Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zeroaccess rootkit


  • This topic is locked This topic is locked
9 replies to this topic

#1 phantomx11

phantomx11

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 09 August 2012 - 08:20 PM

Hi! I posted over in the am I infected section yesterday, and told my problem, and I was asked to run Rkill and post a log. The log told me I was "Showing symptoms" of a zeroaccess rootkit. I was then directed to here for help removing it.
So, a few days ago, my PC starting acting up with a pretty potent google redirect. I checked hosts in system 32, but there was nothing out of place there. A day after that I bought Avast's complete security suite, and every couple of minutes it told me about the same infected files (one of four or five) Most all of the time located in C/windows/installer (A few times located in C/users/appdata)
A few other major issues I've been having:
Whenever I am playing a game on my PC, The game will automatically minimize without my consent every 30 seconds- 2 minutes. The other major one is kind of hard to explain, because I don't know how to word it, so I'm going to use an image to hopefully give you an idea.
Posted Image
This is a comparison I decided to draw up while I was running the requested GMER scan.
On the right is what a window/tab that is currently in use looks like. The close window signal is coloured in red, and the minimize and window/maximize keys are in a grey shade and aren't transparent, along with the black outlining on the edges of the window. On the left is what a window/tab that is currently not prioritized looks like (Command keys are white, transparent, no outlining). When I am using something, like a webpage, and I'm scrolling down, my computer will randomly swich from priority (on the right), where I am allowed to scroll, and non priority (On the left), where I must click on the window/ full page again to continue scrolling.
This is extreamly annoying when typing on the internet/word documents. (It happens even more often on Microsoft word) Where I will have to press space or click on the textbox again to continue typing.
A minor issue that I have noticed, which may or may not be connected (It didn't start happening until I installed Avast) is all of my icons are rearanged into alphibetical order (Not including the recycle bin and the sims 3, for some reason) every time I turn my computer off/restart.
(Quick note: I might have had a problem with Gmer. In this sites guide, it showed a picture and said to uncheck several options before starting the scan, but when I ran Gmer, only a few of the options were avalible. I didn't have the option to check or uncheck most anything, but nothing in the uncheck section was checked. I also noticed it picked up a lot of things from my antivirus. I'm not sure if this is the actual rootkit itself being stored in my antivirus' files, because I cannot locate them in my windows/installer file)

Requested Logs section:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Josh at 20:20:48 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5377 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Josh\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Users\Josh\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Amazon Cloud Drive] C:\Users\Josh\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Josh\AppData\Local\Temp\{F322AD83-B28C-43D3-A0BE-49797CABDDB8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 216.68.4.10 216.68.5.10
TCP: Interfaces\{10E6FFB4-99BA-48DE-B508-D49D337019FE} : DhcpNameServer = 216.68.4.10 216.68.5.10
TCP: Interfaces\{10E6FFB4-99BA-48DE-B508-D49D337019FE}\B413E47402452594454503E4 : DhcpNameServer = 216.68.4.10 216.68.5.10
TCP: Interfaces\{10E6FFB4-99BA-48DE-B508-D49D337019FE}\C696E6B6379737 : DhcpNameServer = 216.68.4.10 216.68.5.10
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-6 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-8-6 133912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-5 13592]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-5 1692480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-08 22:41:55 -------- d-----w- C:\Users\Josh\AppData\Local\ApplicationHistory
2012-08-08 17:46:15 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
2012-08-08 17:46:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-08 17:46:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-08 17:46:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-08 06:43:15 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-08 06:42:35 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-07 03:54:25 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-08-07 03:54:19 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-08-07 03:54:19 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-08-07 03:54:19 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-08-07 03:26:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-07 03:26:27 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-07 03:26:27 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-07 03:26:16 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-07 03:26:08 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-07 03:26:08 -------- d-----w- C:\Program Files\AVAST Software
2012-08-06 16:37:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-04 17:04:52 -------- d-----w- C:\ProgramData\Electronic Arts
2012-08-04 17:04:52 -------- d-----w- C:\ProgramData\EA Core
2012-08-03 19:01:58 -------- d-----w- C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2012-08-02 00:09:12 -------- d-----w- C:\ProgramData\AMD
2012-08-02 00:09:11 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-08-02 00:09:08 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-02 00:09:03 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-08-02 00:07:03 -------- d-----w- C:\Program Files\ATI Technologies
2012-08-01 23:41:32 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-08-01 23:41:16 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-08-01 23:41:09 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-08-01 23:40:35 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-08-01 23:40:35 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-08-01 23:39:40 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-08-01 23:39:21 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-08-01 23:39:21 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-08-01 23:39:19 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-08-01 23:39:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-08-01 23:39:03 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-08-01 23:38:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-08-01 23:38:31 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-08-01 23:38:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-08-01 23:37:53 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-08-01 23:37:48 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-08-01 23:37:15 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-08-01 23:36:26 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-08-01 23:36:18 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-08-01 23:35:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-08-01 23:35:33 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-08-01 23:35:06 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-08-01 23:34:55 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-08-01 23:34:46 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-08-01 23:34:43 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-08-01 23:34:33 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-08-01 23:34:32 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-08-01 23:33:37 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-08-01 23:33:36 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-08-01 23:33:21 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-08-01 23:33:00 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-08-01 23:33:00 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-08-01 23:32:48 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-08-01 23:32:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-08-01 23:32:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-08-01 23:32:42 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-31 16:13:29 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68C3B1F8-E715-4F0B-B3EB-D55D45CFF552}\mpengine.dll
2012-07-28 01:21:41 -------- d-----w- C:\Users\Josh\AppData\Local\GRAW2
2012-07-28 01:21:41 -------- d-----w- C:\ProgramData\GRAW2
2012-07-28 01:21:35 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-28 01:21:35 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-28 01:21:35 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-28 01:21:35 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-28 01:21:35 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-07-26 18:50:41 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2012-07-26 18:50:41 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-07-26 18:50:41 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2012-07-26 18:50:41 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-07-26 18:50:40 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-07-26 18:50:40 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-07-23 20:33:00 -------- d-----w- C:\Users\Josh\AppData\Roaming\The Creative Assembly
2012-07-20 19:43:24 -------- d-----w- C:\Users\Josh\AppData\Local\4A Games
2012-07-20 19:38:58 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-07-20 19:33:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-18 19:20:41 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-11 07:01:48 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 00:46:07 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 00:45:59 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 00:45:59 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 00:45:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 00:45:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 00:45:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 00:45:50 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 00:45:50 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 00:45:50 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 00:45:49 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 00:45:49 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 00:45:49 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2012-08-01 23:42:41 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-08-01 23:41:13 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-08-01 23:40:50 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-08-01 23:40:47 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-08-01 23:40:25 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-08-01 23:39:09 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-08-01 23:38:45 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-08-01 23:37:44 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-08-01 23:37:32 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-08-01 23:34:10 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-31 15:39:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 15:39:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-17 23:04:03 189472 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-17 23:04:03 189472 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-17 18:50:46 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-17 18:49:25 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-06-27 05:25:59 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:21:13.87 ===============


Thanks for reading, and any help would be much appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:04 PM

Posted 09 August 2012 - 09:07 PM

Hello phantomx11,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.



1.
Do you have a USB Flash Drive you can use?

2.
Can you provide me with the link to the other topic from "Am I Infected"?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 phantomx11

phantomx11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 09 August 2012 - 09:17 PM

I have a flashdrive, but I'm pretty sure a trojan exists on it, the last time I attempted to put it in a computer through a USB port, the computer recognized it as a CD drive. (I had downloaded something I mistaked for a program like a registry clearing command thing like Rkill, but I haven't used it sense)

I actually found another flashdrive, so I could use that!

Here is the link to the article I posted earlier.
http://www.bleepingcomputer.com/forums/topic464434.html

Edited by phantomx11, 10 August 2012 - 05:29 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:04 PM

Posted 11 August 2012 - 09:58 AM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 phantomx11

phantomx11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 11 August 2012 - 07:56 PM

Requested Log:
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 11-08-2012 23:47:10
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKU\Josh\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-03] (Valve Corporation)
HKU\Josh\...\Run: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-04] (Google Inc.)
HKU\Josh\...\Run: [Amazon Cloud Drive] C:\Users\Josh\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [424848 2012-05-24] ()
Tcpip\Parameters: [DhcpNameServer] 216.68.4.10 216.68.5.10
Startup: C:\Users\Josh\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> (No File)

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [133912 2012-07-03] (AVAST Software)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-27] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189472 2012-07-17] ()
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-07-03] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2012-06-27] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-11 23:47 - 2012-08-11 23:47 - 00000000 ____D C:\FRST
2012-08-09 19:49 - 2012-08-09 19:49 - 00073051 ____A C:\Users\Josh\Desktop\gmerlog.log
2012-08-09 19:28 - 2012-08-09 19:28 - 00294216 ____A C:\Users\Josh\Desktop\gmer.zip
2012-08-09 19:28 - 2012-08-09 19:28 - 00000000 ____D C:\Users\Josh\Desktop\gmer
2012-08-09 19:27 - 2012-08-09 19:27 - 00294216 ____A C:\Users\Josh\Downloads\gmer.zip
2012-08-09 19:24 - 2012-08-09 19:24 - 00010287 ____A C:\Users\Josh\My Documents\Attatch.txt
2012-08-09 19:24 - 2012-08-09 19:24 - 00010287 ____A C:\Users\Josh\Documents\Attatch.txt
2012-08-09 19:22 - 2012-08-09 19:22 - 00025568 ____A C:\Users\Josh\Desktop\DDS.txt
2012-08-09 19:19 - 2012-08-09 19:19 - 00607260 ____R (Swearware) C:\Users\Josh\Desktop\dds.com
2012-08-09 19:17 - 2012-08-09 19:17 - 00000470 ____A C:\Users\Josh\Desktop\defogger_disable.log
2012-08-09 19:17 - 2012-08-09 19:17 - 00000000 ____A C:\Users\Josh\defogger_reenable
2012-08-09 19:16 - 2012-08-09 19:16 - 00050477 ____A C:\Users\Josh\Desktop\Defogger.exe
2012-08-09 19:01 - 2012-08-09 19:01 - 00004480 ____A C:\Users\Josh\Desktop\Rkill.txt
2012-08-09 19:01 - 2012-08-09 19:01 - 00000000 ____D C:\Users\Josh\Desktop\rkill-backup
2012-08-08 22:29 - 2012-08-08 22:44 - 209779436 ____A C:\Users\Josh\Downloads\Rieley 2.wmv
2012-08-08 19:47 - 2012-08-08 19:47 - 00150990 ____A C:\Users\Josh\Downloads\OTL (1).Txt
2012-08-08 19:39 - 2012-08-08 19:39 - 00002006 ____A C:\Users\Josh\Downloads\aswMBR.txt
2012-08-08 19:39 - 2012-08-08 19:39 - 00000512 ____A C:\Users\Josh\Downloads\MBR.dat
2012-08-08 19:34 - 2012-08-08 19:34 - 04731392 ____A (AVAST Software) C:\Users\Josh\Downloads\aswMBR.exe
2012-08-08 19:32 - 2012-08-08 19:32 - 00049202 ____A C:\Users\Josh\Downloads\Extras.Txt
2012-08-08 19:31 - 2012-08-08 19:31 - 00150990 ____A C:\Users\Josh\Downloads\OTL.Txt
2012-08-08 19:09 - 2012-08-08 19:09 - 00596480 ____A (OldTimer Tools) C:\Users\Josh\Downloads\OTL.exe
2012-08-08 12:46 - 2012-08-08 12:46 - 00000000 ____D C:\Users\Josh\Application Data\Malwarebytes
2012-08-08 12:46 - 2012-08-08 12:46 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Malwarebytes
2012-08-08 12:46 - 2012-08-08 12:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-08 12:46 - 2012-08-08 12:46 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-08 12:46 - 2012-08-08 12:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-08 12:46 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-08 12:20 - 2012-08-08 12:58 - 575547720 ____A C:\Users\Josh\Downloads\Rieley.wmv
2012-08-08 01:43 - 2012-08-08 01:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-08 01:42 - 2012-08-08 01:55 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-07 23:59 - 2012-08-08 02:53 - 42421013 ____A C:\Users\Josh\Downloads\Becca 2.wmv
2012-08-07 23:52 - 2012-08-07 23:55 - 32023339 ____A C:\Users\Josh\Downloads\Beccabea update 1.wmv
2012-08-07 18:25 - 2012-08-07 18:25 - 00000000 ____D C:\Users\Josh\Downloads\BE Bouncy
2012-08-07 18:24 - 2012-08-07 18:25 - 08843408 ____A C:\Users\Josh\Downloads\BE Bouncy.zip
2012-08-07 14:55 - 2012-08-07 14:55 - 00000000 ____D C:\avast! sandbox
2012-08-07 14:54 - 2012-08-07 15:19 - 242199246 ____A C:\Users\Josh\Downloads\Becca.wmv
2012-08-07 14:21 - 2012-08-07 14:53 - 304845922 ____A C:\Users\Josh\Downloads\Beverly.wmv
2012-08-07 13:52 - 2012-08-07 14:19 - 356349989 ____A C:\Users\Josh\Downloads\Renee 3.wmv
2012-08-07 01:09 - 2012-08-07 01:19 - 147129342 ____A C:\Users\Josh\Downloads\Ashley Robins.wmv
2012-08-06 22:54 - 2012-07-03 11:21 - 00266776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2012-08-06 22:54 - 2012-07-03 11:21 - 00142128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2012-08-06 22:54 - 2012-07-03 11:21 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2012-08-06 22:54 - 2012-06-27 15:33 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2012-08-06 22:26 - 2012-08-06 22:54 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-06 22:26 - 2012-08-06 22:26 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-06 22:26 - 2012-08-06 22:26 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-08-06 22:26 - 2012-08-06 22:26 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-06 22:26 - 2012-07-03 11:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-06 22:26 - 2012-07-03 11:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-06 22:26 - 2012-07-03 11:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-06 22:26 - 2012-07-03 11:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-06 22:26 - 2012-07-03 11:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-06 22:26 - 2012-07-03 11:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-06 22:26 - 2012-07-03 11:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-06 22:26 - 2012-07-03 11:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-06 22:26 - 2012-07-03 11:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-06 22:18 - 2012-08-06 22:24 - 89340632 ____A C:\Users\Josh\Downloads\avast_free_antivirus_setup.exe
2012-08-06 21:29 - 2012-08-06 21:39 - 63899792 ____A C:\Users\Josh\Downloads\vpsupd.exe
2012-08-06 21:29 - 2012-08-06 21:29 - 00001632 ____A C:\Users\Josh\Downloads\License.avastlic
2012-08-06 21:18 - 2012-08-06 21:28 - 98468848 ____A C:\Users\Josh\Downloads\AVAST.exe
2012-08-06 11:37 - 2012-08-06 11:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-06 01:35 - 2012-08-06 02:02 - 403486170 ____A C:\Users\Josh\Downloads\Lana.wmv
2012-08-04 23:33 - 2012-08-04 23:56 - 295502560 ____A C:\Users\Josh\Downloads\Micky 2.wmv
2012-08-04 23:00 - 2012-08-04 23:32 - 325788930 ____A C:\Users\Josh\Downloads\Josie.wmv
2012-08-04 22:37 - 2012-08-04 23:00 - 364652001 ____A C:\Users\Josh\Downloads\Molly.wmv
2012-08-04 22:15 - 2012-08-04 22:32 - 268730877 ____A C:\Users\Josh\Downloads\Renee 2.wmv
2012-08-04 22:10 - 2012-08-04 22:14 - 68274642 ____A C:\Users\Josh\Downloads\Maria.wmv
2012-08-04 21:52 - 2012-08-04 22:07 - 214970562 ____A C:\Users\Josh\Downloads\Leanne.wmv
2012-08-04 21:45 - 2012-08-04 21:52 - 104318014 ____A C:\Users\Josh\Downloads\Boob olympics 2.wmv
2012-08-04 21:34 - 2012-08-04 21:43 - 136576981 ____A C:\Users\Josh\Downloads\Lorna.wmv
2012-08-04 21:24 - 2012-08-04 21:29 - 79064522 ____A C:\Users\Josh\Downloads\Boob olympics.wmv
2012-08-04 21:20 - 2012-08-04 21:23 - 00000022 ____A C:\Users\Josh\Downloads\plumptopia.zip
2012-08-04 20:48 - 2012-08-04 21:19 - 421303362 ____A C:\Users\Josh\Downloads\Linsey.wmv
2012-08-04 20:24 - 2012-08-04 20:48 - 281617768 ____A C:\Users\Josh\Downloads\Karina.wmv
2012-08-04 12:04 - 2012-08-04 12:04 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-08-04 12:04 - 2012-08-04 12:04 - 00000000 ____D C:\Users\All Users\EA Core
2012-08-04 12:04 - 2012-08-04 12:04 - 00000000 ____D C:\Users\All Users\Application Data\Electronic Arts
2012-08-04 12:04 - 2012-08-04 12:04 - 00000000 ____D C:\Users\All Users\Application Data\EA Core
2012-08-03 20:03 - 2012-08-03 20:27 - 339905172 ____A C:\Users\Josh\Downloads\Sarah.wmv
2012-08-03 19:17 - 2012-08-03 19:39 - 280301601 ____A C:\Users\Josh\Downloads\Renee Ross.wmv
2012-08-03 18:56 - 2012-08-03 19:15 - 253168317 ____A C:\Users\Josh\Downloads\Michelle 2.wmv
2012-08-03 18:27 - 2012-08-03 18:50 - 355793101 ____A C:\Users\Josh\Downloads\Shione.wmv
2012-08-03 17:58 - 2012-08-03 18:14 - 229057884 ____A C:\Users\Josh\Downloads\Dors.wmv
2012-08-03 17:35 - 2012-08-03 17:57 - 295488183 ____A C:\Users\Josh\Downloads\Hitomi 2.wmv
2012-08-03 17:21 - 2012-08-03 17:33 - 175268601 ____A C:\Users\Josh\Downloads\Estelle.wmv
2012-08-03 17:06 - 2012-08-03 17:21 - 186607815 ____A C:\Users\Josh\Downloads\Jenna.wmv
2012-08-02 10:54 - 2012-08-02 10:54 - 00000222 ____A C:\Users\Josh\Desktop\Crysis 2 Maximum Edition.url
2012-08-01 19:09 - 2012-08-01 19:09 - 00000000 ____D C:\Users\All Users\ATI
2012-08-01 19:09 - 2012-08-01 19:09 - 00000000 ____D C:\Users\All Users\Application Data\ATI
2012-08-01 19:09 - 2012-08-01 19:09 - 00000000 ____D C:\Users\All Users\Application Data\AMD
2012-08-01 19:09 - 2012-08-01 19:09 - 00000000 ____D C:\Users\All Users\AMD
2012-08-01 19:09 - 2012-08-01 19:09 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-08-01 19:09 - 2012-08-01 19:09 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-08-01 19:07 - 2012-08-01 19:08 - 00000000 ____D C:\Program Files\ATI Technologies
2012-08-01 18:41 - 2012-08-01 18:43 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-08-01 18:41 - 2012-08-01 18:43 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-08-01 18:41 - 2012-08-01 18:41 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-08-01 18:41 - 2012-08-01 18:41 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-08-01 18:41 - 2012-08-01 18:41 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-08-01 18:40 - 2012-08-01 18:40 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-08-01 18:40 - 2012-08-01 18:40 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-08-01 18:40 - 2012-08-01 18:40 - 00038159 ____A C:\Windows\atiogl.xml
2012-08-01 18:40 - 2012-08-01 18:40 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-08-01 18:40 - 2012-08-01 18:40 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-08-01 18:40 - 2012-08-01 18:40 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat
2012-08-01 18:40 - 2012-08-01 18:40 - 00003917 ____A C:\Windows\System32\atipblag.dat
2012-08-01 18:39 - 2012-08-01 18:42 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-08-01 18:39 - 2012-08-01 18:41 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-08-01 18:39 - 2012-08-01 18:39 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-08-01 18:39 - 2012-08-01 18:39 - 00601728 ____A C:\Windows\System32\atiicdxx.dat
2012-08-01 18:39 - 2012-08-01 18:39 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-08-01 18:39 - 2012-08-01 18:39 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-08-01 18:39 - 2012-08-01 18:39 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-08-01 18:38 - 2012-08-01 18:38 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-08-01 18:38 - 2012-08-01 18:38 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-08-01 18:38 - 2012-08-01 18:38 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-08-01 18:37 - 2012-08-01 18:38 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-08-01 18:37 - 2012-08-01 18:38 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-08-01 18:37 - 2012-08-01 18:37 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-08-01 18:37 - 2012-08-01 18:37 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-08-01 18:37 - 2012-08-01 18:37 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-08-01 18:37 - 2012-08-01 18:37 - 00095760 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AtihdW76.sys
2012-08-01 18:37 - 2012-08-01 18:37 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-08-01 18:36 - 2012-08-01 18:36 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-08-01 18:36 - 2012-08-01 18:36 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-08-01 18:35 - 2012-08-01 18:37 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-08-01 18:35 - 2012-08-01 18:35 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-08-01 18:35 - 2012-08-01 18:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-08-01 18:34 - 2012-08-01 18:35 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-08-01 18:34 - 2012-08-01 18:35 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-08-01 18:34 - 2012-08-01 18:34 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-08-01 18:34 - 2012-08-01 18:34 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-08-01 18:34 - 2012-08-01 18:34 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-08-01 18:32 - 2012-08-01 18:32 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-08-01 18:32 - 2012-08-01 18:32 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-08-01 18:32 - 2012-08-01 18:32 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-08-01 18:32 - 2012-08-01 18:32 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-31 17:46 - 2012-07-31 18:03 - 241163721 ____A C:\Users\Josh\Downloads\Dolly.wmv
2012-07-30 20:17 - 2012-07-30 20:37 - 291726982 ____A C:\Users\Josh\Downloads\Micky.wmv
2012-07-28 22:36 - 2012-07-28 23:00 - 319916762 ____A C:\Users\Josh\Downloads\Morgan leigh.wmv
2012-07-28 00:20 - 2012-07-28 00:51 - 310530057 ____A C:\Users\Josh\Downloads\Mairylen 2.wmv
2012-07-27 20:21 - 2012-07-27 21:24 - 00000000 ____D C:\Users\Josh\Local Settings\GRAW2
2012-07-27 20:21 - 2012-07-27 21:24 - 00000000 ____D C:\Users\Josh\Local Settings\Application Data\GRAW2
2012-07-27 20:21 - 2012-07-27 21:24 - 00000000 ____D C:\Users\Josh\AppData\Local\GRAW2
2012-07-27 20:21 - 2012-07-27 20:21 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00133632 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00110592 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00000000 ____D C:\Users\All Users\GRAW2
2012-07-27 20:21 - 2012-07-27 20:21 - 00000000 ____D C:\Users\All Users\Application Data\GRAW2
2012-07-27 20:21 - 2012-07-27 20:21 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-07-26 13:50 - 2008-07-12 07:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-07-26 13:50 - 2008-07-12 07:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-07-26 13:50 - 2008-07-12 07:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-07-26 13:50 - 2008-07-12 07:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-07-26 13:50 - 2008-07-12 07:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-07-26 13:50 - 2008-07-12 07:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-07-25 16:53 - 2012-07-25 16:53 - 00000221 ____A C:\Users\Josh\Desktop\Mass Effect 2.url
2012-07-24 12:31 - 2012-07-24 13:02 - 00000000 ____D C:\Users\Public\Documents\stalker-shoc
2012-07-24 12:31 - 2012-07-24 13:02 - 00000000 ____D C:\Users\All Users\Documents\stalker-shoc
2012-07-23 00:06 - 2012-07-23 00:06 - 00000000 ____D C:\Users\Josh\My Documents\Square Enix
2012-07-23 00:06 - 2012-07-23 00:06 - 00000000 ____D C:\Users\Josh\Documents\Square Enix
2012-07-21 21:33 - 2012-07-21 21:59 - 335537250 ____A C:\Users\Josh\Downloads\Michelle.wmv
2012-07-20 14:45 - 2012-07-20 14:45 - 00000000 ____D C:\Users\Josh\My Documents\4A Games
2012-07-20 14:45 - 2012-07-20 14:45 - 00000000 ____D C:\Users\Josh\Documents\4A Games
2012-07-20 14:43 - 2012-07-20 14:43 - 00000000 ____D C:\Users\Josh\Local Settings\Application Data\4A Games
2012-07-20 14:43 - 2012-07-20 14:43 - 00000000 ____D C:\Users\Josh\Local Settings\4A Games
2012-07-20 14:43 - 2012-07-20 14:43 - 00000000 ____D C:\Users\Josh\AppData\Local\4A Games
2012-07-20 14:38 - 2012-07-20 14:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-07-18 22:47 - 2012-07-18 23:03 - 233628294 ____A C:\Users\Josh\Downloads\Hitomi.wmv
2012-07-18 21:42 - 2012-07-18 22:04 - 217125559 ____A C:\Users\Josh\Downloads\Ashley Sage.wmv
2012-07-18 21:11 - 2012-07-18 21:33 - 295155486 ____A C:\Users\Josh\Downloads\Mairylen.wmv
2012-07-18 18:52 - 2012-07-18 19:14 - 301143342 ____A C:\Users\Josh\Downloads\Anorei.wmv
2012-07-17 17:01 - 2012-07-17 17:11 - 133697708 ____A C:\Users\Josh\Downloads\Bf2SP64_232.zip
2012-07-17 13:51 - 2012-07-17 16:47 - 00000000 ____D C:\Users\Josh\My Documents\Battlefield 2
2012-07-17 13:51 - 2012-07-17 16:47 - 00000000 ____D C:\Users\Josh\Documents\Battlefield 2
2012-07-17 13:49 - 2012-07-17 13:49 - 00000000 ____D C:\Program Files (x86)\GameSpy
2012-07-16 13:09 - 2012-07-16 13:09 - 00000219 ____A C:\Users\Josh\Desktop\Left 4 Dead 2.url

============ 3 Months Modified Files ========================

2012-08-11 21:45 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-11 21:45 - 2009-07-13 23:51 - 00046696 ____A C:\Windows\setupact.log
2012-08-11 21:43 - 2009-07-14 00:13 - 00793326 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-11 21:43 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-11 21:43 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-11 20:29 - 2012-04-28 10:37 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-11 19:14 - 2012-06-04 00:04 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991511301-474424968-620522679-1001UA.job
2012-08-10 11:39 - 2012-04-28 10:37 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-08-09 21:14 - 2012-06-04 00:04 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991511301-474424968-620522679-1001Core.job
2012-08-09 19:49 - 2012-08-09 19:49 - 00073051 ____A C:\Users\Josh\Desktop\gmerlog.log
2012-08-09 19:28 - 2012-08-09 19:28 - 00294216 ____A C:\Users\Josh\Desktop\gmer.zip
2012-08-09 19:27 - 2012-08-09 19:27 - 00294216 ____A C:\Users\Josh\Downloads\gmer.zip
2012-08-09 19:24 - 2012-08-09 19:24 - 00010287 ____A C:\Users\Josh\My Documents\Attatch.txt
2012-08-09 19:24 - 2012-08-09 19:24 - 00010287 ____A C:\Users\Josh\Documents\Attatch.txt
2012-08-09 19:22 - 2012-08-09 19:22 - 00025568 ____A C:\Users\Josh\Desktop\DDS.txt
2012-08-09 19:19 - 2012-08-09 19:19 - 00607260 ____R (Swearware) C:\Users\Josh\Desktop\dds.com
2012-08-09 19:17 - 2012-08-09 19:17 - 00000470 ____A C:\Users\Josh\Desktop\defogger_disable.log
2012-08-09 19:17 - 2012-08-09 19:17 - 00000000 ____A C:\Users\Josh\defogger_reenable
2012-08-09 19:16 - 2012-08-09 19:16 - 00050477 ____A C:\Users\Josh\Desktop\Defogger.exe
2012-08-09 19:01 - 2012-08-09 19:01 - 00004480 ____A C:\Users\Josh\Desktop\Rkill.txt
2012-08-08 22:44 - 2012-08-08 22:29 - 209779436 ____A C:\Users\Josh\Downloads\Rieley 2.wmv
2012-08-08 19:47 - 2012-08-08 19:47 - 00150990 ____A C:\Users\Josh\Downloads\OTL (1).Txt
2012-08-08 19:39 - 2012-08-08 19:39 - 00002006 ____A C:\Users\Josh\Downloads\aswMBR.txt
2012-08-08 19:39 - 2012-08-08 19:39 - 00000512 ____A C:\Users\Josh\Downloads\MBR.dat
2012-08-08 19:34 - 2012-08-08 19:34 - 04731392 ____A (AVAST Software) C:\Users\Josh\Downloads\aswMBR.exe
2012-08-08 19:32 - 2012-08-08 19:32 - 00049202 ____A C:\Users\Josh\Downloads\Extras.Txt
2012-08-08 19:31 - 2012-08-08 19:31 - 00150990 ____A C:\Users\Josh\Downloads\OTL.Txt
2012-08-08 19:16 - 2010-11-20 22:47 - 00078048 ____A C:\Windows\PFRO.log
2012-08-08 19:09 - 2012-08-08 19:09 - 00596480 ____A (OldTimer Tools) C:\Users\Josh\Downloads\OTL.exe
2012-08-08 17:41 - 2012-03-05 18:44 - 00393830 ____A C:\Windows\DirectX.log
2012-08-08 12:58 - 2012-08-08 12:20 - 575547720 ____A C:\Users\Josh\Downloads\Rieley.wmv
2012-08-08 02:53 - 2012-08-07 23:59 - 42421013 ____A C:\Users\Josh\Downloads\Becca 2.wmv
2012-08-07 23:55 - 2012-08-07 23:52 - 32023339 ____A C:\Users\Josh\Downloads\Beccabea update 1.wmv
2012-08-07 18:25 - 2012-08-07 18:24 - 08843408 ____A C:\Users\Josh\Downloads\BE Bouncy.zip
2012-08-07 15:19 - 2012-08-07 14:54 - 242199246 ____A C:\Users\Josh\Downloads\Becca.wmv
2012-08-07 14:53 - 2012-08-07 14:21 - 304845922 ____A C:\Users\Josh\Downloads\Beverly.wmv
2012-08-07 14:19 - 2012-08-07 13:52 - 356349989 ____A C:\Users\Josh\Downloads\Renee 3.wmv
2012-08-07 01:19 - 2012-08-07 01:09 - 147129342 ____A C:\Users\Josh\Downloads\Ashley Robins.wmv
2012-08-06 22:54 - 2012-08-06 22:26 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-06 22:24 - 2012-08-06 22:18 - 89340632 ____A C:\Users\Josh\Downloads\avast_free_antivirus_setup.exe
2012-08-06 21:39 - 2012-08-06 21:29 - 63899792 ____A C:\Users\Josh\Downloads\vpsupd.exe
2012-08-06 21:29 - 2012-08-06 21:29 - 00001632 ____A C:\Users\Josh\Downloads\License.avastlic
2012-08-06 21:28 - 2012-08-06 21:18 - 98468848 ____A C:\Users\Josh\Downloads\AVAST.exe
2012-08-06 02:02 - 2012-08-06 01:35 - 403486170 ____A C:\Users\Josh\Downloads\Lana.wmv
2012-08-04 23:56 - 2012-08-04 23:33 - 295502560 ____A C:\Users\Josh\Downloads\Micky 2.wmv
2012-08-04 23:32 - 2012-08-04 23:00 - 325788930 ____A C:\Users\Josh\Downloads\Josie.wmv
2012-08-04 23:00 - 2012-08-04 22:37 - 364652001 ____A C:\Users\Josh\Downloads\Molly.wmv
2012-08-04 22:32 - 2012-08-04 22:15 - 268730877 ____A C:\Users\Josh\Downloads\Renee 2.wmv
2012-08-04 22:14 - 2012-08-04 22:10 - 68274642 ____A C:\Users\Josh\Downloads\Maria.wmv
2012-08-04 22:07 - 2012-08-04 21:52 - 214970562 ____A C:\Users\Josh\Downloads\Leanne.wmv
2012-08-04 21:52 - 2012-08-04 21:45 - 104318014 ____A C:\Users\Josh\Downloads\Boob olympics 2.wmv
2012-08-04 21:43 - 2012-08-04 21:34 - 136576981 ____A C:\Users\Josh\Downloads\Lorna.wmv
2012-08-04 21:29 - 2012-08-04 21:24 - 79064522 ____A C:\Users\Josh\Downloads\Boob olympics.wmv
2012-08-04 21:23 - 2012-08-04 21:20 - 00000022 ____A C:\Users\Josh\Downloads\plumptopia.zip
2012-08-04 21:19 - 2012-08-04 20:48 - 421303362 ____A C:\Users\Josh\Downloads\Linsey.wmv
2012-08-04 20:48 - 2012-08-04 20:24 - 281617768 ____A C:\Users\Josh\Downloads\Karina.wmv
2012-08-03 20:27 - 2012-08-03 20:03 - 339905172 ____A C:\Users\Josh\Downloads\Sarah.wmv
2012-08-03 19:39 - 2012-08-03 19:17 - 280301601 ____A C:\Users\Josh\Downloads\Renee Ross.wmv
2012-08-03 19:15 - 2012-08-03 18:56 - 253168317 ____A C:\Users\Josh\Downloads\Michelle 2.wmv
2012-08-03 18:50 - 2012-08-03 18:27 - 355793101 ____A C:\Users\Josh\Downloads\Shione.wmv
2012-08-03 18:14 - 2012-08-03 17:58 - 229057884 ____A C:\Users\Josh\Downloads\Dors.wmv
2012-08-03 17:57 - 2012-08-03 17:35 - 295488183 ____A C:\Users\Josh\Downloads\Hitomi 2.wmv
2012-08-03 17:33 - 2012-08-03 17:21 - 175268601 ____A C:\Users\Josh\Downloads\Estelle.wmv
2012-08-03 17:21 - 2012-08-03 17:06 - 186607815 ____A C:\Users\Josh\Downloads\Jenna.wmv
2012-08-03 00:18 - 2012-03-05 18:18 - 02052869 ____A C:\Windows\WindowsUpdate.log
2012-08-02 10:54 - 2012-08-02 10:54 - 00000222 ____A C:\Users\Josh\Desktop\Crysis 2 Maximum Edition.url
2012-08-01 18:43 - 2012-08-01 18:41 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-08-01 18:43 - 2012-08-01 18:41 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-08-01 18:42 - 2012-08-01 18:39 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-08-01 18:42 - 2012-03-05 19:55 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-08-01 18:41 - 2012-08-01 18:41 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-08-01 18:41 - 2012-08-01 18:41 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-08-01 18:41 - 2012-08-01 18:41 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-08-01 18:41 - 2012-08-01 18:39 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-08-01 18:41 - 2012-03-05 19:55 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-08-01 18:40 - 2012-08-01 18:40 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-08-01 18:40 - 2012-08-01 18:40 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-08-01 18:40 - 2012-08-01 18:40 - 00038159 ____A C:\Windows\atiogl.xml
2012-08-01 18:40 - 2012-08-01 18:40 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-08-01 18:40 - 2012-08-01 18:40 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-08-01 18:40 - 2012-08-01 18:40 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat
2012-08-01 18:40 - 2012-08-01 18:40 - 00003917 ____A C:\Windows\System32\atipblag.dat
2012-08-01 18:40 - 2012-03-05 19:55 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-08-01 18:40 - 2012-03-05 19:55 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-08-01 18:40 - 2012-03-05 19:55 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-08-01 18:39 - 2012-08-01 18:39 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-08-01 18:39 - 2012-08-01 18:39 - 00601728 ____A C:\Windows\System32\atiicdxx.dat
2012-08-01 18:39 - 2012-08-01 18:39 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-08-01 18:39 - 2012-08-01 18:39 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-08-01 18:39 - 2012-08-01 18:39 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-08-01 18:39 - 2012-03-05 19:55 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-08-01 18:38 - 2012-08-01 18:38 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-08-01 18:38 - 2012-08-01 18:38 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-08-01 18:38 - 2012-08-01 18:38 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-08-01 18:38 - 2012-08-01 18:37 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-08-01 18:38 - 2012-08-01 18:37 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-08-01 18:38 - 2012-03-05 19:55 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-08-01 18:37 - 2012-08-01 18:37 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-08-01 18:37 - 2012-08-01 18:37 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-08-01 18:37 - 2012-08-01 18:37 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-08-01 18:37 - 2012-08-01 18:37 - 00095760 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AtihdW76.sys
2012-08-01 18:37 - 2012-08-01 18:37 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-08-01 18:37 - 2012-08-01 18:35 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-08-01 18:37 - 2012-03-05 19:55 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-08-01 18:37 - 2012-03-05 19:55 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-08-01 18:36 - 2012-08-01 18:36 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-08-01 18:36 - 2012-08-01 18:36 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-08-01 18:35 - 2012-08-01 18:35 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-08-01 18:35 - 2012-08-01 18:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-08-01 18:35 - 2012-08-01 18:34 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-08-01 18:35 - 2012-08-01 18:34 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-08-01 18:34 - 2012-08-01 18:34 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-08-01 18:34 - 2012-08-01 18:34 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-08-01 18:34 - 2012-08-01 18:34 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-08-01 18:34 - 2012-03-05 19:55 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-08-01 18:33 - 2012-08-01 18:33 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-08-01 18:32 - 2012-08-01 18:32 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-08-01 18:32 - 2012-08-01 18:32 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-08-01 18:32 - 2012-08-01 18:32 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-08-01 18:32 - 2012-08-01 18:32 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-31 18:03 - 2012-07-31 17:46 - 241163721 ____A C:\Users\Josh\Downloads\Dolly.wmv
2012-07-31 10:39 - 2012-05-12 12:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-31 10:39 - 2012-03-05 18:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 20:37 - 2012-07-30 20:17 - 291726982 ____A C:\Users\Josh\Downloads\Micky.wmv
2012-07-28 23:00 - 2012-07-28 22:36 - 319916762 ____A C:\Users\Josh\Downloads\Morgan leigh.wmv
2012-07-28 00:51 - 2012-07-28 00:20 - 310530057 ____A C:\Users\Josh\Downloads\Mairylen 2.wmv
2012-07-27 20:21 - 2012-07-27 20:21 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00133632 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-27 20:21 - 2012-07-27 20:21 - 00110592 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-25 16:53 - 2012-07-25 16:53 - 00000221 ____A C:\Users\Josh\Desktop\Mass Effect 2.url
2012-07-21 21:59 - 2012-07-21 21:33 - 335537250 ____A C:\Users\Josh\Downloads\Michelle.wmv
2012-07-18 23:03 - 2012-07-18 22:47 - 233628294 ____A C:\Users\Josh\Downloads\Hitomi.wmv
2012-07-18 22:04 - 2012-07-18 21:42 - 217125559 ____A C:\Users\Josh\Downloads\Ashley Sage.wmv
2012-07-18 21:33 - 2012-07-18 21:11 - 295155486 ____A C:\Users\Josh\Downloads\Mairylen.wmv
2012-07-18 19:14 - 2012-07-18 18:52 - 301143342 ____A C:\Users\Josh\Downloads\Anorei.wmv
2012-07-18 14:14 - 2009-07-13 23:45 - 00320888 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-17 18:04 - 2012-06-27 00:28 - 00189472 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-17 18:04 - 2012-06-07 01:15 - 00189472 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-17 17:11 - 2012-07-17 17:01 - 133697708 ____A C:\Users\Josh\Downloads\Bf2SP64_232.zip
2012-07-17 15:09 - 2012-04-27 19:50 - 00074400 ____A C:\Users\Josh\Local Settings\GDIPFONTCACHEV1.DAT
2012-07-17 15:09 - 2012-04-27 19:50 - 00074400 ____A C:\Users\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-17 15:09 - 2012-04-27 19:50 - 00074400 ____A C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-17 13:50 - 2012-06-07 01:15 - 00111928 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-17 13:49 - 2012-06-07 01:14 - 00794408 ____A C:\Windows\SysWOW64\pbsvc.exe
2012-07-16 13:09 - 2012-07-16 13:09 - 00000219 ____A C:\Users\Josh\Desktop\Left 4 Dead 2.url
2012-07-07 21:00 - 2012-03-05 18:37 - 00017820 ____A C:\Windows\RPSETUP.EXE.LOG
2012-07-06 22:06 - 2012-07-06 22:06 - 00000221 ____A C:\Users\Josh\Desktop\World in Conflict.url
2012-07-06 20:29 - 2012-07-06 20:28 - 06797329 ____A C:\Users\Josh\Downloads\Karinna.wmv.3rze6dy.partial
2012-07-06 01:06 - 2012-07-06 01:06 - 00000220 ____A C:\Users\Josh\Desktop\Source Filmmaker.url
2012-07-05 00:10 - 2012-07-05 00:10 - 00006584 ____A C:\Users\Josh\Downloads\HL2 settings.zip
2012-07-04 20:52 - 2012-07-04 20:49 - 54179488 ____A C:\Users\Josh\Downloads\Fallout3_1.7_English_US.exe
2012-07-03 12:46 - 2012-08-08 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 11:21 - 2012-08-06 22:54 - 00266776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2012-07-03 11:21 - 2012-08-06 22:54 - 00142128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2012-07-03 11:21 - 2012-08-06 22:54 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2012-07-03 11:21 - 2012-08-06 22:26 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 11:21 - 2012-08-06 22:26 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 11:21 - 2012-08-06 22:26 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 11:21 - 2012-08-06 22:26 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 11:21 - 2012-08-06 22:26 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 11:21 - 2012-08-06 22:26 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 11:21 - 2012-08-06 22:26 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 11:21 - 2012-08-06 22:26 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 11:21 - 2012-08-06 22:26 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-02 16:37 - 2012-07-02 16:37 - 11571303 ____A C:\Users\Josh\Downloads\mall.zip
2012-07-01 23:48 - 2012-07-01 23:47 - 02205779 ____A C:\Users\Josh\Downloads\bestbuy-mds.zip
2012-07-01 23:08 - 2012-07-01 22:30 - 252781498 ____A C:\Users\Josh\Downloads\rp_evocity2_v2p.zip
2012-07-01 22:28 - 2012-07-01 22:26 - 31090340 ____A C:\Users\Josh\Downloads\Counter Terrorist forces.zip
2012-07-01 18:38 - 2012-07-01 18:38 - 02923720 ____A C:\Users\Josh\Downloads\Assasin's creed 2 wallpaper.zip
2012-06-29 22:13 - 2012-06-29 22:13 - 00000221 ____A C:\Users\Josh\Desktop\Cities XL - Limited Edition.url
2012-06-29 14:02 - 2009-07-14 00:08 - 00030080 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-28 22:41 - 2012-06-28 22:41 - 00000781 ____A C:\Users\Josh\Downloads\NPC guns.zip
2012-06-28 22:39 - 2012-06-28 22:39 - 00515666 ____A C:\Users\Josh\Downloads\Realistic guns.zip
2012-06-27 15:33 - 2012-08-06 22:54 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2012-06-27 00:25 - 2012-06-07 01:14 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-25 20:28 - 2012-06-25 20:28 - 00000222 ____A C:\Users\Josh\Desktop\Tom Clancy's Ghost Recon Future Soldier.url
2012-06-22 22:46 - 2012-06-22 22:46 - 00000221 ____A C:\Users\Josh\Desktop\Assassin's Creed II.url
2012-06-18 14:55 - 2012-06-18 14:46 - 129801903 ____A C:\Users\Josh\Downloads\Clonebine 3.0.zip
2012-06-18 00:48 - 2012-06-18 00:42 - 94570979 ____A C:\Users\Josh\Downloads\Clonebine enemy.zip
2012-06-18 00:39 - 2012-06-18 00:38 - 19575676 ____A C:\Users\Josh\Downloads\Pripyat.zip
2012-06-18 00:34 - 2012-06-18 00:27 - 83432831 ____A C:\Users\Josh\Downloads\Clonebine.zip
2012-06-17 16:48 - 2012-06-17 16:48 - 00000220 ____A C:\Users\Josh\Desktop\Call of Duty 4 Modern Warfare.url
2012-06-16 19:59 - 2012-06-16 19:43 - 206508011 ____A C:\Users\Josh\Downloads\Christy Marks bra.wmv
2012-06-11 22:08 - 2012-07-11 02:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-07-10 19:45 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-10 19:45 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 01:16 - 2011-02-10 11:10 - 00809452 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-06 01:06 - 2012-07-10 19:45 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-10 19:45 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-10 19:45 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-10 19:45 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-10 19:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-10 19:46 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-22 14:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 14:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 14:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 14:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 14:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 14:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 14:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 14:14 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 14:14 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-11 02:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-11 02:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-11 02:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-11 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:05 - 2012-07-11 02:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:04 - 2012-07-11 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:04 - 2012-07-11 02:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:03 - 2012-07-11 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-11 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-11 02:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-11 02:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-11 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-11 02:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-11 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-11 02:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-11 02:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-11 02:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-11 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-11 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-11 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-11 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-11 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-11 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-11 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-11 02:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-11 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-11 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-11 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:50 - 2012-07-10 19:46 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-10 19:46 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-10 19:46 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-10 19:46 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-10 19:46 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-10 19:46 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-10 19:46 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-10 19:46 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-10 19:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-11-20 22:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-25 18:48 - 2012-05-25 18:42 - 128183179 ____A C:\Users\Josh\My Documents\Survivor Guilt.wmv
2012-05-25 18:48 - 2012-05-25 18:42 - 128183179 ____A C:\Users\Josh\Documents\Survivor Guilt.wmv
2012-05-25 18:40 - 2012-05-25 00:38 - 00100288 ____A C:\Users\Josh\My Documents\Survivor Guilt.veg
2012-05-25 18:40 - 2012-05-25 00:38 - 00100288 ____A C:\Users\Josh\Documents\Survivor Guilt.veg
2012-05-25 18:29 - 2012-05-25 00:38 - 00100288 ____A C:\Users\Josh\My Documents\Survivor Guilt.veg.bak
2012-05-25 18:29 - 2012-05-25 00:38 - 00100288 ____A C:\Users\Josh\Documents\Survivor Guilt.veg.bak
2012-05-24 23:06 - 2012-05-24 22:58 - 31169751 ____A C:\Users\Josh\Downloads\Vietnam video.flv
2012-05-24 22:51 - 2012-05-24 22:48 - 08696304 ____A C:\Users\Josh\Downloads\M1a1-Abrams-Tanks-In-Action-,iraq-1991[www.savevid.com].flv
2012-05-24 22:47 - 2012-05-24 22:47 - 01957506 ____A C:\Users\Josh\Downloads\Soldiers walking.flv
2012-05-24 22:35 - 2012-05-24 22:35 - 00003584 ____A C:\Users\Josh\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-24 22:35 - 2012-05-24 22:35 - 00003584 ____A C:\Users\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-24 22:35 - 2012-05-24 22:35 - 00003584 ____A C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-24 22:34 - 2012-05-24 22:34 - 07357440 ____A C:\Users\Josh\Downloads\MM26_ENU.msi
2012-05-24 22:08 - 2012-05-24 22:06 - 10632864 ____A C:\Users\Josh\Downloads\Goggle test.flv
2012-05-24 22:06 - 2012-05-24 22:03 - 28518536 ____A (Any-Video-Converter.com ) C:\Users\Josh\Downloads\any-video-converter.exe
2012-05-24 21:55 - 2012-05-24 21:53 - 04922145 ____A C:\Users\Josh\Downloads\Catch 22.flv
2012-05-24 21:51 - 2012-05-24 21:50 - 05792560 ____A (Bandoo Media, Inc ) C:\Users\Josh\Downloads\save vid.exe
2012-05-23 22:57 - 2012-05-23 22:43 - 213003208 ____A (Sony Creative Software Inc.) C:\Users\Josh\Downloads\vegaspro11.0.682_32bit.exe
2012-05-20 14:37 - 2012-05-20 14:35 - 42740007 ____A C:\Users\Josh\Downloads\Townsend.zip

ZeroAccess:
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\@
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\L
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\U
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\L\00000004.@
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\L\201d3dde
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\U\00000004.@
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\U\00000008.@
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\U\000000cb.@
C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\U\80000000.@

ZeroAccess:
C:\Users\Josh\AppData\Local\{e4d3cf76-faf8-6a8b-5173-6b5070574552}
C:\Users\Josh\AppData\Local\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\@
C:\Users\Josh\AppData\Local\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\L
C:\Users\Josh\AppData\Local\{e4d3cf76-faf8-6a8b-5173-6b5070574552}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8174.46 MB
Available physical RAM: 7366.98 MB
Total Pagefile: 8172.66 MB
Available Pagefile: 7361.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:609.68 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive i: (UDISK 2.0) (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 120 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 13 GB 40 MB
Partition 3 Primary 918 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 918 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I UDISK 2.0 FAT Removable 120 MB Healthy

==================================================================================

Last Boot: 2012-08-07 09:49

======================= End Of Log ==========================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:04 PM

Posted 11 August 2012 - 08:05 PM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552}
C:\Users\Josh\AppData\Local\{e4d3cf76-faf8-6a8b-5173-6b5070574552}
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



2.
We need to find a replacement file on your system

Please do the following:

  • boot into System Recovery Options and run FRST64.
  • Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

Click Search button and post the log it makes to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 phantomx11

phantomx11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 11 August 2012 - 08:29 PM

Alright:
Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 22:19:48 Run:1
Running from I:\

==============================================

C:\Windows\Installer\{e4d3cf76-faf8-6a8b-5173-6b5070574552} moved successfully.
C:\Users\Josh\AppData\Local\{e4d3cf76-faf8-6a8b-5173-6b5070574552} moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

==== End of Fixlog ====

Search Log:

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 22:20:04
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

(I hope I did everything right...)

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:04 PM

Posted 11 August 2012 - 10:40 PM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


Things to include in your next reply:;
fixlog.txt
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:04 PM

Posted 13 August 2012 - 02:24 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:04 PM

Posted 16 August 2012 - 04:46 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users