TechSpot

Another sirefef thread...

By MS.11
Jul 23, 2012
  1. Just a few hours ago, I reinstalled MSE and suddenly it tells me that windows has encountered a critical problem and that it will restart in one minute... It's been rebooting every time it turns on I only get to use my laptop for a minute or so before it automatically reboots without me doing anything. I'm quite sure I am experiencing the SIREFEF TROJAN/MALWARE/VIRUS...

    Please help ASAP!! I really need to fix this as soon as possible!!

    Much appreciated..
     
  2. MS.11

    MS.11 TS Rookie Topic Starter

    To make things quicker and easier, I followed what the others did..

    Below is my FRST log

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 23-07-2012 12:42:37
    Running from D:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-06-21] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2040352 2010-06-21] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)
    HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Owner\...\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [x]
    HKU\Owner\...\Run: [WeatherEye] C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe [x]
    HKU\Owner\...\Run: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
    HKU\Owner\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
    HKU\Owner\...\Run: [cmdhe] rundll32.exe "C:\Users\Owner\AppData\Roaming\cmdhe.dll",AInputSegment [147456 2012-07-21] (DT Soft Ltd)
    HKU\Owner\...\Run: [bcausv] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\bcausv.dll",CreateCubeTextureFromResourceW [431104 2012-07-21] ()
    Tcpip\Parameters: [DhcpNameServer] 64.59.144.90 64.59.150.136
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

    ==================== Services (Whitelisted) ======

    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [655712 2012-05-03] ()
    2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] ()
    2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-06-25] ()
    2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=2000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [252416 2010-05-25] (Sony Corporation)
    2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
    3 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1021840 2011-04-20] (Sony Corporation)
    2 WDFME; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1066896 2011-03-09] ()
    2 WDSC; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [491920 2011-03-09] ()

    ========================== Drivers (Whitelisted) =============

    3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-11-12] (DT Soft Ltd)
    3 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-05-03] (Huawei Technologies Co., Ltd.)
    3 ew_usbenumfilter; C:\Windows\System32\Drivers\ew_usbenumfilter.sys [13952 2012-05-03] (Huawei Technologies Co., Ltd.)
    3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [98304 2012-05-03] (Huawei Technologies Co., Ltd.)
    3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [87040 2012-05-03] (Huawei Technologies Co., Ltd.)
    3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [28672 2012-05-03] (Huawei Technologies Co., Ltd.)
    3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2012-05-03] (Huawei Technologies Co., Ltd.)
    1 eihwzahq; \??\C:\Windows\system32\drivers\eihwzahq.sys [x]
    3 GGSAFERDriver; \??\C:\Program Files (x86)\GarenaHoN\GameData\Room\safedrv.sys [x]
    2 MSSQL$DDNI; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-23 11:38 - 2012-07-23 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E301EBB67F5F1C58
    2012-07-23 11:38 - 2012-07-23 11:38 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmwulhew.sys
    2012-07-23 11:35 - 2012-07-23 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31FD26909E272C61
    2012-07-23 11:33 - 2012-07-23 11:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12CD4D7068C7613
    2012-07-23 11:31 - 2012-07-23 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAF82740E76F58F
    2012-07-23 11:28 - 2012-07-23 11:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D013B75A0851FE6
    2012-07-23 11:24 - 2012-07-23 11:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B32CCB8D8C3B05C
    2012-07-23 11:18 - 2012-07-23 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04964D9EA38B2331
    2012-07-23 11:15 - 2012-07-23 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.421E78A5898B1715
    2012-07-23 11:05 - 2012-07-23 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF01DFFF5E6E24A2
    2012-07-23 11:02 - 2012-07-23 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFEE713C1C09294E
    2012-07-23 11:02 - 2012-07-23 11:02 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yonxypik.sys
    2012-07-23 10:59 - 2012-07-23 10:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1F9A5C62D30EE80
    2012-07-23 10:56 - 2012-07-23 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CFD7D699FC7D87D8
    2012-07-23 10:53 - 2012-07-23 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.165827F91942E625
    2012-07-23 10:49 - 2012-07-23 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.043024006CE0C071
    2012-07-23 10:42 - 2012-07-23 10:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.815B2A46A2909DCC
    2012-07-23 10:37 - 2012-07-23 10:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-23 10:37 - 2012-07-23 10:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-23 10:37 - 2012-07-23 10:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\mseinstall.exe
    2012-07-22 23:26 - 2012-07-22 23:26 - 00000000 ____D C:\Users\Owner\Documents\Remedy
    2012-07-22 23:03 - 2012-07-22 23:03 - 00000000 ____D C:\Program Files (x86)\Remedy Entertainment
    2012-07-22 08:38 - 2012-07-22 21:33 - 00000000 ____D C:\Users\Owner\Desktop\turn left turn right the movie
    2012-07-22 05:57 - 2012-07-22 05:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Macromedia
    2012-07-22 01:03 - 2012-07-22 01:03 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-07-21 23:29 - 2012-07-21 23:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-21 23:03 - 2012-07-23 10:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-21 23:03 - 2012-07-22 01:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-21 23:03 - 2012-07-21 23:03 - 00431104 ____A C:\Users\Owner\AppData\Roaming\bcausv.dll
    2012-07-21 23:03 - 2012-07-21 23:03 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-21 23:03 - 2012-07-21 23:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{5A65F492-D3CB-11E1-8270-B8AC6F996F26}
    2012-07-21 23:02 - 2012-07-21 23:02 - 00147456 ____A (DT Soft Ltd) C:\Users\Owner\AppData\Roaming\cmdhe.dll
    2012-07-21 18:25 - 2012-07-22 23:26 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
    2012-07-21 18:25 - 2012-07-21 18:25 - 00000000 ____D C:\Users\All Users\Rockstar Games
    2012-07-21 17:41 - 2012-07-21 17:41 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2012-07-21 17:39 - 2012-07-21 17:51 - 00000000 ____D C:\Users\Owner\Documents\Rockstar Games
    2012-07-21 15:36 - 2012-07-21 18:14 - 00000000 ____D C:\Program Files (x86)\Black_Box
    2012-07-20 09:18 - 2012-07-20 09:31 - 684116331 ____A C:\Users\Owner\Desktop\Max.Payne.2008.UNRATED.720p.BluRay.x264.YIFY.mp4
    2012-07-17 18:02 - 2012-07-20 16:09 - 00000265 ____A C:\Users\Owner\d3d_antilag.log
    2012-07-17 05:10 - 2012-07-17 05:10 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-17 05:10 - 2010-11-08 02:09 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
    2012-07-17 05:09 - 2012-07-17 05:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-07-17 05:06 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-17 05:06 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-07-17 05:06 - 2012-05-15 02:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-07-17 05:06 - 2012-04-18 09:08 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
    2012-07-17 05:06 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-07-17 05:06 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-07-17 05:05 - 2012-07-17 05:05 - 00000000 ____D C:\NVIDIA
    2012-07-15 16:56 - 2012-07-18 19:56 - 1467291648 ____A C:\Users\Owner\Desktop\Battleship.2012.R6.WEBSCR.XviD-NFT.avi
    2012-07-14 17:13 - 2012-07-14 17:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Fallout3
    2012-07-14 16:39 - 2012-07-14 16:39 - 00000000 ____D C:\Windows\SysWOW64\xlive
    2012-07-14 03:39 - 2012-07-14 18:37 - 734212096 ____A C:\Users\Owner\Desktop\scr-ravenxvid.avi
    2012-07-12 10:33 - 2012-07-15 14:07 - 00000000 ____D C:\Users\Owner\Desktop\work
    2012-07-12 10:08 - 2012-07-22 23:32 - 00000000 ____D C:\Users\Owner\Desktop\Myles
    2012-07-12 10:08 - 2012-07-12 11:02 - 1522851324 ____A C:\Users\Owner\Desktop\The.Dictator.2012.TS.NEW.XviD-HOPE.avi
    2012-07-07 16:36 - 2012-07-07 16:36 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-07-05 13:19 - 2012-07-05 13:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{F089CD51-EA72-4DF8-91E2-CF6B25F20AB7}
    2012-07-02 12:04 - 2012-07-02 12:04 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-07-02 12:04 - 2012-07-02 12:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-26 22:48 - 2012-06-26 22:49 - 00000000 ____D C:\Users\Owner\Desktop\New folder (4)
    2012-06-24 23:34 - 2012-06-24 23:55 - 00000000 ____D C:\Program Files (x86)\2K Sports
    2012-06-24 21:28 - 2012-06-24 21:28 - 00324337 ____A C:\test.xml
    2012-06-24 21:24 - 2012-06-24 21:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Auslogics
    2012-06-24 20:33 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-24 20:33 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-24 20:33 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-24 20:33 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-24 20:33 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-24 20:33 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-24 20:33 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-24 20:33 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-24 20:33 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-24 20:33 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-24 20:33 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-24 20:33 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-24 20:33 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-24 20:33 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-24 20:33 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-24 20:33 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-24 20:33 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-24 20:33 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-24 20:33 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-24 20:33 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-24 20:33 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-24 20:33 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-24 20:33 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-24 20:33 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-24 20:33 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-24 20:33 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-24 20:33 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-24 20:33 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-24 20:32 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-24 20:32 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-24 20:32 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-24 20:32 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-24 20:32 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-06-24 20:32 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-06-24 20:31 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-24 20:31 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-24 20:31 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-24 20:31 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-24 20:31 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-24 20:31 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-24 20:31 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-24 20:31 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-24 20:31 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-24 20:31 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-24 20:31 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-24 20:31 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-24 20:31 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-24 20:30 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-06-24 20:29 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-06-24 07:44 - 2012-06-24 07:48 - 00000000 ____D C:\Program Files (x86)\PBACHP2K12
    2012-06-23 22:26 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-23 22:26 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-23 22:26 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-23 22:26 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-23 22:26 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-23 22:26 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-23 22:26 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-23 22:26 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-23 22:26 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-23 10:55 - 2012-06-23 10:59 - 00000000 ____D C:\Users\Owner\Desktop\Adventure Time Season 1 Complete
    2012-06-23 07:54 - 1997-06-06 14:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
    2012-06-23 07:31 - 2012-06-23 07:40 - 00000000 ____D C:\Users\All Users\EPS
    2012-06-23 07:19 - 2012-06-23 07:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WNR
    2012-06-23 07:19 - 2012-06-23 07:19 - 00000000 ____D C:\Users\All Users\WNR
    2012-06-23 06:59 - 2012-06-23 06:59 - 00001436 ____A C:\Users\Owner\Desktop\GarenaHon Launcher.lnk
    2012-06-23 03:53 - 2012-06-23 03:53 - 00000000 ____A C:\Windows\SysWOW64\debug.log
    2012-06-23 03:18 - 2012-06-23 03:18 - 00000000 ____D C:\Users\Owner\Documents\Heroes of Newerth (Garena)
    2012-06-23 02:15 - 2012-06-23 02:15 - 02564440 ____A C:\Users\Owner\Desktop\HoNInstaller.exe


    ============ 3 Months Modified Files ========================

    2012-07-23 11:38 - 2012-07-23 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E301EBB67F5F1C58
    2012-07-23 11:38 - 2012-07-23 11:38 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmwulhew.sys
    2012-07-23 11:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-23 11:37 - 2009-07-13 20:51 - 00111109 ____A C:\Windows\setupact.log
    2012-07-23 11:35 - 2012-07-23 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31FD26909E272C61
    2012-07-23 11:33 - 2012-07-23 11:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12CD4D7068C7613
    2012-07-23 11:31 - 2012-07-23 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAF82740E76F58F
    2012-07-23 11:28 - 2012-07-23 11:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D013B75A0851FE6
    2012-07-23 11:24 - 2012-07-23 11:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B32CCB8D8C3B05C
    2012-07-23 11:24 - 2010-11-08 02:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-23 11:23 - 2010-09-19 08:26 - 00228608 ____A C:\Windows\PFRO.log
    2012-07-23 11:18 - 2012-07-23 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04964D9EA38B2331
    2012-07-23 11:15 - 2012-07-23 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.421E78A5898B1715
    2012-07-23 11:05 - 2012-07-23 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF01DFFF5E6E24A2
    2012-07-23 11:02 - 2012-07-23 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFEE713C1C09294E
    2012-07-23 11:02 - 2012-07-23 11:02 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yonxypik.sys
    2012-07-23 10:59 - 2012-07-23 10:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1F9A5C62D30EE80
    2012-07-23 10:56 - 2012-07-23 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CFD7D699FC7D87D8
    2012-07-23 10:53 - 2012-07-23 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.165827F91942E625
    2012-07-23 10:49 - 2012-07-23 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.043024006CE0C071
    2012-07-23 10:48 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-23 10:43 - 2011-01-26 22:21 - 01822189 ____A C:\Windows\WindowsUpdate.log
    2012-07-23 10:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 10:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 10:42 - 2012-07-23 10:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.815B2A46A2909DCC
    2012-07-23 10:38 - 2011-06-08 16:49 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-23 10:38 - 2011-06-08 16:45 - 00797608 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-23 10:37 - 2012-07-23 10:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\mseinstall.exe
    2012-07-23 10:23 - 2010-11-08 02:14 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-23 10:03 - 2012-07-21 23:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-23 09:57 - 2011-10-18 22:29 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2273060681-3129434345-4219941006-1005UA.job
    2012-07-23 09:46 - 2009-07-13 21:13 - 00783458 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-22 15:57 - 2011-10-18 22:29 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2273060681-3129434345-4219941006-1005Core.job
    2012-07-22 01:03 - 2012-07-22 01:03 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-07-22 01:03 - 2012-07-21 23:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-22 01:03 - 2011-07-27 16:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-21 23:03 - 2012-07-21 23:03 - 00431104 ____A C:\Users\Owner\AppData\Roaming\bcausv.dll
    2012-07-21 23:02 - 2012-07-21 23:02 - 00147456 ____A (DT Soft Ltd) C:\Users\Owner\AppData\Roaming\cmdhe.dll
    2012-07-20 16:09 - 2012-07-17 18:02 - 00000265 ____A C:\Users\Owner\d3d_antilag.log
    2012-07-20 09:31 - 2012-07-20 09:18 - 684116331 ____A C:\Users\Owner\Desktop\Max.Payne.2008.UNRATED.720p.BluRay.x264.YIFY.mp4
    2012-07-18 19:56 - 2012-07-15 16:56 - 1467291648 ____A C:\Users\Owner\Desktop\Battleship.2012.R6.WEBSCR.XviD-NFT.avi
    2012-07-17 05:10 - 2012-07-17 05:10 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-14 18:37 - 2012-07-14 03:39 - 734212096 ____A C:\Users\Owner\Desktop\scr-ravenxvid.avi
    2012-07-14 16:41 - 2010-11-08 02:49 - 00330998 ____A C:\Windows\DirectX.log
    2012-07-12 11:02 - 2012-07-12 10:08 - 1522851324 ____A C:\Users\Owner\Desktop\The.Dictator.2012.TS.NEW.XviD-HOPE.avi
    2012-07-07 16:36 - 2012-07-07 16:36 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-06-24 21:28 - 2012-06-24 21:28 - 00324337 ____A C:\test.xml
    2012-06-24 21:09 - 2009-07-13 20:45 - 04899752 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-23 06:59 - 2012-06-23 06:59 - 00001436 ____A C:\Users\Owner\Desktop\GarenaHon Launcher.lnk
    2012-06-23 06:56 - 2011-06-29 14:44 - 00045270 ____A C:\Users\Owner\AppData\Roaming\room_v3.dat
    2012-06-23 03:53 - 2012-06-23 03:53 - 00000000 ____A C:\Windows\SysWOW64\debug.log
    2012-06-23 02:15 - 2012-06-23 02:15 - 02564440 ____A C:\Users\Owner\Desktop\HoNInstaller.exe
    2012-06-05 01:55 - 2011-12-27 01:11 - 00001019 ____A C:\Users\Owner\Desktop\Dropbox.lnk
    2012-06-03 22:28 - 2011-06-08 17:08 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-06-23 22:26 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-23 22:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-23 22:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-23 22:26 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-23 22:26 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-23 22:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-23 22:26 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-23 22:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-23 22:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-17 18:47 - 2012-06-24 20:33 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-24 20:33 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-24 20:33 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-24 20:33 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-24 20:33 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-24 20:33 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-24 20:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-24 20:33 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-24 20:33 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-24 20:33 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-24 20:33 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-24 20:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-24 20:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-24 20:33 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-24 20:33 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-24 20:33 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-24 20:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-24 20:33 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-24 20:33 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-24 20:33 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-24 20:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-24 20:33 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-24 20:33 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-24 20:33 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-24 20:33 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-24 20:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-24 20:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-24 20:33 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-07-17 05:06 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-07-17 05:06 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2010-09-19 08:57 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 01:29 - 2010-07-18 17:36 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2010-07-18 17:36 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-05-15 01:29 - 2010-07-18 17:36 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2010-07-18 17:36 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2010-07-18 17:36 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2010-07-18 17:36 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-14 17:32 - 2012-06-24 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-04 03:06 - 2012-06-24 20:32 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-24 20:32 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-24 20:32 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 23:01 - 2012-05-03 23:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
    2012-05-03 23:01 - 2012-05-03 23:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
    2012-05-03 23:00 - 2012-05-03 23:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
    2012-05-03 22:59 - 2012-05-03 23:00 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
    2012-05-03 22:59 - 2012-05-03 23:00 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01007.dll
    2012-05-03 22:59 - 2012-05-03 23:00 - 01001472 ____A (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00421888 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbwwan.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00223744 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juwwanecm.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00223232 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00117248 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00098304 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcacm.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00087040 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jubusenum.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00072192 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcecm.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00032768 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00028672 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juextctrl.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00022016 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwupgrade.sys
    2012-05-03 22:59 - 2012-05-03 23:00 - 00013952 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
    2012-05-02 15:20 - 2012-05-02 15:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
    2012-04-30 21:40 - 2012-06-24 20:31 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-24 20:31 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 15:41 - 2012-04-26 15:41 - 00000000 ____A C:\Windows\SysWOW64\sho5B45.tmp
    2012-04-25 21:41 - 2012-06-24 20:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-24 20:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-24 20:31 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


    ZeroAccess:
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\@
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\L
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\n
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\U
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\L\00000004.@
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\L\201d3dde
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\U\00000008.@
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\U\80000032.@
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\U\80000064.@

    ZeroAccess:
    C:\Users\Owner\AppData\Local\{bf2a47dd-a5fb-1224-817b-224de62e0fee}
    C:\Users\Owner\AppData\Local\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\@
    C:\Users\Owner\AppData\Local\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\L
    C:\Users\Owner\AppData\Local\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4076.93 MB
    Available physical RAM: 3438.56 MB
    Total Pagefile: 4075.08 MB
    Available Pagefile: 3430.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:455.61 GB) (Free:166.68 GB) NTFS
    2 Drive d: (usb) (Removable) (Total:7.51 GB) (Free:7.45 GB) NTFS
    3 Drive f: (Recovery) (Fixed) (Total:10.06 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7701 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 10 GB 1024 KB
    Partition 2 Primary 100 MB 10 GB
    Partition 3 Primary 455 GB 10 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F Recovery NTFS Partition 10 GB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 455 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7695 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D usb NTFS Removable 7695 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-19 02:58

    ======================= End Of Log ==========================
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  4. MS.11

    MS.11 TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-23 13:14:05
    Running from D:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  6. MS.11

    MS.11 TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-23 14:30:06 Run:1
    Running from D:\

    ==============================================

    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee} moved successfully.
    C:\Users\Owner\AppData\Local\{bf2a47dd-a5fb-1224-817b-224de62e0fee} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====

    Well...as of now my laptop was able to boot normally and still no signs of it saying that it will reboot in a minute
     
  7. MS.11

    MS.11 TS Rookie Topic Starter

    can I use my computer now?
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hang loose. Don't get in to banking or personal sites yet...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  9. MS.11

    MS.11 TS Rookie Topic Starter

    ComboFix 12-07-25.04 - Owner 07/24/2012 7:16.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2409 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
    c:\users\Owner\AppData\Roaming\bcausv.dll
    c:\users\Owner\AppData\Roaming\cmdhe.dll
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 14:24 . 2012-07-24 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-24 14:24 . 2012-07-24 14:24 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
    2012-07-23 21:11 . 2012-07-23 21:11 328704 ----a-w- c:\windows\system32\services.exe.AB2F47B5F3AFEBB7
    2012-07-23 21:05 . 2012-07-23 21:05 328704 ----a-w- c:\windows\system32\services.exe.6C57578BECB69843
    2012-07-23 20:42 . 2012-07-23 20:42 -------- d-----w- C:\FRST
    2012-07-23 19:38 . 2012-07-23 19:38 328704 ----a-w- c:\windows\system32\services.exe.E301EBB67F5F1C58
    2012-07-23 19:35 . 2012-07-23 19:35 328704 ----a-w- c:\windows\system32\services.exe.31FD26909E272C61
    2012-07-23 19:33 . 2012-07-23 19:33 328704 ----a-w- c:\windows\system32\services.exe.F12CD4D7068C7613
    2012-07-23 19:31 . 2012-07-23 19:31 328704 ----a-w- c:\windows\system32\services.exe.4BAF82740E76F58F
    2012-07-23 19:28 . 2012-07-23 19:28 328704 ----a-w- c:\windows\system32\services.exe.1D013B75A0851FE6
    2012-07-23 19:24 . 2012-07-23 19:24 328704 ----a-w- c:\windows\system32\services.exe.6B32CCB8D8C3B05C
    2012-07-23 19:18 . 2012-07-23 19:18 328704 ----a-w- c:\windows\system32\services.exe.04964D9EA38B2331
    2012-07-23 19:15 . 2012-07-23 19:15 328704 ----a-w- c:\windows\system32\services.exe.421E78A5898B1715
    2012-07-23 19:14 . 2012-07-24 14:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35B42352-B904-4ADB-B2F5-52316FBDE05A}\offreg.dll
    2012-07-23 19:05 . 2012-07-23 19:05 328704 ----a-w- c:\windows\system32\services.exe.CF01DFFF5E6E24A2
    2012-07-23 19:02 . 2012-07-23 19:02 50392 ----a-w- c:\windows\system32\drivers\yonxypik.sys
    2012-07-23 19:02 . 2012-07-23 19:02 328704 ----a-w- c:\windows\system32\services.exe.DFEE713C1C09294E
    2012-07-23 18:59 . 2012-07-23 18:59 328704 ----a-w- c:\windows\system32\services.exe.E1F9A5C62D30EE80
    2012-07-23 18:56 . 2012-07-23 18:56 328704 ----a-w- c:\windows\system32\services.exe.CFD7D699FC7D87D8
    2012-07-23 18:53 . 2012-07-23 18:53 328704 ----a-w- c:\windows\system32\services.exe.165827F91942E625
    2012-07-23 18:49 . 2012-07-23 18:49 328704 ----a-w- c:\windows\system32\services.exe.043024006CE0C071
    2012-07-23 18:42 . 2012-07-23 18:42 328704 ----a-w- c:\windows\system32\services.exe.815B2A46A2909DCC
    2012-07-23 18:39 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1086842A-3D12-49AA-88B2-09DC177A708D}\gapaengine.dll
    2012-07-23 18:39 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35B42352-B904-4ADB-B2F5-52316FBDE05A}\mpengine.dll
    2012-07-23 18:37 . 2012-07-23 18:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-23 18:37 . 2012-07-23 18:38 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-23 07:03 . 2012-07-23 07:03 -------- d-----w- c:\program files (x86)\Remedy Entertainment
    2012-07-22 13:57 . 2012-07-22 13:57 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
    2012-07-22 09:03 . 2012-07-22 09:03 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-22 07:29 . 2012-07-22 07:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-22 07:03 . 2012-07-22 07:03 -------- d-----w- c:\users\Owner\AppData\Local\{5A65F492-D3CB-11E1-8270-B8AC6F996F26}
    2012-07-22 07:03 . 2012-07-22 09:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-22 07:03 . 2012-07-22 07:03 -------- d-----w- c:\windows\system32\Macromed
    2012-07-22 02:25 . 2012-07-23 07:26 -------- d-----w- c:\users\Owner\AppData\Local\SKIDROW
    2012-07-22 02:25 . 2012-07-22 02:25 -------- d-----w- c:\programdata\Rockstar Games
    2012-07-22 01:41 . 2012-07-22 01:41 -------- d-----w- c:\program files (x86)\Rockstar Games
    2012-07-21 23:36 . 2012-07-22 02:14 -------- d-----w- c:\program files (x86)\Black_Box
    2012-07-17 13:10 . 2012-07-23 17:53 -------- d-----w- c:\users\UpdatusUser
    2012-07-17 13:09 . 2012-07-17 13:10 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-07-17 13:05 . 2012-07-17 13:05 -------- d-----w- C:\NVIDIA
    2012-07-15 01:13 . 2012-07-15 01:19 -------- d-----w- c:\users\Owner\AppData\Local\Fallout3
    2012-07-15 00:39 . 2012-07-15 00:39 -------- d-----w- c:\windows\SysWow64\xlive
    2012-07-02 20:04 . 2012-07-02 20:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-02 20:04 . 2012-07-02 20:04 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-02 20:04 . 2012-07-02 20:04 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-02 20:04 . 2012-07-02 20:04 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-07-02 20:04 . 2012-07-02 20:04 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-06-25 07:34 . 2012-06-25 07:55 -------- d-----w- c:\program files (x86)\2K Sports
    2012-06-25 05:24 . 2012-06-25 05:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
    2012-06-25 04:32 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-25 04:32 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-25 04:32 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-25 04:32 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-06-25 04:32 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-06-25 04:32 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-25 04:30 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-06-25 04:29 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-06-25 04:29 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-25 04:29 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-06-25 04:29 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-06-25 04:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-25 04:29 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-06-24 15:44 . 2012-06-24 15:48 -------- d-----w- c:\program files (x86)\PBACHP2K12
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-22 09:03 . 2011-07-28 00:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-04 06:28 . 2011-06-09 01:08 58957832 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-24 06:26 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-24 06:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-24 06:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-24 06:26 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-24 06:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-24 06:26 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-24 06:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-24 06:26 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-24 06:26 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-15 10:48 . 2010-09-19 16:57 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2010-09-19 16:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2010-09-19 16:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2010-09-19 16:57 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2010-09-19 16:57 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2010-09-19 16:57 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2010-09-19 16:57 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 09:29 . 2010-07-19 01:36 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2010-07-19 01:36 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2010-07-19 01:36 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2010-07-19 01:36 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2010-07-19 01:36 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2010-07-19 01:36 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-04 06:59 . 2012-05-04 07:00 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2012-05-04 06:59 . 2012-05-04 07:00 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2012-05-04 06:59 . 2012-05-04 07:00 223744 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2012-05-04 06:59 . 2012-05-04 07:00 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2012-05-04 06:59 . 2012-05-04 07:00 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2012-05-04 06:59 . 2012-05-04 07:00 421888 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
    2012-05-04 06:59 . 2012-05-04 07:00 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2012-05-04 06:59 . 2012-05-04 07:00 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
    2012-05-04 06:59 . 2012-05-04 07:00 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2012-05-04 06:59 . 2012-05-04 07:00 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2012-04-26 23:41 . 2012-04-26 23:41 0 ----a-w- c:\windows\SysWow64\sho5B45.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 eihwzahq;eihwzahq;c:\windows\system32\drivers\eihwzahq.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [2012-05-04 655712]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 250056]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-21 342056]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-21 39464]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-05-04 117248]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-05-04 13952]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\GarenaHoN\GameData\Room\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-05-04 98304]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-05-04 28672]
    R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-05-04 223744]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-07-16 158720]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 VBTUSB;VBTUSB.Sys VAIO Bluetooth Driver over USB device;c:\windows\system32\Drivers\VBTUSB.sys [2010-06-17 14848]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-09 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-13 279616]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-05-04 87040]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-06-23 402720]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 09:03]
    .
    2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2273060681-3129434345-4219941006-1005Core.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 23:52]
    .
    2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2273060681-3129434345-4219941006-1005UA.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 23:52]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 10:14]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 10:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 210.4.97.107:3128
    IE: Free YouTube Download - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 64.59.144.90 64.59.150.136
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dathwr23.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
    Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
    Wow6432Node-HKCU-Run-Rainlendar2 - c:\program files (x86)\Rainlendar2\Rainlendar2.exe
    Wow6432Node-HKCU-Run-WeatherEye - c:\users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
    Wow6432Node-HKCU-Run-cmdhe - c:\users\Owner\AppData\Roaming\cmdhe.dll
    Wow6432Node-HKCU-Run-bcausv - c:\users\Owner\AppData\Roaming\bcausv.dll
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    AddRemove-Fallout Mod Manager_is1 - c:\program files (x86)\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe
    AddRemove-Pixel Ruler - c:\program files (x86)\Mioplanet\Pixel Ruler\setup_maintenance.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
    AddRemove-The Weather Network - c:\users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2273060681-3129434345-4219941006-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2273060681-3129434345-4219941006-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-24 07:27:51
    ComboFix-quarantined-files.txt 2012-07-24 14:27
    .
    Pre-Run: 178,951,446,528 bytes free
    Post-Run: 182,904,496,128 bytes free
    .
    - - End Of File - - 982191F6DC26A81BB41BDAB4D9A6A7A6
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  11. MS.11

    MS.11 TS Rookie Topic Starter

    I saved it to where the combofix.exe file is located (desktop) and nothing is happening...

    what should I do?
     
  12. MS.11

    MS.11 TS Rookie Topic Starter

    nevermind it seems to be working now.

    I'll paste the log as soon as it's done.
     
  13. MS.11

    MS.11 TS Rookie Topic Starter

    ComboFix 12-07-25.04 - Owner 07/24/2012 10:24:30.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2364 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\services.exe.043024006CE0C071"
    "c:\windows\system32\services.exe.04964D9EA38B2331"
    "c:\windows\system32\services.exe.165827F91942E625"
    "c:\windows\system32\services.exe.1D013B75A0851FE6"
    "c:\windows\system32\services.exe.31FD26909E272C61"
    "c:\windows\system32\services.exe.421E78A5898B1715"
    "c:\windows\system32\services.exe.4BAF82740E76F58F"
    "c:\windows\system32\services.exe.6B32CCB8D8C3B05C"
    "c:\windows\system32\services.exe.6C57578BECB69843"
    "c:\windows\system32\services.exe.815B2A46A2909DCC"
    "c:\windows\system32\services.exe.AB2F47B5F3AFEBB7"
    "c:\windows\system32\services.exe.CF01DFFF5E6E24A2"
    "c:\windows\system32\services.exe.CFD7D699FC7D87D8"
    "c:\windows\system32\services.exe.DFEE713C1C09294E"
    "c:\windows\system32\services.exe.E1F9A5C62D30EE80"
    "c:\windows\system32\services.exe.E301EBB67F5F1C58"
    "c:\windows\system32\services.exe.F12CD4D7068C7613"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.043024006CE0C071
    c:\windows\system32\services.exe.04964D9EA38B2331
    c:\windows\system32\services.exe.165827F91942E625
    c:\windows\system32\services.exe.1D013B75A0851FE6
    c:\windows\system32\services.exe.31FD26909E272C61
    c:\windows\system32\services.exe.421E78A5898B1715
    c:\windows\system32\services.exe.4BAF82740E76F58F
    c:\windows\system32\services.exe.6B32CCB8D8C3B05C
    c:\windows\system32\services.exe.6C57578BECB69843
    c:\windows\system32\services.exe.815B2A46A2909DCC
    c:\windows\system32\services.exe.AB2F47B5F3AFEBB7
    c:\windows\system32\services.exe.CF01DFFF5E6E24A2
    c:\windows\system32\services.exe.CFD7D699FC7D87D8
    c:\windows\system32\services.exe.DFEE713C1C09294E
    c:\windows\system32\services.exe.E1F9A5C62D30EE80
    c:\windows\system32\services.exe.E301EBB67F5F1C58
    c:\windows\system32\services.exe.F12CD4D7068C7613
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 17:36 . 2012-07-24 17:36 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35B42352-B904-4ADB-B2F5-52316FBDE05A}\offreg.dll
    2012-07-24 17:34 . 2012-07-24 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-23 20:42 . 2012-07-23 20:42 -------- d-----w- C:\FRST
    2012-07-23 19:02 . 2012-07-23 19:02 50392 ----a-w- c:\windows\system32\drivers\yonxypik.sys
    2012-07-23 18:39 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1086842A-3D12-49AA-88B2-09DC177A708D}\gapaengine.dll
    2012-07-23 18:39 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35B42352-B904-4ADB-B2F5-52316FBDE05A}\mpengine.dll
    2012-07-23 18:37 . 2012-07-23 18:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-23 18:37 . 2012-07-23 18:38 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-23 07:03 . 2012-07-23 07:03 -------- d-----w- c:\program files (x86)\Remedy Entertainment
    2012-07-22 13:57 . 2012-07-22 13:57 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
    2012-07-22 09:03 . 2012-07-22 09:03 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-22 07:29 . 2012-07-22 07:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-22 07:03 . 2012-07-22 07:03 -------- d-----w- c:\users\Owner\AppData\Local\{5A65F492-D3CB-11E1-8270-B8AC6F996F26}
    2012-07-22 07:03 . 2012-07-22 09:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-22 07:03 . 2012-07-22 07:03 -------- d-----w- c:\windows\system32\Macromed
    2012-07-22 02:25 . 2012-07-23 07:26 -------- d-----w- c:\users\Owner\AppData\Local\SKIDROW
    2012-07-22 02:25 . 2012-07-22 02:25 -------- d-----w- c:\programdata\Rockstar Games
    2012-07-22 01:41 . 2012-07-22 01:41 -------- d-----w- c:\program files (x86)\Rockstar Games
    2012-07-21 23:36 . 2012-07-22 02:14 -------- d-----w- c:\program files (x86)\Black_Box
    2012-07-17 13:10 . 2012-07-23 17:53 -------- d-----w- c:\users\UpdatusUser
    2012-07-17 13:09 . 2012-07-17 13:10 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-07-17 13:05 . 2012-07-17 13:05 -------- d-----w- C:\NVIDIA
    2012-07-15 01:13 . 2012-07-15 01:19 -------- d-----w- c:\users\Owner\AppData\Local\Fallout3
    2012-07-15 00:39 . 2012-07-15 00:39 -------- d-----w- c:\windows\SysWow64\xlive
    2012-07-02 20:04 . 2012-07-02 20:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-02 20:04 . 2012-07-02 20:04 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-02 20:04 . 2012-07-02 20:04 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-02 20:04 . 2012-07-02 20:04 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-07-02 20:04 . 2012-07-02 20:04 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-06-25 07:34 . 2012-06-25 07:55 -------- d-----w- c:\program files (x86)\2K Sports
    2012-06-25 05:24 . 2012-06-25 05:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
    2012-06-25 04:32 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-25 04:32 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-25 04:32 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-25 04:32 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-06-25 04:32 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-06-25 04:32 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-25 04:30 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-06-25 04:29 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-06-25 04:29 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-25 04:29 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-06-25 04:29 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-06-25 04:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-25 04:29 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-22 09:03 . 2011-07-28 00:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-04 06:28 . 2011-06-09 01:08 58957832 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-24 06:26 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-24 06:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-24 06:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-24 06:26 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-24 06:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-24 06:26 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-24 06:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-24 06:26 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-24 06:26 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-15 10:48 . 2010-09-19 16:57 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2010-09-19 16:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2010-09-19 16:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2010-09-19 16:57 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2010-09-19 16:57 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2010-09-19 16:57 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2010-09-19 16:57 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 09:29 . 2010-07-19 01:36 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2010-07-19 01:36 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2010-07-19 01:36 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2010-07-19 01:36 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2010-07-19 01:36 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2010-07-19 01:36 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-04 06:59 . 2012-05-04 07:00 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2012-05-04 06:59 . 2012-05-04 07:00 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2012-05-04 06:59 . 2012-05-04 07:00 223744 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2012-05-04 06:59 . 2012-05-04 07:00 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2012-05-04 06:59 . 2012-05-04 07:00 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2012-05-04 06:59 . 2012-05-04 07:00 421888 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
    2012-05-04 06:59 . 2012-05-04 07:00 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2012-05-04 06:59 . 2012-05-04 07:00 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2012-05-04 06:59 . 2012-05-04 07:00 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
    2012-05-04 06:59 . 2012-05-04 07:00 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2012-05-04 06:59 . 2012-05-04 07:00 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2012-04-26 23:41 . 2012-04-26 23:41 0 ----a-w- c:\windows\SysWow64\sho5B45.tmp
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-24_14.25.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2010-09-19 16:19 . 2012-07-24 03:16 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-09-19 16:19 . 2012-07-24 17:17 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-07-24 17:35 . 2012-07-24 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-24 14:04 . 2012-07-24 14:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-24 17:35 . 2012-07-24 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-24 14:04 . 2012-07-24 14:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-29 03:10 . 2012-07-24 17:17 543592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-04-29 03:10 . 2012-07-24 03:16 543592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-07-14 05:01 . 2012-07-24 03:16 402332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-24 17:35 402332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-06-12 00:11 . 2012-07-24 17:17 9513196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2273060681-3129434345-4219941006-1005-4096.dat
    - 2011-06-12 00:11 . 2012-07-24 03:16 9513196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2273060681-3129434345-4219941006-1005-4096.dat
    + 2011-06-09 00:42 . 2012-07-24 17:35 48006288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2273060681-3129434345-4219941006-1005-8192.dat
    + 2012-07-24 14:57 . 2012-07-24 14:57 12738560 c:\windows\Installer\31522a.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    c:\program files (x86)\IMinent Toolbar\tbcore3.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
    2;2 SampleCollector;VAIO Care Performance Service [x]
    R1 eihwzahq;eihwzahq;c:\windows\system32\drivers\eihwzahq.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [2012-05-04 655712]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
    R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
    R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 250056]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-21 342056]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-21 39464]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-05-04 117248]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-05-04 13952]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\GarenaHoN\GameData\Room\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-05-04 98304]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-05-04 28672]
    R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-05-04 223744]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-07-16 158720]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 VBTUSB;VBTUSB.Sys VAIO Bluetooth Driver over USB device;c:\windows\system32\Drivers\VBTUSB.sys [2010-06-17 14848]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-09 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-13 279616]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-05-04 87040]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-06-23 402720]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 09:03]
    .
    2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2273060681-3129434345-4219941006-1005Core.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 23:52]
    .
    2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2273060681-3129434345-4219941006-1005UA.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 23:52]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 10:14]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 10:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Free YouTube Download - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 64.59.144.90 64.59.150.136
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dathwr23.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2273060681-3129434345-4219941006-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2273060681-3129434345-4219941006-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Sony\VAIO Care\VCSpt.exe
    c:\programdata\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files (x86)\DDNi\Oasis\DDNiStartup.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-24 10:44:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-24 17:44
    ComboFix2.txt 2012-07-24 14:27
    .
    Pre-Run: 182,973,394,944 bytes free
    Post-Run: 182,871,179,264 bytes free
    .
    - - End Of File - - 7EA8D04A2A6085A8D1408E5DD86A21FE
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Good job! (y)

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  15. MS.11

    MS.11 TS Rookie Topic Starter

    SEVEN trojans found!! :confused: and cleaned..

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=5fba528e07f8fd488ae8d636ebd1739a
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-24 10:42:23
    # local_time=2012-07-24 03:42:23 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 34485763 94705670 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=280120
    # found=7
    # cleaned=7
    # scan_time=7523
    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\FRST\Quarantine\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\FRST\Quarantine\{bf2a47dd-a5fb-1224-817b-224de62e0fee}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Black_Box\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\bcausv.dll.vir a variant of Win32/Medfos.BE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\cmdhe.dll.vir a variant of Win32/Medfos.BC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Owner\AppData\Local\{5A65F492-D3CB-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    As you can see, they are mostly in quarantine, which means they are inactive threats.

    Go ahead with another ESET scan please, and we should be able to wrap this up.
     
  17. MS.11

    MS.11 TS Rookie Topic Starter

    No more trojans... seems to be fine now.
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  19. MS.11

    MS.11 TS Rookie Topic Starter

    System restore - check
    otc- check
    tfc - check
    sec check - check

    my comp seems to work fine now... no threats...

    thank you very much!!! much appreciated! couldn't have done it with your kindness and help!!(y)
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  21. MS.11

    MS.11 TS Rookie Topic Starter

    Okay, will do. No more questions for me. Thanks again!!
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Topic marked as solved. Glad to be of help!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...