TechSpot

Cannot turn on windows firewall - cannot update windows

Inactive-A
By regan
Apr 13, 2013
  1. I have noticed the computer occasionally running slow particularly loading webpages (its not the site or my net connection) also noticed that window firewall was off and I cannot turn it on, tried all the tricks for this including replacing the registry keys, turning it on via services when I do it through services it says windows could not start it. error 8007065e for attempted windows update.

    I did have mcafee and noticed a few people witht he firewall issue had this installed too dont know if its related to the problem but I uninstalled it in an attempt to fix, malwarebytes did find a trojan some weeks ago but nothing in recent scans.

    I tried everything in broni's guide here:
    http://www.smartestcomputing.us.com...rewall;-windows-firewall-service-missing-fix/

    but no luck, this is driving me nuts can someone pls help.


    Farbar Service Scanner Version: 03-03-2013
    Ran by RLFENT (administrator) on 13-04-2013 at 14:36:07
    Running from "I:\DOWNLOADS"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  2. regan

    regan TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013
    Ran by SYSTEM at 13-04-2013 14:11:11
    Running from K:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-03] (VIA)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
    HKU\RLFENT\...\Run: [Google Update] "C:\Users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-03] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    ==================== Services (Whitelisted) ===================

    2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [61760 2009-06-14] (Nalpeiron Ltd.)
    2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32368 2012-10-09] (Sanford, L.P.)
    2 NitroDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe" [342544 2012-01-31] (Nitro PDF Software)
    2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [878368 2013-01-31] (NVIDIA Corporation)
    2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1259296 2013-02-19] (NVIDIA Corporation)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-12] ()
    2 piserv; C:\Windows\SysWow64\piserv.exe [65536 2012-03-14] ()
    2 MBAMScheduler; "C:\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]
    2 MBAMService; "C:\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
    2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

    ==================== Drivers (Whitelisted) =====================

    3 akshasp; C:\Windows\System32\Drivers\akshasp.sys [60488 2013-03-14] (SafeNet Inc.)
    3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [303368 2013-03-14] (SafeNet Inc.)
    3 CX88VID; C:\Windows\System32\drivers\cxavsvid.sys [469248 2007-09-18] (Leadtek Research Inc.)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
    2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [331144 2013-03-14] (SafeNet Inc.)
    3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-18] (Microsoft Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
    3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [x]
    3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [x]
    3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [x]
    3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [x]
    3 ndisahMP; C:\Windows\System32\DRIVERS\ndisah.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-04-13 14:11 - 2013-04-13 14:11 - 00000000 ____D C:\FRST
    2013-04-12 19:45 - 2013-04-12 19:45 - 00003458 ____A C:\Windows\SysWOW64\FSS.txt
    2013-04-12 02:58 - 2013-04-12 02:58 - 00000626 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-12 02:51 - 2013-04-12 02:51 - 00000000 ____A C:\Users\RLFENT\agent.log
    2013-04-12 02:39 - 2013-04-12 02:39 - 00000198 ____A C:\Users\RLFENT\Desktop\repair.bat
    2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\ProgramData\Intel(R) Update Manager
    2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\Intel
    2013-04-11 17:47 - 2013-04-11 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-11 02:17 - 2013-04-11 02:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
    2013-04-11 02:17 - 2011-09-22 03:07 - 00105832 ____A (Microsoft Corporation) C:\Windows\System32\SQSRVRES.DLL
    2013-04-11 02:17 - 2011-09-22 03:06 - 00109416 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-04-11 02:17 - 2011-09-21 23:18 - 00073064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\Documents\DYMO Label
    2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Sanford,_L.P
    2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\DYMO
    2013-04-09 22:46 - 2013-04-09 22:47 - 00041385 __RSH C:\Program Files (x86)\DLS8Uninstall.log
    2013-04-09 22:46 - 2013-04-09 22:47 - 00004606 ____A C:\Windows\DPINST.LOG
    2013-04-09 22:46 - 2013-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\DYMO
    2013-04-09 22:42 - 2013-04-09 22:42 - 00000000 ____D C:\ProgramData\DYMO
    2013-04-09 17:37 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-04-09 17:37 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-09 17:37 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-04-09 17:37 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-09 17:37 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-04-09 17:36 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-09 17:36 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-09 17:36 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-09 17:36 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-09 17:36 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-09 17:36 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-09 17:36 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-09 17:36 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-04-09 17:36 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-04-09 17:36 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-09 17:36 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-09 17:36 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-04-09 17:36 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-04-09 17:36 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-09 17:36 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-09 17:36 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-04-09 17:36 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-09 17:36 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-09 17:36 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-09 17:36 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-09 17:36 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-09 17:36 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-04-09 17:36 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-04-09 17:36 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-09 17:36 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-09 17:36 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-04-09 17:36 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-09 17:36 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-09 17:36 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-04-09 17:36 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-04-09 17:36 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-04-09 17:36 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-04-09 17:36 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-04-09 17:36 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-04-09 17:36 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-04-09 17:36 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-04-09 17:35 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-09 17:35 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-04-09 17:35 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-04-09 17:35 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-04-09 17:35 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-04-09 17:35 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-04-08 16:34 - 2013-04-08 16:34 - 00000000 ____D C:\Windows\CheckSur
    2013-04-08 16:27 - 2013-01-31 01:24 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2013-04-08 16:24 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
    2013-04-08 16:24 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
    2013-04-08 00:18 - 2013-04-08 00:18 - 00000000 ____D C:\ProgramData\IDM
    2013-04-07 21:43 - 2013-04-12 19:28 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\IDM
    2013-04-07 21:26 - 2013-04-07 21:26 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-04-07 21:25 - 2013-04-12 03:12 - 00030714 ____A C:\Windows\IE10_main.log
    2013-04-07 20:55 - 2013-04-07 20:55 - 44335120 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\IE10-Windows6.1-x64-en-us.exe
    2013-04-07 20:53 - 2013-04-07 20:53 - 03326176 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\OutlookConnector.exe
    2013-04-07 20:53 - 2013-04-07 20:53 - 00000000 ____D C:\Program Files (x86)\MSECache
    2013-04-07 02:04 - 2013-04-09 21:44 - 00000000 ____D C:\ProgramData\boost_interprocess
    2013-04-07 02:04 - 2013-04-07 02:04 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Alibaba
    2013-04-05 20:51 - 2013-04-05 20:51 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08(1).bin
    2013-04-05 20:45 - 2013-04-05 20:45 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08.bin
    2013-04-05 03:53 - 2013-04-05 03:53 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(3).exe
    2013-04-05 03:45 - 2013-04-05 03:45 - 00559441 ____A C:\Users\RLFENT\Downloads\Tftpd32-4.00-setup.exe
    2013-04-05 03:45 - 2013-04-05 03:45 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(2).exe
    2013-04-05 03:43 - 2013-04-05 03:32 - 00166576 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
    2013-04-05 03:37 - 2013-04-05 03:37 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(1).exe
    2013-04-05 03:28 - 2013-04-05 03:28 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2.exe
    2013-04-05 03:07 - 2013-04-05 03:07 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64(1).exe
    2013-04-05 02:50 - 2013-04-05 02:37 - 03543068 ____A C:\Users\RLFENT\Desktop\BR6574N-webflash.bin
    2013-04-05 02:50 - 2013-04-05 02:37 - 03543042 ____A C:\Users\RLFENT\Desktop\image.tftp
    2013-04-05 02:40 - 2013-04-05 03:08 - 00131584 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
    2013-04-05 02:39 - 2013-04-05 02:39 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64.exe
    2013-04-05 02:36 - 2013-04-05 02:37 - 03543068 ____A C:\Users\RLFENT\Downloads\BR6574N-webflash.bin
    2013-04-05 02:36 - 2013-04-05 02:37 - 03543042 ____A C:\Users\RLFENT\Downloads\image.tftp
    2013-04-03 21:22 - 2013-04-03 21:28 - 00017724 ____A C:\Users\RLFENT\Desktop\invoice for 2x gas heaters.htm
    2013-04-03 16:05 - 2013-04-03 16:05 - 00087497 ____A C:\Users\RLFENT\Downloads\Download.csv
    2013-04-01 16:58 - 2013-04-12 19:13 - 00015990 ____A C:\Windows\PFRO.log
    2013-03-31 23:57 - 2013-04-12 19:34 - 00080270 ____A C:\Windows\setupact.log
    2013-03-31 23:57 - 2013-03-31 23:57 - 00000000 ____A C:\Windows\setuperr.log
    2013-03-28 17:42 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-03-28 17:42 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-03-28 17:42 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-03-28 17:42 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-03-28 17:42 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-03-28 17:42 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-03-28 17:41 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-03-28 17:41 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-03-28 01:07 - 2013-03-28 01:07 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Macromedia
    2013-03-24 21:43 - 2013-03-25 00:44 - 204386358 ____A C:\Users\RLFENT\Desktop\IMG_2357.MOV
    2013-03-24 20:16 - 2013-03-24 20:16 - 00000520 ____A C:\Windows\SysWOW64\asfxt.dng
    2013-03-24 20:15 - 2013-03-24 20:15 - 00000000 ____D C:\Program Files (x86)\Primera Technology
    2013-03-24 20:15 - 2012-02-06 19:52 - 02228496 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxsfs.dll
    2013-03-24 20:15 - 2012-02-06 19:52 - 00704784 ____N (Rovi Corporation) C:\Windows\SysWOW64\px.dll
    2013-03-24 20:15 - 2012-02-06 19:52 - 00442640 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxwave.dll
    2013-03-24 20:15 - 2012-02-06 19:52 - 00221456 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxmas.dll
    2013-03-24 20:15 - 2012-02-06 19:52 - 00135440 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxafs.dll
    2013-03-24 20:15 - 2012-02-06 19:52 - 00061712 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxwma.dll
    2013-03-24 20:15 - 2012-02-06 07:02 - 00586000 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxdrv.dll
    2013-03-24 20:15 - 2011-11-02 16:41 - 00128784 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxinsi64.exe
    2013-03-24 20:15 - 2011-11-02 16:41 - 00074000 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxhpinst.exe
    2013-03-24 20:15 - 2011-11-02 16:41 - 00070416 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxinsa64.exe
    2013-03-24 20:15 - 2011-11-02 08:01 - 00056208 ____N (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
    2013-03-24 20:15 - 2011-10-16 08:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
    2013-03-24 20:15 - 2011-10-16 08:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
    2013-03-24 20:15 - 2011-09-06 06:01 - 00100848 ____N (Rovi Corporation) C:\Windows\SysWOW64\vxblock.dll
    2013-03-24 20:15 - 2011-05-23 06:00 - 00123888 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxcpyi64.exe
    2013-03-24 20:15 - 2011-05-23 06:00 - 00068080 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxcpya64.exe
    2013-03-24 20:14 - 2013-03-24 20:27 - 00000000 ____D C:\Users\RLFENT\AppData\Local\MicroVision Applications
    2013-03-24 20:13 - 2006-09-20 14:42 - 00487424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
    2013-03-24 20:13 - 2006-09-20 14:42 - 00344064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
    2013-03-24 20:12 - 2013-03-24 20:13 - 00000000 ____D C:\Program Files (x86)\SureThing CD Labeler 5 - Primera
    2013-03-24 20:02 - 2013-03-24 20:18 - 00000000 ____D C:\ProgramData\PTI
    2013-03-14 18:52 - 2013-03-14 18:52 - 04466120 ____A (SafeNet Inc.) C:\Windows\System32\aksllmtp.exe
    2013-03-14 18:52 - 2013-03-14 18:52 - 00331144 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\hardlock.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00303368 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksusb.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00141064 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksfridge.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00090056 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksdf.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00077768 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\aksusb4.dll
    2013-03-14 18:52 - 2013-03-14 18:52 - 00070088 ____A (SafeNet Inc.) C:\Windows\System32\akshhl30.dll
    2013-03-14 18:52 - 2013-03-14 18:52 - 00063944 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshhl.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00060488 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshasp.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00021448 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksclass.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00018376 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\akshsp52.dll

    ==================== One Month Modified Files and Folders =======

    2013-04-13 14:11 - 2013-04-13 14:11 - 00000000 ____D C:\FRST
    2013-04-12 20:06 - 2012-09-03 23:50 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\DMCache
    2013-04-12 20:06 - 2012-09-03 23:39 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000UA.job
    2013-04-12 20:06 - 2012-09-03 23:13 - 01632070 ____A C:\Windows\WindowsUpdate.log
    2013-04-12 20:06 - 2009-07-13 20:45 - 00015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-04-12 20:06 - 2009-07-13 20:45 - 00015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-12 20:05 - 2012-09-04 03:32 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Skype
    2013-04-12 19:45 - 2013-04-12 19:45 - 00003458 ____A C:\Windows\SysWOW64\FSS.txt
    2013-04-12 19:38 - 2009-07-13 21:13 - 00872406 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-12 19:34 - 2013-03-31 23:57 - 00080270 ____A C:\Windows\setupact.log
    2013-04-12 19:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-12 19:30 - 2012-10-30 18:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-04-12 19:28 - 2013-04-07 21:43 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\IDM
    2013-04-12 19:13 - 2013-04-01 16:58 - 00015990 ____A C:\Windows\PFRO.log
    2013-04-12 04:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-04-12 03:12 - 2013-04-07 21:25 - 00030714 ____A C:\Windows\IE10_main.log
    2013-04-12 02:58 - 2013-04-12 02:58 - 00000626 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-12 02:51 - 2013-04-12 02:51 - 00000000 ____A C:\Users\RLFENT\agent.log
    2013-04-12 02:51 - 2012-09-03 23:13 - 00000000 ____D C:\users\RLFENT
    2013-04-12 02:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-04-12 02:39 - 2013-04-12 02:39 - 00000198 ____A C:\Users\RLFENT\Desktop\repair.bat
    2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\ProgramData\Intel(R) Update Manager
    2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\Intel
    2013-04-12 02:23 - 2012-09-04 00:09 - 00000000 ____D C:\Program Files (x86)\Intel
    2013-04-12 02:18 - 2012-10-29 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-04-12 02:18 - 2012-09-03 23:21 - 00000000 ____D C:\ProgramData\McAfee
    2013-04-12 01:06 - 2012-09-03 23:39 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000Core.job
    2013-04-11 19:19 - 2012-09-04 01:38 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\vlc
    2013-04-11 17:47 - 2013-04-11 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-11 02:17 - 2013-04-11 02:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
    2013-04-11 02:16 - 2012-10-14 21:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
    2013-04-11 02:16 - 2012-10-14 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
    2013-04-11 00:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
    2013-04-10 22:21 - 2012-09-03 23:52 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\uTorrent
    2013-04-10 17:11 - 2009-07-13 20:45 - 00420024 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\Documents\DYMO Label
    2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Sanford,_L.P
    2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\DYMO
    2013-04-09 22:49 - 2012-09-03 23:39 - 00114928 ____A C:\Users\RLFENT\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-04-09 22:47 - 2013-04-09 22:46 - 00041385 __RSH C:\Program Files (x86)\DLS8Uninstall.log
    2013-04-09 22:47 - 2013-04-09 22:46 - 00004606 ____A C:\Windows\DPINST.LOG
    2013-04-09 22:46 - 2013-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\DYMO
    2013-04-09 22:42 - 2013-04-09 22:42 - 00000000 ____D C:\ProgramData\DYMO
    2013-04-09 21:44 - 2013-04-07 02:04 - 00000000 ____D C:\ProgramData\boost_interprocess
    2013-04-09 17:38 - 2012-09-03 23:59 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-04-09 17:37 - 2012-09-04 14:19 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-04-08 16:34 - 2013-04-08 16:34 - 00000000 ____D C:\Windows\CheckSur
    2013-04-08 16:27 - 2012-09-03 23:27 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-04-08 16:27 - 2012-09-03 23:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-04-08 00:18 - 2013-04-08 00:18 - 00000000 ____D C:\ProgramData\IDM
    2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
    2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
    2013-04-07 21:26 - 2013-04-07 21:26 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-04-07 20:55 - 2013-04-07 20:55 - 44335120 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\IE10-Windows6.1-x64-en-us.exe
    2013-04-07 20:53 - 2013-04-07 20:53 - 03326176 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\OutlookConnector.exe
    2013-04-07 20:53 - 2013-04-07 20:53 - 00000000 ____D C:\Program Files (x86)\MSECache
    2013-04-07 02:04 - 2013-04-07 02:04 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Alibaba
    2013-04-07 01:53 - 2012-09-03 23:59 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Windows Live
    2013-04-07 01:52 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2013-04-05 20:51 - 2013-04-05 20:51 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08(1).bin
    2013-04-05 20:45 - 2013-04-05 20:45 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08.bin
    2013-04-05 03:53 - 2013-04-05 03:53 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(3).exe
    2013-04-05 03:45 - 2013-04-05 03:45 - 00559441 ____A C:\Users\RLFENT\Downloads\Tftpd32-4.00-setup.exe
    2013-04-05 03:45 - 2013-04-05 03:45 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(2).exe
    2013-04-05 03:37 - 2013-04-05 03:37 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(1).exe
    2013-04-05 03:37 - 2013-01-22 01:14 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\FileZilla
    2013-04-05 03:32 - 2013-04-05 03:43 - 00166576 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
    2013-04-05 03:28 - 2013-04-05 03:28 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2.exe
    2013-04-05 03:08 - 2013-04-05 02:40 - 00131584 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
    2013-04-05 03:07 - 2013-04-05 03:07 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64(1).exe
    2013-04-05 02:39 - 2013-04-05 02:39 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64.exe
    2013-04-05 02:37 - 2013-04-05 02:50 - 03543068 ____A C:\Users\RLFENT\Desktop\BR6574N-webflash.bin
    2013-04-05 02:37 - 2013-04-05 02:50 - 03543042 ____A C:\Users\RLFENT\Desktop\image.tftp
    2013-04-05 02:37 - 2013-04-05 02:36 - 03543068 ____A C:\Users\RLFENT\Downloads\BR6574N-webflash.bin
    2013-04-05 02:37 - 2013-04-05 02:36 - 03543042 ____A C:\Users\RLFENT\Downloads\image.tftp
    2013-04-03 21:28 - 2013-04-03 21:22 - 00017724 ____A C:\Users\RLFENT\Desktop\invoice for 2x gas heaters.htm
    2013-04-03 20:50 - 2012-09-03 23:36 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-03 16:05 - 2013-04-03 16:05 - 00087497 ____A C:\Users\RLFENT\Downloads\Download.csv
    2013-03-31 23:57 - 2013-03-31 23:57 - 00000000 ____A C:\Windows\setuperr.log
    2013-03-31 23:56 - 2012-10-06 21:12 - 00000000 ____D C:\Windows\Minidump
    2013-03-31 23:50 - 2012-09-04 04:06 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Auslogics
    2013-03-31 23:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-03-29 09:13 - 2012-09-03 23:18 - 00000000 ____D C:\Program Files (x86)\Realtek
    2013-03-28 01:07 - 2013-03-28 01:07 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Macromedia
    2013-03-26 21:58 - 2012-09-03 23:23 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-03-26 21:58 - 2012-09-03 23:23 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-03-25 00:44 - 2013-03-24 21:43 - 204386358 ____A C:\Users\RLFENT\Desktop\IMG_2357.MOV
    2013-03-24 20:27 - 2013-03-24 20:14 - 00000000 ____D C:\Users\RLFENT\AppData\Local\MicroVision Applications
    2013-03-24 20:18 - 2013-03-24 20:02 - 00000000 ____D C:\ProgramData\PTI
    2013-03-24 20:16 - 2013-03-24 20:16 - 00000520 ____A C:\Windows\SysWOW64\asfxt.dng
    2013-03-24 20:15 - 2013-03-24 20:15 - 00000000 ____D C:\Program Files (x86)\Primera Technology
    2013-03-24 20:13 - 2013-03-24 20:12 - 00000000 ____D C:\Program Files (x86)\SureThing CD Labeler 5 - Primera
    2013-03-24 20:02 - 2012-09-06 23:47 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Nitro PDF
    2013-03-18 22:04 - 2013-04-09 17:35 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-03-18 21:46 - 2013-04-09 17:35 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-03-18 21:04 - 2013-04-09 17:35 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-03-18 21:04 - 2013-04-09 17:35 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-03-18 20:47 - 2013-04-09 17:35 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-03-18 19:06 - 2013-04-09 17:35 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-03-14 18:52 - 2013-03-14 18:52 - 04466120 ____A (SafeNet Inc.) C:\Windows\System32\aksllmtp.exe
    2013-03-14 18:52 - 2013-03-14 18:52 - 00331144 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\hardlock.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00303368 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksusb.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00141064 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksfridge.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00090056 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksdf.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00077768 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\aksusb4.dll
    2013-03-14 18:52 - 2013-03-14 18:52 - 00070088 ____A (SafeNet Inc.) C:\Windows\System32\akshhl30.dll
    2013-03-14 18:52 - 2013-03-14 18:52 - 00063944 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshhl.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00060488 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshasp.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00021448 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksclass.sys
    2013-03-14 18:52 - 2013-03-14 18:52 - 00018376 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\akshsp52.dll

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-04-12 02:42:34
    Restore point made on: 2013-04-12 03:12:42

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8191.24 MB
    Available physical RAM: 7382.77 MB
    Total Pagefile: 8189.39 MB
    Available Pagefile: 7383.29 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (WINDOWS SSD) (Fixed) (Total:55.8 GB) (Free:15.93 GB) NTFS
    2 Drive e: (PROGRAMS) (Fixed) (Total:43.95 GB) (Free:38.04 GB) NTFS
    3 Drive f: (RLF ENT) (Fixed) (Total:28.19 GB) (Free:20.96 GB) NTFS
    4 Drive g: (Windows) (Fixed) (Total:53.71 GB) (Free:13.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: (MISC) (Fixed) (Total:58.59 GB) (Free:58.5 GB) NTFS
    6 Drive I: (STORAGE) (Fixed) (Total:742.18 GB) (Free:206.11 GB) NTFS
    8 Drive k: (TSB USB DRV) (Removable) (Total:3.63 GB) (Free:0.78 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 55 GB 0 B
    Disk 1 Online 931 GB 5012 MB *
    Disk 2 Online 3726 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: FF5F23EE

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 55 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 C WINDOWS SSD NTFS Partition 55 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 7F1F470A

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 992 KB 31 KB
    Partition 2 Dynamic Data 53 GB 1024 KB
    Partition 3 Dynamic Data 877 GB 53 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 42
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Disk: 1
    Partition 2
    Type : 42
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G Windows NTFS Simple 53 GB Healthy

    =========================================================

    Disk: 1
    Partition 3
    Type : 42
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Partitions of Disk 2:
    ===============

    Disk ID: C3072E18

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3722 MB 4032 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K TSB USB DRV FAT32 Removable 3722 MB Healthy

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: FF5F23EE

    Partition 1:
    =========
    Hex: 8020210007DF130C0008000000200300
    Active: YES
    Type: 07 (NTFS)
    Size: 100 MB

    Partition 2:
    =========
    Hex: 00DF140C07FEFFFF002803000098F906
    Active: NO
    Type: 07 (NTFS)
    Size: 56 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: 7F1F470A

    Partition 1:
    =========
    Hex: 00010100422020003F000000C1070000
    Active: NO
    Type: 42
    Size: 993 KB

    Partition 2:
    =========
    Hex: 8020210042FEFFFF0008000000C0B606
    Active: YES
    Type: 42
    Size: 54 GB

    Partition 3:
    =========
    Hex: 00FEFFFF42FEFFFF00C8B606B09DB96D
    Active: NO
    Type: 42
    Size: 878 GB

    ==============================
    Partitions of Disk 2:
    ===============
    Disk ID: C3072E18

    Partition 1:
    =========
    Hex: 000001010C24E5B1801F000080507400
    Active: NO
    Type: 0C
    Size: 4 GB


    Last Boot: 2013-04-03 15:35

    ==================== End Of Log =============================
     
  3. regan

    regan TS Rookie Topic Starter

    Farbar Recovery Scan Tool (x64) Version: 11-04-2013
    Ran by SYSTEM at 2013-04-13 14:12:58
    Running from K:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. regan

    regan TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.04.07.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    RLFENT :: RLFENT-PC [administrator]
    08-Apr-13 3:47:49 PM
    mbam-log-2013-04-08 (15-47-49).txt
    Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 682388
    Time elapsed: 1 hour(s), 53 minute(s), 35 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    E:\produkey\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
    (end)
     
  6. regan

    regan TS Rookie Topic Starter

    Attach



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04-Sep-12 5:13:03 PM
    System Uptime: 13-Apr-13 2:13:43 PM (1 hours ago)
    .
    Motherboard: ASRock | | 880GMH-LE/USB3
    Processor: AMD Phenom(tm) II X4 955 Processor | CPUSocket | 3206/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 15.838 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 44 GiB total, 38.043 GiB free.
    F: is FIXED (NTFS) - 28 GiB total, 20.963 GiB free.
    G: is FIXED (NTFS) - 54 GiB total, 13.117 GiB free.
    H: is FIXED (NTFS) - 59 GiB total, 58.501 GiB free.
    I: is FIXED (NTFS) - 742 GiB total, 206.099 GiB free.
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP78: 12-Apr-13 8:42:30 PM - Windows Update
    RP79: 12-Apr-13 9:12:38 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6)
    Audacity 2.0.2
    Auslogics BoostSpeed
    CrystalDiskInfo 5.0.4
    CrystalDiskMark 3.0.1c
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DHTML Editing Component
    DYMO Label v.8
    DYMO LabelWriter Drivers
    EVEREST Ultimate Edition v5.50
    Fresco Logic USB3.0 Host Controller
    Google Chrome
    Guitar FX BOX 3
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    Intel(R) Update Manager
    Intel® SSD Toolbox
    Internet Download Manager
    Java 7 Update 9
    Java Auto Updater
    Lexmark Network TWAIN Driver Uninstaller
    LinuxLive USB Creator
    Malwarebytes Anti-Malware version 1.75.0.1300
    MetaDMS Scan Software
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Mozilla Firefox 20.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    Nitro PDF Professional
    NVIDIA 3D Vision Controller Driver 301.42
    NVIDIA Control Panel 307.83
    NVIDIA Graphics Driver 307.83
    NVIDIA HD Audio Driver 1.3.16.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Pedals VST
    Platform
    PTPublisher
    Quick Screen Capture 3.0
    Realtek Ethernet Controller Driver For Windows 7
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
    Shared C Run-time for x64
    Skype™ 6.1
    Sql Server Customer Experience Improvement Program
    SureThing CD Labeler Primera Edition 5
    Toll Lite
    TradeManager 2012
    TreeSize Professional 5.3.1
    Turbo Lister 2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VIA Platform Device Manager
    VLC media player 2.0.3
    WinRAR 4.01 (64-bit)
    WinZip 16.5
    WordWeb Pro
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13-Apr-13 3:21:03 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    13-Apr-13 2:13:53 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
    12-Apr-13 9:13:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
    12-Apr-13 8:49:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).
    12-Apr-13 8:18:56 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
    11-Apr-13 5:39:20 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    11-Apr-13 5:39:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    11-Apr-13 5:38:14 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    11-Apr-13 5:38:14 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    11-Apr-13 4:29:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11-Apr-13 4:29:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    11-Apr-13 4:29:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10-Apr-13 11:28:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2807986).
    10-Apr-13 11:20:09 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address 00-04-F2-1E-C7-45. Network operations on this system may be disrupted as a result.
    09-Apr-13 2:26:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    08-Apr-13 8:51:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
  7. regan

    regan TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.9.2
    Run by RLFENT at 15:21:46 on 2013-04-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.4304 [GMT 10:00]
    .
    AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\ASTSRV.EXE
    C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    E:\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    E:\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    E:\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\SysWOW64\piserv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    E:\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\vssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    E:\idm\Internet Download Manager\IDMan.exe
    E:\idm\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com.au/
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
    mWinlogon: Userinit = userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\idm\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
    uRun: [Google Update] "C:\Users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all links with IDM - E:\idm\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - E:\idm\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{AE01B5ED-0587-4C1B-B911-060D3EA115AF} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{CB446E59-653F-4C25-9751-36C82CD262A3} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{F77E17AC-058F-43D0-88CF-91AD1805E526} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\idm\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\RLFENT\AppData\Roaming\Mozilla\Firefox\Profiles\uo0wru2c.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\RLFENT\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: E:\Trademanager\nptrademanager.dll
    FF - plugin: E:\Trademanager\npwangwang.dll
    FF - ExtSQL: 2013-04-08 18:19; mozilla_cc@internetdownloadmanager.com; C:\Users\RLFENT\AppData\Roaming\IDM\idmmzcc5
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-25 56208]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-3-15 90056]
    R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-10-10 32368]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-4-5 166576]
    R2 MBAMScheduler;MBAMScheduler;E:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 418376]
    R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 701512]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2012-2-1 342544]
    R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-2-1 70160]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-4-13 88576]
    R2 piserv;Primera Index Service;C:\Windows\System32\piserv.exe --> C:\Windows\System32\piserv.exe [?]
    R3 CX88VID;WinFast CX2388x AvStream Driver;C:\Windows\System32\drivers\cxavsvid.sys [2007-9-19 469248]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-4 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-4 346144]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-9-4 1276928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-4 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-4 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== Created Last 30 ================
    .
    2013-04-13 22:11:08 -------- d-----w- C:\FRST
    2013-04-13 05:21:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2013-04-13 05:21:00 -------- d-----w- C:\Program Files\Microsoft Security Client
    2013-04-12 10:23:33 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
    2013-04-12 10:23:19 -------- d-----w- C:\Intel
    2013-04-12 00:30:47 -------- d-----w- C:\Users\RLFENT\AppData\Local\ElevatedDiagnostics
    2013-04-11 10:17:50 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-04-11 10:17:50 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-04-11 10:17:50 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2013-04-10 08:17:37 -------- d-----w- C:\Users\RLFENT\AppData\Local\assembly
    2013-04-10 06:49:34 -------- d-----w- C:\Users\RLFENT\AppData\Local\Sanford,_L.P
    2013-04-10 06:49:21 -------- d-----w- C:\Users\RLFENT\AppData\Local\DYMO
    2013-04-10 06:46:25 -------- d-----w- C:\Program Files (x86)\DYMO
    2013-04-10 06:43:19 -------- d-----w- C:\Program Files\DYMO LabelWriter Drivers
    2013-04-10 06:42:55 -------- d-----w- C:\ProgramData\DYMO
    2013-04-10 01:37:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-04-10 01:37:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-04-10 01:37:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-04-10 01:37:00 182896 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-04-10 01:37:00 149616 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-04-10 01:35:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-10 01:35:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-10 01:35:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-10 01:35:57 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-10 01:35:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-10 01:35:57 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-04-09 00:34:40 -------- d-----w- C:\Windows\CheckSur
    2013-04-09 00:27:32 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
    2013-04-09 00:24:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys
    2013-04-09 00:24:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-04-08 08:18:58 -------- d-----w- C:\ProgramData\IDM
    2013-04-08 05:43:57 -------- d-----w- C:\Users\RLFENT\AppData\Roaming\IDM
    2013-04-08 05:33:03 15088 ----a-w- C:\Users\RLFENT\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
    2013-04-08 04:53:16 -------- d-----w- C:\Program Files (x86)\MSECache
    2013-04-07 10:04:12 -------- d-----w- C:\Users\RLFENT\AppData\Roaming\Alibaba
    2013-04-07 10:04:02 -------- d-----w- C:\ProgramData\boost_interprocess
    2013-04-07 09:50:34 -------- d-----w- C:\Users\RLFENT\AppData\Local\Programs
    2013-04-05 11:43:34 166576 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    2013-04-05 10:40:18 131584 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
    2013-03-29 01:42:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-03-29 01:42:23 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-03-29 01:42:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-03-29 01:42:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-03-29 01:42:21 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-03-29 01:42:14 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-03-29 01:41:50 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-03-29 01:41:50 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-03-28 09:07:29 -------- d-----w- C:\Users\RLFENT\AppData\Local\Macromedia
    2013-03-27 06:38:43 272280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
    2013-03-25 04:14:15 -------- d-----w- C:\Users\RLFENT\AppData\Local\MicroVision Applications
    2013-03-25 04:13:04 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2013-03-25 04:13:04 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2013-03-25 04:13:02 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
    2013-03-25 04:12:57 -------- d-----w- C:\Program Files (x86)\SureThing CD Labeler 5 - Primera
    2013-03-25 04:02:14 -------- d-----w- C:\ProgramData\PTI
    2013-03-15 02:52:10 4466120 ----a-w- C:\Windows\System32\aksllmtp.exe
    2013-03-15 02:52:08 90056 ----a-w- C:\Windows\System32\drivers\aksdf.sys
    2013-03-15 02:52:08 77768 ----a-w- C:\Windows\System32\aksusb4.dll
    2013-03-15 02:52:08 70088 ----a-w- C:\Windows\System32\akshhl30.dll
    2013-03-15 02:52:08 63944 ----a-w- C:\Windows\System32\drivers\akshhl.sys
    2013-03-15 02:52:08 60488 ----a-w- C:\Windows\System32\drivers\akshasp.sys
    2013-03-15 02:52:08 331144 ----a-w- C:\Windows\System32\drivers\hardlock.sys
    2013-03-15 02:52:08 303368 ----a-w- C:\Windows\System32\drivers\aksusb.sys
    2013-03-15 02:52:08 21448 ----a-w- C:\Windows\System32\drivers\aksclass.sys
    2013-03-15 02:52:08 18376 ----a-w- C:\Windows\System32\akshsp52.dll
    2013-03-15 02:52:08 141064 ----a-w- C:\Windows\System32\drivers\aksfridge.sys
    .
    ==================== Find3M ====================
    .
    2013-04-04 04:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-27 05:58:15 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-27 05:58:15 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
    2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
    2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-01-31 09:25:24 6207776 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-01-31 09:25:24 3300640 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-01-31 09:24:59 878368 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-01-31 09:24:58 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-01-31 09:24:58 118560 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-01-20 05:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 05:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 15:21:54.77 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. regan

    regan TS Rookie Topic Starter

    Ok thanks,,

    ogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : RLFENT [Admin rights]
    Mode : Scan -- Date : 04/17/2013 17:20:10
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> G:\windows\system32\config\SOFTWARE
    -> G:\windows\system32\config\SYSTEM
    -> G:\Users\Default\NTUSER.DAT
    -> G:\Users\Default User\NTUSER.DAT
    -> G:\Users\Public\NTUSER.DAT
    -> G:\Users\rlfent\NTUSER.DAT
    -> G:\Users\UpdatusUser\NTUSER.DAT
    -> G:\Users\UpdatusUser.rlfent-PC\NTUSER.DAT
    -> G:\Documents and Settings\Default\NTUSER.DAT
    -> G:\Documents and Settings\Default User\NTUSER.DAT
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: INTEL SSDSC2CT060A3 ATA Device +++++
    --- User ---
    [MBR] 87755aa1467601d612eb6dfff38255da
    [BSP] a7e91dd62d7ac3a69f910cf400349181 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD10EARS-00Y5B1 ATA Device +++++
    --- User ---
    [MBR] 7043a6e53b38f492c8ce2541461167bf
    [BSP] 57ed56e55506cf721290683d8e4e281c : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
    1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 55000 Mo
    2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 112642048 | Size: 898867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: TOSHIBA TOSHIBA USB DRV USB Device +++++
    --- User ---
    [MBR] 7eac97522ed0d51a37c5006d5faa9d4f
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3722 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive3: Generic USB SD Reader USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive4: Generic USB CF Reader USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_04172013_02d1720.txt >>
    RKreport[1]_S_04172013_02d1720.txt
     
  10. regan

    regan TS Rookie Topic Starter

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : RLFENT [Admin rights]
    Mode : Remove -- Date : 04/17/2013 17:20:59
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> G:\windows\system32\config\SOFTWARE
    -> G:\windows\system32\config\SYSTEM
    -> G:\Users\Default\NTUSER.DAT
    -> G:\Users\Default User\NTUSER.DAT
    -> G:\Users\Public\NTUSER.DAT
    -> G:\Users\rlfent\NTUSER.DAT
    -> G:\Users\UpdatusUser\NTUSER.DAT
    -> G:\Users\UpdatusUser.rlfent-PC\NTUSER.DAT
    -> G:\Documents and Settings\Default\NTUSER.DAT
    -> G:\Documents and Settings\Default User\NTUSER.DAT
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: INTEL SSDSC2CT060A3 ATA Device +++++
    --- User ---
    [MBR] 87755aa1467601d612eb6dfff38255da
    [BSP] a7e91dd62d7ac3a69f910cf400349181 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD10EARS-00Y5B1 ATA Device +++++
    --- User ---
    [MBR] 7043a6e53b38f492c8ce2541461167bf
    [BSP] 57ed56e55506cf721290683d8e4e281c : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
    1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 55000 Mo
    2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 112642048 | Size: 898867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: TOSHIBA TOSHIBA USB DRV USB Device +++++
    --- User ---
    [MBR] 7eac97522ed0d51a37c5006d5faa9d4f
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3722 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive3: Generic USB SD Reader USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive4: Generic USB CF Reader USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_04172013_02d1720.txt >>
    RKreport[1]_S_04172013_02d1720.txt ; RKreport[2]_D_04172013_02d1720.txt
     
  11. regan

    regan TS Rookie Topic Starter

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org
    Database version: v2013.04.17.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    RLFENT :: RLFENT-PC [administrator]
    17-Apr-13 5:27:54 PM
    mbar-log-2013-04-17 (17-27-54).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29286
    Time elapsed: 3 minute(s), 32 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    I still need system-log.txt log.
     
  13. regan

    regan TS Rookie Topic Starter

    Whoops sorry missed that one.


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.206000 GHz
    Memory total: 8589135872, free: 6673051648
    ------------ Kernel report ------------
    04/17/2013 17:21:55
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\irsir.sys
    \SystemRoot\system32\drivers\irenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\drivers\cxavsvid.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\BdaSup.SYS
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\system32\drivers\viahduaa.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\irda.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\aksdf.sys
    \??\C:\Windows\system32\drivers\hardlock.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\kernel32.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk6\DR6
    Upper Device Object: 0xfffffa8008c2b790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000080\
    Lower Device Object: 0xfffffa8008c08830
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR5
    Upper Device Object: 0xfffffa8008bfb060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007f\
    Lower Device Object: 0xfffffa8008c2f5b0
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa8008c2c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007e\
    Lower Device Object: 0xfffffa8008c3b060
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa8008c1e140
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007d\
    Lower Device Object: 0xfffffa8008c45060
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800870e790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006e\
    Lower Device Object: 0xfffffa8008724b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007c00060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
    Lower Device Object: 0xfffffa8006cab680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8007bff060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
    Lower Device Object: 0xfffffa80078f81f0
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Downloaded database version: v2013.04.17.02
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007bff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007af9850, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007bff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80078f81f0, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00fcf4dc0, 0xfffffa8007bff060, 0xfffffa800aaaf090
    Lower DeviceData: 0xfffff8a003d3d290, 0xfffffa80078f81f0, 0xfffffa800a934090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: FF5F23EE
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 117020672
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 60022480896 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-117211408-117231408)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007c00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007c00b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007c00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006cab680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00ff02180, 0xfffffa8007c00060, 0xfffffa800aa97790
    Lower DeviceData: 0xfffff8a0033bc930, 0xfffffa8006cab680, 0xfffffa800aa50e40
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 7F1F470A
    Partition information:
    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 1985
    Partition 1 type is Dynamic (0x42)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 112640000
    Partition is not bootable
    Partition 2 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 112642048 Numsec = 1840881072
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa800870e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007ce5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800870e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008724b60, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00ffcc930, 0xfffffa800870e790, 0xfffffa800aab1790
    Lower DeviceData: 0xfffff8a00ff2e1d0, 0xfffffa8008724b60, 0xfffffa800aa5be40
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C3072E18
    Partition information:
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064 Numsec = 7622784
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 3906994176 bytes
    Sector size: 512 bytes
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa8008c1e140, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008cd8450, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008c1e140, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008c45060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa8008c2c060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008c2cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008c2c060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008c3b060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 5, DevicePointer: 0xfffffa8008bfb060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008bfbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008bfb060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008c2f5b0, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 6, DevicePointer: 0xfffffa8008c2b790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008c004b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008c2b790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008c08830, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.206000 GHz
    Memory total: 8589135872, free: 7399583744
    =======================================
     
  14. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. regan

    regan TS Rookie Topic Starter

    ComboFix 13-04-18.01 - RLFENT 18-Apr-13 16:01:42.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5659 [GMT 10:00]
    Running from: c:\users\RLFENT\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\app
    c:\programdata\app\drivers.ini
    c:\programdata\boost_interprocess\20130410123527.031325
    c:\programdata\boost_interprocess\20130410123527.031325\d1acd4fb4a00f612bca8861efe9c2566
    c:\users\RLFENT\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-18 06:04 . 2013-04-18 06:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-04-18 06:04 . 2013-04-18 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-04-18 03:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C2DA883-041C-41DE-837E-E9DAC094EAD6}\mpengine.dll
    2013-04-17 06:42 . 2013-04-17 07:05 -------- d-----w- c:\users\RLFENT\AppData\Roaming\Nero
    2013-04-17 06:40 . 2013-04-17 06:40 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2013-04-17 06:40 . 2013-04-17 06:41 -------- d-----w- c:\program files (x86)\Nero
    2013-04-17 06:40 . 2013-04-17 06:41 -------- d-----w- c:\programdata\Nero
    2013-04-17 06:37 . 2008-10-14 20:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
    2013-04-17 06:37 . 2007-05-16 06:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
    2013-04-17 03:15 . 2013-03-18 19:50 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-04-13 22:11 . 2013-04-13 22:11 -------- d-----w- C:\FRST
    2013-04-13 05:40 . 2012-10-22 21:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2866AD9C-949D-441D-A53E-09770AFC429B}\gapaengine.dll
    2013-04-13 05:21 . 2013-04-13 05:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2013-04-13 05:21 . 2013-04-13 05:21 -------- d-----w- c:\program files\Microsoft Security Client
    2013-04-12 10:23 . 2013-04-12 10:23 -------- d-----w- c:\programdata\Intel(R) Update Manager
    2013-04-12 10:23 . 2013-04-12 10:23 -------- d-----w- C:\Intel
    2013-04-12 00:30 . 2013-04-12 10:10 -------- d-----w- c:\users\RLFENT\AppData\Local\ElevatedDiagnostics
    2013-04-11 10:17 . 2011-09-22 11:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
    2013-04-11 10:17 . 2011-09-22 11:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-04-11 10:17 . 2011-09-22 07:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-04-11 10:17 . 2013-04-11 10:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
    2013-04-11 10:17 . 2013-04-11 10:17 -------- d-----w- c:\program files\Microsoft.NET
    2013-04-10 08:17 . 2013-04-18 06:04 -------- d-----w- c:\users\RLFENT\AppData\Local\assembly
    2013-04-10 06:49 . 2013-04-10 06:49 -------- d-----w- c:\users\RLFENT\AppData\Local\Sanford,_L.P
    2013-04-10 06:49 . 2013-04-10 06:49 -------- d-----w- c:\users\RLFENT\AppData\Local\DYMO
    2013-04-10 06:46 . 2013-04-10 06:46 -------- d-----w- c:\program files (x86)\DYMO
    2013-04-10 06:43 . 2013-04-10 06:43 -------- d-----w- c:\program files\DYMO LabelWriter Drivers
    2013-04-10 06:42 . 2013-04-10 06:42 -------- d-----w- c:\programdata\DYMO
    2013-04-10 01:37 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-04-10 01:37 . 2013-02-22 06:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2013-04-10 01:37 . 2013-02-22 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-04-10 01:37 . 2013-02-22 04:10 149616 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-04-10 01:37 . 2013-02-22 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-04-10 01:37 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-04-10 01:35 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-10 01:35 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-10 01:35 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-04-10 01:35 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-10 01:35 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-04-10 01:35 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
    2013-04-09 00:34 . 2013-04-09 00:34 -------- d-----w- c:\windows\CheckSur
    2013-04-09 00:27 . 2013-01-31 09:24 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
    2013-04-09 00:24 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-04-09 00:24 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-04-08 08:18 . 2013-04-08 08:18 -------- d-----w- c:\programdata\IDM
    2013-04-08 05:43 . 2013-04-13 03:28 -------- d-----w- c:\users\RLFENT\AppData\Roaming\IDM
    2013-04-08 04:53 . 2013-04-08 04:53 -------- d-----w- c:\program files (x86)\MSECache
    2013-04-07 10:04 . 2013-04-07 10:04 -------- d-----w- c:\users\RLFENT\AppData\Roaming\Alibaba
    2013-04-07 10:04 . 2013-04-18 06:04 -------- d-----w- c:\programdata\boost_interprocess
    2013-04-07 09:50 . 2013-04-07 09:50 -------- d-----w- c:\users\RLFENT\AppData\Local\Programs
    2013-04-05 11:43 . 2013-04-05 11:32 166576 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2013-04-05 10:40 . 2013-04-05 11:08 131584 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2013-03-29 01:42 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-29 01:42 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-03-29 01:42 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-03-29 01:42 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-03-29 01:42 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-03-29 01:42 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-03-29 01:41 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-03-29 01:41 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-03-28 09:07 . 2013-03-28 09:07 -------- d-----w- c:\users\RLFENT\AppData\Local\Macromedia
    2013-03-25 04:14 . 2013-03-25 04:27 -------- d-----w- c:\users\RLFENT\AppData\Local\MicroVision Applications
    2013-03-25 04:13 . 2006-09-20 22:42 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
    2013-03-25 04:13 . 2006-09-20 22:42 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
    2013-03-25 04:13 . 2013-03-25 04:13 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared
    2013-03-25 04:12 . 2013-03-25 04:13 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5 - Primera
    2013-03-25 04:02 . 2013-03-25 04:18 -------- d-----w- c:\programdata\PTI
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-10 01:38 . 2012-09-04 07:59 72702784 ----a-w- c:\windows\system32\MRT.exe
    2013-04-04 04:50 . 2012-09-04 07:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-04-02 10:34 . 2012-09-04 07:29 282744 ------w- c:\windows\system32\MpSigStub.exe
    2013-03-27 05:58 . 2012-09-04 07:23 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-27 05:58 . 2012-09-04 07:23 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-15 02:52 . 2013-03-15 02:52 4466120 ----a-w- c:\windows\system32\aksllmtp.exe
    2013-03-15 02:52 . 2013-03-15 02:52 90056 ----a-w- c:\windows\system32\drivers\aksdf.sys
    2013-03-15 02:52 . 2013-03-15 02:52 77768 ----a-w- c:\windows\system32\aksusb4.dll
    2013-03-15 02:52 . 2013-03-15 02:52 70088 ----a-w- c:\windows\system32\akshhl30.dll
    2013-03-15 02:52 . 2013-03-15 02:52 63944 ----a-w- c:\windows\system32\drivers\akshhl.sys
    2013-03-15 02:52 . 2013-03-15 02:52 60488 ----a-w- c:\windows\system32\drivers\akshasp.sys
    2013-03-15 02:52 . 2013-03-15 02:52 331144 ----a-w- c:\windows\system32\drivers\hardlock.sys
    2013-03-15 02:52 . 2013-03-15 02:52 303368 ----a-w- c:\windows\system32\drivers\aksusb.sys
    2013-03-15 02:52 . 2013-03-15 02:52 21448 ----a-w- c:\windows\system32\drivers\aksclass.sys
    2013-03-15 02:52 . 2013-03-15 02:52 18376 ----a-w- c:\windows\system32\akshsp52.dll
    2013-03-15 02:52 . 2013-03-15 02:52 141064 ----a-w- c:\windows\system32\drivers\aksfridge.sys
    2013-02-19 12:32 . 2012-09-04 07:35 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-02-19 12:32 . 2013-02-19 12:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-02-19 12:32 . 2013-02-19 12:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-02-19 12:32 . 2012-09-04 07:35 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-02-19 12:32 . 2013-02-19 12:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-02-19 12:32 . 2012-02-09 12:43 1802528 ----a-w- c:\windows\system32\nvdispco64.dll
    2013-02-19 12:32 . 2013-02-19 12:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll
    2013-02-19 12:32 . 2013-02-19 12:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-02-19 12:32 . 2013-02-19 12:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-02-19 12:32 . 2012-09-04 07:35 2752880 ----a-w- c:\windows\system32\nvapi64.dll
    2013-02-19 12:32 . 2013-02-19 12:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-02-19 12:32 . 2013-02-19 12:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-02-19 12:32 . 2013-02-19 12:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-02-19 12:32 . 2013-02-19 12:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-02-19 12:32 . 2013-02-19 12:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-02-19 12:32 . 2013-02-19 12:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-02-19 12:32 . 2013-02-19 12:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-02-19 12:32 . 2013-02-19 12:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll
    2013-02-19 12:32 . 2013-02-19 12:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2013-02-12 05:45 . 2013-03-29 01:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-29 01:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-29 01:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-29 01:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-29 01:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-29 01:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-01-31 09:25 . 2012-09-04 07:36 6207776 ----a-w- c:\windows\system32\nvcpl.dll
    2013-01-31 09:25 . 2012-09-04 07:36 3300640 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-01-31 09:24 . 2012-09-04 07:36 878368 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-01-31 09:24 . 2012-09-04 07:36 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-01-31 09:24 . 2012-09-04 07:36 118560 ----a-w- c:\windows\system32\nvmctray.dll
    2013-01-20 05:59 . 2013-01-20 05:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 05:59 . 2013-01-20 05:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMScheduler;MBAMScheduler;e:\malwarebytes' anti-malware\mbamscheduler.exe [2013-04-04 418376]
    R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2013-04-04 701512]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
    R3 ndisahMP;ndisahMP;c:\windows\system32\DRIVERS\ndisah.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-02 56208]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2013-03-15 90056]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-10-09 32368]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-04-05 166576]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2012-02-01 342544]
    S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-02-01 70160]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
    S2 piserv;Primera Index Service;c:\windows\system32\piserv.exe [x]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    S3 CX88VID;WinFast CX2388x AvStream Driver;c:\windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-11-07 249584]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-11-07 77040]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 05:58]
    .
    2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000Core.job
    - c:\users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 07:39]
    .
    2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000UA.job
    - c:\users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 07:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07 23496 ----a-w- e:\idm\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com.au/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download all links with IDM - e:\idm\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - e:\idm\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\RLFENT\AppData\Roaming\Mozilla\Firefox\Profiles\uo0wru2c.default\
    FF - ExtSQL: 2013-04-08 18:19; mozilla_cc@internetdownloadmanager.com; c:\users\RLFENT\AppData\Roaming\IDM\idmmzcc5
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1654508899-1424364464-812079754-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):ac,0f,f3,8b,e9,78,fa,f1,bc,64,a9,6f,3f,26,ef,9a,dd,42,5e,e0,10,
    44,b8,4c,fd,6a,b6,73,6f,6c,e6,df,d2,89,14,3b,f5,66,e4,1c,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-1654508899-1424364464-812079754-1000_Classes\Wow6432Node\CLSID\{d4cc14db-bcc3-4979-bce1-3555dff62e8f}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000115
    "Therad"=dword:0000001f
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,e5,34,bf,cc,28,21,23,f5,40,cc,37,71,c4,77,d2,a2,9e,dd,52,38,61,66,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\SysWOW64\ASTSRV.EXE
    c:\windows\SysWOW64\piserv.exe
    .
    **************************************************************************
    .
    Completion time: 2013-04-18 16:18:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-04-18 06:18
    .
    Pre-Run: 15,355,961,344 bytes free
    Post-Run: 15,450,214,400 bytes free
    .
    - - End Of File - - DFFF620B6F6DED36A155431CCC73B9FC
     
  16. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    regan likes this.
  17. regan

    regan TS Rookie Topic Starter

    Computer running alor better now, firewall is on seems to be sweet thanks alot Bron amazing work I appreciate all your help.
     
  18. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Good :)
    Go on...
     
  19. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    Still with me?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,070   +257

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.