Google Redirect and Rootkit Infection

My husband's PC recently started acting strange. Google redirects, everything is slow, and internet on the whole network is slower. I ran malware bytes and super anti spyware and removed a few things but there is some left behind and more keeps showing up.

The computer is using Windows 7 64 bit.

I didn't make a GMer log since it said not to for 64 bit systems.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Taylor at 3:54:03 on 2012-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.721 [GMT -7:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [RockMelt Update] "C:\Users\Taylor\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
uRun: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
StartupFolder: C:\Users\Taylor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Taylor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6DF64EE5-8A19-4062-98C6-16243E64E6D0} : DhcpNameServer = 8.8.8.8 4.2.2.1
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\fjwh8yot.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B42688aad-0cc6-462c-aa09-0f2fe2c30802%7D&mid=51638260489947d1ba98294607dd2d57-8b653b27388451d050dda9b871a33f9877cc6546&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-06-03%2018%3A56%3A07&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Taylor\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2012-7-2 89560]
.
=============== Created Last 30 ================
.
2012-07-20 14:21:00 -------- d-----w- C:\Users\Taylor\AppData\Local\{8BCED391-24A7-47CA-A659-D4FC25C804EE}
2012-07-20 14:20:48 -------- d-----w- C:\Users\Taylor\AppData\Local\{A61BDDC4-585E-4EC2-B480-0F65159865A0}
2012-07-20 03:51:42 -------- d-----w- C:\Users\Taylor\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 03:51:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-20 03:51:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-20 03:03:23 -------- d-----w- C:\Users\Taylor\AppData\Local\{CCAFE5A5-DD39-4181-945E-EFFF139B8EA5}
2012-07-20 02:23:06 -------- d-----w- C:\Users\Taylor\AppData\Local\Google
2012-07-18 08:18:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 03:37:28 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-07-14 03:37:26 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-13 18:37:29 -------- d-----w- C:\Users\Taylor\AppData\Local\{0D0FF718-6BEE-4D02-ABB1-AD96FB376635}
2012-07-13 18:37:17 -------- d-----w- C:\Users\Taylor\AppData\Local\{36B9A579-DB0C-4AF6-8DAD-0096B8F5B843}
2012-07-12 22:58:40 -------- d-----w- C:\Users\Taylor\AppData\Local\{4807EE03-2CF2-481D-9F46-749AEF381681}
2012-07-12 22:58:24 -------- d-----w- C:\Users\Taylor\AppData\Local\{CB7873BF-61DB-42AC-BF8E-FC5E54403FC0}
2012-07-12 02:11:14 -------- d-----w- C:\Ruby193
2012-07-11 01:05:27 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-04 19:33:09 -------- d-----w- C:\Users\Taylor\AppData\Local\{801A0344-18D4-4494-A3CB-47BAE63E1116}
2012-07-03 22:01:51 -------- d-----w- C:\Users\Taylor\AppData\Local\{CB8C231B-F342-4A26-B38E-DFAA6C2DE804}
2012-07-03 22:01:38 -------- d-----w- C:\Users\Taylor\AppData\Local\{0F3BEEF4-7522-4DC9-BE43-EDE24C58F436}
2012-07-02 14:13:31 -------- d-----w- C:\Users\Taylor\AppData\Local\Aeria Games
2012-07-02 14:13:12 -------- d-----w- C:\ProgramData\Aeria Games
2012-07-02 13:19:42 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-07-02 13:19:42 -------- d-----w- C:\Program Files (x86)\Aeria Games
2012-07-02 00:59:14 -------- d-----w- C:\Users\Taylor\AppData\Local\{BBAA152E-6F50-4DB4-AF16-14A45E9DD71A}
2012-07-01 16:28:45 -------- d-----w- C:\Users\Taylor\AppData\Local\Akamai
2012-07-01 16:28:43 -------- d-----w- C:\AeriaGames
2012-07-01 12:38:53 -------- d-----w- C:\Users\Taylor\AppData\Local\{E68052D8-DD03-4A2D-B68F-476966AA1563}
2012-07-01 12:38:43 -------- d-----w- C:\Users\Taylor\AppData\Local\{98562A8B-4D88-423D-B6FB-4760E7AB9893}
2012-07-01 12:38:43 -------- d-----w- C:\Users\Taylor\AppData\Local\{1DEE84D0-6046-4A5F-AB05-B29ACA13DF0D}
2012-07-01 12:38:29 -------- d-----w- C:\Users\Taylor\Tracing
2012-06-30 11:37:23 -------- d-----w- C:\Program Files (x86)\Pokemon World Online
2012-06-27 05:18:18 -------- d-----w- C:\Program Files (x86)\proXPN
2012-06-24 09:05:58 -------- d-----w- C:\Windows\en
2012-06-24 09:02:14 -------- d-----w- C:\Windows\fr
2012-06-24 08:56:05 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-24 08:53:39 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d877ef181cd51e604\MeshBetaRemover.exe
2012-06-24 08:53:35 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4907bb81cd51e603\DSETUP.dll
2012-06-24 08:53:35 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4907bb81cd51e603\DXSETUP.exe
2012-06-24 08:53:35 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4907bb81cd51e603\dsetup32.dll
2012-06-24 08:51:50 -------- d-----w- C:\Users\Taylor\AppData\Local\Windows Live
2012-06-23 14:02:35 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
2012-06-21 21:15:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 21:15:30 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 21:15:21 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 21:15:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-10 19:28:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 19:28:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-23 01:58:46 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 3:56:13.55 ===============

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Thanks for getting back to me so fast!

Here is the first one:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 21-07-2012 17:16:43
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM-x32\...\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent [1241184 2012-05-24] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKU\Taylor\...\Run: [RockMelt Update] "C:\Users\Taylor\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2012-03-06] (RockMelt Inc.)
HKU\Taylor\...\Run: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini [x]
HKU\Taylor\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Taylor\...\Run: [Akamai NetSession Interface] "C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Taylor\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.)
HKU\Taylor\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-07-13] (Valve Corporation)
HKU\Taylor\...\Run: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-19] (Google Inc.)
HKU\Taylor\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Taylor\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Taylor\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [350952 2010-08-12] (NVIDIA Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [89560 2012-07-02] ()
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-21 02:50 - 2012-07-21 02:47 - 00607260 ____R (Swearware) C:\Users\Taylor\Desktop\dds.scr
2012-07-21 02:49 - 2012-07-21 02:49 - 00000474 ____A C:\Users\Taylor\Desktop\defogger_disable.log
2012-07-21 02:49 - 2012-07-21 02:49 - 00000000 ____A C:\Users\Taylor\defogger_reenable
2012-07-21 02:48 - 2012-07-21 02:46 - 00050477 ____A C:\Users\Taylor\Desktop\Defogger.exe
2012-07-20 06:21 - 2012-07-20 06:21 - 00000000 ____D C:\Users\Taylor\AppData\Local\{8BCED391-24A7-47CA-A659-D4FC25C804EE}
2012-07-20 06:20 - 2012-07-20 06:20 - 00000000 ____D C:\Users\Taylor\AppData\Local\{A61BDDC4-585E-4EC2-B480-0F65159865A0}
2012-07-19 19:51 - 2012-07-21 11:51 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3cdb774d-fde9-4552-b1ed-244b88e53bb9.job
2012-07-19 19:51 - 2012-07-21 01:00 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d55c383c-31ae-4153-99af-d6d53408f55f.job
2012-07-19 19:51 - 2012-07-19 19:51 - 00000000 ____D C:\Users\Taylor\AppData\Roaming\SUPERAntiSpyware.com
2012-07-19 19:51 - 2012-07-19 19:51 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-19 19:51 - 2012-07-19 19:51 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-19 19:03 - 2012-07-19 19:03 - 00000000 ____D C:\Users\Taylor\AppData\Local\{CCAFE5A5-DD39-4181-945E-EFFF139B8EA5}
2012-07-19 18:23 - 2012-07-21 15:37 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000UA.job
2012-07-19 18:23 - 2012-07-20 20:37 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000Core.job
2012-07-19 18:23 - 2012-07-19 18:28 - 00000000 ____D C:\Users\Taylor\AppData\Local\Google
2012-07-19 16:58 - 2012-07-19 16:58 - 01012656 ____A C:\Users\Taylor\Desktop\rkill.com
2012-07-19 01:44 - 2012-07-20 19:17 - 00002170 ____A C:\Users\Taylor\Desktop\GooredFix.txt
2012-07-19 01:44 - 2012-07-20 19:17 - 00000000 ____D C:\Users\Taylor\Desktop\GooredFix Backups
2012-07-19 01:44 - 2012-07-19 01:44 - 00071398 ____A (jpshortstuff) C:\Users\Taylor\Desktop\GooredFix.exe
2012-07-18 00:18 - 2012-07-18 00:18 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-16 05:04 - 2012-07-16 05:49 - 347852330 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 03 [720p].mkv
2012-07-15 15:02 - 2012-07-16 05:03 - 568207151 ____A C:\Users\Taylor\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 03 [1080p].mkv
2012-07-15 14:47 - 2012-07-16 04:04 - 61921746 ____A C:\Users\Taylor\Downloads\[RH][Ebiten][01][big5][720P].mp4
2012-07-15 09:19 - 2012-07-15 11:04 - 567392003 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Campione! - 02 [1080p].mkv
2012-07-15 05:55 - 2012-07-15 06:54 - 568388590 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Sword Art Online - 02 [1080p].mkv
2012-07-15 05:53 - 2012-07-15 09:18 - 567380634 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Kokoro Connect - 02 [1080p].mkv
2012-07-15 05:52 - 2012-07-15 07:31 - 273319136 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_12_[3DF82AFC].mkv
2012-07-14 05:46 - 2012-07-15 13:01 - 00000000 ____D C:\Users\Taylor\Downloads\[Commie] Acchi Kocchi (1280x720 H264 AAC) 01-12END
2012-07-13 19:37 - 2012-07-20 06:21 - 00000000 ____D C:\Program Files (x86)\Steam
2012-07-13 10:37 - 2012-07-13 10:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{36B9A579-DB0C-4AF6-8DAD-0096B8F5B843}
2012-07-13 10:37 - 2012-07-13 10:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{0D0FF718-6BEE-4D02-ABB1-AD96FB376635}
2012-07-13 05:06 - 2012-07-13 06:17 - 569568825 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Jinrui wa Suitai Shimableepa - 02 [1080p].mkv
2012-07-13 04:16 - 2012-07-13 04:52 - 353632877 ____A C:\Users\Taylor\Downloads\[Hadena] Dakara Boku wa, H ga Dekinai. - 01 [720p][16E8F351].mkv
2012-07-13 03:21 - 2012-07-13 04:16 - 567462643 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Campione! - 01 [1080p].mkv
2012-07-13 01:07 - 2012-07-13 01:07 - 00030046 ____A C:\Users\Taylor\AppData\Local\recently-used.xbel
2012-07-12 23:14 - 2012-07-13 03:21 - 350165985 ____A C:\Users\Taylor\Downloads\[gg]_Binbougami_ga!_-_02_[1AF9E512].mkv
2012-07-12 14:58 - 2012-07-12 14:58 - 00000000 ____D C:\Users\Taylor\AppData\Local\{CB7873BF-61DB-42AC-BF8E-FC5E54403FC0}
2012-07-12 14:58 - 2012-07-12 14:58 - 00000000 ____D C:\Users\Taylor\AppData\Local\{4807EE03-2CF2-481D-9F46-749AEF381681}
2012-07-12 14:03 - 2012-07-16 09:43 - 00000000 ____D C:\Users\Taylor\Downloads\[Chihiro]_Working!!_[1920x1080_Blu-ray_FLAC]
2012-07-12 03:21 - 2012-07-12 04:00 - 363360345 ____A C:\Users\Taylor\Downloads\[gg]_Binbougami_ga!_-_01_[D909F54C].mkv
2012-07-11 18:11 - 2012-07-11 18:11 - 00000000 ____D C:\Ruby193
2012-07-11 16:08 - 2012-07-11 16:14 - 00000000 ____D C:\Users\Taylor\Downloads\Jason Falkner - I'm OK... You're OK (2007)
2012-07-11 03:32 - 2012-07-11 04:35 - 568704946 ____A C:\Users\Taylor\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 02 [1080p].mkv
2012-07-11 01:03 - 2012-07-11 01:04 - 00000000 ____D C:\Users\Taylor\Downloads\[Horrible Subs] Mysterious Girlfriend X
2012-07-11 01:02 - 2012-07-11 01:02 - 00000000 ____D C:\Users\Taylor\Downloads\[Commie] Sankarea
2012-07-10 23:47 - 2012-07-10 23:47 - 00000000 ____D C:\Users\Taylor\Downloads\[Commie] Mouretsu Pirates
2012-07-10 17:05 - 2012-07-20 06:21 - 00000000 ____D C:\Users\Taylor\AppData\Roaming\Skype
2012-07-10 17:05 - 2012-07-10 17:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-07-09 05:48 - 2012-07-09 07:19 - 579718144 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Oda Nobuna no Yabou - 01 [1080p].mkv
2012-07-09 04:50 - 2012-07-09 07:35 - 584659754 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 02 [1080p].mkv
2012-07-09 04:49 - 2012-07-09 05:47 - 221018375 ____A C:\Users\Taylor\Downloads\[gg]_Joshiraku_-_01_[51DDCEF5].mkv
2012-07-08 02:14 - 2012-07-08 04:04 - 567968732 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Sword Art Online - 01 [1080p].mkv
2012-07-08 02:13 - 2012-07-08 04:15 - 566990906 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Kokoro Connect - 01 [1080p].mkv
2012-07-06 14:15 - 2012-07-06 14:15 - 02796453 ____A (IceChat Networks ) C:\Users\Taylor\Downloads\icechat-setup.exe
2012-07-06 12:59 - 2012-07-07 02:55 - 00000000 ____D C:\Users\Taylor\Downloads\Panic! At The Disco
2012-07-05 07:28 - 2012-07-14 05:46 - 00000000 ____D C:\Users\Taylor\Downloads\[SleepSub] Ookami-san to Shichinin no Nakamatachi! 01-12 [1280x720]
2012-07-05 07:03 - 2012-07-13 04:54 - 00000000 ____D C:\Users\Taylor\Downloads\[Coalgirls]_Seitokai_Yakuindomo_(1920x1080_Blu-Ray_FLAC)
2012-07-05 07:03 - 2012-07-05 07:03 - 00000000 ____D C:\Users\Taylor\Downloads\[SS-Eclipse] Hayate no Gotoku! (1280x720 h264)
2012-07-05 04:00 - 2012-07-05 05:49 - 567767423 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Jinrui wa Suitai Shimableepa - 01 [1080p].mkv
2012-07-04 12:30 - 2012-07-20 00:51 - 00036864 __ASH C:\Users\Taylor\Thumbs.db
2012-07-04 11:33 - 2012-07-04 11:33 - 00000000 ____D C:\Users\Taylor\AppData\Local\{801A0344-18D4-4494-A3CB-47BAE63E1116}
2012-07-04 11:32 - 2012-07-04 11:32 - 00327648 ____A C:\Windows\Minidump\070412-19983-01.dmp
2012-07-04 02:46 - 2012-07-05 04:00 - 569495698 ____A C:\Users\Taylor\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [1080p].mkv
2012-07-03 14:01 - 2012-07-03 14:02 - 00000000 ____D C:\Users\Taylor\AppData\Local\{CB8C231B-F342-4A26-B38E-DFAA6C2DE804}
2012-07-03 14:01 - 2012-07-03 14:01 - 00000000 ____D C:\Users\Taylor\AppData\Local\{0F3BEEF4-7522-4DC9-BE43-EDE24C58F436}
2012-07-03 07:35 - 2012-07-03 07:46 - 00000000 ____D C:\Users\Taylor\Downloads\[WhyNot] Mouretsu Space Pirates - Vol 01 [BD 1080p FLAC]
2012-07-02 08:27 - 2012-07-03 01:51 - 585450900 ____A C:\Users\Taylor\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1920x1080].mkv
2012-07-02 06:13 - 2012-07-02 06:13 - 00000000 ____D C:\Users\Taylor\AppData\Local\Aeria Games
2012-07-02 06:13 - 2012-07-02 06:13 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-07-02 05:19 - 2012-07-02 05:19 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-07-02 05:19 - 2012-07-02 05:19 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2012-07-01 16:59 - 2012-07-01 16:59 - 00000000 ____D C:\Users\Taylor\AppData\Local\{BBAA152E-6F50-4DB4-AF16-14A45E9DD71A}
2012-07-01 08:28 - 2012-07-02 05:19 - 00000000 ____D C:\AeriaGames
2012-07-01 08:28 - 2012-07-01 08:30 - 00000000 ____D C:\Users\Taylor\AppData\Local\Akamai
2012-07-01 04:38 - 2012-07-20 06:20 - 00000000 ____D C:\Users\Taylor\Tracing
2012-07-01 04:38 - 2012-07-01 04:39 - 00000000 ____D C:\Users\Taylor\AppData\Local\{E68052D8-DD03-4A2D-B68F-476966AA1563}
2012-07-01 04:38 - 2012-07-01 04:39 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1DEE84D0-6046-4A5F-AB05-B29ACA13DF0D}
2012-07-01 04:38 - 2012-07-01 04:38 - 00000000 ____D C:\Users\Taylor\AppData\Local\{98562A8B-4D88-423D-B6FB-4760E7AB9893}
2012-06-30 17:54 - 2012-06-30 19:26 - 253380472 ____A C:\Users\Taylor\Downloads\[Eveyuu] Sankarea 00 [DVD Hi10P 480p H264] [4219AF02].mkv
2012-06-30 03:37 - 2012-07-01 04:41 - 00000202 ____A C:\Users\Taylor\Documents\PWOOptions.ini
2012-06-30 03:37 - 2012-06-30 03:37 - 00000000 ____D C:\Program Files (x86)\Pokemon World Online
2012-06-28 05:42 - 2012-06-28 05:56 - 00000000 ____D C:\Users\Taylor\Downloads\Fiction
2012-06-28 04:57 - 2012-06-28 04:57 - 00046404 ____A C:\Users\Taylor\Documents\OuseNewAva.xcf
2012-06-26 21:18 - 2012-06-26 21:18 - 00000000 ____D C:\Program Files (x86)\proXPN
2012-06-25 23:52 - 2012-06-26 12:40 - 164359545 ____A C:\Users\Taylor\Downloads\[SubDesu]_Nana_to_Kaoru_OVA_-_01_(853x480)_[B0792FB6].mkv
2012-06-24 01:05 - 2012-06-24 01:05 - 00000000 ____D C:\Windows\en
2012-06-24 01:02 - 2012-06-24 01:02 - 00000000 ____D C:\Windows\fr
2012-06-24 00:51 - 2012-07-20 06:21 - 00000000 ____D C:\Users\Taylor\AppData\Local\Windows Live
2012-06-23 06:02 - 2012-06-23 06:02 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2012-06-21 13:15 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 13:15 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 13:15 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 13:15 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 13:15 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 13:15 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 13:15 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 13:15 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 13:15 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


============ 3 Months Modified Files ========================

2012-07-21 16:07 - 2011-11-18 14:20 - 01438380 ____A C:\Windows\WindowsUpdate.log
2012-07-21 16:05 - 2012-03-06 04:00 - 00000932 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000UA.job
2012-07-21 15:37 - 2012-07-19 18:23 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000UA.job
2012-07-21 11:51 - 2012-07-19 19:51 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3cdb774d-fde9-4552-b1ed-244b88e53bb9.job
2012-07-21 06:40 - 2009-07-13 20:51 - 00055737 ____A C:\Windows\setupact.log
2012-07-21 06:38 - 2012-02-12 09:19 - 00000515 ____A C:\rkill.log
2012-07-21 03:05 - 2012-03-06 04:00 - 00000880 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000Core.job
2012-07-21 02:49 - 2012-07-21 02:49 - 00000474 ____A C:\Users\Taylor\Desktop\defogger_disable.log
2012-07-21 02:49 - 2012-07-21 02:49 - 00000000 ____A C:\Users\Taylor\defogger_reenable
2012-07-21 02:47 - 2012-07-21 02:50 - 00607260 ____R (Swearware) C:\Users\Taylor\Desktop\dds.scr
2012-07-21 02:46 - 2012-07-21 02:48 - 00050477 ____A C:\Users\Taylor\Desktop\Defogger.exe
2012-07-21 01:00 - 2012-07-19 19:51 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d55c383c-31ae-4153-99af-d6d53408f55f.job
2012-07-21 00:42 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-20 20:37 - 2012-07-19 18:23 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000Core.job
2012-07-20 19:17 - 2012-07-19 01:44 - 00002170 ____A C:\Users\Taylor\Desktop\GooredFix.txt
2012-07-20 06:27 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-20 06:27 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-20 06:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-20 00:51 - 2012-07-04 12:30 - 00036864 __ASH C:\Users\Taylor\Thumbs.db
2012-07-19 19:02 - 2010-11-20 19:47 - 00395346 ____A C:\Windows\PFRO.log
2012-07-19 16:58 - 2012-07-19 16:58 - 01012656 ____A C:\Users\Taylor\Desktop\rkill.com
2012-07-19 01:44 - 2012-07-19 01:44 - 00071398 ____A (jpshortstuff) C:\Users\Taylor\Desktop\GooredFix.exe
2012-07-16 05:49 - 2012-07-16 05:04 - 347852330 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 03 [720p].mkv
2012-07-16 05:03 - 2012-07-15 15:02 - 568207151 ____A C:\Users\Taylor\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 03 [1080p].mkv
2012-07-16 04:04 - 2012-07-15 14:47 - 61921746 ____A C:\Users\Taylor\Downloads\[RH][Ebiten][01][big5][720P].mp4
2012-07-15 11:04 - 2012-07-15 09:19 - 567392003 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Campione! - 02 [1080p].mkv
2012-07-15 09:18 - 2012-07-15 05:53 - 567380634 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Kokoro Connect - 02 [1080p].mkv
2012-07-15 07:31 - 2012-07-15 05:52 - 273319136 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_12_[3DF82AFC].mkv
2012-07-15 06:54 - 2012-07-15 05:55 - 568388590 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Sword Art Online - 02 [1080p].mkv
2012-07-13 06:17 - 2012-07-13 05:06 - 569568825 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Jinrui wa Suitai Shimableepa - 02 [1080p].mkv
2012-07-13 04:52 - 2012-07-13 04:16 - 353632877 ____A C:\Users\Taylor\Downloads\[Hadena] Dakara Boku wa, H ga Dekinai. - 01 [720p][16E8F351].mkv
2012-07-13 04:16 - 2012-07-13 03:21 - 567462643 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Campione! - 01 [1080p].mkv
2012-07-13 03:21 - 2012-07-12 23:14 - 350165985 ____A C:\Users\Taylor\Downloads\[gg]_Binbougami_ga!_-_02_[1AF9E512].mkv
2012-07-13 01:07 - 2012-07-13 01:07 - 00030046 ____A C:\Users\Taylor\AppData\Local\recently-used.xbel
2012-07-12 04:00 - 2012-07-12 03:21 - 363360345 ____A C:\Users\Taylor\Downloads\[gg]_Binbougami_ga!_-_01_[D909F54C].mkv
2012-07-11 04:35 - 2012-07-11 03:32 - 568704946 ____A C:\Users\Taylor\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 02 [1080p].mkv
2012-07-09 07:35 - 2012-07-09 04:50 - 584659754 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 02 [1080p].mkv
2012-07-09 07:19 - 2012-07-09 05:48 - 579718144 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Oda Nobuna no Yabou - 01 [1080p].mkv
2012-07-09 05:47 - 2012-07-09 04:49 - 221018375 ____A C:\Users\Taylor\Downloads\[gg]_Joshiraku_-_01_[51DDCEF5].mkv
2012-07-08 04:15 - 2012-07-08 02:13 - 566990906 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Kokoro Connect - 01 [1080p].mkv
2012-07-08 04:04 - 2012-07-08 02:14 - 567968732 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Sword Art Online - 01 [1080p].mkv
2012-07-06 14:15 - 2012-07-06 14:15 - 02796453 ____A (IceChat Networks ) C:\Users\Taylor\Downloads\icechat-setup.exe
2012-07-05 05:49 - 2012-07-05 04:00 - 567767423 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Jinrui wa Suitai Shimableepa - 01 [1080p].mkv
2012-07-05 04:00 - 2012-07-04 02:46 - 569495698 ____A C:\Users\Taylor\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [1080p].mkv
2012-07-04 11:32 - 2012-07-04 11:32 - 00327648 ____A C:\Windows\Minidump\070412-19983-01.dmp
2012-07-04 11:31 - 2012-06-15 20:07 - 340905942 ____A C:\Windows\MEMORY.DMP
2012-07-03 12:46 - 2012-03-29 20:09 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 01:51 - 2012-07-02 08:27 - 585450900 ____A C:\Users\Taylor\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1920x1080].mkv
2012-07-01 04:41 - 2012-06-30 03:37 - 00000202 ____A C:\Users\Taylor\Documents\PWOOptions.ini
2012-06-30 19:26 - 2012-06-30 17:54 - 253380472 ____A C:\Users\Taylor\Downloads\[Eveyuu] Sankarea 00 [DVD Hi10P 480p H264] [4219AF02].mkv
2012-06-28 04:57 - 2012-06-28 04:57 - 00046404 ____A C:\Users\Taylor\Documents\OuseNewAva.xcf
2012-06-26 21:18 - 2009-07-13 18:34 - 00000426 ____A C:\Windows\win.ini
2012-06-26 12:40 - 2012-06-25 23:52 - 164359545 ____A C:\Users\Taylor\Downloads\[SubDesu]_Nana_to_Kaoru_OVA_-_01_(853x480)_[B0792FB6].mkv
2012-06-24 00:54 - 2011-03-31 01:15 - 00001292 ____A C:\Windows\DirectX.log
2012-06-19 22:41 - 2012-06-19 22:06 - 247520924 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_11_[1E83941F].mkv
2012-06-17 02:59 - 2012-06-16 19:04 - 567225311 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 10 [1080p].mkv
2012-06-16 19:03 - 2012-06-16 17:44 - 568533261 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 09 [1080p].mkv
2012-06-16 17:43 - 2012-06-16 16:13 - 572963318 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 10 [1080p].mkv
2012-06-16 16:13 - 2012-06-16 14:27 - 573312373 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 09 [1080p].mkv
2012-06-16 14:26 - 2012-06-16 13:39 - 341511923 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_08_[C213DEE1].mkv
2012-06-16 13:38 - 2012-06-16 13:04 - 313210610 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_10_[939FF9C9].mkv
2012-06-15 20:07 - 2012-06-15 20:07 - 00593792 ____A C:\Windows\Minidump\061512-24476-01.dmp
2012-06-10 11:28 - 2012-04-08 12:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 11:28 - 2012-02-03 23:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-10 11:25 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-06 02:14 - 2012-06-05 18:17 - 307888933 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_09_[00362F12].mkv
2012-06-05 14:51 - 2012-06-05 13:12 - 354230056 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_07_[078F97DC].mkv
2012-06-02 14:19 - 2012-06-21 13:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 13:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 13:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 13:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 13:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 13:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 13:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 13:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 22:54 - 2012-05-30 17:10 - 296879705 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_08_[B8117C3F].mkv
2012-05-29 02:56 - 2012-05-29 00:49 - 568931145 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 07 [1080p].mkv
2012-05-29 02:47 - 2012-05-29 00:55 - 568697554 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 08 [1080p].mkv
2012-05-29 00:53 - 2012-05-28 23:40 - 341063465 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 07 [720p].mkv
2012-05-29 00:46 - 2012-05-28 23:23 - 341630966 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 06 [720p].mkv
2012-05-28 23:37 - 2012-05-28 22:07 - 341580828 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 08 [720p].mkv
2012-05-27 21:56 - 2012-05-27 20:32 - 288109040 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_06_[A426AAE4].mkv
2012-05-27 21:11 - 2012-05-27 20:04 - 298677176 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_05_[B4982783].mkv
2012-05-27 20:29 - 2012-05-27 17:52 - 362545329 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_04_[1B7C7E04].mkv
2012-05-27 20:02 - 2012-05-27 14:54 - 263534997 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_07_[929816ED].mkv
2012-05-20 10:44 - 2012-05-19 16:46 - 301250177 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_06_[3BC4F498].mkv
2012-05-17 06:00 - 2012-05-15 16:36 - 276892974 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_03_[DF5E813A].mkv
2012-05-17 05:49 - 2012-05-15 10:23 - 323847970 ____A C:\Users\Taylor\Downloads\[gg]_Hyouka_-_04_[B75D5B0D].mkv
2012-05-15 18:25 - 2012-05-15 10:23 - 568730147 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 06 [1080p].mkv
2012-05-15 18:21 - 2012-05-15 10:23 - 573857115 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 05 [1080p].mkv
2012-05-15 18:17 - 2012-05-15 10:23 - 336670438 ____A C:\Users\Taylor\Downloads\[Mazui]_Hyouka_-_02_[356D9C93].mkv
2012-05-15 12:39 - 2012-05-15 10:15 - 426402910 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_05_[955CBA04].mkv
2012-05-15 12:36 - 2012-05-15 10:16 - 341211507 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 04 [720p].mkv
2012-05-15 12:03 - 2012-05-15 10:23 - 325960375 ____A C:\Users\Taylor\Downloads\[Commie] Hyouka - 01 [7CBD29BC].mkv
2012-05-14 00:36 - 2012-05-13 23:43 - 568554725 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Mysterious Girlfriend X - 06 [1080p].mkv
2012-05-07 13:58 - 2012-05-07 05:07 - 569137561 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 05 [1080p].mkv
2012-05-06 12:44 - 2012-05-06 04:34 - 338935801 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 02 [720p].mkv
2012-05-06 11:01 - 2012-05-06 04:34 - 340709288 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 03 [720p].mkv
2012-05-06 10:55 - 2012-05-06 04:35 - 339055046 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 03 [720p].mkv
2012-05-06 10:03 - 2012-05-06 04:35 - 338747576 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Dusk Maiden of Amnesia - 04 [720p].mkv
2012-05-06 08:01 - 2012-05-06 01:30 - 323956110 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_03v2_[9AAE8987].mkv
2012-05-06 07:58 - 2012-05-06 04:33 - 341181549 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 02 [720p].mkv
2012-05-06 07:49 - 2012-05-06 04:48 - 314158900 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_04_[7A0F8945].mkv
2012-05-06 06:06 - 2012-05-06 01:30 - 356145143 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_02_[D48EDE54].mkv
2012-05-04 10:46 - 2012-05-04 08:08 - 453052323 ____A C:\Users\Taylor\Downloads\[gg]_Jormungand_-_01_[382A285D].mkv
2012-05-04 10:04 - 2012-05-04 05:49 - 327227519 ____A C:\Users\Taylor\Downloads\[Hadena] Dusk Maiden of Amnesia - 01 [720p][18426938].mkv
2012-05-04 09:04 - 2012-05-04 05:45 - 341696121 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Haiyore! Nyaruko-san - 01 [720p].mkv
2012-05-04 08:21 - 2012-05-04 05:43 - 356686189 ____A C:\Users\Taylor\Downloads\[HorribleSubs] Another - 01 [720p].mkv


ZeroAccess:
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\L
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\L\00000004.@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\L\1afb2d56
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\L\201d3dde
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U\00000004.@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U\00000008.@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U\000000cb.@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U\80000000.@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U\80000032.@
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}\U\80000064.@

ZeroAccess:
C:\Users\Taylor\AppData\Local\{bec1570b-8846-4ad8-0091-7278f134618e}
C:\Users\Taylor\AppData\Local\{bec1570b-8846-4ad8-0091-7278f134618e}\@
C:\Users\Taylor\AppData\Local\{bec1570b-8846-4ad8-0091-7278f134618e}\L
C:\Users\Taylor\AppData\Local\{bec1570b-8846-4ad8-0091-7278f134618e}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 2815.37 MB
Available physical RAM: 2073.16 MB
Total Pagefile: 2813.57 MB
Available Pagefile: 2122.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:647.1 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:19.53 GB) (Free:8.31 GB) NTFS
5 Drive h: () (Removable) (Total:3.73 GB) (Free:3.2 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 19 GB 1024 KB
Partition 2 Primary 100 MB 19 GB
Partition 3 Primary 911 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 19 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 911 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 07:27

======================= End Of Log ==========================









And here is the second one:

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-21 17:14:31
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e}
C:\Users\Taylor\AppData\Local\{bec1570b-8846-4ad8-0091-7278f134618e}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:
  
  Link
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
  
• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
  
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Here is the first log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-21 20:07:57 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{bec1570b-8846-4ad8-0091-7278f134618e} moved successfully.
C:\Users\Taylor\AppData\Local\{bec1570b-8846-4ad8-0091-7278f134618e} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====



Second log:

ComboFix 12-07-21.01 - Taylor 07/21/2012 20:41:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1810 [GMT -7:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 01:12 . 2012-07-22 01:12 -------- d-----w- C:\FRST
2012-07-20 03:51 . 2012-07-20 03:51 -------- d-----w- c:\users\Taylor\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 03:51 . 2012-07-20 03:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-20 03:51 . 2012-07-20 03:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-20 02:23 . 2012-07-20 02:28 -------- d-----w- c:\users\Taylor\AppData\Local\Google
2012-07-18 08:18 . 2012-07-18 08:18 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 03:37 . 2012-07-14 03:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-14 03:37 . 2012-07-22 03:04 -------- d-----w- c:\program files (x86)\Steam
2012-07-12 02:11 . 2012-07-12 02:11 -------- d-----w- C:\Ruby193
2012-07-11 01:05 . 2012-07-22 03:46 -------- d-----w- c:\users\Taylor\AppData\Roaming\Skype
2012-07-11 01:05 . 2012-07-11 01:05 -------- d-----r- c:\program files (x86)\Skype
2012-07-02 14:13 . 2012-07-02 14:13 -------- d-----w- c:\users\Taylor\AppData\Local\Aeria Games
2012-07-02 14:13 . 2012-07-02 14:13 -------- d-----w- c:\programdata\Aeria Games
2012-07-02 13:19 . 2012-07-02 13:19 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-07-02 13:19 . 2012-07-02 13:19 -------- d-----w- c:\program files (x86)\Aeria Games
2012-07-01 16:28 . 2012-07-01 16:30 -------- d-----w- c:\users\Taylor\AppData\Local\Akamai
2012-07-01 16:28 . 2012-07-02 13:19 -------- d-----w- C:\AeriaGames
2012-07-01 12:38 . 2012-07-22 03:09 -------- d-----w- c:\users\Taylor\Tracing
2012-06-30 11:37 . 2012-06-30 11:37 -------- d-----w- c:\program files (x86)\Pokemon World Online
2012-06-27 05:18 . 2012-06-27 05:18 -------- d-----w- c:\program files (x86)\proXPN
2012-06-24 09:05 . 2012-06-24 09:05 -------- d-----w- c:\windows\en
2012-06-24 09:02 . 2012-06-24 09:02 -------- d-----w- c:\windows\fr
2012-06-24 08:56 . 2012-06-24 08:55 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-24 08:53 . 2012-06-24 08:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d877ef181cd51e604\MeshBetaRemover.exe
2012-06-24 08:53 . 2012-06-24 08:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d4907bb81cd51e603\DSETUP.dll
2012-06-24 08:53 . 2012-06-24 08:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d4907bb81cd51e603\DXSETUP.exe
2012-06-24 08:53 . 2012-06-24 08:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d4907bb81cd51e603\dsetup32.dll
2012-06-24 08:51 . 2012-07-22 03:09 -------- d-----w- c:\users\Taylor\AppData\Local\Windows Live
2012-06-23 14:02 . 2012-06-23 14:02 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:55 . 2012-02-05 20:15 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-12 12:44 . 2012-02-05 20:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-03 20:46 . 2012-03-30 04:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 19:28 . 2012-04-08 20:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 19:28 . 2012-02-04 07:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 21:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 21:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 21:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-01 12:14 . 2012-02-05 20:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 16:00 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RockMelt Update"="c:\users\Taylor\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-03-06 136336]
"Akamai NetSession Interface"="c:\users\Taylor\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-07-02 89560]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-05 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 02:23]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 02:23]
.
2012-07-21 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000Core.job
- c:\users\Taylor\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-06 12:00]
.
2012-07-22 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4130005182-2376481856-124789523-1000UA.job
- c:\users\Taylor\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-06 12:00]
.
2012-07-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3cdb774d-fde9-4552-b1ed-244b88e53bb9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d55c383c-31ae-4153-99af-d6d53408f55f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://emachines.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\fjwh8yot.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B42688aad-0cc6-462c-aa09-0f2fe2c30802%7D&mid=51638260489947d1ba98294607dd2d57-8b653b27388451d050dda9b871a33f9877cc6546&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-06-03%2018%3A56%3A07&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DS3 Tool - c:\progra~1\MOTION~1\ds3\DS3_Tool.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Ragnarok Battle Offline - c:\users\Taylor\Downloads\R_B_O_with_Expansion123_&_Patch\R_B_O_with_Expansion123_&_Patch\R_B_O_with_Expansion123_&_Patch\Ragnarok Battle Offline\#Raganarok Battle Offline\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\users\Taylor\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
.
**************************************************************************
.
Completion time: 2012-07-21 20:51:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 03:51
.
Pre-Run: 694,543,069,184 bytes free
Post-Run: 696,483,966,976 bytes free
.
- - End Of File - - 575CD57B9FB1E9DC0E834C6A24A85626

that's looking better, please run the following

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.