013-01-12 22:17 - 2010-02-04 08:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2013-01-12 22:17 - 2010-02-04 08:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2013-01-12 22:17 - 2009-03-09 13:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2013-01-12 22:17 - 2007-03-12 14:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2013-01-12 22:16 - 2013-01-13 00:36 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2013-01-10 03:05 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2013-01-10 03:05 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2013-01-10 03:05 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
    2013-01-10 03:05 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2013-01-10 03:05 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2013-01-10 03:05 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2013-01-10 03:05 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-01-10 03:05 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-01-10 03:05 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2013-01-10 03:05 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2013-01-10 03:05 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-01-10 03:05 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2013-01-10 03:05 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-01-10 03:05 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-01-10 03:05 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2013-01-10 03:05 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-01-10 03:05 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2013-01-10 03:05 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2013-01-10 03:05 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-01-10 03:05 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2013-01-10 03:05 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2013-01-10 03:05 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-01-10 03:05 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2013-01-10 03:05 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-01-10 03:05 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-01-10 03:04 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-01-10 03:04 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-01-10 03:04 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-01-10 03:04 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2013-01-10 03:04 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-01-10 03:04 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-01-10 03:04 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-01-10 03:04 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2013-01-10 03:04 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2013-01-09 15:24 - 2013-01-30 03:01 - 00000000 ____D C:\Users\Heartless\AppData\Local\CrashDumps
    2013-01-09 14:55 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
    2013-01-09 14:55 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2013-01-09 14:55 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2013-01-09 14:55 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2013-01-09 14:55 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
    2013-01-09 14:55 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
    2013-01-09 14:55 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
    2013-01-09 14:55 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
    2013-01-09 14:55 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
    2013-01-09 14:55 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
    2013-01-09 14:55 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
    2013-01-09 14:55 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2013-01-09 14:55 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2013-01-09 14:55 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-01-09 14:55 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-01-09 14:55 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-09 14:55 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-01-09 14:55 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-01-09 14:55 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-01-09 14:54 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-01-09 14:54 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-01-09 14:54 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-01-09 14:54 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-01-09 14:54 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-01-09 14:54 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-01-09 14:54 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-01-09 14:54 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-01-09 14:54 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-01-09 14:54 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-01-09 14:54 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-01-09 14:54 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-01-09 14:54 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-01-09 14:54 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 14:54 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
    2013-01-09 14:54 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
    2013-01-09 14:54 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2013-01-09 14:54 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2013-01-09 14:54 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-09 14:54 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-01-09 14:53 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-09 14:53 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-01-09 03:53 - 2010-02-04 08:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2013-01-09 03:53 - 2010-02-04 08:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2013-01-09 03:53 - 2007-04-04 16:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2013-01-09 03:53 - 2007-04-04 16:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2013-01-09 00:59 - 2013-01-09 00:59 - 01669632 ____A C:\Users\Heartless\Downloads\SteamInstall.msi
    2013-01-05 01:21 - 2013-01-05 01:21 - 06792611 ____A C:\Users\Heartless\Downloads\Mario and Luigi - Superstar Saga.zip
    2013-01-05 01:16 - 2013-01-05 01:16 - 00659797 ____A C:\Users\Heartless\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
    2013-01-02 02:04 - 2013-01-02 02:05 - 00000000 ____D C:\Program Files (x86)\Xvid
    2013-01-02 02:04 - 2011-05-30 05:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
    2013-01-02 02:04 - 2011-05-30 05:42 - 00240640 ____A C:\Windows\SysWOW64\xvidvfw.dll
    2013-01-02 02:04 - 2011-05-23 01:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
    2013-01-02 02:04 - 2011-05-22 23:49 - 00173568 ____A C:\Windows\System32\xvid.ax
    2013-01-02 02:04 - 2011-05-22 23:46 - 00645632 ____A C:\Windows\SysWOW64\xvidcore.dll
    2013-01-02 02:04 - 2011-05-22 23:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
    2013-01-02 02:03 - 2013-01-02 02:04 - 10768856 ____A (Xvid Team) C:\Users\Heartless\Downloads\Xvid-1.3.2-20110601.exe
    2013-01-02 01:52 - 2013-01-02 01:52 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2013-01-02 01:51 - 2013-01-02 01:52 - 00000000 ____D C:\Users\Heartless\Desktop\avisynth
    2013-01-02 01:51 - 2013-01-02 01:51 - 05080168 ____A C:\Users\Heartless\Downloads\AviSynth_110525.zip
    2013-01-02 01:41 - 2013-01-02 01:41 - 00000000 ____D C:\Program Files (x86)\x264vfw
    2013-01-02 01:40 - 2013-01-02 01:40 - 01204839 ____A C:\Users\Heartless\Downloads\x264vfw_37_2200bm_33968.exe
    2013-01-02 01:31 - 2013-01-02 01:31 - 00000000 ____D C:\Users\Heartless\Desktop\dub
    2013-01-02 01:30 - 2013-01-02 01:31 - 01707366 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11.zip
    2013-01-02 01:13 - 2013-01-02 01:14 - 07174957 ____A (http://yamb.unite-video.com) C:\Users\Heartless\Downloads\Yamb-2.1.0.0_beta2_setup.exe
    2013-01-02 01:01 - 2013-01-02 01:01 - 03196013 ____A C:\Users\Heartless\Downloads\MP4Cam2AVI_v2.99.zip
    2013-01-02 01:01 - 2013-01-02 01:01 - 00000000 ____D C:\Users\Heartless\Desktop\convert
    2013-01-02 00:58 - 2013-01-02 00:58 - 00087373 ____A C:\Users\Heartless\Downloads\Quicktime_VD_v0.2.0.0_bin.zip
    2013-01-02 00:56 - 2013-01-02 00:56 - 00570702 ____A C:\Users\Heartless\Downloads\AVIcodec_1.2_b113.exe
    2013-01-02 00:56 - 2013-01-02 00:56 - 00000000 ____D C:\Program Files (x86)\AVIcodec
    2013-01-02 00:52 - 2013-01-02 00:52 - 01916953 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11-AMD64.zip
    2013-01-01 23:27 - 2013-01-01 23:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
    2013-01-01 23:24 - 2013-01-23 20:35 - 00000000 ____D C:\Users\Heartless\Desktop\joytokey
    2013-01-01 23:24 - 2013-01-01 23:24 - 00751654 ____A C:\Users\Heartless\Downloads\JoyToKey_en.zip
    2013-01-01 22:57 - 2013-01-01 22:57 - 01961052 ____A C:\Users\Heartless\Downloads\desmume-0.9.8-win32.zip

    ==================== One Month Modified Files and Folders =======

    2013-01-31 00:36 - 2013-01-31 00:36 - 00000000 ____D C:\FRST
    2013-01-30 04:14 - 2012-11-24 03:19 - 01465417 ____A C:\Windows\WindowsUpdate.log
    2013-01-30 04:01 - 2012-12-13 21:56 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-30 04:00 - 2012-12-13 22:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Downloads\vbzz9b7n.exe
    2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Desktop\vbzz9b7n.exe
    2013-01-30 03:50 - 2013-01-30 03:50 - 00044855 ____A C:\Users\Heartless\Desktop\ark.txt
    2013-01-30 03:42 - 2013-01-30 03:42 - 00365568 ____A C:\Users\Heartless\Downloads\ius91chq.exe
    2013-01-30 03:40 - 2013-01-30 03:40 - 00688992 ____R (Swearware) C:\Users\Heartless\Desktop\dds.scr
    2013-01-30 03:40 - 2013-01-30 03:40 - 00022409 ____A C:\Users\Heartless\Desktop\dds.txt
    2013-01-30 03:40 - 2013-01-30 03:40 - 00009118 ____A C:\Users\Heartless\Desktop\attach.txt
    2013-01-30 03:40 - 2012-12-13 22:23 - 00000000 ____D C:\Users\All Users\AVG2013
    2013-01-30 03:36 - 2013-01-30 03:36 - 00010548 ____A C:\Users\Heartless\Downloads\hijackthis.log
    2013-01-30 03:36 - 2012-12-10 13:22 - 00000000 ____D C:\Users\Heartless\AppData\Local\VirtualStore
    2013-01-30 03:35 - 2013-01-30 03:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Heartless\Desktop\HijackThis.exe
    2013-01-30 03:27 - 2013-01-30 03:27 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Malwarebytes
    2013-01-30 03:26 - 2013-01-30 03:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-30 03:26 - 2012-12-13 22:13 - 00000000 ____D C:\Users\All Users\MFAData
    2013-01-30 03:24 - 2013-01-30 03:24 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Heartless\Downloads\mbam-setup-1.70.0.1100.exe
    2013-01-30 03:16 - 2009-07-13 20:45 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-30 03:16 - 2009-07-13 20:45 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-30 03:10 - 2013-01-28 23:10 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-01-30 03:10 - 2013-01-23 23:18 - 00000000 ____D C:\Users\Heartless\Tracing
    2013-01-30 03:10 - 2012-12-24 21:18 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
    2013-01-30 03:10 - 2012-12-20 23:23 - 00000000 ____D C:\Users\Heartless\AppData\Local\LogMeIn Hamachi
    2013-01-30 03:10 - 2012-12-10 13:46 - 00030528 ____A C:\Windows\GVTDrv64.sys
    2013-01-30 03:09 - 2012-12-13 21:56 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-30 03:09 - 2012-12-10 13:46 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2013-01-30 03:09 - 2011-06-29 10:51 - 00004806 ____A C:\Windows\setupact.log
    2013-01-30 03:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-30 03:09 - 2009-07-13 20:45 - 02199288 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-30 03:01 - 2013-01-09 15:24 - 00000000 ____D C:\Users\Heartless\AppData\Local\CrashDumps
    2013-01-30 02:52 - 2013-01-30 02:52 - 00000000 ____D C:\Users\All Users\Adobe
    2013-01-30 02:52 - 2013-01-30 02:51 - 00000000 ____D C:\Users\Heartless\AppData\Local\Adobe
    2013-01-30 02:52 - 2012-12-13 22:57 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Adobe
    2013-01-30 02:52 - 2012-12-10 13:23 - 00058016 ____A C:\Users\Heartless\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-01-30 02:49 - 2013-01-30 02:22 - 00000000 ____D C:\Users\Heartless\Desktop\New folder (2)
    2013-01-30 02:47 - 2013-01-30 02:47 - 00156320 ____A C:\Users\Heartless\Downloads\Adobe.Premiere.Pro.CS3.keygen.by.Inferno.zip
    2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\Heartless\Documents\Adobe
    2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\All Users\FLEXnet
    2013-01-30 02:36 - 2013-01-30 02:36 - 00001203 ____A C:\Users\Heartless\Desktop\Adobe Premiere Pro CS3.lnk
    2013-01-30 02:35 - 2013-01-30 02:27 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-01-30 02:34 - 2013-01-30 02:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-01-30 02:31 - 2013-01-30 02:31 - 00000000 ____D C:\Windows\SysWOW64\spool
    2013-01-28 23:25 - 2013-01-28 23:24 - 00002106 ____A C:\Users\Public\Desktop\Path of Exile.lnk
    2013-01-28 23:25 - 2013-01-12 22:17 - 00000000 ____D C:\Users\Heartless\Documents\My Games
    2013-01-28 23:24 - 2013-01-28 23:24 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
    2013-01-28 23:24 - 2013-01-28 23:23 - 06987776 ____A C:\Users\Heartless\Downloads\PathOfExileInstaller.msi
    2013-01-28 23:10 - 2013-01-28 23:10 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    2013-01-28 23:10 - 2012-12-10 13:22 - 00000000 ____D C:\users\Heartless
    2013-01-28 22:59 - 2013-01-23 23:04 - 00000000 ____D C:\Users\Heartless\AppData\Local\Windows Live
    2013-01-28 05:06 - 2013-01-24 20:48 - 00002088 ____A C:\Users\Heartless\Desktop\Xpadder.ini
    2013-01-28 02:10 - 2013-01-28 02:10 - 00000000 ____D C:\Users\Heartless\Desktop\N64 Roms
    2013-01-28 01:10 - 2013-01-28 01:07 - 00000072 ____A C:\Users\Heartless\Downloads\ZELDA.jsf
    2013-01-28 00:41 - 2013-01-23 22:14 - 00000000 ____D C:\Users\Heartless\Documents\oot saves
    2013-01-26 20:25 - 2012-12-15 20:21 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\.techniclauncher
    2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\Documents\W-Split
    2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\AppData\Local\WSplit
    2013-01-24 23:25 - 2013-01-24 23:25 - 00066114 ____A C:\Users\Heartless\Downloads\wsplit-1.4.4.7z
    2013-01-24 23:25 - 2013-01-24 23:25 - 00000000 ____D C:\Users\Heartless\Desktop\WSPLIT
    2013-01-24 18:15 - 2012-12-14 21:06 - 00703117 ____A C:\Users\Heartless\AppData\Roaming\technic-launcher.jar
    2013-01-23 23:16 - 2013-01-23 23:16 - 00000000 ____D C:\Windows\en
    2013-01-23 23:15 - 2011-03-01 15:04 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2013-01-23 23:08 - 2013-01-23 23:08 - 00000000 ____D C:\Program Files\Windows Live
    2013-01-23 23:06 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2013-01-23 23:05 - 2011-03-01 15:05 - 00032201 ____A C:\Windows\DirectX.log
    2013-01-23 23:03 - 2013-01-23 23:03 - 01239552 ____A (Microsoft Corporation) C:\Users\Heartless\Downloads\wlsetup-web.exe
    2013-01-23 22:58 - 2013-01-23 22:58 - 00379064 ____A (Softonic) C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe
    2013-01-23 20:51 - 2013-01-23 20:51 - 00000000 ____D C:\Users\Heartless\Desktop\X-Padder
    2013-01-23 20:46 - 2013-01-23 20:46 - 00002087 ____A C:\Users\Heartless\Desktop\Project64 1.6.lnk
    2013-01-23 20:44 - 2013-01-23 20:44 - 00000072 ____A C:\Users\Heartless\Downloads\hnjkhl.jsf
    2013-01-23 20:35 - 2013-01-01 23:24 - 00000000 ____D C:\Users\Heartless\Desktop\joytokey
    2013-01-23 20:34 - 2013-01-23 20:13 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
    2013-01-23 20:12 - 2013-01-23 20:12 - 02080797 ____A (Project64 ) C:\Users\Heartless\Downloads\project64_1.6.exe
    2013-01-23 18:33 - 2012-12-25 14:43 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Audacity
    2013-01-23 17:40 - 2013-01-23 17:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2013-01-23 17:36 - 2012-12-18 22:34 - 00000000 ____D C:\Users\Heartless\Desktop\Emu
    2013-01-23 16:27 - 2012-12-14 21:06 - 00703104 ____A C:\Users\Heartless\AppData\Roaming\technic-launcher.jar.bak
    2013-01-23 16:25 - 2012-12-21 22:38 - 00001857 ____A C:\Users\Public\Desktop\ooVoo.lnk
    2013-01-23 16:25 - 2012-12-21 22:38 - 00000000 ____D C:\Program Files (x86)\ooVoo
    2013-01-20 23:32 - 2013-01-20 23:32 - 00000000 ____A C:\Users\Heartless\Desktop\LogisticsPipes-Request.log
    2013-01-19 21:54 - 2013-01-19 21:53 - 00004434 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
    2013-01-19 21:54 - 2012-12-14 04:12 - 00000000 ____D C:\Program Files (x86)\Java
    2013-01-18 01:22 - 2013-01-18 01:13 - 81468907 ____A C:\Users\Heartless\Downloads\dgblack2ap_bafe7.7z
    2013-01-18 01:09 - 2013-01-18 01:09 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched) (1).zip
    2013-01-18 01:08 - 2013-01-18 01:08 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched).zip
    2013-01-18 01:00 - 2013-01-18 01:00 - 00052672 ____A C:\Users\Heartless\Downloads\pbw2app.7z
    2013-01-14 20:34 - 2013-01-14 20:31 - 71349192 ____A C:\Users\Heartless\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip
    2013-01-14 20:30 - 2013-01-14 20:23 - 106084622 ____A C:\Users\Heartless\Downloads\Dragon Quest IX - Sentinels of the Starry Skies.zip
    2013-01-14 20:04 - 2013-01-14 20:02 - 59782202 ____A C:\Users\Heartless\Downloads\Pokemon SoulSilver.zip
    2013-01-14 20:01 - 2013-01-14 19:50 - 88052844 ____A C:\Users\Heartless\Downloads\Lunar Knights.zip
    2013-01-14 19:46 - 2013-01-14 19:40 - 19808359 ____A C:\Users\Heartless\Downloads\Lunar - Dragon Song.zip
    2013-01-13 22:34 - 2013-01-13 22:34 - 05818005 ____A C:\Users\Heartless\Downloads\Final Fantasy VI Advance.zip
    2013-01-13 00:36 - 2013-01-12 22:16 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-01-13 00:36 - 2009-07-13 21:13 - 00772214 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-12 22:17 - 2013-01-12 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2013-01-12 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-01-12 16:35 - 2012-12-13 21:58 - 00002255 ____A C:\Users\Heartless\Desktop\Google Chrome.lnk
    2013-01-12 01:30 - 2013-01-19 21:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-01-12 01:26 - 2013-01-19 21:54 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-01-12 01:24 - 2013-01-19 21:54 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2013-01-10 14:53 - 2012-12-13 22:25 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-01-10 03:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-01-09 22:24 - 2012-12-19 23:13 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-01-09 00:59 - 2013-01-09 00:59 - 01669632 ____A C:\Users\Heartless\Downloads\SteamInstall.msi
    2013-01-08 19:11 - 2012-12-20 23:41 - 00000000 ____D C:\Users\Heartless\Desktop\world_nether
    2013-01-08 19:11 - 2012-12-20 23:41 - 00000000 ____D C:\Users\Heartless\Desktop\world
    2013-01-08 17:01 - 2012-12-13 22:56 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-08 17:01 - 2012-12-13 22:56 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-05 01:21 - 2013-01-05 01:21 - 06792611 ____A C:\Users\Heartless\Downloads\Mario and Luigi - Superstar Saga.zip
    2013-01-05 01:16 - 2013-01-05 01:16 - 00659797 ____A C:\Users\Heartless\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
    2013-01-02 02:05 - 2013-01-02 02:04 - 00000000 ____D C:\Program Files (x86)\Xvid
    2013-01-02 02:04 - 2013-01-02 02:03 - 10768856 ____A (Xvid Team) C:\Users\Heartless\Downloads\Xvid-1.3.2-20110601.exe
    2013-01-02 01:52 - 2013-01-02 01:52 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2013-01-02 01:52 - 2013-01-02 01:51 - 00000000 ____D C:\Users\Heartless\Desktop\avisynth
    2013-01-02 01:51 - 2013-01-02 01:51 - 05080168 ____A C:\Users\Heartless\Downloads\AviSynth_110525.zip
    2013-01-02 01:41 - 2013-01-02 01:41 - 00000000 ____D C:\Program Files (x86)\x264vfw
    2013-01-02 01:40 - 2013-01-02 01:40 - 01204839 ____A C:\Users\Heartless\Downloads\x264vfw_37_2200bm_33968.exe
    2013-01-02 01:31 - 2013-01-02 01:31 - 00000000 ____D C:\Users\Heartless\Desktop\dub
    2013-01-02 01:31 - 2013-01-02 01:30 - 01707366 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11.zip
    2013-01-02 01:14 - 2013-01-02 01:13 - 07174957 ____A (http://yamb.unite-video.com) C:\Users\Heartless\Downloads\Yamb-2.1.0.0_beta2_setup.exe
    2013-01-02 01:01 - 2013-01-02 01:01 - 03196013 ____A C:\Users\Heartless\Downloads\MP4Cam2AVI_v2.99.zip
    2013-01-02 01:01 - 2013-01-02 01:01 - 00000000 ____D C:\Users\Heartless\Desktop\convert
    2013-01-02 00:58 - 2013-01-02 00:58 - 00087373 ____A C:\Users\Heartless\Downloads\Quicktime_VD_v0.2.0.0_bin.zip
    2013-01-02 00:56 - 2013-01-02 00:56 - 00570702 ____A C:\Users\Heartless\Downloads\AVIcodec_1.2_b113.exe
    2013-01-02 00:56 - 2013-01-02 00:56 - 00000000 ____D C:\Program Files (x86)\AVIcodec
    2013-01-02 00:52 - 2013-01-02 00:52 - 01916953 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11-AMD64.zip
    2013-01-01 23:27 - 2013-01-01 23:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
    2013-01-01 23:24 - 2013-01-01 23:24 - 00751654 ____A C:\Users\Heartless\Downloads\JoyToKey_en.zip
    2013-01-01 22:57 - 2013-01-01 22:57 - 01961052 ____A C:\Users\Heartless\Downloads\desmume-0.9.8-win32.zip

    ZeroAccess:
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\@
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\L
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\00000004.@
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\00000008.@
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\000000cb.@
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000000.@
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-01-13 00:11:14
    Restore point made on: 2013-01-19 21:53:04
    Restore point made on: 2013-01-23 20:13:06
    Restore point made on: 2013-01-23 23:04:25
    Restore point made on: 2013-01-23 23:05:01
    Restore point made on: 2013-01-23 23:05:22
    Restore point made on: 2013-01-23 23:05:48
    Restore point made on: 2013-01-23 23:07:48
    Restore point made on: 2013-01-28 23:09:27
    Restore point made on: 2013-01-28 23:10:40
    Restore point made on: 2013-01-28 23:24:26

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8173.54 MB
    Available physical RAM: 7378.76 MB
    Total Pagefile: 8171.73 MB
    Available Pagefile: 7367.28 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:408.62 GB) NTFS
    3 Drive f: () (Removable) (Total:3.72 GB) (Free:2.81 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 3815 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: C8DFDE62

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3814 MB 8 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 3814 MB Healthy

    =========================================================

    Last Boot: 2013-01-24 17:30

    ==================== End Of Log =============================

    and


    Farbar Recovery Scan Tool (x64) Version: 30-01-2013 02
    Ran by SYSTEM at 2013-01-31 00:38:57
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,150
    OK, continue as follows:

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    start
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe  
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 or FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin

    Post bot logs, also give update on current issues/concerns..

    Kevin
     
  5. heartlessdeath0

    heartlessdeath0 Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    6
    My computer isn't really experiencing any performance issues, but i thought it best to get rid of this problem asap.

    I scanned my computer again and now it says no threats were found.


    Here is the fixlog.txt log


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-01-2013 02
    Ran by SYSTEM at 2013-01-31 02:36:43 Run:1
    Running from F:\

    ==============================================

    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====


    and here is the ComboFix log



    ComboFix 13-01-30.04 - Heartless 01/31/2013 2:59.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6496 [GMT -6:00]
    Running from: c:\users\Heartless\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-31 08:36 . 2013-01-31 08:36 -------- d-----w- C:\FRST
    2013-01-30 11:27 . 2013-01-30 11:27 -------- d-----w- c:\users\Heartless\AppData\Roaming\Malwarebytes
    2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-30 11:26 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\users\Heartless\AppData\Local\Programs
    2013-01-30 10:51 . 2013-01-30 10:52 -------- d-----w- c:\users\Heartless\AppData\Local\Adobe
    2013-01-30 10:40 . 2013-01-30 10:40 -------- d-----w- c:\programdata\FLEXnet
    2013-01-30 10:34 . 2013-01-30 10:34 -------- d-----w- c:\program files (x86)\Bonjour
    2013-01-30 10:31 . 2013-01-30 10:31 -------- d-----w- c:\windows\SysWow64\spool
    2013-01-30 10:27 . 2013-01-30 10:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
    2013-01-30 10:25 . 2013-01-30 10:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2013-01-29 07:24 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
    2013-01-29 07:24 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
    2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\program files (x86)\Grinding Gear Games
    2013-01-29 07:10 . 2013-01-31 08:41 -------- d-----w- c:\program files (x86)\Steam
    2013-01-25 07:29 . 2013-01-25 07:29 -------- d-----w- c:\users\Heartless\AppData\Local\WSplit
    2013-01-24 07:18 . 2013-01-31 08:41 -------- d-----w- c:\users\Heartless\Tracing
    2013-01-24 07:16 . 2013-01-24 07:16 -------- d-----w- c:\windows\en
    2013-01-24 07:08 . 2013-01-24 07:08 -------- d-----w- c:\program files\Windows Live
    2013-01-24 07:05 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2013-01-24 07:05 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2013-01-24 07:04 . 2013-01-24 07:04 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DSETUP.dll
    2013-01-24 07:04 . 2013-01-24 07:04 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DXSETUP.exe
    2013-01-24 07:04 . 2013-01-24 07:04 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\dsetup32.dll
    2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DSETUP.dll
    2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DXSETUP.exe
    2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\dsetup32.dll
    2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DSETUP.dll
    2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DXSETUP.exe
    2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\dsetup32.dll
    2013-01-24 07:04 . 2013-01-31 08:42 -------- d-----w- c:\users\Heartless\AppData\Local\Windows Live
    2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2013-01-24 04:13 . 2013-01-24 04:34 -------- d-----w- c:\program files (x86)\Project64 1.6
    2013-01-20 05:54 . 2013-01-12 09:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-13 06:17 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2013-01-13 06:17 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2013-01-13 06:17 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2013-01-13 06:17 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
    2013-01-13 06:17 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2013-01-12 11:06 . 2013-01-12 11:07 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2013-01-10 22:53 . 2013-01-10 22:53 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2013-01-10 11:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-10 11:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-01-10 11:04 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-10 11:04 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-10 11:04 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-01-10 11:04 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-10 11:04 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-01-10 11:04 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-01-10 11:04 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-01-09 23:24 . 2013-01-30 11:01 -------- d-----w- c:\users\Heartless\AppData\Local\CrashDumps
    2013-01-09 22:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 22:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 22:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 11:53 . 2010-02-04 16:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2013-01-09 11:53 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2013-01-09 11:53 . 2007-04-05 00:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
    2013-01-09 11:53 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
    2013-01-09 09:00 . 2013-01-20 05:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2013-01-02 10:04 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2013-01-02 10:04 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
    2013-01-02 10:04 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
    2013-01-02 10:04 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
    2013-01-02 10:04 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2013-01-02 10:04 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
    2013-01-02 10:04 . 2013-01-02 10:05 -------- d-----w- c:\program files (x86)\Xvid
    2013-01-02 09:52 . 2013-01-02 09:52 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2013-01-02 09:41 . 2013-01-02 09:41 -------- d-----w- c:\program files (x86)\x264vfw
    2013-01-02 08:56 . 2013-01-02 08:56 -------- d-----w- c:\program files (x86)\AVIcodec
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-31 09:05 . 2012-12-10 21:46 30528 ----a-w- c:\windows\GVTDrv64.sys
    2013-01-31 09:05 . 2012-12-10 21:46 25640 ----a-w- c:\windows\gdrv.sys
    2013-01-10 06:24 . 2012-12-20 07:13 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 01:01 . 2012-12-14 06:56 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 01:01 . 2012-12-14 06:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-15 03:51 . 2012-12-15 03:51 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-12-14 12:12 . 2012-12-14 12:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-14 12:12 . 2012-12-14 12:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-12-14 06:26 . 2012-12-14 06:26 25640 ----a-w- c:\windows\etdrv.sys
    2012-12-14 06:24 . 2012-12-14 06:25 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-11-30 04:45 . 2013-01-09 22:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-19 07:01 . 2012-12-18 07:46 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AB93B51-95AD-43E8-A76B-D0A0A015D43F}\mpengine.dll
    2012-11-16 05:33 . 2012-11-16 05:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-11-14 07:06 . 2012-12-14 08:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-14 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-14 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-14 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-14 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-14 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-14 08:26 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-14 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-14 08:26 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-14 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-14 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-14 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-14 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-14 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-14 08:26 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-14 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-14 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-14 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-14 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-14 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-14 12:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-14 12:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A2ACB108-446D-4D93-B2F9-998A9534C288}]
    2012-12-14 22:03 78136 ----a-w- c:\users\Heartless\AppData\Local\couponamazing\ie\couponamazing_1355522574.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-01-20 28467264]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-01-29 1354736]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]
    "UVCSti"="c:\program files (x86)\UVC Video Camera\UVCSti.exe" [2010-03-26 245760]
    "RunUVC"="c:\program files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [2010-06-18 7548928]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-12-14 1046984]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-12-14 25640]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-14 30568]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
    S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
    S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]
    S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
    S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [2010-06-14 433536]
    S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-31 30528]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-06 762472]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 00:01 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 01:01]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
    c:\program files (x86)\GIGABYTE\ET6\GUI.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-31 03:08:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-31 09:08
    .
    Pre-Run: 442,760,810,496 bytes free
    Post-Run: 442,715,652,096 bytes free
    .
    - - End Of File - - 41254122283EABA14CDAF72AA240490D
     
  6. heartlessdeath0

    heartlessdeath0 Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    6
    Slight mistake on that last post. It says threats were found but removed, instead of remove manually.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,150
    Continue, make sure we miss nothing!

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A2ACB108-446D-4D93-B2F9-998A9534C288}]
    Folder::
    c:\users\Heartless\AppData\Local\couponamazing
    
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Kevin
     
  8. heartlessdeath0

    heartlessdeath0 Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    6
    Okay, let's do this!


    ComboFix Log


    ComboFix 13-01-30.04 - Heartless 01/31/2013 4:38.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5420 [GMT -6:00]
    Running from: c:\users\Heartless\Desktop\ComboFix.exe
    Command switches used :: c:\users\Heartless\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Heartless\AppData\Local\couponamazing
    c:\users\Heartless\AppData\Local\couponamazing\sqlite3.exe
    c:\users\Heartless\AppData\Local\couponamazing\uninst.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-31 10:42 . 2013-01-31 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-31 08:36 . 2013-01-31 08:36 -------- d-----w- C:\FRST
    2013-01-30 11:27 . 2013-01-30 11:27 -------- d-----w- c:\users\Heartless\AppData\Roaming\Malwarebytes
    2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-30 11:26 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\users\Heartless\AppData\Local\Programs
    2013-01-30 10:51 . 2013-01-30 10:52 -------- d-----w- c:\users\Heartless\AppData\Local\Adobe
    2013-01-30 10:40 . 2013-01-30 10:40 -------- d-----w- c:\programdata\FLEXnet
    2013-01-30 10:34 . 2013-01-30 10:34 -------- d-----w- c:\program files (x86)\Bonjour
    2013-01-30 10:31 . 2013-01-30 10:31 -------- d-----w- c:\windows\SysWow64\spool
    2013-01-30 10:27 . 2013-01-30 10:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
    2013-01-30 10:25 . 2013-01-30 10:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2013-01-29 07:24 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
    2013-01-29 07:24 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
    2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\program files (x86)\Grinding Gear Games
    2013-01-29 07:10 . 2013-01-31 09:16 -------- d-----w- c:\program files (x86)\Steam
    2013-01-25 07:29 . 2013-01-25 07:29 -------- d-----w- c:\users\Heartless\AppData\Local\WSplit
    2013-01-24 07:18 . 2013-01-31 08:41 -------- d-----w- c:\users\Heartless\Tracing
    2013-01-24 07:16 . 2013-01-24 07:16 -------- d-----w- c:\windows\en
    2013-01-24 07:08 . 2013-01-24 07:08 -------- d-----w- c:\program files\Windows Live
    2013-01-24 07:05 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2013-01-24 07:05 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2013-01-24 07:04 . 2013-01-24 07:04 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DSETUP.dll
    2013-01-24 07:04 . 2013-01-24 07:04 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DXSETUP.exe
    2013-01-24 07:04 . 2013-01-24 07:04 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\dsetup32.dll
    2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DSETUP.dll
    2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DXSETUP.exe
    2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\dsetup32.dll
    2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DSETUP.dll
    2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DXSETUP.exe
    2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\dsetup32.dll
    2013-01-24 07:04 . 2013-01-31 08:42 -------- d-----w- c:\users\Heartless\AppData\Local\Windows Live
    2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2013-01-24 04:13 . 2013-01-24 04:34 -------- d-----w- c:\program files (x86)\Project64 1.6
    2013-01-20 05:54 . 2013-01-12 09:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-13 06:17 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2013-01-13 06:17 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2013-01-13 06:17 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2013-01-13 06:17 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
    2013-01-13 06:17 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2013-01-12 11:06 . 2013-01-12 11:07 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2013-01-10 22:53 . 2013-01-10 22:53 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2013-01-10 11:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-10 11:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-01-10 11:04 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-10 11:04 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-10 11:04 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-01-10 11:04 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-10 11:04 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-01-10 11:04 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-01-10 11:04 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-01-09 23:24 . 2013-01-30 11:01 -------- d-----w- c:\users\Heartless\AppData\Local\CrashDumps
    2013-01-09 22:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 22:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 22:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 11:53 . 2010-02-04 16:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2013-01-09 11:53 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2013-01-09 11:53 . 2007-04-05 00:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
    2013-01-09 11:53 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
    2013-01-09 09:00 . 2013-01-20 05:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2013-01-02 10:04 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2013-01-02 10:04 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
    2013-01-02 10:04 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
    2013-01-02 10:04 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
    2013-01-02 10:04 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2013-01-02 10:04 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
    2013-01-02 10:04 . 2013-01-02 10:05 -------- d-----w- c:\program files (x86)\Xvid
    2013-01-02 09:52 . 2013-01-02 09:52 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2013-01-02 09:41 . 2013-01-02 09:41 -------- d-----w- c:\program files (x86)\x264vfw
    2013-01-02 08:56 . 2013-01-02 08:56 -------- d-----w- c:\program files (x86)\AVIcodec
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-31 09:16 . 2012-12-10 21:46 30528 ----a-w- c:\windows\GVTDrv64.sys
    2013-01-31 09:16 . 2012-12-10 21:46 25640 ----a-w- c:\windows\gdrv.sys
    2013-01-10 06:24 . 2012-12-20 07:13 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 01:01 . 2012-12-14 06:56 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 01:01 . 2012-12-14 06:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-15 03:51 . 2012-12-15 03:51 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-12-14 12:12 . 2012-12-14 12:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-14 12:12 . 2012-12-14 12:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-12-14 06:26 . 2012-12-14 06:26 25640 ----a-w- c:\windows\etdrv.sys
    2012-12-14 06:24 . 2012-12-14 06:25 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-11-30 04:45 . 2013-01-09 22:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-19 07:01 . 2012-12-18 07:46 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AB93B51-95AD-43E8-A76B-D0A0A015D43F}\mpengine.dll
    2012-11-16 05:33 . 2012-11-16 05:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-11-14 07:06 . 2012-12-14 08:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-14 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-14 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-14 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-14 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-14 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-14 08:26 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-14 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-14 08:26 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-14 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-14 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-14 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-14 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-14 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-14 08:26 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-14 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-14 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-14 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-14 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-14 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-14 12:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-14 12:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-01-20 28467264]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-01-29 1354736]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]
    "UVCSti"="c:\program files (x86)\UVC Video Camera\UVCSti.exe" [2010-03-26 245760]
    "RunUVC"="c:\program files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [2010-06-18 7548928]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-12-14 1046984]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
    "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-14 1091432]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-12-14 25640]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-31 30528]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-14 30568]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
    S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
    S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]
    S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [2010-06-14 433536]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-06 762472]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 00:01 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 01:01]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    AddRemove-couponamazing - c:\users\Heartless\AppData\Local\couponamazing\uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-31 04:44:17
    ComboFix-quarantined-files.txt 2013-01-31 10:44
    ComboFix2.txt 2013-01-31 09:08
    .
    Pre-Run: 442,782,715,904 bytes free
    Post-Run: 442,484,813,824 bytes free
    .
    - - End Of File - - B8E5F8D7A5F4B71CFA0B92BD3A2AD352



    ESET SCAN


    C:\FRST\Quarantine\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\00000004.@ Win64/Conedex.C trojan
    C:\FRST\Quarantine\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000000.@ Win64/Sirefef.AW trojan
    C:\FRST\Quarantine\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000064.@ a variant of Win64/Sirefef.AN trojan
    C:\Users\Heartless\Downloads\Hamachi_v.2.1.0.215.exe a variant of Win32/DomaIQ.A application
    C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe a variant of Win32/SoftonicDownloader.E application



    and finally the checkup


    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java 7 Update 11
    Google Chrome 24.0.1312.52
    Google Chrome 24.0.1312.56
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 7%
    ````````````````````End of Log``````````````````````
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,150
    OK, do the following:

    Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

    Code:
    @echo off
    del /f /s /q "C:\FRST"
    del /f /s /q "C:\Users\Heartless\Downloads\Hamachi_v.2.1.0.215.exe"
    del /f /s /q "C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe"
    del %0
    
    Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: [​IMG]<--XP [​IMG] <--vista or windows 7
    Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
    The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

    Next,

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Next,

    • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted.

    Next,

    AVG is showing as outdated, that needs to be updated ASAP. Also you need to Defrag your hard drive, follow the instructions here if required: http://windows.microsoft.com/en-GB/windows-vista/Improve-performance-by-defragmenting-your-hard-disk

    Let me know if those steps complete OK, if no more issues are you ok to mark this up as solved? If so I`ll post a closure with hints and tips...

    Kevin
     
  10. heartlessdeath0

    heartlessdeath0 Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    6
    Thank you very much, Kevin. I appreciate you taking the time to help me out.

    ComboFix has been successfully un-installed, along with the other tools.

    I just updated AVG and the system is currently being de-fragmented. I'd say we're all finished.

    I'll mark this as solved as soon as you post your tips and tricks.

    Thanks again

    ~Korey
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,150
    Thanks for the update Korey, good to hear all is OK... here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained here http://www.winpatrol.com/features.html

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)
    If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    FireFox http://www.mozilla.com/en-US/,

    Opera http://www.opera.com/, and

    Chrome http://www.google.com/chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:
    http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    Take care,

    Kevin
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087519