1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

trojan dropper.generic c.MMI removal complete ?

Discussion in 'Virus & Other Malware Removal' started by Ktarl, Jul 6, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    Heya,

    yesterday my avg found that my computer was infected with

    trojan horse dropper.generic c.MMI in my services.exe


    avg could not remove it as the file was whitelisted
    after i finally managed to remove it with running in safe mode and running a sfc /scannow

    i cleaned up other infections with avg ,malewarebytes, spybot and superantispyware

    which seems to have removed everything so far
    i would like to know if there are any infections left that those programms where not able to find and remove

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:21:53 PM, on 7/6/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Users\Yuki\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2629174495-3191888799-3413499157-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2629174495-3191888799-3413499157-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12377 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Yuki at 17:03:05 on 2012-07-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.5544 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDClock.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDCountdown.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Users\Yuki\Downloads\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [NCsoft]
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{021F648F-DFA0-4100-8F56-F95A5A4F3129} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    BHO-X64: BitTorrentBar - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1feefd87-4de1-4887-b742-50840238068e%7D&mid=4e1e55bd2b3f47d1951281ac0fb527e7-a7ff43f88bf4026fec828a06754eb9ad6dc53661&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-10-12%2017%3A54%3A16&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Yuki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
    R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-10-12 68136]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-29 2348352]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257224]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
    S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-12 30528]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-06 20:50:13 -------- d-----w- C:\Users\Yuki\AppData\Local\{D45E8599-E474-4594-B5A5-1AE641AA0DCA}
    2012-07-06 20:50:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{3F04CE78-DD69-4BDB-8819-49094F9B5B99}
    2012-07-06 01:48:28 -------- d-----w- C:\Users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-06 01:48:19 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-07-06 01:48:19 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-07-06 01:25:09 -------- d-----w- C:\Users\Yuki\AppData\Roaming\Malwarebytes
    2012-07-06 01:25:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-06 01:25:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-06 01:25:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-06 00:24:41 -------- d-----w- C:\sh4ldr
    2012-07-06 00:24:41 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-07-06 00:24:14 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-05 22:07:20 -------- d-----w- C:\Users\Yuki\AppData\Local\{23C8D1B3-ACF6-4A63-91B0-817DD3BF98AA}
    2012-07-05 22:07:09 -------- d-----w- C:\Users\Yuki\AppData\Local\{C10A3BD6-EE43-48BC-833F-1E0E79091438}
    2012-07-05 02:42:31 -------- d-----w- C:\Users\Yuki\AppData\Local\{E664F761-9ADF-4C9A-8D12-AC3FBC373665}
    2012-07-05 02:42:20 -------- d-----w- C:\Users\Yuki\AppData\Local\{3500D151-7267-45B7-81F6-BF311DF78836}
    2012-07-04 14:42:09 -------- d-----w- C:\Users\Yuki\AppData\Local\{E4E5C90A-E807-4CA2-80BC-39A78777719C}
    2012-07-04 14:41:58 -------- d-----w- C:\Users\Yuki\AppData\Local\{46F15918-F997-4183-9979-5B8B0A77E90D}
    2012-07-04 05:16:55 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
    2012-07-04 02:41:47 -------- d-----w- C:\Program Files (x86)\NT Locale Emulator Advance
    2012-07-03 22:05:07 -------- d-----w- C:\Users\Yuki\AppData\Local\{A5C4A70E-0B89-4DAF-89FD-44787F643DC3}
    2012-07-03 22:04:57 -------- d-----w- C:\Users\Yuki\AppData\Local\{8A6571C2-7228-4B36-99FA-91716CB51F91}
    2012-07-02 21:10:07 -------- d-----w- C:\Users\Yuki\AppData\Local\{F3F047FA-2096-4BDE-8745-FDB6286C0367}
    2012-07-02 21:09:57 -------- d-----w- C:\Users\Yuki\AppData\Local\{4740C4F0-72A2-45E3-8FAC-62158C191783}
    2012-07-02 06:37:20 -------- d-----w- C:\Users\Yuki\AppData\Local\Apple Computer
    2012-07-02 02:13:59 -------- d-----w- C:\Users\Yuki\AppData\Local\{96034553-BD51-463C-9F5F-33C0F36EFD95}
    2012-07-02 02:13:49 -------- d-----w- C:\Users\Yuki\AppData\Local\{542A6ADA-6AA8-487A-AFD7-45CAA61484B4}
    2012-07-01 14:13:38 -------- d-----w- C:\Users\Yuki\AppData\Local\{AAF1C9CA-A639-4103-A71A-0C98FB62E29A}
    2012-07-01 14:13:27 -------- d-----w- C:\Users\Yuki\AppData\Local\{66D0634F-C8F7-4AFC-B5C3-EFA2522D5D50}
    2012-07-01 02:13:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{CB4E636C-545C-47A8-A8C8-86926CE47F37}
    2012-07-01 02:12:53 -------- d-----w- C:\Users\Yuki\AppData\Local\{DA85BC16-171F-4212-B6D2-65FD5F59A967}
    2012-06-30 14:12:41 -------- d-----w- C:\Users\Yuki\AppData\Local\{42344E89-E7BA-4012-9B69-9BDFD16F386F}
    2012-06-30 14:12:30 -------- d-----w- C:\Users\Yuki\AppData\Local\{27E3E6D6-811D-441D-BB99-9ACDFAF26527}
    2012-06-30 14:10:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{B1F51A89-BCAB-4BAF-A8A4-CE1D85387DCD}
    2012-06-30 14:09:53 -------- d-----w- C:\Users\Yuki\AppData\Local\{8C45F611-2FD7-4C38-A5AB-0871184098F0}
    2012-06-29 21:15:27 -------- d-----w- C:\Users\Yuki\AppData\Local\{A163B702-724B-43F1-86A6-95B329613593}
    2012-06-29 21:15:16 -------- d-----w- C:\Users\Yuki\AppData\Local\{E49A265B-074F-482D-8785-9ADAA2553207}
    2012-06-28 20:58:06 -------- d-----w- C:\Users\Yuki\AppData\Local\{BB1A7154-2D33-4105-AAB2-85460992E3AA}
    2012-06-28 20:57:56 -------- d-----w- C:\Users\Yuki\AppData\Local\{6E30FF33-5CE3-4250-83FE-CA512E48E356}
    2012-06-27 21:02:13 -------- d-----w- C:\Users\Yuki\AppData\Local\{5032D4CA-DAC1-406B-B236-67CF82F19374}
    2012-06-27 21:02:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{F263056F-346A-4362-9D73-2E35433B4E1B}
    2012-06-26 21:26:36 -------- d-----w- C:\Users\Yuki\AppData\Local\{CEFCFADF-4705-4087-B319-42C9165EC2B0}
    2012-06-26 21:26:26 -------- d-----w- C:\Users\Yuki\AppData\Local\{D9E6BC58-7882-41D0-9121-26FDA7B48EEE}
    2012-06-25 21:25:51 -------- d-----w- C:\Users\Yuki\AppData\Local\{17DDB131-EEE2-4709-B34F-85F6058C40DE}
    2012-06-25 21:25:41 -------- d-----w- C:\Users\Yuki\AppData\Local\{99459A75-A7E0-4912-B142-32E85F74A94E}
    2012-06-25 01:31:24 -------- d-----w- C:\Users\Yuki\AppData\Local\{9682ACD8-1D61-4E70-86A2-B9783EB8118E}
    2012-06-25 01:31:13 -------- d-----w- C:\Users\Yuki\AppData\Local\{2BCF650F-DD7B-4662-A788-35C6EDA51786}
    2012-06-24 13:31:02 -------- d-----w- C:\Users\Yuki\AppData\Local\{5A6C4337-8894-495B-ACC9-366F852F8DAD}
    2012-06-24 13:30:51 -------- d-----w- C:\Users\Yuki\AppData\Local\{B556C93E-8F2E-4E37-9A45-96971A11952A}
    2012-06-23 21:11:42 -------- d-----w- C:\Users\Yuki\AppData\Local\{2F5B0F62-22A7-40CD-9D3C-61B081062BA1}
    2012-06-23 21:11:32 -------- d-----w- C:\Users\Yuki\AppData\Local\{DE07B733-8DB7-42D0-B7C8-CC39CC32F7C4}
    2012-06-23 09:11:08 -------- d-----w- C:\Users\Yuki\AppData\Local\{3AA346FC-9AF7-40D9-8811-C7B4DE572A19}
    2012-06-23 09:10:58 -------- d-----w- C:\Users\Yuki\AppData\Local\{AE3DE6AE-2B2B-473C-8510-1641CF38DBDB}
    2012-06-22 21:12:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-22 21:12:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-22 21:11:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-22 21:11:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-22 21:10:42 -------- d-----w- C:\Users\Yuki\AppData\Local\{5E2B8EA6-468B-4DEB-8BC2-CD40A5BA511B}
    2012-06-22 21:10:31 -------- d-----w- C:\Users\Yuki\AppData\Local\{512B01F0-9A80-4E5A-B563-FDD8F15ED6D5}
    2012-06-21 16:46:52 -------- d-----w- C:\Users\Yuki\AppData\Local\{6A8057FD-E6EE-445D-89E6-BB68B7D4B870}
    2012-06-21 16:46:42 -------- d-----w- C:\Users\Yuki\AppData\Local\{72F813E5-B50A-4D59-B1BD-B3CB2EFF3D19}
    2012-06-21 04:20:12 -------- d-----w- C:\Users\Yuki\AppData\Local\{AE227829-CCE7-4AC8-9701-4B201A45D3C6}
    2012-06-21 04:20:02 -------- d-----w- C:\Users\Yuki\AppData\Local\{75F5C01A-AA70-4ACB-B2CA-969B480B2989}
    2012-06-20 16:19:50 -------- d-----w- C:\Users\Yuki\AppData\Local\{E813070C-7471-4C46-82C3-E6478EAD4A50}
    2012-06-20 16:19:39 -------- d-----w- C:\Users\Yuki\AppData\Local\{EDDA0987-FA51-435D-9D54-20EDCBB1F770}
    2012-06-19 22:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-06-19 16:19:22 -------- d-----w- C:\Users\Yuki\AppData\Local\{12AC39D3-C4C9-4BB0-8953-4488686D6496}
    2012-06-19 16:19:12 -------- d-----w- C:\Users\Yuki\AppData\Local\{DAC4FFEF-D5B9-4ABD-94AE-2CD575CF2429}
    2012-06-18 22:59:06 -------- d-----w- C:\Users\Yuki\AppData\Local\{E05BC092-9541-4936-BDFC-CFC44927FE72}
    2012-06-18 02:53:28 -------- d-----w- C:\Users\Yuki\AppData\Local\{D168A399-AC26-4DB1-A511-F6C53B349B59}
    2012-06-17 14:53:18 -------- d-----w- C:\Users\Yuki\AppData\Local\{A47A60B0-4A9D-4490-BA44-9EC81FC5ABF8}
    2012-06-17 02:46:38 -------- d-----w- C:\Users\Yuki\AppData\Local\{DBD5F4A6-A264-4595-B3F3-16464CF89D00}
    2012-06-16 14:46:15 -------- d-----w- C:\Users\Yuki\AppData\Local\{4950500B-A6A3-41B8-AABA-337C5AA5CC14}
    2012-06-16 01:53:52 -------- d-----w- C:\Users\Yuki\AppData\Local\{DDE6FBAE-3CE9-4F54-90D3-0665DF244C6B}
    2012-06-15 13:53:40 -------- d-----w- C:\Users\Yuki\AppData\Local\{2E101E7F-8B2A-4470-B97F-5272F93EE674}
    2012-06-14 20:50:56 -------- d-----w- C:\Users\Yuki\AppData\Local\{E1BC95D0-3165-43C0-8E02-463220D3DDAB}
    2012-06-14 20:50:44 -------- d-----w- C:\Users\Yuki\AppData\Local\{13999467-562C-4927-9FB4-422EC444F79F}
    2012-06-13 20:51:14 -------- d-----w- C:\Users\Yuki\AppData\Local\{7886EC3E-4341-4638-90F7-2552FB6B3642}
    2012-06-13 20:50:57 -------- d-----w- C:\Users\Yuki\AppData\Local\{2028A523-C4DF-4EF0-8547-FCD5E9D8A232}
    2012-06-12 21:25:29 -------- d-----w- C:\Users\Yuki\AppData\Local\Macromedia
    2012-06-12 20:49:16 -------- d-----w- C:\Users\Yuki\AppData\Local\{DDD6AFE1-43C2-40E3-AC51-AC4EE0910DED}
    2012-06-12 20:49:05 -------- d-----w- C:\Users\Yuki\AppData\Local\{2B412EAB-8063-41E0-A815-38156A976600}
    2012-06-11 20:49:15 -------- d-----w- C:\Users\Yuki\AppData\Local\{0A26B2C3-B62D-41C5-87A5-A220E2BF8FEB}
    2012-06-11 20:49:04 -------- d-----w- C:\Users\Yuki\AppData\Local\{551CB1B5-935F-45C7-8531-5D183BEF169F}
    2012-06-11 01:21:54 -------- d-----w- C:\Users\Yuki\AppData\Local\{265D365B-E8F0-448A-8F1F-23779F506BAB}
    2012-06-11 01:21:44 -------- d-----w- C:\Users\Yuki\AppData\Local\{A742D336-4FC5-4CBB-B6E1-C4D428F62A93}
    2012-06-10 13:21:32 -------- d-----w- C:\Users\Yuki\AppData\Local\{3DD09398-CB1F-436C-AFCA-2B5A7287238F}
    2012-06-10 13:21:21 -------- d-----w- C:\Users\Yuki\AppData\Local\{2EAF8D41-BFB1-4605-821A-667EE9240494}
    2012-06-09 21:40:24 -------- d-----w- C:\Users\Yuki\AppData\Local\{0832E854-0D22-4441-8C27-8144BBF8C8F9}
    2012-06-09 21:40:14 -------- d-----w- C:\Users\Yuki\AppData\Local\{ACEA45EB-D948-420E-9A8E-D23668DD2AEF}
    2012-06-09 09:39:50 -------- d-----w- C:\Users\Yuki\AppData\Local\{D1CF8716-443D-4114-A0AF-E2EBC3A8D634}
    2012-06-09 09:39:40 -------- d-----w- C:\Users\Yuki\AppData\Local\{B5FCD0D0-5006-48D1-B35C-B0905558063C}
    2012-06-08 21:08:38 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-08 21:08:38 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-08 21:07:49 -------- d-----w- C:\Users\Yuki\AppData\Local\{B0D1DACD-6E50-4DC5-8612-AB751A808498}
    2012-06-08 21:07:38 -------- d-----w- C:\Users\Yuki\AppData\Local\{F25CB4F7-368C-46DF-877E-F8FAB1835C00}
    2012-06-07 21:00:20 -------- d-----w- C:\Users\Yuki\AppData\Local\{A8B64B00-374E-488D-92FF-E81E2F991663}
    2012-06-07 21:00:09 -------- d-----w- C:\Users\Yuki\AppData\Local\{8D5C05B2-C7AA-4686-AF40-3B57B7783880}
    .
    ==================== Find3M ====================
    .
    2012-07-06 20:49:00 25640 ----a-w- C:\Windows\gdrv.sys
    2012-07-05 22:15:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-05 22:15:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 19:46:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-06-24 19:46:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-06-24 19:46:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 17:03:30.07 ===============


    thanks in advance
     

    Attached Files:

  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    A gold/blue shield removal specialist will need to view your logs and assist you with any possible infections still present.

    In the meantime, I'll give you my 2 cents worth.

    Get rid of AVG 2012 and AVG Security Toolbar, then install Microsoft Security Essentials 4.0.1526.0.
    It's more user-friendly and lighter on resources and well-recommended here.

    Get rid of Spybot - Search & Destroy, then install SUPERAntiSpyware 5.5.0.1106.
    It works well with Malwarebytes Anti-Malware 1.61.0.1400(which you already have) in combating malware, spyware, rogues, hijackers, etc..

    Java(TM) 6 Update 31 needs to be updated to Java Runtime Environment 1.6.0.33(6 Update 33).
    6 Update 33 will overwrite and replace 6 Update 31, so there's no need to uninstall it first.

    Skype 5.9 needs to be updated to Skype 5.10.
    I personally don't use it, so I don't know what the update procedure is.

    ------------------------------------------------
     
  3. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    thanks so far
    im pretty sure that there is still something off
    every time i reboot it changes my folder view settings and my desktop auto arranges symbols
    is it "safe" to uninstall avg and change to microsoft essentials while there is still a possible infection ?
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    Hold off switching antivirus programs until after a gold/blue shield removal specialist assists you.

    If you haven't gotten a reply from one in the next 24 hours, click the orange "Report" link and then request to have one assist you.

    -----------------------------------------------------------
     
  5. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    well i figured out why my folders where acting up and fixed that
    but im still unsure if all infections have been removed malewarebytes and superantispyware dont find any infections except for the occasional tracking cookie
    dont really want to log into my paypal or online banking site before im sure that i have no infections remaining on my system
     
  6. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    just ran ESET online scanner which found 3 more infections that none of the other scanners i ran so far where able to find and removed them

    win64/sirefef.AE.trojan
    win64/Patched.B.Gen trojan
    a variant of win32/sirefef.FD trojan
     
  7. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    would appreciate if anyone could help me make sure that im virus free now
    should i update my hijack this log considering i have found and removed some infections since i first posted it ?
     
  8. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    Have you clicked the orange Report link and then requested to have a gold shield removal specialist help you?

    -----------------------------------------------------------
     
  9. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    no have not done that yet since it states that the report function should not be used to request assistance but i guess ill go ahead and do that right now
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select correct keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  11. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    ran the scan and here is the txt file

    Scan result of Farbar Recovery Scan Tool Version: 10-07-01
    Ran by SYSTEM at 10-07-01 19:10:
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X6) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl6.exe -s [1178071 011-0-] (Realtek Semiconductor)
    HKLM\...\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized [11060 011-07-8] (Logitech Inc.)
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 60 Accessories\XboxStat.exe" silentrun [8518 009-09-0] (Microsoft Corporation)
    HKLM-x\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG01\avgtray.exe" [587008 01-0-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [110755 01-07-09] ()
    HKLM-x\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [871 01-01-0] (Adobe Systems Incorporated)
    HKLM-x\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [590 01-0-0] (Apple Inc.)
    HKLM-x\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [778 008-07-] (AMD)
    HKLM-x\...\Run: [ROC_roc_dec1] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec1.exe" /PROMPT /CMPID=roc_dec1 [98096 01-01-18] ()
    HKLM-x\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [8956 011-0-07] (Elaborate Bytes AG)
    HKLM-x\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [1888 01-0-18] (Apple Inc.)
    HKU\Yuki\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [6080 009-0-05] (Safer-Networking Ltd.)
    HKU\Yuki\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [18 011-10-1] (Valve Corporation)
    HKU\Yuki\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [8018 01-0-08] (Microsoft Corporation)
    HKU\Yuki\...\Run: [NCsoft] [x]
    HKU\Yuki\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17176 01-06-05] (Skype Technologies S.A.)
    HKU\Yuki\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [78707 01-06-6] (SUPERAntiSpyware.com)
    Tcpip\Parameters: [DhcpNameServer] 19.168.0.1

    ==================== Services (Whitelisted) ======

    !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE6.EXE" [1067 011-08-11] (SUPERAntiSpyware.com)
    AppleChargerSrv; C:\Windows\System\AppleChargerSrv.exe [17 010-0-06] ()
    AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG01\AVGIDSAgent.exe" [5160568 01-07-0] (AVG Technologies CZ, s.r.o.)
    avgwd; "C:\Program Files (x86)\AVG\AVG01\avgwdsvc.exe" [1988 01-0-1] (AVG Technologies CZ, s.r.o.)
    ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [6816 009-08-] ()
    PnkBstrA; C:\Windows\SysWow6\PnkBstrA.exe [76888 01-0-17] ()
    SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [11568 009-01-6] (Safer Networking Ltd.)
    vToolbarUpdater11..0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11..0\ToolbarUpdater.exe [95008 01-07-09] ()

    ========================== Drivers (Whitelisted) =============

    19ohci; C:\Windows\System\Drivers\19ohci.sys [9888 010-11-0] (Microsoft Corporation)
    0 ACPI; C:\Windows\System\Drivers\ACPI.sys [08 010-11-0] (Microsoft Corporation)
    AcpiPmi; C:\Windows\System\Drivers\AcpiPmi.sys [1800 010-11-0] (Microsoft Corporation)
    adp9xx; C:\Windows\System\Drivers\adp9xx.sys [91088 009-07-1] (Adaptec, Inc.)
    adpahci; C:\Windows\System\Drivers\adpahci.sys [956 009-07-1] (Adaptec, Inc.)
    adpu0; C:\Windows\System\Drivers\adpu0.sys [1886 009-07-1] (Adaptec, Inc.)
    1 AFD; C:\Windows\System\Drivers\AFD.sys [98688 011-1-7] (Microsoft Corporation)
    agp0; C:\Windows\System\Drivers\agp0.sys [61008 009-07-1] (Microsoft Corporation)
    amdide; C:\Windows\System\Drivers\amdide.sys [150 009-07-1] (Microsoft Corporation)
    AmdK8; C:\Windows\System\Drivers\AmdK8.sys [651 009-07-1] (Microsoft Corporation)
    AmdPPM; C:\Windows\System\Drivers\AmdPPM.sys [6098 009-07-1] (Microsoft Corporation)
    amdsata; C:\Windows\System\Drivers\amdsata.sys [10790 011-0-10] (Advanced Micro Devices)
    0 amdxata; C:\Windows\System\Drivers\amdxata.sys [7008 011-0-10] (Advanced Micro Devices)
    AppID; C:\Windows\System\Drivers\AppID.sys [610 010-11-0] (Microsoft Corporation)
    1 AppleCharger; C:\Windows\System\Drivers\AppleCharger.sys [110 011-01-10] ()
    arc; C:\Windows\System\Drivers\arc.sys [876 009-07-1] (Adaptec, Inc.)
    arcsas; C:\Windows\System\Drivers\arcsas.sys [97856 009-07-1] (Adaptec, Inc.)
    AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [00 009-07-1] (Microsoft Corporation)
    0 atapi; C:\Windows\System\Drivers\atapi.sys [18 009-07-1] (Microsoft Corporation)
    AVGIDSDriver; C:\Windows\System\DRIVERS\avgidsdrivera.sys [196 011-1-] (AVG Technologies CZ, s.r.o. )
    AVGIDSFilter; C:\Windows\System\DRIVERS\avgidsfiltera.sys [9776 011-1-] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System\Drivers\AVGIDSHA.sys [880 01-0-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx6; C:\Windows\System\Drivers\Avgldx6.sys [8987 01-0-] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx6; C:\Windows\System\Drivers\Avgmfx6.sys [7696 011-1-] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx6; C:\Windows\System\Drivers\Avgrkx6.sys [69 01-01-1] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System\Drivers\Avgtdia.sys [8808 01-0-19] (AVG Technologies CZ, s.r.o.)
    b06bdrv; C:\Windows\system\drivers\bxvbda.sys [6880 009-06-10] (Broadcom Corporation)
    b57nd60a; C:\Windows\System\Drivers\b57nd60a.sys [7088 009-06-10] (Broadcom Corporation)
    1 Beep; C:\Windows\System\Drivers\Beep.sys [6656 009-07-1] (Microsoft Corporation)
    1 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5056 009-07-1] (Microsoft Corporation)
    bowser; C:\Windows\System\Drivers\bowser.sys [906 011-0-] (Microsoft Corporation)
    BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 009-06-10] (Brother Industries, Ltd.)
    BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 009-06-10] (Brother Industries, Ltd.)
    Brserid; C:\Windows\System\Drivers\Brserid.sys [8670 009-07-1] (Brother Industries Ltd.)
    BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 009-06-10] (Brother Industries Ltd.)
    BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 009-06-10] (Brother Industries Ltd.)
    BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 009-06-10] (Brother Industries Ltd.)
    BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [719 009-07-1] (Microsoft Corporation)
    cdfs; C:\Windows\System\Drivers\cdfs.sys [9160 009-07-1] (Microsoft Corporation)
    1 cdrom; C:\Windows\System\Drivers\cdrom.sys [1756 010-11-0] (Microsoft Corporation)
    circlass; C:\Windows\System\Drivers\circlass.sys [5568 009-07-1] (Microsoft Corporation)
    CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1766 009-07-1] (Microsoft Corporation)
    0 CNG; C:\Windows\System\Drivers\CNG.sys [59 011-11-16] (Microsoft Corporation)
    Compbatt; C:\Windows\System\Drivers\Compbatt.sys [158 009-07-1] (Microsoft Corporation)
    CompositeBus; C:\Windows\System\Drivers\CompositeBus.sys [891 010-11-0] (Microsoft Corporation)
    crcdisk; C:\Windows\System\Drivers\crcdisk.sys [1 009-07-1] (Microsoft Corporation)
    1 DfsC; C:\Windows\System\Drivers\DfsC.sys [1000 010-11-0] (Microsoft Corporation)
    1 discache; C:\Windows\System\Drivers\discache.sys [08 009-07-1] (Microsoft Corporation)
    0 Disk; C:\Windows\System\Drivers\Disk.sys [780 009-07-1] (Microsoft Corporation)
    drmkaud; C:\Windows\System\Drivers\drmkaud.sys [56 009-07-1] (Microsoft Corporation)
    DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [9891 010-11-0] (Microsoft Corporation)
    ebdrv; C:\Windows\system\drivers\evbda.sys [86016 009-06-10] (Broadcom Corporation)
    ErrDev; C:\Windows\System\Drivers\ErrDev.sys [978 009-07-1] (Microsoft Corporation)
    exfat; C:\Windows\System\Drivers\exfat.sys [19507 009-07-1] (Microsoft Corporation)
    fastfat; C:\Windows\System\Drivers\fastfat.sys [0800 009-07-1] (Microsoft Corporation)
    fdc; C:\Windows\System\Drivers\fdc.sys [9696 009-07-1] (Microsoft Corporation)
    0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [70 009-07-1] (Microsoft Corporation)
    Filetrace; C:\Windows\System\Drivers\Filetrace.sys [0 009-07-1] (Microsoft Corporation)
    flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 009-07-1] (Microsoft Corporation)
    0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [8966 010-11-0] (Microsoft Corporation)
    FsDepends; C:\Windows\System\Drivers\FsDepends.sys [5576 009-07-1] (Microsoft Corporation)
    0 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [08 01-0-9] (Microsoft Corporation)
    0 fvevol; C:\Windows\System\Drivers\fvevol.sys [8 010-11-0] (Microsoft Corporation)
    gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [65088 009-07-1] (Microsoft Corporation)
    gdrv; \??\C:\Windows\gdrv.sys [560 01-07-10] (Windows (R) Server 00 DDK provider)
    GVTDrv6; \??\C:\Windows\GVTDrv6.sys [058 011-10-1] ()
    HdAudAddService; C:\Windows\System\drivers\HdAudio.sys [5008 010-11-0] (Microsoft Corporation)
    HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [168 010-11-0] (Microsoft Corporation)
    HidBatt; C:\Windows\System\Drivers\HidBatt.sys [66 009-07-1] (Microsoft Corporation)
    HidBth; C:\Windows\System\Drivers\HidBth.sys [10086 009-07-1] (Microsoft Corporation)
    HidIr; C:\Windows\System\Drivers\HidIr.sys [659 009-07-1] (Microsoft Corporation)
    HidUsb; C:\Windows\System\Drivers\HidUsb.sys [008 010-11-0] (Microsoft Corporation)
    HpSAMD; C:\Windows\System\Drivers\HpSAMD.sys [7870 010-11-0] (Hewlett-Packard Company)
    HTTP; C:\Windows\System\Drivers\HTTP.sys [7566 010-11-0] (Microsoft Corporation)
    0 hwpolicy; C:\Windows\System\Drivers\hwpolicy.sys [170 010-11-0] (Microsoft Corporation)
    i80prt; C:\Windows\System\Drivers\i80prt.sys [1057 009-07-1] (Microsoft Corporation)
    iaStorV; C:\Windows\System\Drivers\iaStorV.sys [1096 011-0-10] (Intel Corporation)
    iirsp; C:\Windows\System\Drivers\iirsp.sys [11 009-07-1] (Intel Corp./ICP vortex GmbH)
    IntcAzAudAddService; C:\Windows\System\drivers\RTKVHD6.sys [7551 011-0-] (Realtek Semiconductor Corp.)
    intelide; C:\Windows\System\Drivers\intelide.sys [16960 009-07-1] (Microsoft Corporation)
    intelppm; C:\Windows\System\Drivers\intelppm.sys [66 009-07-1] (Microsoft Corporation)
    IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [89 010-11-0] (Microsoft Corporation)
    IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7888 010-11-0] (Microsoft Corporation)
    IPNAT; C:\Windows\System\Drivers\IPNAT.sys [116 009-07-1] (Microsoft Corporation)
    IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1790 009-07-1] (Microsoft Corporation)
    isapnp; C:\Windows\System\Drivers\isapnp.sys [05 009-07-1] (Microsoft Corporation)
    iScsiPrt; C:\Windows\system\drivers\msiscsi.sys [779 010-11-0] (Microsoft Corporation)
    kbdclass; C:\Windows\System\Drivers\kbdclass.sys [50768 009-07-1] (Microsoft Corporation)
    kbdhid; C:\Windows\System\Drivers\kbdhid.sys [80 010-11-0] (Microsoft Corporation)
    0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [95600 011-11-16] (Microsoft Corporation)
    0 KSecPkg; C:\Windows\System\Drivers\KSecPkg.sys [15 011-11-16] (Microsoft Corporation)
    ksthunk; C:\Windows\System\Drivers\ksthunk.sys [099 009-07-1] (Microsoft Corporation)
    LGBusEnum; C:\Windows\System\Drivers\LGBusEnum.sys [08 011-10-16] (Logitech Inc.)
    LGVirHid; C:\Windows\System\Drivers\LGVirHid.sys [16008 011-10-16] (Logitech Inc.)
    lltdio; C:\Windows\System\Drivers\lltdio.sys [6098 009-07-1] (Microsoft Corporation)
    LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1175 009-07-1] (LSI Corporation)
    LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [106560 009-07-1] (LSI Corporation)
    LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [65600 009-07-1] (LSI Corporation)
    LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [115776 009-07-1] (LSI Corporation)
    luafv; C:\Windows\System\Drivers\luafv.sys [1115 009-07-1] (Microsoft Corporation)
    megasas; C:\Windows\System\Drivers\megasas.sys [59 009-07-1] (LSI Corporation)
    MegaSR; C:\Windows\System\Drivers\MegaSR.sys [876 009-07-1] (LSI Corporation, Inc.)
    Modem; C:\Windows\System\Drivers\Modem.sys [08 009-07-1] (Microsoft Corporation)
    monitor; C:\Windows\System\Drivers\monitor.sys [008 009-07-1] (Microsoft Corporation)
    mouclass; C:\Windows\System\Drivers\mouclass.sys [916 009-07-1] (Microsoft Corporation)
    mouhid; C:\Windows\System\Drivers\mouhid.sys [1 009-07-1] (Microsoft Corporation)
    0 mountmgr; C:\Windows\System\Drivers\mountmgr.sys [959 010-11-0] (Microsoft Corporation)
    mpio; C:\Windows\System\Drivers\mpio.sys [155008 010-11-0] (Microsoft Corporation)
    mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [771 009-07-1] (Microsoft Corporation)
    MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [10800 010-11-0] (Microsoft Corporation)
    mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15808 011-0-6] (Microsoft Corporation)
    mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [88768 011-07-08] (Microsoft Corporation)
    mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [18000 011-0-6] (Microsoft Corporation)
    msahci; C:\Windows\System\Drivers\msahci.sys [110 010-11-0] (Microsoft Corporation)
    msdsm; C:\Windows\System\Drivers\msdsm.sys [1067 010-11-0] (Microsoft Corporation)
    1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 009-07-1] (Microsoft Corporation)
    mshidkmdf; C:\Windows\System\Drivers\mshidkmdf.sys [819 009-07-1] (Microsoft Corporation)
    0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [15 009-07-1] (Microsoft Corporation)
    MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [1116 009-07-1] (Microsoft Corporation)
    MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [7168 009-07-1] (Microsoft Corporation)
    MSPQM; C:\Windows\System\Drivers\MSPQM.sys [678 009-07-1] (Microsoft Corporation)
    MsRPC; C:\Windows\System\Drivers\MsRPC.sys [66976 010-11-0] (Microsoft Corporation)
    1 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [0 009-07-1] (Microsoft Corporation)
    MSTEE; C:\Windows\System\Drivers\MSTEE.sys [806 009-07-1] (Microsoft Corporation)
    MTConfig; C:\Windows\System\Drivers\MTConfig.sys [1560 009-07-1] (Microsoft Corporation)
    0 Mup; C:\Windows\System\Drivers\Mup.sys [6096 009-07-1] (Microsoft Corporation)
    NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [18976 009-07-1] (Microsoft Corporation)
    0 NDIS; C:\Windows\System\Drivers\NDIS.sys [951680 010-11-0] (Microsoft Corporation)
    NdisCap; C:\Windows\System\Drivers\NdisCap.sys [58 009-07-1] (Microsoft Corporation)
    NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 009-07-1] (Microsoft Corporation)
    Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [568 010-11-0] (Microsoft Corporation)
    NdisWan; C:\Windows\System\Drivers\NdisWan.sys [165 010-11-0] (Microsoft Corporation)
    NDProxy; C:\Windows\System\Drivers\NDProxy.sys [57856 010-11-0] (Microsoft Corporation)
    1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 009-07-1] (Microsoft Corporation)
    1 NetBT; C:\Windows\System\Drivers\NetBT.sys [616 010-11-0] (Microsoft Corporation)
    1 Npfs; C:\Windows\System\Drivers\Npfs.sys [0 009-07-1] (Microsoft Corporation)
    1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [576 009-07-1] (Microsoft Corporation)
    Ntfs; C:\Windows\System\Drivers\Ntfs.sys [1659776 011-0-10] (Microsoft Corporation)
    1 Null; C:\Windows\System\Drivers\Null.sys [61 009-07-1] (Microsoft Corporation)
    NVHDA; C:\Windows\System\drivers\nvhda6v.sys [188 01-01-17] (NVIDIA Corporation)
    nvlddmkm; C:\Windows\System\Drivers\nvlddmkm.sys [1618 01-0-09] (NVIDIA Corporation)
    nvraid; C:\Windows\System\Drivers\nvraid.sys [185 011-0-10] (NVIDIA Corporation)
    nvstor; C:\Windows\System\Drivers\nvstor.sys [1667 011-0-10] (NVIDIA Corporation)
    nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1960 009-07-1] (Microsoft Corporation)
    ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-07-1] (Microsoft Corporation)
    Parport; C:\Windows\System\Drivers\Parport.sys [9780 009-07-1] (Microsoft Corporation)
    0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7510 01-0-16] (Microsoft Corporation)
    0 pci; C:\Windows\System\Drivers\pci.sys [1870 010-11-0] (Microsoft Corporation)
    0 pciide; C:\Windows\System\Drivers\pciide.sys [15 009-07-1] (Microsoft Corporation)
    pcmcia; C:\Windows\System\Drivers\pcmcia.sys [075 009-07-1] (Microsoft Corporation)
    0 pcw; C:\Windows\System\Drivers\pcw.sys [50768 009-07-1] (Microsoft Corporation)
    PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [6516 009-07-1] (Microsoft Corporation)
    PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [11110 010-11-0] (Microsoft Corporation)
    Processor; C:\Windows\system\drivers\processr.sys [6016 009-07-1] (Microsoft Corporation)
    1 Psched; C:\Windows\System\DRIVERS\pacer.sys [1158 010-11-0] (Microsoft Corporation)
    QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 009-07-1] (Microsoft Corporation)
    RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 009-07-1] (Microsoft Corporation)
    RasAgileVpn; C:\Windows\System\DRIVERS\AgileVpn.sys [6016 009-07-1] (Microsoft Corporation)
    Rasltp; C:\Windows\System\Drivers\Rasltp.sys [1956 010-11-0] (Microsoft Corporation)
    RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [967 009-07-1] (Microsoft Corporation)
    RasSstp; C:\Windows\System\Drivers\RasSstp.sys [8968 009-07-1] (Microsoft Corporation)
    1 rdbss; C:\Windows\System\Drivers\rdbss.sys [098 010-11-0] (Microsoft Corporation)
    rdpbus; C:\Windows\System\Drivers\rdpbus.sys [06 009-07-1] (Microsoft Corporation)
    1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7680 009-07-1] (Microsoft Corporation)
    1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7680 009-07-1] (Microsoft Corporation)
    1 RDPREFMP; C:\Windows\System\Drivers\RDPREFMP.sys [819 009-07-1] (Microsoft Corporation)
    RDPWD; C:\Windows\System\Drivers\RDPWD.sys [109 01-0-7] (Microsoft Corporation)
    0 rdyboost; C:\Windows\System\Drivers\rdyboost.sys [1888 010-11-0] (Microsoft Corporation)
    rspndr; C:\Windows\System\Drivers\rspndr.sys [76800 009-07-1] (Microsoft Corporation)
    RTL8167; C:\Windows\System\DRIVERS\Rt6win7.sys [1800 011-01-1] (Realtek )
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV6.SYS [198 011-07-] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL6.SYS [168 011-07-1] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    sbpport; C:\Windows\System\Drivers\sbpport.sys [10808 010-11-0] (Microsoft Corporation)
    scfilter; C:\Windows\System\Drivers\scfilter.sys [9696 010-11-0] (Microsoft Corporation)
    Serenum; C:\Windows\System\Drivers\Serenum.sys [55 009-07-1] (Microsoft Corporation)
    1 Serial; C:\Windows\System\Drivers\Serial.sys [908 009-07-1] (Microsoft Corporation)
    sermouse; C:\Windows\System\Drivers\sermouse.sys [66 009-07-1] (Microsoft Corporation)
    sffdisk; C:\Windows\System\Drivers\sffdisk.sys [16 009-07-1] (Microsoft Corporation)
    sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [18 009-07-1] (Microsoft Corporation)
    sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [16 010-11-0] (Microsoft Corporation)
    sfloppy; C:\Windows\System\Drivers\sfloppy.sys [16896 009-07-1] (Microsoft Corporation)
    Smb; C:\Windows\System\Drivers\Smb.sys [918 009-07-1] (Microsoft Corporation)
    0 spldr; C:\Windows\System\Drivers\spldr.sys [19008 009-07-1] (Microsoft Corporation)
    srv; C:\Windows\System\Drivers\srv.sys [6756 011-0-8] (Microsoft Corporation)
    srv; C:\Windows\System\Drivers\srv.sys [1011 011-0-8] (Microsoft Corporation)
    srvnet; C:\Windows\System\Drivers\srvnet.sys [1688 011-0-8] (Microsoft Corporation)
    swenum; C:\Windows\System\Drivers\swenum.sys [196 009-07-1] (Microsoft Corporation)
    0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [19180 01-0-0] (Microsoft Corporation)
    TCPIP6; C:\Windows\System\DRIVERS\tcpip.sys [19180 01-0-0] (Microsoft Corporation)
    tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [5056 010-11-0] (Microsoft Corporation)
    TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [1587 009-07-1] (Microsoft Corporation)
    TDTCP; C:\Windows\System\Drivers\TDTCP.sys [55 01-0-16] (Microsoft Corporation)
    1 tdx; C:\Windows\System\Drivers\tdx.sys [11996 010-11-0] (Microsoft Corporation)
    1 TermDD; C:\Windows\System\Drivers\TermDD.sys [660 010-11-0] (Microsoft Corporation)
    tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [9 010-11-0] (Microsoft Corporation)
    TsUsbFlt; C:\Windows\System\Drivers\TsUsbFlt.sys [599 010-11-0] (Microsoft Corporation)
    TsUsbGD; C:\Windows\System\Drivers\TsUsbGD.sys [1 010-11-0] (Microsoft Corporation)
    tunnel; C:\Windows\System\Drivers\tunnel.sys [150 010-11-0] (Microsoft Corporation)
    uagp5; C:\Windows\System\Drivers\uagp5.sys [6080 009-07-1] (Microsoft Corporation)
    udfs; C:\Windows\System\Drivers\udfs.sys [819 010-11-0] (Microsoft Corporation)
    uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [659 009-07-1] (Microsoft Corporation)
    umbus; C:\Windows\System\Drivers\umbus.sys [860 010-11-0] (Microsoft Corporation)
    UmPass; C:\Windows\System\Drivers\UmPass.sys [978 009-07-1] (Microsoft Corporation)
    usbaudio; C:\Windows\System\Drivers\usbaudio.sys [109696 010-11-0] (Microsoft Corporation)
    usbccgp; C:\Windows\System\Drivers\usbccgp.sys [98816 011-0-] (Microsoft Corporation)
    usbcir; C:\Windows\System\Drivers\usbcir.sys [1005 009-07-1] (Microsoft Corporation)
    usbehci; C:\Windows\System\Drivers\usbehci.sys [576 011-0-] (Microsoft Corporation)
    usbhub; C:\Windows\System\Drivers\usbhub.sys [00 011-0-] (Microsoft Corporation)
    usbohci; C:\Windows\System\Drivers\usbohci.sys [5600 011-0-] (Microsoft Corporation)
    usbprint; C:\Windows\System\Drivers\usbprint.sys [5088 009-07-1] (Microsoft Corporation)
    USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [9168 011-0-10] (Microsoft Corporation)
    usbuhci; C:\Windows\System\Drivers\usbuhci.sys [070 011-0-] (Microsoft Corporation)
    0 vdrvroot; C:\Windows\System\Drivers\vdrvroot.sys [6 009-07-1] (Microsoft Corporation)
    vga; C:\Windows\System\Drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
    1 VgaSave; C:\Windows\System\drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
    vhdmp; C:\Windows\System\Drivers\vhdmp.sys [1596 010-11-0] (Microsoft Corporation)
    0 volmgr; C:\Windows\System\Drivers\volmgr.sys [7155 010-11-0] (Microsoft Corporation)
    0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [69 010-11-0] (Microsoft Corporation)
    vwifibus; C:\Windows\System\Drivers\vwifibus.sys [576 009-07-1] (Microsoft Corporation)
    WacomPen; C:\Windows\System\Drivers\WacomPen.sys [7776 009-07-1] (Microsoft Corporation)
    WANARP; C:\Windows\System\Drivers\WANARP.sys [88576 010-11-0] (Microsoft Corporation)
    1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [88576 010-11-0] (Microsoft Corporation)
    Wd; C:\Windows\System\Drivers\Wd.sys [1056 009-07-1] (Microsoft Corporation)
    0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [6598 009-07-1] (Microsoft Corporation)
    1 WfpLwf; C:\Windows\System\Drivers\WfpLwf.sys [1800 009-07-1] (Microsoft Corporation)
    WIMMount; C:\Windows\System\Drivers\WIMMount.sys [096 009-07-1] (Microsoft Corporation)
    WIMMount; C:\Windows\SysWow6\Drivers\WIMMount.sys [19008 009-07-1] (Microsoft Corporation)
    wsifsl; C:\Windows\System\Drivers\wsifsl.sys [150 009-07-1] (Microsoft Corporation)
    WudfPf; C:\Windows\System\Drivers\WudfPf.sys [1118 010-11-0] (Microsoft Corporation)
    WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [175 010-11-0] (Microsoft Corporation)
    xusb1; C:\Windows\System\Drivers\xusb1.sys [79976 009-08-0] (Microsoft Corporation)
    EagleX6; \??\C:\Windows\system\drivers\EagleX6.sys [x]
    esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    NPPTNT; \??\C:\Windows\system\npptNT.sys [x]
    X6va005; \??\C:\Users\Yuki\AppData\Local\Temp\005D06A.tmp [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    01-07-10 1:0 - 01-07-10 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{9E9C99-B61-C1-B00-EA7BD5B91B8}
    01-07-10 1:0 - 01-07-10 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DFF-AE1-F8A-8F0-85CD15D8D1}
    01-07-09 1:50 - 01-07-09 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F0CFBEB-6A-DB9-A5B7-ED58E77170}
    01-07-09 1:50 - 01-07-09 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{18DC87-7B0-88F-BF8-0E1BFCCBCF}
    01-07-08 19:8 - 01-07-08 19:8 - 00000000 ____D C:\Program Files (x86)\ESET
    01-07-08 19:5 - 01-07-08 19:5 - 0009 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HousecallLauncher.exe
    01-07-08 19: - 01-07-08 19: - 00000000 ____D C:\Program Files (x86)\Panda Security
    01-07-08 18:18 - 01-07-08 18:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{86F671EC-8D15-FFE-AEAF-E659FB9001E}
    01-07-08 18:18 - 01-07-08 18:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{9F9E8-FD-96B-AC1-0AC58D656CA}
    01-07-08 06:18 - 01-07-08 06:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AEA-C79A-5EF-811-15D9D1D898B}
    01-07-08 06:17 - 01-07-08 06:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{CD5E87A-BE7-EB7-8C71-19FB1AD6}
    01-07-07 18:07 - 01-07-07 18:07 - 00000000 ____D C:\Users\Yuki\dwhelper
    01-07-07 1:50 - 01-07-07 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D9B0BBB-6C77-9-96D9-FF05FEAA}
    01-07-07 1:50 - 01-07-07 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7BE916E8-FF0D-D-8F01-60FDCF5BB6}
    01-07-07 00:50 - 01-07-07 00:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{8C06BC61-08B7-B90-9ED-E61FE7E6DC}
    01-07-07 00:50 - 01-07-07 00:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{656D670C-77D-EB1-BDD-068EE9AB}
    01-07-06 15:0 - 01-07-06 15:0 - 005008 ____A (Sun Microsystems, Inc.) C:\Windows\System\npdeployJava1.dll
    01-07-06 15:0 - 01-07-06 15:0 - 0055576 ____A (Sun Microsystems, Inc.) C:\Windows\System\deployJava1.dll
    01-07-06 15:0 - 01-07-06 15:0 - 001910 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaws.exe
    01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaw.exe
    01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\java.exe
    01-07-06 15:0 - 01-07-06 15:0 - 00000000 ____D C:\Program Files\Java
    01-07-06 1:6 - 01-07-06 1:6 - 0060760 ____R (Swearware) C:\Users\Yuki\Downloads\dds.com
    01-07-06 1:50 - 01-07-06 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D5E8599-E7-59-B5A5-1AE61AA0DCA}
    01-07-06 1:50 - 01-07-06 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F0CE78-DD69-BDB-8819-909F9B5B99}
    01-07-05 19:0 - 01-07-06 1:1 - 000179 ____A C:\Users\Yuki\Downloads\hijackthis.log
    01-07-05 19:9 - 01-07-05 19:9 - 0088608 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HijackThis.exe
    01-07-05 19:19 - 01-07-07 0:51 - 000005 ____A C:\Windows\epplauncher.mif
    01-07-05 17:5 - 01-07-05 17:5 - 088970 ____A (Piriform Ltd) C:\Users\Yuki\Downloads\ccsetup0.exe
    01-07-05 17:5 - 01-07-05 17:5 - 161696 ____A (Microsoft Corporation) C:\Users\Yuki\Downloads\mseinstall.exe
    01-07-05 17:51 - 01-07-05 17:51 - 000059 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    01-07-05 17:8 - 01-07-10 16:00 - 0000089 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    01-07-05 17:8 - 01-07-10 1:0 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    01-07-05 17:8 - 01-07-05 17:51 - 00000000 ____D C:\Program Files (x86)\Google
    01-07-05 17:8 - 01-07-05 17:8 - 00000000 ____D C:\Users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
    01-07-05 17:8 - 01-07-05 17:8 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    01-07-05 17:8 - 01-07-05 17:8 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    01-07-05 17:5 - 01-07-05 17:5 - 00000000 ____D C:\Users\Yuki\AppData\Roaming\Malwarebytes
    01-07-05 17:5 - 01-07-05 17:5 - 00000000 ____D C:\Users\All Users\Malwarebytes
    01-07-05 17:5 - 01-07-05 17:5 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    01-07-05 17:5 - 01-0-0 1:56 - 00090 ____A (Malwarebytes Corporation) C:\Windows\System\Drivers\mbam.sys
    01-07-05 17:17 - 01-07-05 17:17 - 1006000 ____A (Malwarebytes Corporation ) C:\Users\Yuki\Downloads\mbam-setup-1.61.0.100.exe
    01-07-05 16:57 - 01-07-05 16:57 - 0000006 ____A C:\Users\Yuki\Desktop\command.txt
    01-07-05 16: - 01-07-05 16:58 - 00000000 ____D C:\Windows\18F97AF0F889AFE5A570E1CC.TMP
    01-07-05 16: - 01-07-05 16:58 - 00000000 ____D C:\shldr
    01-07-05 16: - 01-07-05 16: - 00000000 ____D C:\Program Files\Enigma Software Group
    01-07-05 1:07 - 01-07-05 1:07 - 00000000 ____D C:\Users\Yuki\AppData\Local\{C10ABD6-EE-8BC-8F-1E0E790918}
    01-07-05 1:07 - 01-07-05 1:07 - 00000000 ____D C:\Users\Yuki\AppData\Local\{C8D1B-ACF6-A6-91B0-817DDBF98AA}
    01-07-0 18: - 01-07-0 18: - 00000000 ____D C:\Users\Yuki\AppData\Local\{E66F761-9ADF-C9A-8D1-ACFBC7665}
    01-07-0 18: - 01-07-0 18: - 00000000 ____D C:\Users\Yuki\AppData\Local\{500D151-767-5B7-81F6-BF11DF7886}
    01-07-0 06: - 01-07-0 06: - 00000000 ____D C:\Users\Yuki\AppData\Local\{EE5C90A-E807-CA-80BC-9A78777719C}
    01-07-0 06:1 - 01-07-0 06: - 00000000 ____D C:\Users\Yuki\AppData\Local\{6F15918-F997-18-9979-5B8B0A77E90D}
    01-07-0 1:16 - 01-07-0 1:16 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
    01-07-0 18:1 - 01-07-0 18: - 00000000 ____D C:\Program Files (x86)\NT Locale Emulator Advance
    01-07-0 1:05 - 01-07-0 1:05 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A5CA70E-0B89-DAF-89FD-787F6DC}
    01-07-0 1:0 - 01-07-0 1:05 - 00000000 ____D C:\Users\Yuki\AppData\Local\{8A6571C-78-B6-99FA-91716CB51F91}
    01-07-0 1:10 - 01-07-0 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{FF07FA-096-BDE-875-FDB686C067}
    01-07-0 1:09 - 01-07-0 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{70CF0-7A-5E-8FAC-6158C19178}
    01-07-01 :9 - 01-07-01 :9 - 00000000 ____D C:\Users\All Users\Apple Computer
    01-07-01 :9 - 01-07-01 :9 - 00000000 ____D C:\Program Files (x86)\QuickTime
    01-07-01 :7 - 01-07-01 :7 - 00000000 ____D C:\Users\Yuki\AppData\Local\Apple Computer
    01-07-01 :19 - 01-07-01 :1 - 9856 ____A (Apple Inc.) C:\Users\Yuki\Downloads\QuickTimeInstaller.exe
    01-07-01 18:1 - 01-07-01 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{96055-BD51-6C-9F5F-C0F6EFD95}
    01-07-01 18:1 - 01-07-01 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{5A6ADA-6AA8-87A-AFD7-5CAA618B}
    01-07-01 18:0 - 01-07-01 18:0 - 001551 ____A C:\Users\Yuki\Desktop\bookmarks-01-07-01.json
    01-07-01 06:1 - 01-07-01 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AAF1C9CA-A69-10-A71A-0C98FB6E9A}
    01-07-01 06:1 - 01-07-01 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{66D06F-C8F7-AFC-B5C-EFA5D5D50}
    01-06-0 18:1 - 01-06-0 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{CBE66C-55C-7A8-A8C8-8696CE7F7}
    01-06-0 18:1 - 01-06-0 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DA85BC16-171F-1-B6D-65FD5F59A967}
    01-06-0 06:1 - 01-06-0 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E89-E7BA-01-9B69-9BDFD16F86F}
    01-06-0 06:1 - 01-06-0 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7EE6D6-811D-1D-BB99-9ACDFAF657}
    01-06-0 06:10 - 01-06-0 06:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{B1F51A89-BCAB-BAF-A8A-CE1D8587DCD}
    01-06-0 06:09 - 01-06-0 06:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{8C5F611-FD7-C8-A5AB-087118098F0}
    01-06-9 1:15 - 01-06-9 1:15 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E9A65B-07F-8D-8785-9ADAA5507}
    01-06-9 1:15 - 01-06-9 1:15 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A16B70-7B-F1-86A6-95B96159}
    01-06-8 1:58 - 01-06-8 1:58 - 00000000 ____D C:\Users\Yuki\AppData\Local\{BB1A715-D-105-AAB-856099EAA}
    01-06-8 1:57 - 01-06-8 1:58 - 00000000 ____D C:\Users\Yuki\AppData\Local\{6E0FF-5CE-50-8FE-CA51E8E56}
    01-06-7 1:0 - 01-06-7 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F6056F-6A-6-9D7-E5BE1B}
    01-06-7 1:0 - 01-06-7 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{50DCA-DAC1-06B-B6-67CF8F197}
    01-06-6 1:6 - 01-06-6 1:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D9E6BC58-788-1D0-911-6FDA7B8EEE}
    01-06-6 1:6 - 01-06-6 1:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{CEFCFADF-705-087-B19-C9165ECB0}
    01-06-5 1:5 - 01-06-5 1:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{17DDB11-EEE-709-BF-85F6058C0DE}
    01-06-5 1:5 - 01-06-5 1:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{9959A75-A7E0-91-B1-E85F7A9E}
    01-06- 17:1 - 01-06- 17:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{968ACD8-1D61-E70-86A-B978EB8118E}
    01-06- 17:1 - 01-06- 17:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{BCF650F-DD7B-66-A788-5C6EDA51786}
    01-06- 05:1 - 01-06- 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{5A6C7-889-95B-ACC9-66F85F8DAD}
    01-06- 05:0 - 01-06- 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{B556C9E-8FE-E7-9A5-96971A1195A}
    01-06- 1:11 - 01-06- 1:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DE07B7-8DB7-D0-B7C8-CC9CCF7C}
    01-06- 1:11 - 01-06- 1:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F5B0F6-A7-0CD-9DC-61B08106BA1}
    01-06- 09:6 - 01-06- 11: - 00000000 ____D C:\Users\Yuki\Downloads\EFT.15
    01-06- 01:11 - 01-06- 01:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AA6FC-9AF7-0D9-8811-C7BDE57A19}
    01-06- 01:10 - 01-06- 01:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AEDE6AE-BB-7C-8510-161CF8DBDB}
    01-06- 1:1 - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
    01-06- 1:1 - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
    01-06- 1:1 - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
    01-06- 1:1 - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06- 1:1 - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06- 1:1 - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
    01-06- 1:1 - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
    01-06- 1:11 - 01-06-0 1:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
    01-06- 1:11 - 01-06-0 1:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
    01-06- 1:10 - 01-06- 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{5EB8EA6-68B-DEB-8BC-CD0A5BA511B}
    01-06- 1:10 - 01-06- 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{51B01F0-9A80-E5A-B56-FDD8F15ED6D5}
    01-06-1 19:9 - 01-06-1 19:9 - 085086 ____A C:\Users\Yuki\Downloads\interstellarFederation_v1__1.rar
    01-06-1 08:6 - 01-06-1 08:7 - 00000000 ____D C:\Users\Yuki\AppData\Local\{6A8057FD-E6EE-5D-89E6-BB68B7DB870}
    01-06-1 08:6 - 01-06-1 08:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7F81E5-B50A-D59-B1BD-BCBEFFD19}
    01-06-0 0:0 - 01-06-0 0:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AE789-CCE7-AC8-9701-B01A5DC6}
    01-06-0 0:0 - 01-06-0 0:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{75F5C01A-AA70-ACB-BCA-969B80B989}
    01-06-0 08:19 - 01-06-0 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{EDDA0987-FA51-5D-9D5-0EDCBB1F770}
    01-06-0 08:19 - 01-06-0 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E81070C-771-C6-8C-E678EADA50}
    01-06-19 08:19 - 01-06-19 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DACFFEF-D5B9-ABD-9AE-CD575CF9}
    01-06-19 08:19 - 01-06-19 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{1AC9D-CC9-BB0-895-88686D696}
    01-06-18 1:59 - 01-06-18 1:59 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E05BC09-951-96-BDFC-CFC97FE7}
    01-06-17 18:5 - 01-06-17 18:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D168A99-AC6-DB1-A511-F6C5B9B59}
    01-06-17 06:5 - 01-06-17 06:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A7A60B0-A9D-90-BA-9EC81FC5ABF8}
    01-06-16 18:6 - 01-06-16 18:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DBD5FA6-A6-595-BF-166CF89D00}
    01-06-16 06:6 - 01-06-16 06:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{950500B-A6A-1B8-AABA-7C5AA5CC1}
    01-06-15 17:5 - 01-06-15 17:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DDE6FBAE-CE9-F5-90D-0665DFC6B}
    01-06-15 05:5 - 01-06-15 05:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E101E7F-8BA-70-B97F-57F9EE67}
    01-06-1 1:50 - 01-06-1 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E1BC95D0-165-C0-8E0-60DDDAB}
    01-06-1 1:50 - 01-06-1 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{199967-56C-97-9FB-ECF79F}
    01-06-1 15:57 - 01-05-1 0:01 - 0118886 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
    01-06-1 15:57 - 01-05-1 19:59 - 000651 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
    01-06-1 15:57 - 01-05-1 19:0 - 0098150 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
    01-06-1 15:57 - 01-05-1 19:00 - 000818 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
    01-06-1 15:57 - 01-05-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
    01-06-1 15:57 - 01-05-0 0:06 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
    01-06-1 15:57 - 01-05-0 0:0 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
    01-06-1 15:57 - 01-05-0 0:0 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
    01-06-1 15:57 - 01-0-0 1:0 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
    01-06-1 15:57 - 01-0-7 19:55 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
    01-06-1 15:57 - 01-0-5 1:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
    01-06-1 15:57 - 01-0-5 1:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
    01-06-1 15:57 - 01-0-5 1: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
    01-06-1 15:57 - 01-0- 1:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
    01-06-1 15:57 - 01-0- 1:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
    01-06-1 15:57 - 01-0- 1:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
    01-06-1 15:57 - 01-0- 0:6 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
    01-06-1 15:57 - 01-0- 0:6 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
    01-06-1 15:57 - 01-0- 0:6 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
    01-06-1 15:57 - 01-0-19 1: - 19716 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
    01-06-1 15:57 - 01-0-19 1: - 0905980 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
    01-06-1 15:57 - 01-0-19 1: - 0558 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
    01-06-1 15:57 - 01-0-19 1: - 019016 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
    01-06-1 15:57 - 01-0-19 1: - 00757 ____A (Microsoft Corporation) C:\Windows\System\msfeeds.dll
    01-06-1 15:57 - 01-0-19 1: - 007808 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
    01-06-1 15:57 - 01-0-19 1: - 0011 ____A (Microsoft Corporation) C:\Windows\System\url.dll
    01-06-1 15:57 - 01-0-19 1: - 0009779 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
    01-06-1 15:57 - 01-0-19 1:00 - 01160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
    01-06-1 15:57 - 01-0-19 1:00 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
    01-06-1 15:57 - 01-0-19 0:57 - 0607776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
    01-06-1 15:57 - 01-0-19 0:57 - 006771 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msfeeds.dll
    01-06-1 15:57 - 01-0-19 0:57 - 0006758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
    01-06-1 15:57 - 01-0-19 0:56 - 1100800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
    01-06-1 15:57 - 01-0-19 0:56 - 007600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
    01-06-1 15:57 - 01-0-19 0:56 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
    01-06-1 15:57 - 01-0-19 19:5 - 016891 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
    01-06-1 15:57 - 01-0-19 19:16 - 016891 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
    01-06-1 15:57 - 01-0-16 1:1 - 00918016 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
    01-06-1 15:57 - 01-0-16 0: - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
    01-06-1 15:57 - 01-0-07 0:1 - 0168 ____A (Microsoft Corporation) C:\Windows\System\msi.dll
    01-06-1 15:57 - 01-0-07 0:6 - 000 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msi.dll
    01-06-1 1:51 - 01-06-1 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7886ECE-1-68-90F7-55FB6B6}
    01-06-1 1:50 - 01-06-1 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{08A5-CDF-EF0-857-FCD5E9D8A}
    01-06-1 1:5 - 01-06-1 1:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\Macromedia
    01-06-1 1:9 - 01-06-1 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DDD6AFE1-C-0E-AC51-ACEE0910DED}
    01-06-1 1:9 - 01-06-1 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{B1EAB-806-1E0-A815-8156A976600}
    01-06-11 1:9 - 01-06-11 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{551CB1B5-95F-5C7-851-5D18BEF169F}
    01-06-11 1:9 - 01-06-11 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{0A6BC-B6D-1C5-87A5-A0EBF8FEB}
    01-06-10 17:1 - 01-06-10 17: - 00000000 ____D C:\Users\Yuki\AppData\Local\{65D65B-E8F0-8A-8F1F-779F506BAB}
    01-06-10 17:1 - 01-06-10 17:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A7D6-FC5-CBB-B6E1-CD8F6A9}
    01-06-10 09:7 - 01-06-10 09:6 - 000751 ____A C:\Users\Yuki\Documents\EVEMon_Settings_787.xml.bak
    01-06-10 05:1 - 01-06-10 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DD0998-CB1F-6C-AFCA-B5A7878F}
    01-06-10 05:1 - 01-06-10 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{EAF8D1-BFB1-605-81A-667EE909}


    ============ Months Modified Files ========================

    01-07-10 16:07 - 011-10-1 0:1 - 000006 ____A C:\service.log
    01-07-10 16:07 - 011-10-1 0:7 - 018591 ____A C:\Windows\WindowsUpdate.log
    01-07-10 16:00 - 01-07-05 17:8 - 0000089 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    01-07-10 15:5 - 009-07-1 1:1 - 007788 ____A C:\Windows\System\PerfStringBackup.INI
    01-07-10 15:11 - 01-0-01 1:8 - 0000080 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    01-07-10 1:09 - 009-07-1 0:5 - 000080 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-1.C7856-A89-9d-8115-6016D005A0
    01-07-10 1:09 - 009-07-1 0:5 - 000080 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-0.C7856-A89-9d-8115-6016D005A0
    01-07-10 1:0 - 01-07-05 17:8 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    01-07-10 1:0 - 011-10-1 1: - 000560 ____A (Windows (R) Server 00 DDK provider) C:\Windows\gdrv.sys
    01-07-10 1:0 - 009-07-1 1:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    01-07-10 1:0 - 009-07-1 0:51 - 00087 ____A C:\Windows\setupact.log
    01-07-08 19:5 - 01-07-08 19:5 - 0009 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HousecallLauncher.exe
    01-07-07 0:51 - 01-07-05 19:19 - 000005 ____A C:\Windows\epplauncher.mif
    01-07-06 15:0 - 01-07-06 15:0 - 005008 ____A (Sun Microsystems, Inc.) C:\Windows\System\npdeployJava1.dll
    01-07-06 15:0 - 01-07-06 15:0 - 0055576 ____A (Sun Microsystems, Inc.) C:\Windows\System\deployJava1.dll
    01-07-06 15:0 - 01-07-06 15:0 - 001910 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaws.exe
    01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaw.exe
    01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\java.exe
    01-07-06 1:6 - 01-07-06 1:6 - 0060760 ____R (Swearware) C:\Users\Yuki\Downloads\dds.com
    01-07-06 1:1 - 01-07-05 19:0 - 000179 ____A C:\Users\Yuki\Downloads\hijackthis.log
    01-07-05 19:9 - 01-07-05 19:9 - 0088608 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HijackThis.exe
    01-07-05 19:0 - 010-11-0 19:7 - 0005198 ____A C:\Windows\PFRO.log
    01-07-05 17:5 - 01-07-05 17:5 - 088970 ____A (Piriform Ltd) C:\Users\Yuki\Downloads\ccsetup0.exe
    01-07-05 17:5 - 01-07-05 17:5 - 161696 ____A (Microsoft Corporation) C:\Users\Yuki\Downloads\mseinstall.exe
    01-07-05 17:51 - 01-07-05 17:51 - 000059 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    01-07-05 17:17 - 01-07-05 17:17 - 1006000 ____A (Malwarebytes Corporation ) C:\Users\Yuki\Downloads\mbam-setup-1.61.0.100.exe
    01-07-05 16:57 - 01-07-05 16:57 - 0000006 ____A C:\Users\Yuki\Desktop\command.txt
    01-07-05 16: - 011-10-1 1:55 - 00057560 ____A C:\Users\Yuki\AppData\Local\GDIPFONTCACHEV1.DAT
    01-07-05 1:15 - 01-0-01 1:8 - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
    01-07-05 1:15 - 011-10-1 1:6 - 00070 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerCPLApp.cpl
    01-07-0 06:0 - 009-07-1 0:5 - 0070 ____A C:\Windows\System\FNTCACHE.DAT
    01-07-0 1:19 - 01-06-0 07:0 - 00000967 ____A C:\Users\Public\Desktop\BitTorrent.lnk
    01-07-01 :1 - 01-07-01 :19 - 9856 ____A (Apple Inc.) C:\Users\Yuki\Downloads\QuickTimeInstaller.exe
    01-07-01 18:0 - 01-07-01 18:0 - 001551 ____A C:\Users\Yuki\Desktop\bookmarks-01-07-01.json
    01-06- 11:6 - 011-1- 15:59 - 0080 ____A C:\Windows\SysWOW6\PnkBstrB.exe
    01-06- 11:6 - 011-10-15 1:11 - 0080 ____A C:\Windows\SysWOW6\PnkBstrB.xtr
    01-06- 11:6 - 011-10-15 1:09 - 008090 ____A C:\Windows\SysWOW6\PnkBstrB.ex0
    01-06-1 19:9 - 01-06-1 19:9 - 085086 ____A C:\Users\Yuki\Downloads\interstellarFederation_v1__1.rar
    01-06-1 1: - 011-10-18 1:5 - 589578 ____A (Microsoft Corporation) C:\Windows\System\MRT.exe
    01-06-10 09:6 - 01-06-10 09:7 - 000751 ____A C:\Users\Yuki\Documents\EVEMon_Settings_787.xml.bak
    01-06-0 07:7 - 01-06-0 07:7 - 0000008 ____A C:\Windows\118118
    01-06-0 01:09 - 01-06-0 01:09 - 0000170 ____A C:\Users\Yuki\Desktop\EVE.lnk
    01-06-0 1:19 - 01-06- 1:1 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
    01-06-0 1:19 - 01-06- 1:1 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
    01-06-0 1:19 - 01-06- 1:1 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
    01-06-0 1:19 - 01-06- 1:1 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-0 1:19 - 01-06- 1:1 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-0 1:15 - 01-06- 1:1 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
    01-06-0 1:15 - 01-06- 1:1 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
    01-06-0 1:19 - 01-06- 1:11 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
    01-06-0 1:15 - 01-06- 1:11 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
    01-05-5 1:7 - 01-05-5 1: - 17501 ____A ( ) C:\Users\Yuki\Downloads\BFFullInstallerv90d.exe
    01-05-17 19:9 - 01-05-17 19:8 - 1071186 ____A C:\Users\Yuki\Downloads\Love Song Remixes.rar
    01-05-16 08:57 - 009-07-1 1:08 - 000578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    01-05-1 1:5 - 01-05-1 1:1 - 0000119 ____A C:\Users\Public\Desktop\Diablo III.lnk
    01-05-1 0:01 - 01-06-1 15:57 - 0118886 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
    01-05-1 19:59 - 01-06-1 15:57 - 000651 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
    01-05-1 19:0 - 01-06-1 15:57 - 0098150 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
    01-05-1 19:00 - 01-06-1 15:57 - 000818 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
    01-05-1 17: - 01-06-1 15:57 - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
    01-05-1 17:16 - 01-05-1 17:16 - 18871817 ____A C:\Users\Yuki\Downloads\1000 Memories.rar
    01-05-10 0:00 - 01-05-10 0:00 - 1907 ____A C:\Users\Yuki\Downloads\Uomozs Corvus 1 - Incursions and Relics.zip
    01-05-08 18:5 - 01-05-08 18:5 - 00507 ____A C:\Users\Yuki\Downloads\weapon_pack_wonly_06.zip
    01-05-07 1:05 - 01-05-07 0:57 - 19880 ____A C:\Users\Yuki\Downloads\Vocaloid Snooze Tunes Collection.rar
    01-05-0 0:06 - 01-06-1 15:57 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
    01-05-0 0:0 - 01-06-1 15:57 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
    01-05-0 0:0 - 01-06-1 15:57 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
    01-05-01 1: - 01-0-07 09:55 - 000007 ____A C:\Users\Public\Desktop\Starfarer.lnk
    01-05-01 1: - 01-05-01 1: - 657870 ____A C:\Users\Yuki\Downloads\starfarer_install-0.5a-RC.exe
    01-0-0 1:0 - 01-06-1 15:57 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
    01-0-0 1:6 - 01-0-0 1: - 00000189 ____A C:\Users\Yuki\Desktop\Social Security.txt
    01-0-8 00: - 011-10-1 1:59 - 0099 ____A C:\Windows\DirectX.log
    01-0-7 19:55 - 01-06-1 15:57 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
    01-0-5 1:1 - 01-06-1 15:57 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
    01-0-5 1:1 - 01-06-1 15:57 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
    01-0-5 1: - 01-06-1 15:57 - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
    01-0- 1:7 - 01-06-1 15:57 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
    01-0- 1:7 - 01-06-1 15:57 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
    01-0- 1:7 - 01-06-1 15:57 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
    01-0- 0:6 - 01-06-1 15:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
    01-0- 0:6 - 01-06-1 15:57 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
    01-0- 0:6 - 01-06-1 15:57 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
    01-0-19 1: - 01-06-1 15:57 - 19716 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
    01-0-19 1: - 01-06-1 15:57 - 0905980 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
    01-0-19 1: - 01-06-1 15:57 - 0558 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
    01-0-19 1: - 01-06-1 15:57 - 019016 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
    01-0-19 1: - 01-06-1 15:57 - 00757 ____A (Microsoft Corporation) C:\Windows\System\msfeeds.dll
    01-0-19 1: - 01-06-1 15:57 - 007808 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
    01-0-19 1: - 01-06-1 15:57 - 0011 ____A (Microsoft Corporation) C:\Windows\System\url.dll
    01-0-19 1: - 01-06-1 15:57 - 0009779 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
    01-0-19 1:00 - 01-06-1 15:57 - 01160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
    01-0-19 1:00 - 01-06-1 15:57 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
    01-0-19 0:57 - 01-06-1 15:57 - 0607776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
    01-0-19 0:57 - 01-06-1 15:57 - 006771 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msfeeds.dll
    01-0-19 0:57 - 01-06-1 15:57 - 0006758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
    01-0-19 0:56 - 01-06-1 15:57 - 1100800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
    01-0-19 0:56 - 01-06-1 15:57 - 007600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
    01-0-19 0:56 - 01-06-1 15:57 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
    01-0-19 19:5 - 01-06-1 15:57 - 016891 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
    01-0-19 19:16 - 01-06-1 15:57 - 016891 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
    01-0-19 01:50 - 01-0-19 01:50 - 000880 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System\Drivers\avgidsha.sys
    01-0-18 17:56 - 01-0-18 17:56 - 000908 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTimeVR.qtx
    01-0-18 17:56 - 01-0-18 17:56 - 000696 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTime.qts
    01-0-16 1:1 - 01-06-1 15:57 - 00918016 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
    01-0-16 0: - 01-06-1 15:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll


    ZeroAccess:
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\@
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L\0000000.@
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L\1afbd56
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L\01ddde
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U\0000000.@
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U\000000cb.@
    C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U\8000006.@

    ZeroAccess:
    C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}
    C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}\@
    C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}\L
    C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}\U

    ========================= Known DLLs (Whitelisted) ============

    [009-07-1 16:00] - [009-07-1 17:0] - 06077 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
    [009-07-1 15:] - [009-07-1 17:15] - 050 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
    [010-11-0 19:] - [010-11-0 19:] - 08691 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
    [010-11-0 19:] - [010-11-0 19:] - 111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
    [009-07-1 16:1] - [009-07-1 17:0] - 0877056 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
    [010-11-0 19:] - [010-11-0 19:] - 06051 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
    [010-11-0 19:] - [010-11-0 19:] - 059 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
    [010-11-0 19:] - [010-11-0 19:] - 085888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
    [010-11-0 19:] - [010-11-0 19:] - 00968 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
    [010-11-0 19:] - [010-11-0 19:] - 01196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
    [01-06-1 15:57] - [01-0-19 1:] - 558 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
    [01-06-1 15:57] - [01-0-19 0:56] - 07600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
    [01-0-11 0:57] - [01-0-9 :] - 008108 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
    [01-0-11 0:57] - [01-0-9 1:] - 0159 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
    [009-07-1 15:8] - [009-07-1 17:1] - 0167 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
    [010-11-0 19:] - [010-11-0 19:] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
    [011-10-1 0:00] - [011-07-15 1:7] - 11675 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
    [011-10-1 0:00] - [011-07-15 0:] - 11111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
    [009-07-1 15:8] - [009-07-1 17:1] - 00198 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
    [009-07-1 15:5] - [009-07-1 17:11] - 005600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
    [009-07-1 15:0] - [009-07-1 17:1] - 1067008 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
    [009-07-1 15:8] - [009-07-1 17:15] - 08898 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
    [01-0-15 0:5] - [011-1-16 00:6] - 06880 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
    [01-0-15 0:5] - [011-1-15 :5] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
    [009-07-1 15:6] - [009-07-1 17:1] - 000560 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
    [009-07-1 15:15] - [009-07-1 17:09] - 00008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
    [009-07-1 15:1] - [009-07-1 17:1] - 0018 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
    [009-07-1 15:1] - [009-07-1 17:16] - 000870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
    [011-10-1 0:00] - [011-08-6 1:7] - 0861696 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
    [011-10-1 0:00] - [011-08-6 0:6] - 057190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
    [009-07-1 15:6] - [009-07-1 17:1] - 000916 ____A (Microsoft Corporation) C:\Windows\System\PSAPI.dll
    [009-07-1 15:15] - [009-07-1 17:16] - 00061 ____A (Microsoft Corporation) C:\Windows\SysWOW6\PSAPI.dll
    [010-11-0 19:] - [010-11-0 19:] - 11958 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
    [010-11-0 19:] - [010-11-0 19:] - 06600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
    [009-07-1 15:0] - [009-07-1 17:1] - 01166 ____A (Microsoft Corporation) C:\Windows\System\sechost.dll
    [009-07-1 15:11] - [009-07-1 17:16] - 009160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\sechost.dll
    [010-11-0 19:] - [010-11-0 19:] - 19005 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
    [010-11-0 19:] - [010-11-0 19:] - 166758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
    [01-0-15 0:5] - [01-01-0 0:] - 11767 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
    [01-0-15 0:5] - [01-01-0 00:59] - 18770 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
    [010-11-0 19:] - [010-11-0 19:] - 0851 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
    [010-11-0 19:] - [010-11-0 19:] - 05008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
    [01-06-1 15:57] - [01-0-19 1:] - 19016 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
    [01-06-1 15:57] - [01-0-19 1:00] - 1160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
    [010-11-0 19:] - [010-11-0 19:] - 100818 ____A (Microsoft Corporation) C:\Windows\System\user.dll
    [010-11-0 19:] - [010-11-0 19:] - 080 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
    [010-11-0 19:] - [010-11-0 19:] - 080056 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
    [010-11-0 19:] - [010-11-0 19:] - 066176 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
    [01-06-1 15:57] - [01-05-1 0:01] - 118886 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
    [01-06-1 15:57] - [01-05-1 19:0] - 098150 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
    [010-11-0 19:] - [010-11-0 19:] - 018 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
    [010-11-0 19:] - [010-11-0 19:] - 0698 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
    [010-11-0 19:] - [010-11-0 19:] - 09798 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
    [010-11-0 19:] - [010-11-0 19:] - 00688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
    [009-07-1 15:7] - [009-07-1 17:0] - 0500 ____A (Microsoft Corporation) C:\Windows\System\DifxApi.dll
    [009-07-1 15:16] - [009-07-1 17:15] - 01590 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DifxApi.dll

    ========================= Bamital & volsnap Check ============

    C:\Windows\System\winlogon.exe => MD5 is legit
    C:\Windows\System\wininit.exe => MD5 is legit
    C:\Windows\SysWOW6\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW6\explorer.exe => MD5 is legit
    C:\Windows\System\svchost.exe => MD5 is legit
    C:\Windows\SysWOW6\svchost.exe => MD5 is legit
    C:\Windows\System\services.exe => MD5 is legit
    C:\Windows\System\User.dll => MD5 is legit
    C:\Windows\SysWOW6\User.dll => MD5 is legit
    C:\Windows\System\userinit.exe => MD5 is legit
    C:\Windows\SysWOW6\userinit.exe => MD5 is legit
    C:\Windows\System\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8189.37 MB
    Available physical RAM: 7381.32 MB
    Total Pagefile: 8187.57 MB
    Available Pagefile: 7369.44 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:571.85 GB) NTFS
    3 Drive f: (SCII CE USB) (Removable) (Total:1.96 GB) (Free:1.96 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 2004 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 2004 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-08 09:13

    ======================= End Of Log ==========================
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    As you stated services.exe is now showing clean, there are however still remnants from ZeroAcess. Run the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  13. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    thanks so far here is the combofix log
    i disabled avg but it still said that avg was running when combofix ran

    ComboFix 12-07-11.03 - Yuki 07/11/2012 16:06:49.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.6228 [GMT -5:00]
    Running from: c:\users\Yuki\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Yuki\AppData\Local\assembly\tmp
    c:\windows\apppatch\AppLoc.exe
    c:\windows\apppatch\AppLocA.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\apppatch\unins000.dat
    c:\windows\apppatch\unins000.exe
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\@
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\L\00000004.@
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\L\1afb2d56
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\L\201d3dde
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\U\00000004.@
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\U\000000cb.@
    c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\U\80000064.@
    c:\windows\PFRO.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-11 21:11 . 2012-07-11 21:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-11 21:11 . 2012-07-11 21:11 -------- d-----w- c:\users\UpdatusUser.Yuki-PC\AppData\Local\temp
    2012-07-11 04:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 03:10 . 2012-07-11 03:10 -------- d-----w- C:\FRST
    2012-07-09 03:28 . 2012-07-09 03:28 -------- d-----w- c:\program files (x86)\ESET
    2012-07-09 03:23 . 2012-07-09 03:24 -------- d-----w- c:\program files (x86)\Panda Security
    2012-07-08 02:07 . 2012-07-08 02:07 -------- d-----w- c:\users\Yuki\dwhelper
    2012-07-06 23:04 . 2012-07-06 23:04 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-06 23:04 . 2012-07-06 23:04 525576 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-06 23:04 . 2012-07-06 23:04 -------- d-----w- c:\program files\Java
    2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-06 01:48 . 2012-07-06 01:51 -------- d-----w- c:\program files (x86)\Google
    2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\users\Yuki\AppData\Roaming\Malwarebytes
    2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-06 01:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- C:\sh4ldr
    2012-07-06 00:24 . 2012-07-06 00:24 -------- d-----w- c:\program files\Enigma Software Group
    2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-04 05:16 . 2012-07-04 05:16 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
    2012-07-04 02:41 . 2012-07-04 02:42 -------- d-----w- c:\program files (x86)\NT Locale Emulator Advance
    2012-07-02 06:37 . 2012-07-02 06:37 -------- d-----w- c:\users\Yuki\AppData\Local\Apple Computer
    2012-06-22 21:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 21:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 21:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 21:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 21:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 21:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 21:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 21:11 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 21:11 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-06-12 21:25 . 2012-06-12 21:25 -------- d-----w- c:\users\Yuki\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-11 21:13 . 2011-10-12 22:43 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-05 22:15 . 2012-04-01 20:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-05 22:15 . 2011-10-12 22:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-24 19:46 . 2011-12-24 23:59 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-24 19:46 . 2011-10-15 21:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-24 19:46 . 2011-10-15 21:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-10 01:50 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 257224]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-13 30528]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-16 16008]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
    R3 X6va005;X6va005;c:\users\Yuki\AppData\Local\Temp\005D06A.tmp [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-16 22408]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:15]
    .
    2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
    .
    2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1feefd87-4de1-4887-b742-50840238068e%7D&mid=4e1e55bd2b3f47d1951281ac0fb527e7-a7ff43f88bf4026fec828a06754eb9ad6dc53661&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-10-12%2017%3A54%3A16&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-NCsoft - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
    AddRemove-???????3D - c:\games\stuff\3DCustomMaid\???????3D\Installer.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Yuki\AppData\Local\Temp\005D06A.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\«0¹0¿0à0á0¤0É03*D*]
    "DisplayName"="???????3D"
    "UninstallString"="c:\\Games\\stuff\\3DCustomMaid\\???????3D\\Installer.exe /luninst1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-11 16:18:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-11 21:18
    .
    Pre-Run: 620,605,652,992 bytes free
    Post-Run: 620,296,429,568 bytes free
    .
    - - End Of File - - 647706DDCF41FC242EA881DEF93AADED
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    OK, continue as follows:

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    Killall::
    File::
    Folder::
    C:\FRST
    c:\program files (x86)\BitTorrentBar
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
    [-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
    [-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    RegNull::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\«0¹0¿0à0á0¤0É03*D*]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Ensure remove found threats is checked
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those three logs, also give update on any issues or concerns...

    Kevin
     
  15. Ktarl

    Ktarl Thread Starter

    Joined:
    Jul 6, 2012
    Messages:
    15
    here is the combofix log running ESET gonna post that as soon as its done
    no concerns so far however it seems my reboot is faster after running the combofix script
    might just be my imagination though


    ComboFix 12-07-11.03 - Yuki 07/11/2012 16:57:24.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.6398 [GMT -5:00]
    Running from: c:\users\Yuki\Desktop\ComboFix.exe
    Command switches used :: c:\users\Yuki\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\FRST
    c:\frst\Hives\DEFAULT
    c:\frst\Hives\SAM
    c:\frst\Hives\SECURITY
    c:\frst\Hives\SOFTWARE
    c:\frst\Hives\SYSTEM
    c:\frst\Logs\FRST_10-07-2012_19-11-49.txt
    c:\frst\softdebug
    c:\program files (x86)\BitTorrentBar
    c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper.exe
    c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper1.exe
    c:\program files (x86)\BitTorrentBar\GottenAppsContextMenu.xml
    c:\program files (x86)\BitTorrentBar\ldrtbBit0.dll
    c:\program files (x86)\BitTorrentBar\ldrtbBitT.dll
    c:\program files (x86)\BitTorrentBar\OtherAppsContextMenu.xml
    c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
    c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
    c:\program files (x86)\BitTorrentBar\SharedAppsContextMenu.xml
    c:\program files (x86)\BitTorrentBar\tbBit0.dll
    c:\program files (x86)\BitTorrentBar\tbBitT.dll
    c:\program files (x86)\BitTorrentBar\toolbar.cfg
    c:\program files (x86)\BitTorrentBar\ToolbarContextMenu.xml
    c:\program files (x86)\BitTorrentBar\uninstall.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-11 22:02 . 2012-07-11 22:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-11 22:02 . 2012-07-11 22:02 -------- d-----w- c:\users\UpdatusUser.Yuki-PC\AppData\Local\temp
    2012-07-11 22:02 . 2012-07-11 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-11 04:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-09 03:28 . 2012-07-09 03:28 -------- d-----w- c:\program files (x86)\ESET
    2012-07-09 03:23 . 2012-07-09 03:24 -------- d-----w- c:\program files (x86)\Panda Security
    2012-07-08 02:07 . 2012-07-08 02:07 -------- d-----w- c:\users\Yuki\dwhelper
    2012-07-06 23:04 . 2012-07-06 23:04 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-06 23:04 . 2012-07-06 23:04 525576 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-06 23:04 . 2012-07-06 23:04 -------- d-----w- c:\program files\Java
    2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-06 01:48 . 2012-07-06 01:51 -------- d-----w- c:\program files (x86)\Google
    2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\users\Yuki\AppData\Roaming\Malwarebytes
    2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-06 01:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- C:\sh4ldr
    2012-07-06 00:24 . 2012-07-06 00:24 -------- d-----w- c:\program files\Enigma Software Group
    2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-04 05:16 . 2012-07-04 05:16 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
    2012-07-04 02:41 . 2012-07-04 02:42 -------- d-----w- c:\program files (x86)\NT Locale Emulator Advance
    2012-07-02 06:37 . 2012-07-02 06:37 -------- d-----w- c:\users\Yuki\AppData\Local\Apple Computer
    2012-06-22 21:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 21:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 21:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 21:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 21:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 21:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 21:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 21:11 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 21:11 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-06-12 21:25 . 2012-06-12 21:25 -------- d-----w- c:\users\Yuki\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-11 22:03 . 2011-10-12 22:43 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-05 22:15 . 2012-04-01 20:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-05 22:15 . 2011-10-12 22:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-24 19:46 . 2011-12-24 23:59 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-24 19:46 . 2011-10-15 21:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-24 19:46 . 2011-10-15 21:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-11_21.15.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-07-11 21:25 42608 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-11 21:25 36294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-10-12 10:34 . 2012-07-11 21:25 15066 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2629174495-3191888799-3413499157-1000_UserData.bin
    + 2011-10-13 13:14 . 2012-07-11 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-10-13 13:14 . 2012-07-11 21:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-10-13 13:14 . 2012-07-11 21:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-10-13 13:14 . 2012-07-11 22:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-11 21:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-11 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-07-11 21:20 92944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-10-13 01:03 . 2012-07-11 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-10-13 01:03 . 2012-07-11 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-10-13 01:03 . 2012-07-11 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-10-13 01:03 . 2012-07-11 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-07-11 22:03 . 2012-07-11 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-11 21:13 . 2012-07-11 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-11 22:03 . 2012-07-11 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-11 21:13 . 2012-07-11 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-07-11 21:30 660068 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-11 21:01 660068 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-11 21:30 120996 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-07-11 21:01 120996 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-11 21:12 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-11 22:02 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-13 02:56 . 2012-07-11 22:02 17896052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2629174495-3191888799-3413499157-1000-8192.dat
    - 2011-10-13 02:56 . 2012-07-11 21:12 17896052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2629174495-3191888799-3413499157-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-10 01:50 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 257224]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-13 30528]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-16 16008]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
    R3 X6va005;X6va005;c:\users\Yuki\AppData\Local\Temp\005D06A.tmp [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-16 22408]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:15]
    .
    2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
    .
    2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1feefd87-4de1-4887-b742-50840238068e%7D&mid=4e1e55bd2b3f47d1951281ac0fb527e7-a7ff43f88bf4026fec828a06754eb9ad6dc53661&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-10-12%2017%3A54%3A16&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-BitTorrentBar Toolbar - c:\program files (x86)\BitTorrentBar\uninstall.exe
    AddRemove-???????3D - c:\games\stuff\3DCustomMaid\???????3D\Installer.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Yuki\AppData\Local\Temp\005D06A.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\«0¹0¿0à0á0¤0É03*D*]
    "DisplayName"="???????3D"
    "UninstallString"="c:\\Games\\stuff\\3DCustomMaid\\???????3D\\Installer.exe /luninst1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-11 17:06:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-11 22:06
    ComboFix2.txt 2012-07-11 21:18
    .
    Pre-Run: 620,251,267,072 bytes free
    Post-Run: 620,141,768,704 bytes free
    .
    - - End Of File - - 85C8F1F340141FED3FAAD9F2138D554F
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059960