Solved Malware Audio Virus _ "Name not available" _ Win 7 Professional OS

[Stephen R]

Had a weird reboot after OTL was run. First it was a black screen - then it asked me if I trusted the application (blah, blah) - then notepad opened - and then I had a desktop. Here's the log:

All processes killed
========== OTL ==========
Service NisSrv stopped successfully!
Service NisSrv deleted successfully!
File c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe not found.
Service MsMpSvc stopped successfully!
Service MsMpSvc deleted successfully!
File c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MfeEpePcMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {444785F1-DE89-4295-863A-D46C3A781394}
C:\Windows\Downloaded Program Files\UnityWebPlayer.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{444785F1-DE89-4295-863A-D46C3A781394}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{444785F1-DE89-4295-863A-D46C3A781394}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ not found.
C:\Windows\SysNative\lxhyejm.sas moved successfully.
C:\Windows\SysNative\qtpidz.aey moved successfully.
File move failed. C:\Windows\SysNative\bqqwykl.zni scheduled to be moved on reboot.
C:\Windows\SysNative\jclndzy.dis moved successfully.
C:\Windows\SysWOW64\u moved successfully.
File move failed. C:\windows\SysNative\woaqio.qty scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\atoscny.gdw scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\bnjbz.lfl scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\xnzlxkr.bge scheduled to be moved on reboot.
C:\Windows\SysNative\znsrv.dsm moved successfully.
C:\Windows\SysNative\uzkvf.xyv moved successfully.
C:\Windows\SysNative\tjclg.jax moved successfully.
C:\windows\SysNative\wasc.jfg moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: HomeGroupUser$
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Yehuda
->Temp folder emptied: 13178348 bytes
->Temporary Internet Files folder emptied: 83541598 bytes
->Google Chrome cache emptied: 279273156 bytes
->Flash cache emptied: 1254 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 261087514 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 571378695 bytes
RecycleBin emptied: 237495733 bytes

Total Files Cleaned = 1,379.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest

User: HomeGroupUser$

User: Public

User: Yehuda

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest

User: HomeGroupUser$

User: Public

User: Yehuda
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret < ■Then click > in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 04182014_160736
Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\bqqwykl.zni scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\woaqio.qty scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\atoscny.gdw scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\bnjbz.lfl scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\xnzlxkr.bge scheduled to be moved on reboot.
C:\Users\Yehuda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\windows\temp\fla43A9.tmp not found!
C:\windows\temp\fla51E2.tmp moved successfully.
C:\windows\temp\fla5D71.tmp moved successfully.
C:\windows\temp\fla69AE.tmp moved successfully.
C:\windows\temp\fla6F4D.tmp moved successfully.
C:\windows\temp\fla7663.tmp moved successfully.
C:\windows\temp\fla779A.tmp moved successfully.
C:\windows\temp\fla8F0C.tmp moved successfully.
C:\windows\temp\fla91D3.tmp moved successfully.
C:\windows\temp\fla956.tmp moved successfully.
C:\windows\temp\fla98E1.tmp moved successfully.
C:\windows\temp\flaAA83.tmp moved successfully.
C:\windows\temp\flaB266.tmp moved successfully.
C:\windows\temp\flaB99B.tmp moved successfully.
C:\windows\temp\flaC2F3.tmp moved successfully.
File\Folder C:\windows\temp\flaC72C.tmp not found!
File\Folder C:\windows\temp\flaD669.tmp not found!
C:\windows\temp\flaE7F4.tmp moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\2[1].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\AdDisplayTrackerServlet[1].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\ad[8].gif not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\ad[9].gif not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\emily[1].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\emily[2].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\fastbutton[1].htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\ifCA6XBIYR.htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\ifCABZKN33.htm not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\iframe[2].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\popular-videos[1].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\SPLIT_14_SPLIT_1_ENGLISH_07[1].mp4 moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU8GTQVP\syndication[1].js not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\5[1].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\ba[1].htm not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\bwoxy4x4z3oaqpbqe2qgplqo0ckdlg[2].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\C-WU_kIQVbQ[1].htm not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\emily[1].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\emily[2].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\featured-playlist[1].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\fpi[5].htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\ifCAEFDSSC.htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\ifCAR04WWN.htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\rt=ifr[3].htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY84YZ31\showad[1].htm not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0V8OZ5U\3[1].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0V8OZ5U\ifCAEPYEWR.htm not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0V8OZ5U\latest-videos[1].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0V8OZ5U\www2_thegloss_com[1].htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0V8OZ5U\zdhYzhkYjY5ZTU4ZmYscCwyMDMzLDc0MjM1LDMzOTk5MzksNTMxOTMsMTE5NzczJm10PTEmcmI9MzQ1JnJlPTIwNzg1JmRpPSZkYz0z;sz=160x600;ord=1397855439860[1].htm not found!
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJ7XGG03\ifCAWWJ2OZ.htm not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJ7XGG03\vpixel[1].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEQQRKGS\4[1].htm moved successfully.
File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEQQRKGS\Pix-1x1[2].gif not found!
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M6PW62T\1[1].htm moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M6PW62T\vp_c[3].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Stephen R]

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security 6.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

[Stephen R]

According to your FSS instructions - it says "run on the affected computer" - I'd like to point out that I have no other accessible computer so the affected computer has what I've been using to download all programs and respond, etc.

Farbar Service Scanner Version: 25-02-2014
Ran by Yehuda (administrator) on 18-04-2014 at 16:26:58
Running from "C:\Users\Yehuda\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____A () D41D8CD98F00B204E9800998ECF8427E
ATTENTION!=====> C:\Windows\System32\rpcss.dll IS INFECTED.
**** End of log ****

 

[Stephen R]

Ummm....I disabled my AntiVirus program per instructions for F-Secure Online program. But there's no button to have a "Full Report" when you click "next" after the scan it opens up an IE window that says "google search"????

The only thing it said is that I have no security program running and it offered me to "get SAFE"

I looked into C:\ and didn't find it there either. where is the report?

 

[Stephen R]

To detail it further - it stated "No files were found harmful" - just to be sure I did it right - I ran the scan twice. Still no "report" option...

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Stephen R]

Um. Please forgive me. But, with all due respect. My computer is not clean. I still have the "audio ad" "name not available in my audio mixer." - At the bottom of the FSS report I listed it says quite plainly "rpcss.dll is infected" -

Now I understand I'm not the tech and I'm not the one capable of fixing it. But, I'm just letting you know the circumstances. It's still here.

Is there anything else you can do?

 

[Stephen R]

And as far as my computer goes - with IE open - it's running at 2.61 gb RAM (Well above what it's supposed to)

However, I will tell you that my computer memory has jumped way down from all the programs we ran.

 

[Broni]

You're right. My bad.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
• Press Scan button.[/*]
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.[/*]

Re-run FRST again.
Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes in your reply.

 

[Stephen R]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014
Ran by Yehuda (administrator) on YR-HP1 on 20-04-2014 06:26:19
Running from C:\Users\Yehuda\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(AMD) C:\windows\system32\atieclxx.exe
(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\windows\ehome\ehRecvr.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6326448 2012-12-21] (ESET)
HKLM\...\Run: [XboxStat] => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-06] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-15] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] ()
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [SkyDrive] => C:\Users\Yehuda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-04] (Microsoft Corporation)
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-08] (Take-Two Interactive Software, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Yehuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.yahoo.com/neo/launch?.rand=at4apgd8tc104
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {F19BF151-A011-4FA8-9684-9B0E3B56DB31} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {F19BF151-A011-4FA8-9684-9B0E3B56DB31} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @otee.dk/UnityWebPlayer - C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Skype.com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-03-07]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-03-07]
Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=293224&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Yehuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation)
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [515072 2010-11-20] ()
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2013-07-01] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [515072 2010-11-20] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-19] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-07] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2012-12-21] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-12-21] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-12-21] (ESET)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-21] (McAfee, Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-13] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1862536 2012-07-27] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-04-20 06:26 - 2014-04-20 06:26 - 00019157 _____ () C:\Users\Yehuda\Desktop\FRST.txt
2014-04-20 06:26 - 2014-04-20 06:26 - 00000000 ____D () C:\FRST
2014-04-20 06:25 - 2014-04-20 06:25 - 02055680 _____ (Farbar) C:\Users\Yehuda\Desktop\FRST64.exe
2014-04-20 06:22 - 2014-04-20 06:22 - 00000000 _____ () C:\windows\setuperr.log
2014-04-20 06:22 - 2014-04-20 06:22 - 00000000 _____ () C:\windows\setupact.log
2014-04-19 12:37 - 2014-04-20 06:22 - 00046378 _____ () C:\windows\WindowsUpdate.log
2014-04-18 16:44 - 2014-04-18 16:44 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Desktop\F-SecureOnlineScanner-HC.exe
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-18 16:37 - 2014-04-18 16:37 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Downloads\F-SecureOnlineScanner-HC.exe
2014-04-18 16:29 - 2014-04-18 16:29 - 00448512 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\TFC.exe
2014-04-18 16:26 - 2014-04-18 16:27 - 00002625 _____ () C:\Users\Yehuda\Desktop\FSS.txt
2014-04-18 16:26 - 2014-04-18 16:26 - 00409600 _____ (Farbar) C:\Users\Yehuda\Desktop\FSS.exe
2014-04-18 16:25 - 2014-04-19 16:16 - 00000079 _____ () C:\windows\system32\lxhyejm.sas
2014-04-18 16:21 - 2014-04-18 16:21 - 00855379 _____ () C:\Users\Yehuda\Desktop\SecurityCheck.exe
2014-04-18 16:15 - 2014-04-18 16:15 - 00000064 _____ () C:\windows\system32\jclndzy.dis
2014-04-18 16:07 - 2014-04-18 16:07 - 00000000 ____D () C:\_OTL
2014-04-18 05:53 - 2014-04-18 05:53 - 00119488 _____ () C:\Users\Yehuda\Desktop\OTL.Txt
2014-04-18 05:53 - 2014-04-18 05:53 - 00081380 _____ () C:\Users\Yehuda\Desktop\Extras.Txt
2014-04-18 05:45 - 2014-04-18 05:45 - 00000797 _____ () C:\Users\Yehuda\Desktop\JRT.txt
2014-04-18 05:38 - 2014-04-18 05:38 - 00000000 ____D () C:\windows\ERUNT
2014-04-18 05:32 - 2014-04-18 05:33 - 00000000 ____D () C:\AdwCleaner
2014-04-18 05:32 - 2014-04-18 05:32 - 01016261 _____ (Thisisu) C:\Users\Yehuda\Desktop\JRT.exe
2014-04-18 05:32 - 2014-04-18 05:32 - 00602112 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\OTL.exe
2014-04-18 05:31 - 2014-04-18 05:31 - 01426178 _____ () C:\Users\Yehuda\Desktop\adwcleaner.exe
2014-04-18 05:23 - 2014-04-18 05:23 - 00161492 _____ () C:\Users\Yehuda\Desktop\false.dib
2014-04-18 05:22 - 2014-04-18 05:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-18 05:07 - 2014-04-18 16:03 - 00000106 _____ () C:\windows\system32\bqqwykl.zni
2014-04-18 05:06 - 2014-04-18 05:06 - 03218352 _____ (McAfee, Inc.) C:\Users\Yehuda\Desktop\MCPR.exe
2014-04-18 04:52 - 2014-04-18 04:52 - 00301959 ____S () C:\windows\system32\axchtba.lmm
2014-04-16 22:51 - 2014-04-16 22:51 - 00027747 _____ () C:\ComboFix.txt
2014-04-16 21:12 - 2014-04-16 21:12 - 00000000 ____S () C:\windows\system32\woaqio.qty
2014-04-16 00:40 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-16 00:40 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-16 00:40 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-16 00:38 - 2014-04-16 22:51 - 00000000 ____D () C:\Qoobox
2014-04-16 00:38 - 2014-04-16 00:49 - 00000000 ____D () C:\windows\erdnt
2014-04-16 00:36 - 2014-04-16 00:36 - 05194807 ____R (Swearware) C:\Users\Yehuda\Desktop\ComboFix.exe
2014-04-15 17:07 - 2014-04-15 17:07 - 00000000 ____S () C:\windows\system32\atoscny.gdw
2014-04-15 15:14 - 2014-04-15 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-15 15:13 - 2014-04-15 15:47 - 00000000 ____D () C:\Users\Yehuda\Desktop\mbar
2014-04-15 15:10 - 2014-04-15 15:10 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Yehuda\Desktop\mbar-1.07.0.1009.exe
2014-04-15 15:06 - 2014-04-15 15:06 - 00002351 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_D_04152014_150605.txt
2014-04-15 15:05 - 2014-04-15 15:05 - 00002265 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_S_04152014_150556.txt
2014-04-15 15:04 - 2014-04-16 00:58 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\CrashDumps
2014-04-15 15:03 - 2014-04-15 15:06 - 00000000 ____D () C:\Users\Yehuda\Desktop\RK_Quarantine
2014-04-15 15:02 - 2014-04-15 15:02 - 03972608 _____ () C:\Users\Yehuda\Desktop\RogueKiller.exe
2014-04-13 22:32 - 2014-04-13 22:32 - 00022974 _____ () C:\Users\Yehuda\Desktop\dds.txt
2014-04-13 22:32 - 2014-04-13 22:32 - 00018679 _____ () C:\Users\Yehuda\Desktop\attach.txt
2014-04-13 22:30 - 2014-04-13 22:30 - 00688992 ____R (Swearware) C:\Users\Yehuda\Desktop\dds.com
2014-04-13 22:16 - 2014-04-15 15:36 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 22:16 - 2014-04-15 15:36 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 22:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-13 22:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-13 22:14 - 2014-04-13 22:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Yehuda\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-13 04:59 - 2014-04-13 04:59 - 01153912 _____ (Emsi Software GmbH) C:\Users\Yehuda\Desktop\BlitzBlank.exe
2014-04-13 04:24 - 2014-04-19 12:35 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-13 04:16 - 2014-01-26 02:40 - 00286272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-13 04:14 - 2014-04-13 04:14 - 00062032 _____ () C:\Users\Yehuda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 16:53 - 2014-04-10 16:53 - 00000000 ____S () C:\windows\system32\bnjbz.lfl
2014-04-09 21:54 - 2014-04-09 21:54 - 00000000 ____S () C:\windows\system32\xnzlxkr.bge
2014-04-04 17:09 - 2014-04-04 17:09 - 00688635 _____ () C:\Users\Yehuda\Downloads\13966493180008_germany_G_Tiger_canada_a.wotreplay
2014-04-04 11:51 - 2014-04-20 06:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e.job
2014-04-04 11:51 - 2014-04-19 12:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12.job
2014-04-04 11:51 - 2014-04-04 11:51 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e
2014-04-04 11:51 - 2014-04-04 11:51 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\Program Files\WorldOfTanks
==================== One Month Modified Files and Folders =======
2014-04-20 06:26 - 2014-04-20 06:26 - 00019157 _____ () C:\Users\Yehuda\Desktop\FRST.txt
2014-04-20 06:26 - 2014-04-20 06:26 - 00000000 ____D () C:\FRST
2014-04-20 06:25 - 2014-04-20 06:25 - 02055680 _____ (Farbar) C:\Users\Yehuda\Desktop\FRST64.exe
2014-04-20 06:22 - 2014-04-20 06:22 - 00000000 _____ () C:\windows\setuperr.log
2014-04-20 06:22 - 2014-04-20 06:22 - 00000000 _____ () C:\windows\setupact.log
2014-04-20 06:22 - 2014-04-19 12:37 - 00046378 _____ () C:\windows\WindowsUpdate.log
2014-04-20 06:22 - 2014-04-04 11:51 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e.job
2014-04-19 17:10 - 2013-08-27 14:25 - 00000000 ____D () C:\Program Files (x86)\World of Tanks
2014-04-19 16:16 - 2014-04-18 16:25 - 00000079 _____ () C:\windows\system32\lxhyejm.sas
2014-04-19 12:42 - 2009-07-13 23:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 12:42 - 2009-07-13 23:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 12:40 - 2009-07-14 00:13 - 00783592 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-19 12:38 - 2014-01-07 19:13 - 00000000 ___RD () C:\Users\Yehuda\SkyDrive
2014-04-19 12:38 - 2013-04-30 10:32 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\PMB Files
2014-04-19 12:38 - 2013-03-06 22:11 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8001F596-F136-4C46-BCFD-B713C2E4D632}
2014-04-19 12:35 - 2014-04-13 04:24 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-19 12:35 - 2014-04-04 11:51 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12.job
2014-04-19 12:35 - 2013-01-26 10:45 - 00004524 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-04-19 12:35 - 2013-01-26 10:45 - 00000043 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-04-19 12:35 - 2012-08-15 20:46 - 00000787 _____ () C:\windows\SysWOW64\bscs.ini
2014-04-19 12:35 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-18 16:44 - 2014-04-18 16:44 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Desktop\F-SecureOnlineScanner-HC.exe
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-18 16:38 - 2013-03-14 16:52 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForYehuda
2014-04-18 16:38 - 2013-03-14 16:52 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForYehuda.job
2014-04-18 16:37 - 2014-04-18 16:37 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Downloads\F-SecureOnlineScanner-HC.exe
2014-04-18 16:29 - 2014-04-18 16:29 - 00448512 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\TFC.exe
2014-04-18 16:27 - 2014-04-18 16:26 - 00002625 _____ () C:\Users\Yehuda\Desktop\FSS.txt
2014-04-18 16:26 - 2014-04-18 16:26 - 00409600 _____ (Farbar) C:\Users\Yehuda\Desktop\FSS.exe
2014-04-18 16:21 - 2014-04-18 16:21 - 00855379 _____ () C:\Users\Yehuda\Desktop\SecurityCheck.exe
2014-04-18 16:15 - 2014-04-18 16:15 - 00000064 _____ () C:\windows\system32\jclndzy.dis
2014-04-18 16:07 - 2014-04-18 16:07 - 00000000 ____D () C:\_OTL
2014-04-18 16:03 - 2014-04-18 05:07 - 00000106 _____ () C:\windows\system32\bqqwykl.zni
2014-04-18 07:53 - 2014-02-13 12:03 - 00000000 ____D () C:\Users\Yehuda\Desktop\world of tanks mods
2014-04-18 05:53 - 2014-04-18 05:53 - 00119488 _____ () C:\Users\Yehuda\Desktop\OTL.Txt
2014-04-18 05:53 - 2014-04-18 05:53 - 00081380 _____ () C:\Users\Yehuda\Desktop\Extras.Txt
2014-04-18 05:45 - 2014-04-18 05:45 - 00000797 _____ () C:\Users\Yehuda\Desktop\JRT.txt
2014-04-18 05:38 - 2014-04-18 05:38 - 00000000 ____D () C:\windows\ERUNT
2014-04-18 05:33 - 2014-04-18 05:32 - 00000000 ____D () C:\AdwCleaner
2014-04-18 05:32 - 2014-04-18 05:32 - 01016261 _____ (Thisisu) C:\Users\Yehuda\Desktop\JRT.exe
2014-04-18 05:32 - 2014-04-18 05:32 - 00602112 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\OTL.exe
2014-04-18 05:31 - 2014-04-18 05:31 - 01426178 _____ () C:\Users\Yehuda\Desktop\adwcleaner.exe
2014-04-18 05:23 - 2014-04-18 05:23 - 00161492 _____ () C:\Users\Yehuda\Desktop\false.dib
2014-04-18 05:22 - 2014-04-18 05:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-18 05:06 - 2014-04-18 05:06 - 03218352 _____ (McAfee, Inc.) C:\Users\Yehuda\Desktop\MCPR.exe
2014-04-18 04:53 - 2013-04-04 16:30 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-18 04:53 - 2013-03-07 20:29 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-18 04:52 - 2014-04-18 04:52 - 00301959 ____S () C:\windows\system32\axchtba.lmm
2014-04-16 22:51 - 2014-04-16 22:51 - 00027747 _____ () C:\ComboFix.txt
2014-04-16 22:51 - 2014-04-16 00:38 - 00000000 ____D () C:\Qoobox
2014-04-16 22:50 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-04-16 21:12 - 2014-04-16 21:12 - 00000000 ____S () C:\windows\system32\woaqio.qty
2014-04-16 01:21 - 2013-10-07 18:10 - 00000000 ____D () C:\windows\Minidump
2014-04-16 00:58 - 2014-04-15 15:04 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\CrashDumps
2014-04-16 00:49 - 2014-04-16 00:38 - 00000000 ____D () C:\windows\erdnt
2014-04-16 00:36 - 2014-04-16 00:36 - 05194807 ____R (Swearware) C:\Users\Yehuda\Desktop\ComboFix.exe
2014-04-15 17:07 - 2014-04-15 17:07 - 00000000 ____S () C:\windows\system32\atoscny.gdw
2014-04-15 15:47 - 2014-04-15 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-15 15:47 - 2014-04-15 15:13 - 00000000 ____D () C:\Users\Yehuda\Desktop\mbar
2014-04-15 15:36 - 2014-04-13 22:16 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 15:36 - 2014-04-13 22:16 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-15 15:10 - 2014-04-15 15:10 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Yehuda\Desktop\mbar-1.07.0.1009.exe
2014-04-15 15:06 - 2014-04-15 15:06 - 00002351 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_D_04152014_150605.txt
2014-04-15 15:06 - 2014-04-15 15:03 - 00000000 ____D () C:\Users\Yehuda\Desktop\RK_Quarantine
2014-04-15 15:05 - 2014-04-15 15:05 - 00002265 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_S_04152014_150556.txt
2014-04-15 15:02 - 2014-04-15 15:02 - 03972608 _____ () C:\Users\Yehuda\Desktop\RogueKiller.exe
2014-04-15 14:58 - 2013-01-26 10:44 - 00002198 _____ () C:\windows\epplauncher.mif
2014-04-13 22:32 - 2014-04-13 22:32 - 00022974 _____ () C:\Users\Yehuda\Desktop\dds.txt
2014-04-13 22:32 - 2014-04-13 22:32 - 00018679 _____ () C:\Users\Yehuda\Desktop\attach.txt
2014-04-13 22:30 - 2014-04-13 22:30 - 00688992 ____R (Swearware) C:\Users\Yehuda\Desktop\dds.com
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 22:15 - 2014-04-13 22:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Yehuda\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-13 07:36 - 2013-04-30 10:32 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-13 07:36 - 2013-03-29 13:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-13 07:36 - 2013-03-07 22:35 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\WinZip
2014-04-13 07:36 - 2013-03-06 22:09 - 00000000 ___RD () C:\Users\Yehuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-13 07:36 - 2013-03-06 22:09 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\bluesoleil
2014-04-13 07:36 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-04-13 04:59 - 2014-04-13 04:59 - 01153912 _____ (Emsi Software GmbH) C:\Users\Yehuda\Desktop\BlitzBlank.exe
2014-04-13 04:40 - 2013-05-08 18:22 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\uTorrent
2014-04-13 04:39 - 2013-03-06 23:04 - 00000000 ____D () C:\Users\Yehuda
2014-04-13 04:14 - 2014-04-13 04:14 - 00062032 _____ () C:\Users\Yehuda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-11 15:55 - 2013-03-06 22:10 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-04-10 22:00 - 2013-03-29 13:42 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 22:00 - 2013-03-29 13:42 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-04-10 16:53 - 2014-04-10 16:53 - 00000000 ____S () C:\windows\system32\bnjbz.lfl
2014-04-10 16:28 - 2013-03-07 22:36 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\DAEMON Tools Lite
2014-04-09 22:52 - 2013-03-08 15:50 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\SoftGrid Client
2014-04-09 21:54 - 2014-04-09 21:54 - 00000000 ____S () C:\windows\system32\xnzlxkr.bge
2014-04-08 21:33 - 2013-10-26 21:38 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\TS3Client
2014-04-08 02:05 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-04 17:09 - 2014-04-04 17:09 - 00688635 _____ () C:\Users\Yehuda\Downloads\13966493180008_germany_G_Tiger_canada_a.wotreplay
2014-04-04 13:37 - 2013-06-30 08:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-04 11:51 - 2014-04-04 11:51 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e
2014-04-04 11:51 - 2014-04-04 11:51 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12
2014-04-04 11:51 - 2014-02-20 10:31 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2e50df32284f
2014-04-04 11:50 - 2014-02-20 19:28 - 00002175 _____ () C:\Users\Yehuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-04 11:47 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-04-03 09:51 - 2014-04-13 22:16 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-13 22:16 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-25 18:21 - 2013-10-26 21:38 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\TeamSpeak 3 Client
2014-03-23 23:44 - 2013-09-24 17:50 - 00000000 ____D () C:\Games
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\Program Files\WorldOfTanks
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\rpcss.dll No Company Name <===== ATTENTION!
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-11 00:04
==================== End Of Log ============================

 

[Stephen R]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by Yehuda at 2014-04-20 06:27:08
Running from C:\Users\Yehuda\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70329.2315 - Advanced Micro Devices, Inc.) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.0.0.4 - Hewlett-Packard Company)
DirectVobSub 2.40.4109 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4109 - MPC-HC Team)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Pack for Pocket Tanks Deluxe (HKLM-x32\...\Energy Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Smart Security (HKLM\...\{45CA4B17-F1C4-4058-8164-367AA349D85A}) (Version: 6.0.308.0 - ESET, spol s r. o.)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
GameFly (HKLM-x32\...\GameFly) (Version: 1.2.378 - GameFly, Inc.)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1106.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.0.3384 - Hewlett-Packard) Hidden
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 7.0.0.1177 - Hewlett-Packard Company) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation) Hidden
Jedi Outcast (HKLM-x32\...\Jedi Outcast) (Version: 1.0 - Lucas Arts)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Antimalware Service Multi-Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Client MUI Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need For Speed Hot Pursuit 2 (HKLM-x32\...\{76F4DD9B-C246-4BE0-00B6-3DE9ABF72299}) (Version: - )
Need for Speed™ ProStreet (HKLM-x32\...\{D5BCDA27-176A-45C1-B2C9-0FD846A692F4}) (Version: 1.0.1.0 - Electronic Arts)
Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Plasma Pack for Pocket Tanks Deluxe (HKLM-x32\...\Plasma Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Prince of Persia - The Two Thrones™ (HKLM-x32\...\Prince of Persia - The Two Thrones™) (Version: - GameStop)
Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: 1.00.999 - Ubisoft)
Prince of Persia The Sands of Time (HKLM-x32\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
Prince of Persia The Two Thrones (x32 Version: 1.00.999 - Ubisoft) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version: - )
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.2.0 - Electronic Arts)
Skype Web Plugin (HKLM-x32\...\{2266F46F-0E46-491C-B278-DAF80F7C58D7}) (Version: 2.2.12059.16911 - Skype)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Splinter Cell (HKLM-x32\...\Splinter Cell_is1) (Version: - GOG.com)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars JK II Jedi Outcast (HKLM-x32\...\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.00.00000 - Ubisoft)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.04.000 - Ubisoft)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 1.6.2_8001 - Over The Edge I/S)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net)
==================== Restore Points =========================
11-04-2014 05:11:39 Scheduled Checkpoint
11-04-2014 20:50:49 Restore Operation
11-04-2014 23:35:22 Windows Update
13-04-2014 09:48:52 Windows Update
15-04-2014 20:08:03 Techspot Instruction
==================== Hosts content: ==========================
2009-07-13 21:34 - 2014-04-16 22:50 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1252EBA1-1190-4EEE-87E0-27CAFCA06D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {14A634D9-5B59-4723-8EBE-99D7E6CCE814} - System32\Tasks\GoogleUpdateTaskMachineUA1cec59f8615aea8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {42C858B9-F368-498A-9114-BAFEDBDEE74A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {46EEDBA5-86B8-47BC-B524-E9B5B96C6E6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {62E448F7-7B16-4DD8-AD8C-7C901310D671} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2e50df32284f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {990B3026-AA95-43E0-9905-3E83195A3DA1} - System32\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {B42B58E7-7BEF-442B-847C-591489D5B9DB} - System32\Tasks\{DC6A6076-CD1D-4EAB-8C38-83DB086C3639} => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-08] (Take-Two Interactive Software, Inc.)
Task: {C8A0AB2A-496E-40F6-A1E1-4C56FA8C45DD} - System32\Tasks\HPCeeScheduleForYehuda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CC345A77-C8C8-45AC-B86C-291AADF54CFD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {D469B61B-41FE-460C-9426-36548988994D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForYehuda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2010-11-20 22:24 - 2010-11-20 22:24 - 00515072 _____ () c:\windows\system32\rpcss.dll
2012-01-17 19:57 - 2012-01-17 19:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-21 19:14 - 2012-03-21 19:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 05:03 - 2011-10-12 05:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 16:18 - 2010-09-06 16:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-08-14 17:11 - 2012-08-14 17:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2012-08-15 20:20 - 2012-08-15 20:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2012-03-26 07:33 - 2012-03-26 07:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-26 16:20 - 2011-12-26 16:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-30 02:07 - 2012-03-30 02:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-26 10:13 - 2012-03-28 12:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2011-06-22 10:44 - 2011-06-22 10:44 - 00034304 _____ () C:\windows\System32\sst2cl6.dll
2010-02-28 03:33 - 2010-02-28 03:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2013-03-10 23:42 - 2013-03-10 23:42 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2134117ca053ce1825bac39b909a2946\IsdiInterop.ni.dll
2012-04-16 05:52 - 2012-02-01 20:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-26 10:12 - 2012-03-28 12:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2014 05:11:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631
Error: (04/19/2014 05:11:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631
Error: (04/19/2014 05:11:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2014 05:10:52 PM) (Source: Validity USDK) (User: )
Description: SSL alert by host: Description is: 47.
Error: (04/19/2014 05:10:49 PM) (Source: Application Hang) (User: )
Description: The program worldoftanks.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a94
Start Time: 01cf5c1c10fe85d6
Termination Time: 29
Application Path: C:\Program Files (x86)\World of Tanks\worldoftanks.exe
Report Id: 74b6d370-c80f-11e3-931e-a41731b0b176
Error: (04/19/2014 00:35:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/18/2014 07:46:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/18/2014 05:23:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15132
Error: (04/18/2014 05:23:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15132
Error: (04/18/2014 05:23:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (04/19/2014 05:07:31 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/19/2014 00:38:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/19/2014 00:38:31 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (04/19/2014 00:38:20 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
Error: (04/19/2014 00:38:12 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Endpoint Encryption Agent service terminated unexpectedly. It has done this 1 time(s).
Error: (04/19/2014 00:38:03 PM) (Source: Service Control Manager) (User: )
Description: The HP Connection Manager 4 Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/19/2014 00:37:55 PM) (Source: Service Control Manager) (User: )
Description: The File Sanitizer for HP ProtectTools service terminated unexpectedly. It has done this 1 time(s).
Error: (04/19/2014 00:37:50 PM) (Source: Service Control Manager) (User: )
Description: The HP Power Assistant Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/19/2014 00:37:46 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (04/19/2014 00:37:28 PM) (Source: Service Control Manager) (User: )
Description: The BsHelpCS service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (04/19/2014 05:11:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631
Error: (04/19/2014 05:11:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631
Error: (04/19/2014 05:11:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2014 05:10:52 PM) (Source: Validity USDK)(User: )
Description: Description is: 47
Error: (04/19/2014 05:10:49 PM) (Source: Application Hang)(User: )
Description: worldoftanks.exe0.9.0.0a9401cf5c1c10fe85d629C:\Program Files (x86)\World of Tanks\worldoftanks.exe74b6d370-c80f-11e3-931e-a41731b0b176
Error: (04/19/2014 00:35:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/18/2014 07:46:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/18/2014 05:23:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15132
Error: (04/18/2014 05:23:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15132
Error: (04/18/2014 05:23:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
Date: 2014-04-16 22:49:19.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-16 22:49:19.052
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-16 22:49:19.037
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-16 22:49:19.021
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-16 00:48:13.800
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-16 00:48:13.784
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8072.55 MB
Available physical RAM: 5555.43 MB
Total Pagefile: 16143.29 MB
Available Pagefile: 13091.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:676.36 GB) (Free:188.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.98 GB) (Free:3.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E201C75A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================

 

[Stephen R]

Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by Yehuda at 2014-04-20 06:31:28
Running from C:\Users\Yehuda\Desktop
Boot Mode: Normal
================== Search: "rpcss.dll" ===================
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____N (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\erdnt\cache64\rpcss.dll
[2014-04-16 22:50] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
====== End Of Search ======

 

[Stephen R]

Are you still following? Just waiting on your reply

 

[Broni]

Easter time

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

IMPORTANT! Restart computer.

Re-run FRST "Scan" one more time and post fresh log.

 

[Stephen R]

The computer opted to restart on its own. The following log "fixlog" is posted.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Yehuda at 2014-04-22 14:07:29 Run:1
Running from C:\Users\Yehuda\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-04-18 16:25 - 2014-04-19 16:16 - 00000079 _____ () C:\windows\system32\lxhyejm.sas
2014-04-18 16:15 - 2014-04-18 16:15 - 00000064 _____ () C:\windows\system32\jclndzy.dis
2014-04-18 05:07 - 2014-04-18 16:03 - 00000106 _____ () C:\windows\system32\bqqwykl.zni
2014-04-18 04:52 - 2014-04-18 04:52 - 00301959 ____S () C:\windows\system32\axchtba.lmm
2014-04-16 21:12 - 2014-04-16 21:12 - 00000000 ____S () C:\windows\system32\woaqio.qty
2014-04-15 17:07 - 2014-04-15 17:07 - 00000000 ____S () C:\windows\system32\atoscny.gdw
2014-04-10 16:53 - 2014-04-10 16:53 - 00000000 ____S () C:\windows\system32\bnjbz.lfl
2014-04-09 21:54 - 2014-04-09 21:54 - 00000000 ____S () C:\windows\system32\xnzlxkr.bge
Replace: C:\Windows\erdnt\cache64\rpcss.dll C:\Windows\System32\rpcss.dll
*****************
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP => Key deleted successfully.
catchme => Service deleted successfully.
C:\windows\system32\lxhyejm.sas => Moved successfully.
C:\windows\system32\jclndzy.dis => Moved successfully.
Could not move "C:\windows\system32\bqqwykl.zni" => Scheduled to move on reboot.
Could not move "C:\windows\system32\axchtba.lmm" => Scheduled to move on reboot.
C:\windows\system32\woaqio.qty => Moved successfully.
C:\windows\system32\atoscny.gdw => Moved successfully.
C:\windows\system32\bnjbz.lfl => Moved successfully.
C:\windows\system32\xnzlxkr.bge => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\erdnt\cache64\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-22 14:09:20)<=
C:\windows\system32\bqqwykl.zni => Is moved successfully.
C:\windows\system32\axchtba.lmm => Is moved successfully.
==== End of Fixlog ====

 

[Stephen R]

Already I can tell the performance is way better (almost like it was when I bought it )

AND! I don't see the virus in the found locations - but let me post the next log as instructed

 

[Stephen R]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Yehuda (administrator) on YR-HP1 on 22-04-2014 14:14:21
Running from C:\Users\Yehuda\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6326448 2012-12-21] (ESET)
HKLM\...\Run: [XboxStat] => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-06] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-15] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] ()
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [SkyDrive] => C:\Users\Yehuda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-04] (Microsoft Corporation)
HKU\S-1-5-21-2231480623-402096191-1866127443-1002\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-08] (Take-Two Interactive Software, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Yehuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.yahoo.com/neo/launch?.rand=at4apgd8tc104
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {F19BF151-A011-4FA8-9684-9B0E3B56DB31} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {F19BF151-A011-4FA8-9684-9B0E3B56DB31} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @otee.dk/UnityWebPlayer - C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Skype.com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-03-07]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-03-07]
Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=293224&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Yehuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2013-07-01] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-19] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-07] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2012-12-21] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-12-21] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-12-21] (ESET)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-21] (McAfee, Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-13] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1862536 2012-07-27] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-04-22 14:07 - 2014-04-22 14:07 - 00000000 ____D () C:\Users\Yehuda\Desktop\FRST-OlderVersion
2014-04-21 13:28 - 2014-04-21 13:28 - 594240646 _____ () C:\windows\MEMORY.DMP
2014-04-20 06:31 - 2014-04-20 06:33 - 00000759 _____ () C:\Users\Yehuda\Desktop\Search.txt
2014-04-20 06:27 - 2014-04-20 06:27 - 00035820 _____ () C:\Users\Yehuda\Desktop\Addition.txt
2014-04-20 06:26 - 2014-04-22 14:14 - 00019164 _____ () C:\Users\Yehuda\Desktop\FRST.txt
2014-04-20 06:26 - 2014-04-22 14:14 - 00000000 ____D () C:\FRST
2014-04-20 06:25 - 2014-04-22 14:07 - 02061312 _____ (Farbar) C:\Users\Yehuda\Desktop\FRST64.exe
2014-04-20 06:22 - 2014-04-22 14:09 - 00000112 _____ () C:\windows\setupact.log
2014-04-20 06:22 - 2014-04-20 06:22 - 00000000 _____ () C:\windows\setuperr.log
2014-04-19 12:37 - 2014-04-22 14:07 - 00237946 _____ () C:\windows\WindowsUpdate.log
2014-04-18 16:44 - 2014-04-18 16:44 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Desktop\F-SecureOnlineScanner-HC.exe
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-18 16:37 - 2014-04-18 16:37 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Downloads\F-SecureOnlineScanner-HC.exe
2014-04-18 16:29 - 2014-04-18 16:29 - 00448512 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\TFC.exe
2014-04-18 16:26 - 2014-04-18 16:27 - 00002625 _____ () C:\Users\Yehuda\Desktop\FSS.txt
2014-04-18 16:26 - 2014-04-18 16:26 - 00409600 _____ (Farbar) C:\Users\Yehuda\Desktop\FSS.exe
2014-04-18 16:21 - 2014-04-18 16:21 - 00855379 _____ () C:\Users\Yehuda\Desktop\SecurityCheck.exe
2014-04-18 16:07 - 2014-04-18 16:07 - 00000000 ____D () C:\_OTL
2014-04-18 05:53 - 2014-04-18 05:53 - 00119488 _____ () C:\Users\Yehuda\Desktop\OTL.Txt
2014-04-18 05:53 - 2014-04-18 05:53 - 00081380 _____ () C:\Users\Yehuda\Desktop\Extras.Txt
2014-04-18 05:45 - 2014-04-18 05:45 - 00000797 _____ () C:\Users\Yehuda\Desktop\JRT.txt
2014-04-18 05:38 - 2014-04-18 05:38 - 00000000 ____D () C:\windows\ERUNT
2014-04-18 05:32 - 2014-04-18 05:33 - 00000000 ____D () C:\AdwCleaner
2014-04-18 05:32 - 2014-04-18 05:32 - 01016261 _____ (Thisisu) C:\Users\Yehuda\Desktop\JRT.exe
2014-04-18 05:32 - 2014-04-18 05:32 - 00602112 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\OTL.exe
2014-04-18 05:31 - 2014-04-18 05:31 - 01426178 _____ () C:\Users\Yehuda\Desktop\adwcleaner.exe
2014-04-18 05:23 - 2014-04-18 05:23 - 00161492 _____ () C:\Users\Yehuda\Desktop\false.dib
2014-04-18 05:22 - 2014-04-18 05:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-18 05:06 - 2014-04-18 05:06 - 03218352 _____ (McAfee, Inc.) C:\Users\Yehuda\Desktop\MCPR.exe
2014-04-16 22:51 - 2014-04-16 22:51 - 00027747 _____ () C:\ComboFix.txt
2014-04-16 00:40 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-16 00:40 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-16 00:40 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-16 00:40 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-16 00:38 - 2014-04-16 22:51 - 00000000 ____D () C:\Qoobox
2014-04-16 00:38 - 2014-04-16 00:49 - 00000000 ____D () C:\windows\erdnt
2014-04-16 00:36 - 2014-04-16 00:36 - 05194807 ____R (Swearware) C:\Users\Yehuda\Desktop\ComboFix.exe
2014-04-15 15:14 - 2014-04-15 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-15 15:13 - 2014-04-15 15:47 - 00000000 ____D () C:\Users\Yehuda\Desktop\mbar
2014-04-15 15:10 - 2014-04-15 15:10 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Yehuda\Desktop\mbar-1.07.0.1009.exe
2014-04-15 15:06 - 2014-04-15 15:06 - 00002351 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_D_04152014_150605.txt
2014-04-15 15:05 - 2014-04-15 15:05 - 00002265 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_S_04152014_150556.txt
2014-04-15 15:04 - 2014-04-16 00:58 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\CrashDumps
2014-04-15 15:03 - 2014-04-15 15:06 - 00000000 ____D () C:\Users\Yehuda\Desktop\RK_Quarantine
2014-04-15 15:02 - 2014-04-15 15:02 - 03972608 _____ () C:\Users\Yehuda\Desktop\RogueKiller.exe
2014-04-13 22:32 - 2014-04-13 22:32 - 00022974 _____ () C:\Users\Yehuda\Desktop\dds.txt
2014-04-13 22:32 - 2014-04-13 22:32 - 00018679 _____ () C:\Users\Yehuda\Desktop\attach.txt
2014-04-13 22:30 - 2014-04-13 22:30 - 00688992 ____R (Swearware) C:\Users\Yehuda\Desktop\dds.com
2014-04-13 22:16 - 2014-04-15 15:36 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 22:16 - 2014-04-15 15:36 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 22:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-13 22:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-13 22:14 - 2014-04-13 22:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Yehuda\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-13 04:59 - 2014-04-13 04:59 - 01153912 _____ (Emsi Software GmbH) C:\Users\Yehuda\Desktop\BlitzBlank.exe
2014-04-13 04:24 - 2014-04-22 14:09 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-13 04:16 - 2014-01-26 02:40 - 00286272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-13 04:14 - 2014-04-13 04:14 - 00062032 _____ () C:\Users\Yehuda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 17:09 - 2014-04-04 17:09 - 00688635 _____ () C:\Users\Yehuda\Downloads\13966493180008_germany_G_Tiger_canada_a.wotreplay
2014-04-04 11:51 - 2014-04-22 14:09 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12.job
2014-04-04 11:51 - 2014-04-22 14:05 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e.job
2014-04-04 11:51 - 2014-04-04 11:51 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e
2014-04-04 11:51 - 2014-04-04 11:51 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12
==================== One Month Modified Files and Folders =======
2014-04-22 14:14 - 2014-04-20 06:26 - 00019164 _____ () C:\Users\Yehuda\Desktop\FRST.txt
2014-04-22 14:14 - 2014-04-20 06:26 - 00000000 ____D () C:\FRST
2014-04-22 14:13 - 2009-07-14 00:13 - 00783592 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-22 14:12 - 2012-08-15 20:46 - 00000787 _____ () C:\windows\SysWOW64\bscs.ini
2014-04-22 14:10 - 2014-01-07 19:13 - 00000000 ___RD () C:\Users\Yehuda\SkyDrive
2014-04-22 14:10 - 2013-04-30 10:32 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\PMB Files
2014-04-22 14:10 - 2013-01-26 10:45 - 00004524 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-04-22 14:09 - 2014-04-20 06:22 - 00000112 _____ () C:\windows\setupact.log
2014-04-22 14:09 - 2014-04-13 04:24 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-22 14:09 - 2014-04-04 11:51 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12.job
2014-04-22 14:09 - 2013-01-26 10:45 - 00000043 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-04-22 14:09 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-22 14:07 - 2014-04-22 14:07 - 00000000 ____D () C:\Users\Yehuda\Desktop\FRST-OlderVersion
2014-04-22 14:07 - 2014-04-20 06:25 - 02061312 _____ (Farbar) C:\Users\Yehuda\Desktop\FRST64.exe
2014-04-22 14:07 - 2014-04-19 12:37 - 00237946 _____ () C:\windows\WindowsUpdate.log
2014-04-22 14:07 - 2013-03-08 15:50 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\SoftGrid Client
2014-04-22 14:05 - 2014-04-04 11:51 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e.job
2014-04-21 14:10 - 2013-03-06 22:11 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8001F596-F136-4C46-BCFD-B713C2E4D632}
2014-04-21 13:36 - 2009-07-13 23:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 13:36 - 2009-07-13 23:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 13:28 - 2014-04-21 13:28 - 594240646 _____ () C:\windows\MEMORY.DMP
2014-04-21 13:28 - 2013-10-07 18:10 - 00000000 ____D () C:\windows\Minidump
2014-04-20 14:51 - 2013-08-27 14:25 - 00000000 ____D () C:\Program Files (x86)\World of Tanks
2014-04-20 06:33 - 2014-04-20 06:31 - 00000759 _____ () C:\Users\Yehuda\Desktop\Search.txt
2014-04-20 06:27 - 2014-04-20 06:27 - 00035820 _____ () C:\Users\Yehuda\Desktop\Addition.txt
2014-04-20 06:22 - 2014-04-20 06:22 - 00000000 _____ () C:\windows\setuperr.log
2014-04-18 16:44 - 2014-04-18 16:44 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Desktop\F-SecureOnlineScanner-HC.exe
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-18 16:38 - 2013-03-14 16:52 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForYehuda
2014-04-18 16:38 - 2013-03-14 16:52 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForYehuda.job
2014-04-18 16:37 - 2014-04-18 16:37 - 05124208 _____ (F-Secure Corporation) C:\Users\Yehuda\Downloads\F-SecureOnlineScanner-HC.exe
2014-04-18 16:29 - 2014-04-18 16:29 - 00448512 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\TFC.exe
2014-04-18 16:27 - 2014-04-18 16:26 - 00002625 _____ () C:\Users\Yehuda\Desktop\FSS.txt
2014-04-18 16:26 - 2014-04-18 16:26 - 00409600 _____ (Farbar) C:\Users\Yehuda\Desktop\FSS.exe
2014-04-18 16:21 - 2014-04-18 16:21 - 00855379 _____ () C:\Users\Yehuda\Desktop\SecurityCheck.exe
2014-04-18 16:07 - 2014-04-18 16:07 - 00000000 ____D () C:\_OTL
2014-04-18 07:53 - 2014-02-13 12:03 - 00000000 ____D () C:\Users\Yehuda\Desktop\world of tanks mods
2014-04-18 05:53 - 2014-04-18 05:53 - 00119488 _____ () C:\Users\Yehuda\Desktop\OTL.Txt
2014-04-18 05:53 - 2014-04-18 05:53 - 00081380 _____ () C:\Users\Yehuda\Desktop\Extras.Txt
2014-04-18 05:45 - 2014-04-18 05:45 - 00000797 _____ () C:\Users\Yehuda\Desktop\JRT.txt
2014-04-18 05:38 - 2014-04-18 05:38 - 00000000 ____D () C:\windows\ERUNT
2014-04-18 05:33 - 2014-04-18 05:32 - 00000000 ____D () C:\AdwCleaner
2014-04-18 05:32 - 2014-04-18 05:32 - 01016261 _____ (Thisisu) C:\Users\Yehuda\Desktop\JRT.exe
2014-04-18 05:32 - 2014-04-18 05:32 - 00602112 _____ (OldTimer Tools) C:\Users\Yehuda\Desktop\OTL.exe
2014-04-18 05:31 - 2014-04-18 05:31 - 01426178 _____ () C:\Users\Yehuda\Desktop\adwcleaner.exe
2014-04-18 05:23 - 2014-04-18 05:23 - 00161492 _____ () C:\Users\Yehuda\Desktop\false.dib
2014-04-18 05:22 - 2014-04-18 05:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-18 05:06 - 2014-04-18 05:06 - 03218352 _____ (McAfee, Inc.) C:\Users\Yehuda\Desktop\MCPR.exe
2014-04-18 04:53 - 2013-04-04 16:30 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-18 04:53 - 2013-03-07 20:29 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-16 22:51 - 2014-04-16 22:51 - 00027747 _____ () C:\ComboFix.txt
2014-04-16 22:51 - 2014-04-16 00:38 - 00000000 ____D () C:\Qoobox
2014-04-16 22:50 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-04-16 00:58 - 2014-04-15 15:04 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\CrashDumps
2014-04-16 00:49 - 2014-04-16 00:38 - 00000000 ____D () C:\windows\erdnt
2014-04-16 00:36 - 2014-04-16 00:36 - 05194807 ____R (Swearware) C:\Users\Yehuda\Desktop\ComboFix.exe
2014-04-15 15:47 - 2014-04-15 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-15 15:47 - 2014-04-15 15:13 - 00000000 ____D () C:\Users\Yehuda\Desktop\mbar
2014-04-15 15:36 - 2014-04-13 22:16 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 15:36 - 2014-04-13 22:16 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-15 15:10 - 2014-04-15 15:10 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Yehuda\Desktop\mbar-1.07.0.1009.exe
2014-04-15 15:06 - 2014-04-15 15:06 - 00002351 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_D_04152014_150605.txt
2014-04-15 15:06 - 2014-04-15 15:03 - 00000000 ____D () C:\Users\Yehuda\Desktop\RK_Quarantine
2014-04-15 15:05 - 2014-04-15 15:05 - 00002265 _____ () C:\Users\Yehuda\Desktop\RKreport[0]_S_04152014_150556.txt
2014-04-15 15:02 - 2014-04-15 15:02 - 03972608 _____ () C:\Users\Yehuda\Desktop\RogueKiller.exe
2014-04-15 14:58 - 2013-01-26 10:44 - 00002198 _____ () C:\windows\epplauncher.mif
2014-04-13 22:32 - 2014-04-13 22:32 - 00022974 _____ () C:\Users\Yehuda\Desktop\dds.txt
2014-04-13 22:32 - 2014-04-13 22:32 - 00018679 _____ () C:\Users\Yehuda\Desktop\attach.txt
2014-04-13 22:30 - 2014-04-13 22:30 - 00688992 ____R (Swearware) C:\Users\Yehuda\Desktop\dds.com
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 22:16 - 2014-04-13 22:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 22:15 - 2014-04-13 22:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Yehuda\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-13 07:36 - 2013-04-30 10:32 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-13 07:36 - 2013-03-29 13:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-13 07:36 - 2013-03-07 22:35 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\WinZip
2014-04-13 07:36 - 2013-03-06 22:09 - 00000000 ___RD () C:\Users\Yehuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-13 07:36 - 2013-03-06 22:09 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\bluesoleil
2014-04-13 07:36 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-04-13 04:59 - 2014-04-13 04:59 - 01153912 _____ (Emsi Software GmbH) C:\Users\Yehuda\Desktop\BlitzBlank.exe
2014-04-13 04:40 - 2013-05-08 18:22 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\uTorrent
2014-04-13 04:39 - 2013-03-06 23:04 - 00000000 ____D () C:\Users\Yehuda
2014-04-13 04:14 - 2014-04-13 04:14 - 00062032 _____ () C:\Users\Yehuda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-11 15:55 - 2013-03-06 22:10 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-04-10 22:00 - 2013-03-29 13:42 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 22:00 - 2013-03-29 13:42 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-04-10 16:28 - 2013-03-07 22:36 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\DAEMON Tools Lite
2014-04-08 21:33 - 2013-10-26 21:38 - 00000000 ____D () C:\Users\Yehuda\AppData\Roaming\TS3Client
2014-04-08 02:05 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-04 17:09 - 2014-04-04 17:09 - 00688635 _____ () C:\Users\Yehuda\Downloads\13966493180008_germany_G_Tiger_canada_a.wotreplay
2014-04-04 13:37 - 2013-06-30 08:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-04 11:51 - 2014-04-04 11:51 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf50262885764e
2014-04-04 11:51 - 2014-04-04 11:51 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf502628689f12
2014-04-04 11:51 - 2014-02-20 10:31 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2e50df32284f
2014-04-04 11:50 - 2014-02-20 19:28 - 00002175 _____ () C:\Users\Yehuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-04 11:47 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-04-03 09:51 - 2014-04-13 22:16 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-13 22:16 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-25 18:21 - 2013-10-26 21:38 - 00000000 ____D () C:\Users\Yehuda\AppData\Local\TeamSpeak 3 Client
2014-03-23 23:44 - 2013-09-24 17:50 - 00000000 ____D () C:\Games
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-11 00:04
==================== End Of Log ============================

 

[Broni]

Looks good

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Stephen R]

Computer working great - will definitely hold on to JRT - Malware - AdW - they were very helpful in knocking down some of the memory buildup of temp folders etc.

Now to ask a practical question - is this thread private or public?

 

[Broni]

Way to go!!
Good luck and stay safe

This topic is public.

 

[Stephen R]

Right - about that - is there a way to remove the threads that have my personal logs? not necessarily the thread? Don't know if hackers can access that information.

 

[Broni]

There is nothing sensitive in your logs.
Hundreds of logs like that are posted on all kind of forums every day.

If you insist I can remove whole topic. I can't remove parts of it because of the reason posted above. I simply wouldn't know what exactly you want me to remove.
Let me know.

 

[Stephen R]

No that's ok. As long as you're sure it's not going to be used as a way to "reinvent" better viruses/malware - I'm ok with leaving it up.

 

[Broni]