Solved Sirefef - 1 minute boot loop

N9ZN-Extra · Aug 10, 2012

I am running Windows 7 32 bit. I had MS firewall and security essentials active but this trojan got through anyway. The only thing I have done was a re-install of MS Security Essentials since the copy I had was missing services.

I look forward to getting this fixed so I can recover a few things and re-image the drive afterward. Here is the Log file from FarBar...

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 05:24:58
Running from F:\FarBar recovery tool
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [273672 2010-10-11] (Microsoft Corp.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1573448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [3203144 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [357448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [237568 2009-06-03] (Saitek)
HKLM\...\Run: [SaiMfd] "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [131072 2009-06-03] (Saitek)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Administrator\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Administrator\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [Epson Stylus NX420(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Users\ETERNA~1\AppData\Local\Temp\E_SE9F6.tmp" /EF "HKCU" [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\EternalKharas\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [hysoxqihotur] C:\Users\EternalKharas\hysoxqihotur.exe [93648 2012-08-09] (AOpen)
HKU\Guest\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
================================ Services (Whitelisted) ==================
2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 CHWBOLOCH; C:\Users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [490368 2012-06-27] (Sysinternals - www.sysinternals.com)
3 CPETLYED; C:\Users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [506752 2012-06-27] (Sysinternals - www.sysinternals.com)
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()
3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)
2 iReboot; "C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe" [9216 2008-04-27] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2010-05-02] (KSE - Korndörfer Software Engineering)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [191080 2010-03-22] (NVIDIA)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [167936 2007-01-20] ()
2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)
========================== Drivers (Whitelisted) =============
2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-07-12] (Phoenix Technologies)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-07-05] ()
1 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2012-05-10] (REALiX(tm))
3 LHidFlt2; C:\Windows\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.)
3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)
3 LMouFlt2; C:\Windows\System32\DRIVERS\LMouFlt2.Sys [70801 2003-12-17] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [295272 2009-11-11] (NVIDIA Corporation)
3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)
3 physX32; C:\Windows\System32\DRIVERS\physX32.sys [120960 2008-02-29] (AGEIA Technologies, Inc.)
3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()
3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-10] (Duplex Secure Ltd.)
3 GPU-Z; \??\C:\Users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-10 05:24 - 2012-08-10 05:24 - 00000000 ____D C:\FRST
2012-08-09 22:51 - 2012-08-09 22:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-09 22:09 - 2012-08-09 22:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-09 22:05 - 2012-08-09 22:05 - 00093648 ____A (AOpen) C:\Users\EternalKharas\hysoxqihotur.exe
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:48 - 2012-07-30 15:49 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-28 05:56 - 2012-07-28 07:26 - 00000000 ____D C:\Users\EternalKharas\Documents\Business donations
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Users\All Users\SolarWinds
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Program Files\SolarWinds
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 17:02 - 2012-07-27 17:02 - 00000000 ____D C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 21:15 - 2012-08-01 22:16 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\EternalKharas\Downloads\the_whigs
2012-07-21 09:01 - 2012-07-21 10:29 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-20 22:27 - 2012-07-21 02:13 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-19 05:23 - 2012-07-19 05:24 - 00000000 ____D C:\Program Files\HWiNFO32
2012-07-18 18:16 - 2012-07-18 18:16 - 00000000 __SHD C:\found.001
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-15 23:12 - 2012-08-09 14:29 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps
2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps
2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps
2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp
============ 3 Months Modified Files ========================
2012-08-09 23:19 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-09 23:18 - 2010-12-31 18:50 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-09 23:18 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 23:18 - 2009-07-13 20:39 - 00876280 ____A C:\Windows\setupact.log
2012-08-09 23:10 - 2012-06-19 07:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-09 23:03 - 2010-05-04 16:08 - 00148150 ____A C:\Windows\PFRO.log
2012-08-09 22:52 - 2011-06-29 04:33 - 01400340 ____A C:\Windows\WindowsUpdate.log
2012-08-09 22:52 - 2011-01-27 01:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-09 22:51 - 2011-06-29 03:46 - 00838082 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 22:41 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 22:41 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 22:40 - 2011-08-28 16:30 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job
2012-08-09 22:05 - 2012-08-09 22:05 - 00093648 ____A (AOpen) C:\Users\EternalKharas\hysoxqihotur.exe
2012-08-09 21:59 - 2010-12-31 18:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-09 15:00 - 2012-05-04 13:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-09 14:29 - 2012-07-15 23:12 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-08-09 04:21 - 2012-07-09 02:48 - 00009549 ____A C:\Users\EternalKharas\Desktop\crash.txt
2012-08-09 03:34 - 2011-08-28 16:30 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-08-02 08:56 - 2012-04-03 20:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 08:56 - 2011-05-19 12:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-01 22:16 - 2012-07-23 21:15 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:49 - 2012-07-30 15:48 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 04:46 - 2011-07-01 22:55 - 00007676 ____A C:\Users\EternalKharas\AppData\Local\Resmon.ResmonCfg
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 09:01 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-21 02:13 - 2012-07-20 22:27 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps
2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps
2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps
2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp
2012-07-10 23:39 - 2009-07-13 20:33 - 00415344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:01 - 2011-07-14 03:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 18:58 - 2012-07-10 18:58 - 00014336 ____A C:\Users\EternalKharas\Desktop\PAST and PRESENT.xls
2012-07-09 19:41 - 2010-06-11 02:33 - 00001220 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-09 08:08 - 2012-07-09 08:08 - 00111187 ____A C:\Users\EternalKharas\Documents\bank transfer 070912.xps
2012-07-08 17:25 - 2012-07-08 17:25 - 00224817 ____A C:\Users\EternalKharas\Desktop\Bubble.xps
2012-07-06 23:51 - 2012-07-06 23:51 - 00110723 ____A C:\Users\EternalKharas\Documents\bank transfer 070712.xps
2012-07-06 13:08 - 2012-07-06 12:46 - 00000724 ____A C:\Users\EternalKharas\Desktop\bigmyke.txt
2012-07-02 03:22 - 2012-07-02 03:22 - 00135354 ____A C:\Users\EternalKharas\Desktop\NeweggOrder.xps
2012-07-02 01:20 - 2012-07-02 01:20 - 00001226 ____A C:\Users\EternalKharas\Desktop\Revo Uninstaller.lnk
2012-07-01 09:04 - 2012-07-01 09:04 - 00110732 ____A C:\Users\EternalKharas\Documents\bank transfer 070112.xps
2012-06-29 23:05 - 2012-06-29 23:05 - 00020622 ____A C:\Users\EternalKharas\Documents\Backup of GTX480.wbk
2012-06-29 22:47 - 2012-06-27 08:38 - 00003940 ____A C:\Users\EternalKharas\Documents\GTX480.txt
2012-06-27 20:53 - 2012-06-27 08:57 - 00000193 ____A C:\Users\EternalKharas\Documents\GTX.txt
2012-06-26 12:33 - 2012-06-26 12:33 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (2).exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2.exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (1).exe
2012-06-25 12:19 - 2012-05-06 23:24 - 00209920 __ASH C:\Users\EternalKharas\Documents\Thumbs.db
2012-06-25 12:14 - 2012-06-25 12:03 - 00001766 ____A C:\Users\EternalKharas\Desktop\LCD Calculator v2.Vbs
2012-06-25 07:54 - 2012-06-25 07:54 - 00111388 ____A C:\Users\EternalKharas\Documents\bank transfer 062512.xps
2012-06-22 18:31 - 2012-06-22 18:30 - 00151229 ____A C:\Users\EternalKharas\Documents\WOW CARD 062212.xps
2012-06-22 03:11 - 2012-06-22 03:11 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter (1).vcf
2012-06-22 03:09 - 2012-06-22 03:09 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter.vcf
2012-06-21 23:35 - 2012-06-21 23:35 - 00187801 ____A C:\Users\EternalKharas\Documents\metropcs payment 062212.xps
2012-06-19 06:41 - 2012-06-19 06:41 - 00111381 ____A C:\Users\EternalKharas\Documents\bank transfer 061912.xps
2012-06-19 03:06 - 2012-06-19 03:06 - 00158616 ____A C:\Windows\Minidump\061912-24164-01.dmp
2012-06-19 01:30 - 2012-06-19 01:30 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-17 01:10 - 2012-06-17 01:10 - 00130488 ____A C:\Users\EternalKharas\Documents\Toshiba repair disk.xps
2012-06-16 06:46 - 2012-06-16 06:46 - 00111031 ____A C:\Users\EternalKharas\Documents\bank transfer 061612.xps
2012-06-11 18:40 - 2012-07-10 23:01 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 06:48 - 2012-06-11 06:48 - 00110917 ____A C:\Users\EternalKharas\Documents\bank transfer 061112.xps
2012-06-09 13:10 - 2012-06-09 13:10 - 00111512 ____A C:\Users\EternalKharas\Documents\bank transfer 060912(2).xps
2012-06-09 12:58 - 2012-06-09 12:58 - 00111496 ____A C:\Users\EternalKharas\Documents\bank transfer 060912.xps
2012-06-08 20:41 - 2012-07-10 15:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 18:47 - 2012-06-08 18:47 - 00111386 ____A C:\Users\EternalKharas\Documents\bank transfer 060812.xps
2012-06-08 11:23 - 2012-06-08 11:23 - 00001219 ___AH C:\Windows\System32\config\Journal - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\userdiff - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\software - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000902 ___AH C:\Windows\System32\config\system - Shortcut.lnk
2012-06-08 09:42 - 2012-06-08 09:25 - 1060726784 ____A C:\Users\EternalKharas\Desktop\jonathan.iso
2012-06-05 21:05 - 2012-07-10 15:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-04 04:29 - 2012-06-04 04:29 - 00111204 ____A C:\Users\EternalKharas\Documents\bank transfer 060412.xps
2012-06-02 14:19 - 2012-06-20 17:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 17:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-20 17:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-10 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-10 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 22:13 - 2012-06-01 22:13 - 00001036 ____A C:\Users\EternalKharas\Desktop\EVGA Precision.lnk
2012-06-01 20:45 - 2012-07-10 15:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 15:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 15:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 20:13 - 2012-03-22 19:27 - 00001050 ____A C:\Users\EternalKharas\Desktop\EVGA Precision X.lnk
2012-05-31 19:54 - 2012-05-31 19:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-25 09:38 - 2012-05-25 09:38 - 00001108 ____A C:\Users\EternalKharas\Documents\sally ansell (2).txt
2012-05-24 19:01 - 2012-05-24 19:01 - 00001362 ____A C:\Users\EternalKharas\Documents\sallyansel(2).txt
2012-05-24 13:38 - 2012-05-24 13:38 - 00187937 ____A C:\Users\EternalKharas\Documents\metropcs payment 052412.xps
2012-05-23 05:55 - 2012-05-23 05:55 - 00002885 ____A C:\Users\EternalKharas\Documents\sallyansel.txt
2012-05-23 01:35 - 2012-05-23 01:35 - 00111345 ____A C:\Users\EternalKharas\Documents\bank transfer 052312.xps
2012-05-22 17:30 - 2012-05-22 17:30 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-22 17:29 - 2012-05-22 17:29 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-05-21 19:30 - 2012-05-21 19:30 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-21 18:18 - 2012-05-21 18:18 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-21 10:28 - 2012-05-21 10:28 - 03896832 ____A C:\Users\EternalKharas\Downloads\ARGALIWYSETUP.EXE
2012-05-18 23:44 - 2012-05-18 23:44 - 00111124 ____A C:\Users\EternalKharas\Documents\bank transfer 051912.xps
2012-05-14 22:21 - 2012-05-14 22:21 - 00423744 ____A C:\Windows\System32\nvStreaming.exe
2012-05-13 23:08 - 2011-06-29 09:18 - 00000927 ____A C:\Users\Guest\Desktop\MagicDisc.lnk
2012-05-13 23:08 - 2011-06-29 09:18 - 00000927 ____A C:\Users\EternalKharas\Desktop\MagicDisc.lnk
2012-05-13 23:08 - 2011-06-29 09:18 - 00000927 ____A C:\Users\Administrator\Desktop\MagicDisc.lnk
2012-05-13 22:54 - 2012-05-13 22:54 - 00001773 ____A C:\Users\Guest\Desktop\MagicISO.lnk
2012-05-13 22:54 - 2012-05-13 22:54 - 00001773 ____A C:\Users\EternalKharas\Desktop\MagicISO.lnk
2012-05-13 22:54 - 2012-05-13 22:54 - 00001773 ____A C:\Users\Administrator\Desktop\MagicISO.lnk
ZeroAccess:
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\@
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\L
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\n
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\U
ZeroAccess:
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\@
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\L
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\n
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 8190.54 MB
Available physical RAM: 7607.41 MB
Total Pagefile: 8188.82 MB
Available Pagefile: 7630.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:148.96 GB) (Free:4.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 123 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 148 GB 48 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB MEMORY FAT Removable 122 MB Healthy
==================================================================================
Last Boot: 2012-08-07 08:07
======================= End Of Log ==========================

N9ZN-Extra · Aug 10, 2012

Forgot to mention 2 things in OP.

In addition to re-installing MS Security Essentials the following was also done.

1. I disconnected the SATA cable from one hard drive which was not being actively accessed although it was mounted at the time of infection.
2. I disconnected comm cables from PC to the router preventing internet access while the trojan is active. (Is there a chance the disconnected drive is also infected? No files on the drive were accessed during or after seeing the initial Security Essentials AV alert for SIREFEF.)

After re-install of Security Essentials the PC began displaying a critical error message box to notify the PC would reboot in one minute. This happens immediately after a successful boot and leaves no time to run any process to completion and / or display of the primary user screen.

My wish is someone has found a way to speed up the repair via automation however I will stick with you until we get this solved even if it requires manual intervention. Thank you in advance for your help! (y)

Jay Pfoutz · Aug 10, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Automated tools don't kill the infection. Only can be done manually!

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

N9ZN-Extra · Aug 10, 2012

As requested here is the SEARCH.TXT file from the affected system.

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 19:18:06
Running from F:\FarBar recovery tool
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-09 23:19] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===

N9ZN-Extra · Aug 11, 2012

Looks like many are infected by this piece of work. This leads me to my question but before asking, YES I do understand you are volunteering your time. I do the same thing during disasters all around the world.

Any idea how long this process will take before we can declare the PC disinfected?

N9ZN-Extra · Aug 11, 2012

That 10 minute time limit on a post edit is very short, I have posted my corrected post below.

Looks like many are infected by this piece of work. This leads me to my question but before asking, YES I understand you are volunteering your time and it is appreciated. I do the same thing during disasters all around the world with my Amateur Radio activities.

Any idea how long this process will take before we can declare the PC disinfected? A time estimate will help with a few decisions that must be made soon.

I have over 40 years of experience with computers (not all PC's of course) and this should speed things up when communicating or needing something done.

Jay Pfoutz · Aug 11, 2012

Cool. Well, I imagine no more than a couple of days.

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

N9ZN-Extra · Aug 11, 2012

If fix timing is that short I will not need contigency planning. Thank you for the reply!

I am going to attempt running combo fix but want to share the following for your consideration. This may provide additional insight to the depth of the problem.

1. Each time I boot, a message is generated noting critical system failure and a re-boot commences 1 minute thereafter. This prevents most programs from fully executing.
2. When attempting to boot into safe mode the option no longer appears in the post screen. It is as if F8 is no longer working, the options I did receive to boot into, Win 7 (recovered) or Vista (Vista SATA cable unplugged to prevent viral contamination) also no longer appear with or without F8 activation. F8 not working seems unrelated to SIREFEF however this was working 1 hour prior to the SIREFEF infection.
3. Because of the above I will download combo fix via Vista, rename it to svchost.exe, place the program on a flash drive, start Win7 with F8 (hope it works), attempt to copy svchost.exe Win 7 desktop (before re-boot commences, and execute the combo fix. Should I get the copy done prior to the system re-booting I will boot Win7 again and see if combo fix can complete execution.

N9ZN-Extra · Aug 11, 2012

Results of ComboFix attempted copy to desktop.

As suspected F8 is still no longer bringing up the multi-boot options on the post screen. I do see the options flash by quickly for booting Win7 or Vista and the system goes directly to the Win7 (default BCD OS) start screen.

After the system boots into Win7 there is not sufficient time to copy svchost.exe from the flash drive. Nor id there time to execute the svchost.exe directly fromthe flash drive. Both are being prevented by the 1 minute re-boot trigger that has been set.

Because of the above there is no option for me to rename svchost.exe to any other executable.

You have some time to think this through, it is time for sleep. I sleep 5 hours max so I will be back fairly soon to see what you came up with.

Can ComboFix be run against a non-active OS target system? If so I can access the drive from a seperate virgin Win7 OS on a different hard drive.

Another option may be to use BCD under startup repair command prompt to change the default HDD boot OS. This may (long shot) allow F8 to function if the PC does not go directly into Win7 boot.

If none of this appeals to you there is no need to mention why. Simply let me know what you want to do next.

N9ZN-Extra · Aug 11, 2012

I was successful in getting into safe mode via running msconfig (elevated mode) from start menu text box. I have also copied and renamed Combofix to desktop as svchost.exe.

ComboFix executes and shuts down before finishing because of the 1 minute re-boot.

Any ideas other than "SYSTEM FILE CHECKER" which will also shut down prior to finishing. Maybe I should re-install Win7 over what I have installed? The Ball is in your court.

Will combo fix run in safe mode command prompt only mode? This may prevent the re-boot but I am not sure.

Jay Pfoutz · Aug 12, 2012

Sorry you had to go through all that. I got the impression you could boot into Windows Normal Mode just fine.

Please run FRST scan and post a new log.

N9ZN-Extra · Aug 12, 2012

Here are the requested results. Thinking ahead yet another search for services.exe is included in the event you may request it again. Both of the results below were runs only minutes ago and are current as of today.

Considering the misunderstanding over my auto reboot loop are we still on the 2 day time line to completion of this process and declaring the system virus free? It is not a big deal if we are not, I need to know so I can arrange a few things that can be avoided if we continue on initial schedule estimates.

Updated Search results of 12-Aug-2012 from FRST looking for services.exe
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-09 23:19] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===
Updated FRST scan as of 12-Aug-2012
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 12-08-2012 08:05:41
Running from F:\FarBar recovery tool
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [273672 2010-10-11] (Microsoft Corp.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1573448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [3203144 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [357448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [237568 2009-06-03] (Saitek)
HKLM\...\Run: [SaiMfd] "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [131072 2009-06-03] (Saitek)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Administrator\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Administrator\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [Epson Stylus NX420(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Users\ETERNA~1\AppData\Local\Temp\E_SE9F6.tmp" /EF "HKCU" [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\EternalKharas\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [hysoxqihotur] C:\Users\EternalKharas\hysoxqihotur.exe [93648 2012-08-09] (AOpen)
HKU\Guest\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
================================ Services (Whitelisted) ==================
2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 CHWBOLOCH; C:\Users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [490368 2012-06-27] (Sysinternals - www.sysinternals.com)
3 CPETLYED; C:\Users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [506752 2012-06-27] (Sysinternals - www.sysinternals.com)
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()
3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)
2 iReboot; "C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe" [9216 2008-04-27] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2010-05-02] (KSE - Korndörfer Software Engineering)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [191080 2010-03-22] (NVIDIA)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [167936 2007-01-20] ()
2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)
========================== Drivers (Whitelisted) =============
2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-07-12] (Phoenix Technologies)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-07-05] ()
1 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2012-05-10] (REALiX(tm))
3 LHidFlt2; C:\Windows\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.)
3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)
3 LMouFlt2; C:\Windows\System32\DRIVERS\LMouFlt2.Sys [70801 2003-12-17] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl8107c55b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA219FEE-A8AF-4A86-9C2A-B0432D3EF7F4}\MpKsl8107c55b.sys [29904 2012-08-11] (Microsoft Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [295272 2009-11-11] (NVIDIA Corporation)
3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)
3 physX32; C:\Windows\System32\DRIVERS\physX32.sys [120960 2008-02-29] (AGEIA Technologies, Inc.)
3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()
3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-10] (Duplex Secure Ltd.)
3 GPU-Z; \??\C:\Users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-11 14:29 - 2012-08-11 14:29 - 00000000 ___SD C:\ComboFix
2012-08-11 14:28 - 2012-08-11 04:55 - 04728003 ___RA (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe
2012-08-11 14:24 - 2012-08-11 14:24 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (3).lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut.lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (2).lnk
2012-08-11 14:17 - 2012-08-11 14:17 - 00000000 ____D C:\Windows\erdnt
2012-08-11 14:17 - 2012-08-11 14:17 - 00000000 ____D C:\Qoobox
2012-08-11 14:17 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-11 14:17 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-11 14:17 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-10 05:24 - 2012-08-10 05:24 - 00000000 ____D C:\FRST
2012-08-09 22:51 - 2012-08-09 22:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-09 22:09 - 2012-08-09 22:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-09 22:05 - 2012-08-09 22:05 - 00093648 ____A (AOpen) C:\Users\EternalKharas\hysoxqihotur.exe
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:48 - 2012-07-30 15:49 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-28 05:56 - 2012-07-28 07:26 - 00000000 ____D C:\Users\EternalKharas\Documents\Business donations
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Users\All Users\SolarWinds
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Program Files\SolarWinds
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 17:02 - 2012-07-27 17:02 - 00000000 ____D C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 21:15 - 2012-08-01 22:16 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\EternalKharas\Downloads\the_whigs
2012-07-21 09:01 - 2012-07-21 10:29 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-20 22:27 - 2012-07-21 02:13 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-19 05:23 - 2012-07-19 05:24 - 00000000 ____D C:\Program Files\HWiNFO32
2012-07-18 18:16 - 2012-07-18 18:16 - 00000000 __SHD C:\found.001
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-15 23:12 - 2012-08-09 14:29 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps
============ 3 Months Modified Files ========================
2012-08-11 14:24 - 2012-08-11 14:24 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (3).lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut.lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (2).lnk
2012-08-11 14:13 - 2010-12-31 18:50 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-11 14:13 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-11 14:13 - 2009-07-13 20:39 - 01051536 ____A C:\Windows\setupact.log
2012-08-11 05:09 - 2012-06-19 07:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 04:55 - 2012-08-11 14:28 - 04728003 ___RA (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe
2012-08-09 23:19 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-09 23:03 - 2010-05-04 16:08 - 00148150 ____A C:\Windows\PFRO.log
2012-08-09 22:52 - 2011-06-29 04:33 - 01400340 ____A C:\Windows\WindowsUpdate.log
2012-08-09 22:52 - 2011-01-27 01:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-09 22:51 - 2011-06-29 03:46 - 00838082 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 22:41 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 22:41 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 22:40 - 2011-08-28 16:30 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job
2012-08-09 22:05 - 2012-08-09 22:05 - 00093648 ____A (AOpen) C:\Users\EternalKharas\hysoxqihotur.exe
2012-08-09 21:59 - 2010-12-31 18:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-09 15:00 - 2012-05-04 13:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-09 14:29 - 2012-07-15 23:12 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-08-09 04:21 - 2012-07-09 02:48 - 00009549 ____A C:\Users\EternalKharas\Desktop\crash.txt
2012-08-09 03:34 - 2011-08-28 16:30 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-08-02 08:56 - 2012-04-03 20:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 08:56 - 2011-05-19 12:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-01 22:16 - 2012-07-23 21:15 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:49 - 2012-07-30 15:48 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 04:46 - 2011-07-01 22:55 - 00007676 ____A C:\Users\EternalKharas\AppData\Local\Resmon.ResmonCfg
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 09:01 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-21 02:13 - 2012-07-20 22:27 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps
2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps
2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps
2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp
2012-07-10 23:39 - 2009-07-13 20:33 - 00415344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:01 - 2011-07-14 03:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 18:58 - 2012-07-10 18:58 - 00014336 ____A C:\Users\EternalKharas\Desktop\PAST and PRESENT.xls
2012-07-09 19:41 - 2010-06-11 02:33 - 00001220 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-09 08:08 - 2012-07-09 08:08 - 00111187 ____A C:\Users\EternalKharas\Documents\bank transfer 070912.xps
2012-07-08 17:25 - 2012-07-08 17:25 - 00224817 ____A C:\Users\EternalKharas\Desktop\Bubble.xps
2012-07-06 23:51 - 2012-07-06 23:51 - 00110723 ____A C:\Users\EternalKharas\Documents\bank transfer 070712.xps
2012-07-06 13:08 - 2012-07-06 12:46 - 00000724 ____A C:\Users\EternalKharas\Desktop\bigmyke.txt
2012-07-02 03:22 - 2012-07-02 03:22 - 00135354 ____A C:\Users\EternalKharas\Desktop\NeweggOrder.xps
2012-07-02 01:20 - 2012-07-02 01:20 - 00001226 ____A C:\Users\EternalKharas\Desktop\Revo Uninstaller.lnk
2012-07-01 09:04 - 2012-07-01 09:04 - 00110732 ____A C:\Users\EternalKharas\Documents\bank transfer 070112.xps
2012-06-29 23:05 - 2012-06-29 23:05 - 00020622 ____A C:\Users\EternalKharas\Documents\Backup of GTX480.wbk
2012-06-29 22:47 - 2012-06-27 08:38 - 00003940 ____A C:\Users\EternalKharas\Documents\GTX480.txt
2012-06-27 20:53 - 2012-06-27 08:57 - 00000193 ____A C:\Users\EternalKharas\Documents\GTX.txt
2012-06-26 12:33 - 2012-06-26 12:33 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (2).exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2.exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (1).exe
2012-06-25 12:19 - 2012-05-06 23:24 - 00209920 __ASH C:\Users\EternalKharas\Documents\Thumbs.db
2012-06-25 12:14 - 2012-06-25 12:03 - 00001766 ____A C:\Users\EternalKharas\Desktop\LCD Calculator v2.Vbs
2012-06-25 07:54 - 2012-06-25 07:54 - 00111388 ____A C:\Users\EternalKharas\Documents\bank transfer 062512.xps
2012-06-22 18:31 - 2012-06-22 18:30 - 00151229 ____A C:\Users\EternalKharas\Documents\WOW CARD 062212.xps
2012-06-22 03:11 - 2012-06-22 03:11 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter (1).vcf
2012-06-22 03:09 - 2012-06-22 03:09 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter.vcf
2012-06-21 23:35 - 2012-06-21 23:35 - 00187801 ____A C:\Users\EternalKharas\Documents\metropcs payment 062212.xps
2012-06-19 06:41 - 2012-06-19 06:41 - 00111381 ____A C:\Users\EternalKharas\Documents\bank transfer 061912.xps
2012-06-19 03:06 - 2012-06-19 03:06 - 00158616 ____A C:\Windows\Minidump\061912-24164-01.dmp
2012-06-19 01:30 - 2012-06-19 01:30 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-17 01:10 - 2012-06-17 01:10 - 00130488 ____A C:\Users\EternalKharas\Documents\Toshiba repair disk.xps
2012-06-16 06:46 - 2012-06-16 06:46 - 00111031 ____A C:\Users\EternalKharas\Documents\bank transfer 061612.xps
2012-06-11 18:40 - 2012-07-10 23:01 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 06:48 - 2012-06-11 06:48 - 00110917 ____A C:\Users\EternalKharas\Documents\bank transfer 061112.xps
2012-06-09 13:10 - 2012-06-09 13:10 - 00111512 ____A C:\Users\EternalKharas\Documents\bank transfer 060912(2).xps
2012-06-09 12:58 - 2012-06-09 12:58 - 00111496 ____A C:\Users\EternalKharas\Documents\bank transfer 060912.xps
2012-06-08 20:41 - 2012-07-10 15:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 18:47 - 2012-06-08 18:47 - 00111386 ____A C:\Users\EternalKharas\Documents\bank transfer 060812.xps
2012-06-08 11:23 - 2012-06-08 11:23 - 00001219 ___AH C:\Windows\System32\config\Journal - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\userdiff - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\software - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000902 ___AH C:\Windows\System32\config\system - Shortcut.lnk
2012-06-08 09:42 - 2012-06-08 09:25 - 1060726784 ____A C:\Users\EternalKharas\Desktop\jonathan.iso
2012-06-05 21:05 - 2012-07-10 15:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-04 04:29 - 2012-06-04 04:29 - 00111204 ____A C:\Users\EternalKharas\Documents\bank transfer 060412.xps
2012-06-02 14:19 - 2012-06-20 17:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 17:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-20 17:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-10 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-10 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 22:13 - 2012-06-01 22:13 - 00001036 ____A C:\Users\EternalKharas\Desktop\EVGA Precision.lnk
2012-06-01 20:45 - 2012-07-10 15:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 15:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 15:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 20:13 - 2012-03-22 19:27 - 00001050 ____A C:\Users\EternalKharas\Desktop\EVGA Precision X.lnk
2012-05-31 19:54 - 2012-05-31 19:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-25 09:38 - 2012-05-25 09:38 - 00001108 ____A C:\Users\EternalKharas\Documents\sally ansell (2).txt
2012-05-24 19:01 - 2012-05-24 19:01 - 00001362 ____A C:\Users\EternalKharas\Documents\sallyansel(2).txt
2012-05-24 13:38 - 2012-05-24 13:38 - 00187937 ____A C:\Users\EternalKharas\Documents\metropcs payment 052412.xps
2012-05-23 05:55 - 2012-05-23 05:55 - 00002885 ____A C:\Users\EternalKharas\Documents\sallyansel.txt
2012-05-23 01:35 - 2012-05-23 01:35 - 00111345 ____A C:\Users\EternalKharas\Documents\bank transfer 052312.xps
2012-05-22 17:30 - 2012-05-22 17:30 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-22 17:29 - 2012-05-22 17:29 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-05-21 19:30 - 2012-05-21 19:30 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-21 18:18 - 2012-05-21 18:18 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-21 10:28 - 2012-05-21 10:28 - 03896832 ____A C:\Users\EternalKharas\Downloads\ARGALIWYSETUP.EXE
2012-05-18 23:44 - 2012-05-18 23:44 - 00111124 ____A C:\Users\EternalKharas\Documents\bank transfer 051912.xps
ZeroAccess:
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\@
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\L
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\n
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\U
ZeroAccess:
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\@
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\L
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\n
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 8190.54 MB
Available physical RAM: 7611.4 MB
Total Pagefile: 8188.82 MB
Available Pagefile: 7626.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.22 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:148.96 GB) (Free:4.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 123 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 148 GB 48 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB MEMORY FAT Removable 122 MB Healthy
==================================================================================
Last Boot: 2012-08-07 08:07
======================= End Of Log ==========================

Jay Pfoutz · Aug 13, 2012

Due to the machine complicating the problem with the virus, we should keep two days more, just in case. I'd feel bad if you went away and still had a pretty bad infection, or a very hidden infection.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Users\EternalKharas\hysoxqihotur.exe
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

N9ZN-Extra · Aug 13, 2012

RESULTS SPLIT INTO 2 POST DUE TO CHARACTER LIMITS...

SYSTEM DISPLAYED THE CRITICAL ERROR MESSAGE WITH ONE MINUTE RE=BOOT. THE SYSTEM RE-BOOTED AFTER 1 MINUTE. Note: System re-booted in safe mode, I went back to msconfig and changed the boot sequence back to normal and re-booted again with the same results. The system is now set to boot in normal mode.

The following was copied to fixlist.txt on the flash drive where FRST.EXE is located...
start
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Users\EternalKharas\hysoxqihotur.exe
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
end

The resulting fixlog.txt is below.
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 11:53:56 Run:1
Running from F:\FarBar recovery tool
==============================================
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe.
==== End of Fixlog ====

PLEASE NOTE: WHEN STARTING THE SYSTEM USING RECOVERY OPTIONS THE SYSTEM DISK WENT INTO AUTO REPAIR INDICATING CHKDSK REPAIRED THE FILE SYSTEM. THIS WAS AUTOMATIC AND AFTERWARD I RAN FRST PRODUCING THE LOGS BELOW.
To speed things up I have re-run FRST, and produced both previsouly request logs below
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 13:15:25
Running from F:\FarBar recovery tool
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-13 09:04] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===

N9ZN-Extra · Aug 13, 2012

Next is FRST SCAN LOG
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 13-08-2012 13:08:58
Running from F:\FarBar recovery tool
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [273672 2010-10-11] (Microsoft Corp.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1573448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [3203144 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [357448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [237568 2009-06-03] (Saitek)
HKLM\...\Run: [SaiMfd] "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [131072 2009-06-03] (Saitek)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-22] (RealNetworks, Inc.)
HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-05-21] (Apple Inc.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKU\Administrator\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Administrator\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [Epson Stylus NX420(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Users\ETERNA~1\AppData\Local\Temp\E_SE9F6.tmp" /EF "HKCU" [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\EternalKharas\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [hysoxqihotur] C:\Users\EternalKharas\hysoxqihotur.exe [93648 2012-08-09] (AOpen)
HKU\EternalKharas\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Guest\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Camera Monitor SD.lnk
ShortcutTarget: Camera Monitor SD.lnk -> C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\iReboot 1.1.0.lnk
ShortcutTarget: iReboot 1.1.0.lnk -> C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk
ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk -> C:\Program Files\Snap-tite\QDecatupdate.exe (Snap-tite Components)
Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
================================ Services (Whitelisted) ==================
2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 CHWBOLOCH; C:\Users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [490368 2012-06-27] (Sysinternals - www.sysinternals.com)
3 CPETLYED; C:\Users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [506752 2012-06-27] (Sysinternals - www.sysinternals.com)
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()
3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)
2 iReboot; "C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe" [9216 2008-04-27] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2010-05-02] (KSE - Korndörfer Software Engineering)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [191080 2010-03-22] (NVIDIA)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [167936 2007-01-20] ()
2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)
========================== Drivers (Whitelisted) =============
2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-07-12] (Phoenix Technologies)
1 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2012-05-10] (REALiX(tm))
3 LHidFlt2; C:\Windows\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.)
3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)
3 LMouFlt2; C:\Windows\System32\DRIVERS\LMouFlt2.Sys [70801 2003-12-17] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [295272 2009-11-11] (NVIDIA Corporation)
3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)
3 physX32; C:\Windows\System32\DRIVERS\physX32.sys [120960 2008-02-29] (AGEIA Technologies, Inc.)
3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()
3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-10] (Duplex Secure Ltd.)
3 GPU-Z; \??\C:\Users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-11 14:29 - 2012-08-11 14:29 - 00000000 ___SD C:\ComboFix
2012-08-11 14:28 - 2012-08-11 04:55 - 04728003 ___RA (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe
2012-08-11 14:24 - 2012-08-11 14:24 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (3).lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut.lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (2).lnk
2012-08-11 14:17 - 2012-08-11 14:17 - 00000000 ____D C:\Windows\erdnt
2012-08-11 14:17 - 2012-08-11 14:17 - 00000000 ____D C:\Qoobox
2012-08-11 14:17 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-11 14:17 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-11 14:17 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-10 05:24 - 2012-08-10 05:24 - 00000000 ____D C:\FRST
2012-08-09 22:51 - 2012-08-09 22:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-09 22:09 - 2012-08-09 22:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-09 22:05 - 2012-08-09 22:05 - 00093648 ____A (AOpen) C:\Users\EternalKharas\hysoxqihotur.exe
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:48 - 2012-07-30 15:49 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-28 05:56 - 2012-07-28 07:26 - 00000000 ____D C:\Users\EternalKharas\Documents\Business donations
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Users\All Users\SolarWinds
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Program Files\SolarWinds
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 17:02 - 2012-07-27 17:02 - 00000000 ____D C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 21:15 - 2012-08-01 22:16 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\EternalKharas\Downloads\the_whigs
2012-07-21 09:01 - 2012-07-21 10:29 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-20 22:27 - 2012-07-21 02:13 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-19 05:23 - 2012-07-19 05:24 - 00000000 ____D C:\Program Files\HWiNFO32
2012-07-18 18:16 - 2012-07-18 18:16 - 00000000 __SHD C:\found.001
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-15 23:12 - 2012-08-09 14:29 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
============ 3 Months Modified Files ========================
2012-08-13 09:04 - 2010-12-31 18:50 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 09:04 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-13 09:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 09:03 - 2009-07-13 20:39 - 01182978 ____A C:\Windows\setupact.log
2012-08-11 14:24 - 2012-08-11 14:24 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (3).lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut.lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (2).lnk
2012-08-11 05:09 - 2012-06-19 07:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 04:55 - 2012-08-11 14:28 - 04728003 ___RA (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe
2012-08-09 23:03 - 2010-05-04 16:08 - 00148150 ____A C:\Windows\PFRO.log
2012-08-09 22:52 - 2011-06-29 04:33 - 01400340 ____A C:\Windows\WindowsUpdate.log
2012-08-09 22:52 - 2011-01-27 01:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-09 22:51 - 2011-06-29 03:46 - 00838082 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 22:41 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 22:41 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 22:40 - 2011-08-28 16:30 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job
2012-08-09 22:05 - 2012-08-09 22:05 - 00093648 ____A (AOpen) C:\Users\EternalKharas\hysoxqihotur.exe
2012-08-09 21:59 - 2010-12-31 18:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-09 15:00 - 2012-05-04 13:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-09 14:29 - 2012-07-15 23:12 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-08-09 04:21 - 2012-07-09 02:48 - 00009549 ____A C:\Users\EternalKharas\Desktop\crash.txt
2012-08-09 03:34 - 2011-08-28 16:30 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-08-02 08:56 - 2012-04-03 20:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 08:56 - 2011-05-19 12:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-01 22:16 - 2012-07-23 21:15 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:49 - 2012-07-30 15:48 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 04:46 - 2011-07-01 22:55 - 00007676 ____A C:\Users\EternalKharas\AppData\Local\Resmon.ResmonCfg
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 09:01 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-21 02:13 - 2012-07-20 22:27 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps
2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps
2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps
2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp
2012-07-10 23:39 - 2009-07-13 20:33 - 00415344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:01 - 2011-07-14 03:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 18:58 - 2012-07-10 18:58 - 00014336 ____A C:\Users\EternalKharas\Desktop\PAST and PRESENT.xls
2012-07-09 19:41 - 2010-06-11 02:33 - 00001220 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-09 08:08 - 2012-07-09 08:08 - 00111187 ____A C:\Users\EternalKharas\Documents\bank transfer 070912.xps
2012-07-08 17:25 - 2012-07-08 17:25 - 00224817 ____A C:\Users\EternalKharas\Desktop\Bubble.xps
2012-07-06 23:51 - 2012-07-06 23:51 - 00110723 ____A C:\Users\EternalKharas\Documents\bank transfer 070712.xps
2012-07-06 13:08 - 2012-07-06 12:46 - 00000724 ____A C:\Users\EternalKharas\Desktop\bigmyke.txt
2012-07-02 03:22 - 2012-07-02 03:22 - 00135354 ____A C:\Users\EternalKharas\Desktop\NeweggOrder.xps
2012-07-02 01:20 - 2012-07-02 01:20 - 00001226 ____A C:\Users\EternalKharas\Desktop\Revo Uninstaller.lnk
2012-07-01 09:04 - 2012-07-01 09:04 - 00110732 ____A C:\Users\EternalKharas\Documents\bank transfer 070112.xps
2012-06-29 23:05 - 2012-06-29 23:05 - 00020622 ____A C:\Users\EternalKharas\Documents\Backup of GTX480.wbk
2012-06-29 22:47 - 2012-06-27 08:38 - 00003940 ____A C:\Users\EternalKharas\Documents\GTX480.txt
2012-06-27 20:53 - 2012-06-27 08:57 - 00000193 ____A C:\Users\EternalKharas\Documents\GTX.txt
2012-06-26 12:33 - 2012-06-26 12:33 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (2).exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2.exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (1).exe
2012-06-25 12:19 - 2012-05-06 23:24 - 00209920 __ASH C:\Users\EternalKharas\Documents\Thumbs.db
2012-06-25 12:14 - 2012-06-25 12:03 - 00001766 ____A C:\Users\EternalKharas\Desktop\LCD Calculator v2.Vbs
2012-06-25 07:54 - 2012-06-25 07:54 - 00111388 ____A C:\Users\EternalKharas\Documents\bank transfer 062512.xps
2012-06-22 18:31 - 2012-06-22 18:30 - 00151229 ____A C:\Users\EternalKharas\Documents\WOW CARD 062212.xps
2012-06-22 03:11 - 2012-06-22 03:11 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter (1).vcf
2012-06-22 03:09 - 2012-06-22 03:09 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter.vcf
2012-06-21 23:35 - 2012-06-21 23:35 - 00187801 ____A C:\Users\EternalKharas\Documents\metropcs payment 062212.xps
2012-06-19 06:41 - 2012-06-19 06:41 - 00111381 ____A C:\Users\EternalKharas\Documents\bank transfer 061912.xps
2012-06-19 03:06 - 2012-06-19 03:06 - 00158616 ____A C:\Windows\Minidump\061912-24164-01.dmp
2012-06-19 01:30 - 2012-06-19 01:30 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-17 01:10 - 2012-06-17 01:10 - 00130488 ____A C:\Users\EternalKharas\Documents\Toshiba repair disk.xps
2012-06-16 06:46 - 2012-06-16 06:46 - 00111031 ____A C:\Users\EternalKharas\Documents\bank transfer 061612.xps
2012-06-11 18:40 - 2012-07-10 23:01 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 06:48 - 2012-06-11 06:48 - 00110917 ____A C:\Users\EternalKharas\Documents\bank transfer 061112.xps
2012-06-09 13:10 - 2012-06-09 13:10 - 00111512 ____A C:\Users\EternalKharas\Documents\bank transfer 060912(2).xps
2012-06-09 12:58 - 2012-06-09 12:58 - 00111496 ____A C:\Users\EternalKharas\Documents\bank transfer 060912.xps
2012-06-08 20:41 - 2012-07-10 15:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 18:47 - 2012-06-08 18:47 - 00111386 ____A C:\Users\EternalKharas\Documents\bank transfer 060812.xps
2012-06-08 11:23 - 2012-06-08 11:23 - 00001219 ___AH C:\Windows\System32\config\Journal - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\userdiff - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\software - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000902 ___AH C:\Windows\System32\config\system - Shortcut.lnk
2012-06-08 09:42 - 2012-06-08 09:25 - 1060726784 ____A C:\Users\EternalKharas\Desktop\jonathan.iso
2012-06-05 21:05 - 2012-07-10 15:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-04 04:29 - 2012-06-04 04:29 - 00111204 ____A C:\Users\EternalKharas\Documents\bank transfer 060412.xps
2012-06-02 14:19 - 2012-06-20 17:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 17:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-20 17:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-10 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-10 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 22:13 - 2012-06-01 22:13 - 00001036 ____A C:\Users\EternalKharas\Desktop\EVGA Precision.lnk
2012-06-01 20:45 - 2012-07-10 15:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 15:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 15:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 20:13 - 2012-03-22 19:27 - 00001050 ____A C:\Users\EternalKharas\Desktop\EVGA Precision X.lnk
2012-05-31 19:54 - 2012-05-31 19:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-25 09:38 - 2012-05-25 09:38 - 00001108 ____A C:\Users\EternalKharas\Documents\sally ansell (2).txt
2012-05-24 19:01 - 2012-05-24 19:01 - 00001362 ____A C:\Users\EternalKharas\Documents\sallyansel(2).txt
2012-05-24 13:38 - 2012-05-24 13:38 - 00187937 ____A C:\Users\EternalKharas\Documents\metropcs payment 052412.xps
2012-05-23 05:55 - 2012-05-23 05:55 - 00002885 ____A C:\Users\EternalKharas\Documents\sallyansel.txt
2012-05-23 01:35 - 2012-05-23 01:35 - 00111345 ____A C:\Users\EternalKharas\Documents\bank transfer 052312.xps
2012-05-22 17:30 - 2012-05-22 17:30 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-22 17:29 - 2012-05-22 17:29 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-05-21 19:30 - 2012-05-21 19:30 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-21 18:18 - 2012-05-21 18:18 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-21 10:28 - 2012-05-21 10:28 - 03896832 ____A C:\Users\EternalKharas\Downloads\ARGALIWYSETUP.EXE
2012-05-18 23:44 - 2012-05-18 23:44 - 00111124 ____A C:\Users\EternalKharas\Documents\bank transfer 051912.xps
ZeroAccess:
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\@
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\L
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\n
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\U
ZeroAccess:
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\@
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\L
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\n
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 8190.54 MB
Available physical RAM: 7604.28 MB
Total Pagefile: 8188.82 MB
Available Pagefile: 7622.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.4 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:148.96 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 123 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 148 GB 48 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB MEMORY FAT Removable 122 MB Healthy
==================================================================================
Last Boot: 2012-08-07 08:07
======================= End Of Log ==========================

Jay Pfoutz · Aug 14, 2012

FRST Fixlist

Please download the attached fixlist, and save it to your flash drive to replace the current one.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

N9ZN-Extra · Aug 14, 2012

SYSTEM booted normally but very slowly. The one minute re-boot is no longer active. While the system was running MS Security Essentials reported quarantine of something and the MSSE window went away befor I could read it all. I looked in MS Security Essentials and history shows 3 sirefef trojans in quarantine which were not there before. I looks like SireEfEf continues to be present on the PC.

Note: During the FRST search for services.exe below. A window came up stating "C:/WINDOWS/PANTHER/UNATTENDCG IS CORRUPT AND UNREADABLE PLEASE RUN CHKDSK UTILITY.

I re-ran FRST 2 ways, as a scan, and second to search for services.exe Both logs are below.
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-14 17:38:41
Running from F:\FarBar recovery tool

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\FRST\Quarantine\services.exe
[2009-07-13 15:11] - [2012-08-13 09:04] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 14-08-2012 17:35:22
Running from F:\FarBar recovery tool
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [273672 2010-10-11] (Microsoft Corp.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1573448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [3203144 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [357448 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [237568 2009-06-03] (Saitek)
HKLM\...\Run: [SaiMfd] "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [131072 2009-06-03] (Saitek)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-22] (RealNetworks, Inc.)
HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-05-21] (Apple Inc.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKU\Administrator\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Administrator\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [Epson Stylus NX420(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Users\ETERNA~1\AppData\Local\Temp\E_SE9F6.tmp" /EF "HKCU" [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\EternalKharas\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\EternalKharas\...\Run: [hysoxqihotur] C:\Users\EternalKharas\hysoxqihotur.exe [x]
HKU\EternalKharas\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Guest\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Camera Monitor SD.lnk
ShortcutTarget: Camera Monitor SD.lnk -> C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\iReboot 1.1.0.lnk
ShortcutTarget: iReboot 1.1.0.lnk -> C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk
ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk -> C:\Program Files\Snap-tite\QDecatupdate.exe (Snap-tite Components)
Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

================================ Services (Whitelisted) ==================

2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 CHWBOLOCH; C:\Users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [490368 2012-06-27] (Sysinternals - www.sysinternals.com)
3 CPETLYED; C:\Users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [506752 2012-06-27] (Sysinternals - www.sysinternals.com)
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()
3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)
2 iReboot; "C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe" [9216 2008-04-27] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2010-05-02] (KSE - Korndörfer Software Engineering)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [191080 2010-03-22] (NVIDIA)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [167936 2007-01-20] ()
2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)

========================== Drivers (Whitelisted) =============

2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-07-12] (Phoenix Technologies)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-07-05] ()
1 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2012-05-10] (REALiX(tm))
3 LHidFlt2; C:\Windows\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.)
3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)
3 LMouFlt2; C:\Windows\System32\DRIVERS\LMouFlt2.Sys [70801 2003-12-17] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [295272 2009-11-11] (NVIDIA Corporation)
3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)
3 physX32; C:\Windows\System32\DRIVERS\physX32.sys [120960 2008-02-29] (AGEIA Technologies, Inc.)
3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()
3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-10] (Duplex Secure Ltd.)
3 GPU-Z; \??\C:\Users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-11 14:29 - 2012-08-11 14:29 - 00000000 ___SD C:\ComboFix
2012-08-11 14:28 - 2012-08-11 04:55 - 04728003 ___RA (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe
2012-08-11 14:24 - 2012-08-11 14:24 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (3).lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut.lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (2).lnk
2012-08-11 14:17 - 2012-08-11 14:17 - 00000000 ____D C:\Windows\erdnt
2012-08-11 14:17 - 2012-08-11 14:17 - 00000000 ____D C:\Qoobox
2012-08-11 14:17 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-11 14:17 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-11 14:17 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-11 14:17 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-10 05:24 - 2012-08-10 05:24 - 00000000 ____D C:\FRST
2012-08-09 22:51 - 2012-08-09 22:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-09 22:09 - 2012-08-09 22:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:48 - 2012-07-30 15:49 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-28 05:56 - 2012-07-28 07:26 - 00000000 ____D C:\Users\EternalKharas\Documents\Business donations
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Users\All Users\SolarWinds
2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Program Files\SolarWinds
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 17:02 - 2012-07-27 17:02 - 00000000 ____D C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 21:15 - 2012-08-01 22:16 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\EternalKharas\Downloads\the_whigs
2012-07-21 09:01 - 2012-07-21 10:29 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-20 22:27 - 2012-07-21 02:13 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-19 05:23 - 2012-07-19 05:24 - 00000000 ____D C:\Program Files\HWiNFO32
2012-07-18 18:16 - 2012-07-18 18:16 - 00000000 __SHD C:\found.001
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-15 23:12 - 2012-08-09 14:29 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt

============ 3 Months Modified Files ========================

2012-08-14 13:08 - 2011-06-29 04:33 - 01499097 ____A C:\Windows\WindowsUpdate.log
2012-08-14 13:07 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 13:07 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 12:59 - 2010-12-31 18:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-14 12:55 - 2010-12-31 18:50 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-14 12:55 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 12:55 - 2009-07-13 20:39 - 01314476 ____A C:\Windows\setupact.log
2012-08-14 12:53 - 2012-03-19 19:22 - 00203836 __RSH C:\grldr
2012-08-14 12:53 - 2012-03-19 19:22 - 00000000 __RSH C:\winx.ld
2012-08-11 14:24 - 2012-08-11 14:24 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (3).lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut.lnk
2012-08-11 14:21 - 2012-08-11 14:21 - 00000626 ____A C:\Users\EternalKharas\Desktop\ComboFix.exe - Shortcut (2).lnk
2012-08-11 05:09 - 2012-06-19 07:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 04:55 - 2012-08-11 14:28 - 04728003 ___RA (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe
2012-08-09 23:03 - 2010-05-04 16:08 - 00148150 ____A C:\Windows\PFRO.log
2012-08-09 22:52 - 2011-01-27 01:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-09 22:51 - 2011-06-29 03:46 - 00838082 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 22:40 - 2011-08-28 16:30 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job
2012-08-09 15:00 - 2012-05-04 13:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-09 14:29 - 2012-07-15 23:12 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt
2012-08-09 04:21 - 2012-07-09 02:48 - 00009549 ____A C:\Users\EternalKharas\Desktop\crash.txt
2012-08-09 03:34 - 2011-08-28 16:30 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job
2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp
2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps
2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt
2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps
2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps
2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps
2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps
2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps
2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms
2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps
2012-08-02 08:56 - 2012-04-03 20:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 08:56 - 2011-05-19 12:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-01 22:16 - 2012-07-23 21:15 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt
2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt
2012-07-30 15:49 - 2012-07-30 15:48 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp
2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps
2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps
2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps
2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps
2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip
2012-07-27 04:46 - 2011-07-01 22:55 - 00007676 ____A C:\Users\EternalKharas\AppData\Local\Resmon.ResmonCfg
2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm
2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm
2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm
2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm
2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm
2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm
2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm
2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm
2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm
2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm
2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm
2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm
2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm
2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps
2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps
2012-07-21 10:29 - 2012-07-21 09:01 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip
2012-07-21 02:13 - 2012-07-20 22:27 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt
2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm
2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps
2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps
2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps
2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps
2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps
2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp
2012-07-10 23:39 - 2009-07-13 20:33 - 00415344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:01 - 2011-07-14 03:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 18:58 - 2012-07-10 18:58 - 00014336 ____A C:\Users\EternalKharas\Desktop\PAST and PRESENT.xls
2012-07-09 19:41 - 2010-06-11 02:33 - 00001220 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-09 08:08 - 2012-07-09 08:08 - 00111187 ____A C:\Users\EternalKharas\Documents\bank transfer 070912.xps
2012-07-08 17:25 - 2012-07-08 17:25 - 00224817 ____A C:\Users\EternalKharas\Desktop\Bubble.xps
2012-07-06 23:51 - 2012-07-06 23:51 - 00110723 ____A C:\Users\EternalKharas\Documents\bank transfer 070712.xps
2012-07-06 13:08 - 2012-07-06 12:46 - 00000724 ____A C:\Users\EternalKharas\Desktop\bigmyke.txt
2012-07-02 03:22 - 2012-07-02 03:22 - 00135354 ____A C:\Users\EternalKharas\Desktop\NeweggOrder.xps
2012-07-02 01:20 - 2012-07-02 01:20 - 00001226 ____A C:\Users\EternalKharas\Desktop\Revo Uninstaller.lnk
2012-07-01 09:04 - 2012-07-01 09:04 - 00110732 ____A C:\Users\EternalKharas\Documents\bank transfer 070112.xps
2012-06-29 23:05 - 2012-06-29 23:05 - 00020622 ____A C:\Users\EternalKharas\Documents\Backup of GTX480.wbk
2012-06-29 22:47 - 2012-06-27 08:38 - 00003940 ____A C:\Users\EternalKharas\Documents\GTX480.txt
2012-06-27 20:53 - 2012-06-27 08:57 - 00000193 ____A C:\Users\EternalKharas\Documents\GTX.txt
2012-06-26 12:33 - 2012-06-26 12:33 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (2).exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2.exe
2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (1).exe
2012-06-25 12:19 - 2012-05-06 23:24 - 00209920 __ASH C:\Users\EternalKharas\Documents\Thumbs.db
2012-06-25 12:14 - 2012-06-25 12:03 - 00001766 ____A C:\Users\EternalKharas\Desktop\LCD Calculator v2.Vbs
2012-06-25 07:54 - 2012-06-25 07:54 - 00111388 ____A C:\Users\EternalKharas\Documents\bank transfer 062512.xps
2012-06-22 18:31 - 2012-06-22 18:30 - 00151229 ____A C:\Users\EternalKharas\Documents\WOW CARD 062212.xps
2012-06-22 03:11 - 2012-06-22 03:11 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter (1).vcf
2012-06-22 03:09 - 2012-06-22 03:09 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter.vcf
2012-06-21 23:35 - 2012-06-21 23:35 - 00187801 ____A C:\Users\EternalKharas\Documents\metropcs payment 062212.xps
2012-06-19 06:41 - 2012-06-19 06:41 - 00111381 ____A C:\Users\EternalKharas\Documents\bank transfer 061912.xps
2012-06-19 03:06 - 2012-06-19 03:06 - 00158616 ____A C:\Windows\Minidump\061912-24164-01.dmp
2012-06-19 01:30 - 2012-06-19 01:30 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-17 01:10 - 2012-06-17 01:10 - 00130488 ____A C:\Users\EternalKharas\Documents\Toshiba repair disk.xps
2012-06-16 06:46 - 2012-06-16 06:46 - 00111031 ____A C:\Users\EternalKharas\Documents\bank transfer 061612.xps
2012-06-11 18:40 - 2012-07-10 23:01 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 06:48 - 2012-06-11 06:48 - 00110917 ____A C:\Users\EternalKharas\Documents\bank transfer 061112.xps
2012-06-09 13:10 - 2012-06-09 13:10 - 00111512 ____A C:\Users\EternalKharas\Documents\bank transfer 060912(2).xps
2012-06-09 12:58 - 2012-06-09 12:58 - 00111496 ____A C:\Users\EternalKharas\Documents\bank transfer 060912.xps
2012-06-08 20:41 - 2012-07-10 15:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 18:47 - 2012-06-08 18:47 - 00111386 ____A C:\Users\EternalKharas\Documents\bank transfer 060812.xps
2012-06-08 11:23 - 2012-06-08 11:23 - 00001219 ___AH C:\Windows\System32\config\Journal - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\userdiff - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\software - Shortcut.lnk
2012-06-08 11:23 - 2012-06-08 11:23 - 00000902 ___AH C:\Windows\System32\config\system - Shortcut.lnk
2012-06-08 09:42 - 2012-06-08 09:25 - 1060726784 ____A C:\Users\EternalKharas\Desktop\jonathan.iso
2012-06-05 21:05 - 2012-07-10 15:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-04 04:29 - 2012-06-04 04:29 - 00111204 ____A C:\Users\EternalKharas\Documents\bank transfer 060412.xps
2012-06-02 14:19 - 2012-06-20 17:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 17:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 17:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-20 17:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-10 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-10 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 22:13 - 2012-06-01 22:13 - 00001036 ____A C:\Users\EternalKharas\Desktop\EVGA Precision.lnk
2012-06-01 20:45 - 2012-07-10 15:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 15:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 15:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 15:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 20:13 - 2012-03-22 19:27 - 00001050 ____A C:\Users\EternalKharas\Desktop\EVGA Precision X.lnk
2012-05-31 19:54 - 2012-05-31 19:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-25 09:38 - 2012-05-25 09:38 - 00001108 ____A C:\Users\EternalKharas\Documents\sally ansell (2).txt
2012-05-24 19:01 - 2012-05-24 19:01 - 00001362 ____A C:\Users\EternalKharas\Documents\sallyansel(2).txt
2012-05-24 13:38 - 2012-05-24 13:38 - 00187937 ____A C:\Users\EternalKharas\Documents\metropcs payment 052412.xps
2012-05-23 05:55 - 2012-05-23 05:55 - 00002885 ____A C:\Users\EternalKharas\Documents\sallyansel.txt
2012-05-23 01:35 - 2012-05-23 01:35 - 00111345 ____A C:\Users\EternalKharas\Documents\bank transfer 052312.xps
2012-05-22 17:30 - 2012-05-22 17:30 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-05-22 17:30 - 2012-05-22 17:30 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-22 17:29 - 2012-05-22 17:29 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-05-22 17:29 - 2012-05-22 17:29 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-05-21 19:30 - 2012-05-21 19:30 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-21 18:18 - 2012-05-21 18:18 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-21 10:28 - 2012-05-21 10:28 - 03896832 ____A C:\Users\EternalKharas\Downloads\ARGALIWYSETUP.EXE
2012-05-18 23:44 - 2012-05-18 23:44 - 00111124 ____A C:\Users\EternalKharas\Documents\bank transfer 051912.xps

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 8190.54 MB
Available physical RAM: 7462.28 MB
Total Pagefile: 8188.82 MB
Available Pagefile: 7587.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.4 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:4.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 123 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 148 GB 48 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB MEMORY FAT Removable 122 MB Healthy

==================================================================================

Last Boot: 2012-08-07 08:07

======================= End Of Log ==========================

N9ZN-Extra · Aug 14, 2012

I failed to include, in my prior post, the FRST fixlog after using the FIX option. The log is below.
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-14 16:32:14 Run:2
Running from F:\FarBar recovery tool

==============================================

C:\Users\EternalKharas\hysoxqihotur.exe moved successfully.
C:\Windows\Installer\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7} moved successfully.
C:\Users\EternalKharas\AppData\Local\{aec20ce0-3b62-6463-9d60-f6936e9e0aa7} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Jay Pfoutz · Aug 15, 2012

Good job!

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

N9ZN-Extra · Aug 17, 2012

I had a ton of problems but finally got combofix to run successfully. A number of items went into quarantine and I lost the first log file but not sure why. When I tried to access the second combofix log file I got a message noting a registry entry was marked for deletion however this went away after I re-did some things. Sorry about that but it was necessary if I expected to be able to boot the computer in any mode. All of the hopping about from OS to OS during this repair affected my boot manager and that had to be rebuilt plus I also had to run chkdisk again. I may have a failing drive however I question that as a certainty suspecting something viral may be causing some of the drive problems.

As of now everything seems to be functioning fine but I am not certain things are completely cleaned up.

You will find a new FRST log and FRST scan for services.exe (likely un-needed now) in the following post.

The combofix log is below followed by the quarantine log.
ComboFix 12-08-15.01 - EternalKharas 08/15/2012 16:11:45.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1909 [GMT -4:00]

Running from: c:\users\EternalKharas\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\a.bat

c:\users\EternalKharas\Desktop\Setup.exe

c:\users\EternalKharas\hysoxqihotur.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

.

2012-08-15 20:36 . 2012-08-15 20:36 -------- d-----w- C:\found.002

2012-08-15 20:21 . 2012-08-15 20:21 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-08-15 20:21 . 2012-08-15 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-15 20:21 . 2012-08-15 20:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-08-15 18:56 . 2012-08-15 18:56 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA219FEE-A8AF-4A86-9C2A-B0432D3EF7F4}\MpKsle69fc4d4.sys

2012-08-15 18:53 . 2012-08-15 20:24 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA219FEE-A8AF-4A86-9C2A-B0432D3EF7F4}\offreg.dll

2012-08-10 13:24 . 2012-08-10 13:24 -------- d-----w- C:\FRST

2012-08-10 06:52 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96B73A2B-01A7-4A16-92EC-17A812AFD9F2}\gapaengine.dll

2012-08-10 06:52 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA219FEE-A8AF-4A86-9C2A-B0432D3EF7F4}\mpengine.dll

2012-08-10 06:51 . 2012-08-10 06:51 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-10 06:09 . 2012-08-10 06:09 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-28 01:03 . 2012-07-28 01:03 -------- d-----w- c:\programdata\SolarWinds

2012-07-28 01:03 . 2012-07-28 01:03 -------- d-----w- c:\program files\SolarWinds

2012-07-19 13:23 . 2012-07-19 13:24 -------- d-----w- c:\program files\HWiNFO32

2012-07-19 02:16 . 2012-07-19 02:16 -------- d-----w- C:\found.001

2012-07-17 07:40 . 2012-07-17 07:40 -------- d-----w- c:\windows\ehome

2012-07-17 07:40 . 2012-07-17 07:40 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 20:09 . 2012-04-04 04:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 20:09 . 2011-05-19 20:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-07 02:33 . 2012-07-07 02:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-07-07 02:33 . 2012-07-07 02:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-07-07 02:33 . 2012-07-07 02:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-07-07 02:33 . 2012-07-07 02:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-06-12 02:40 . 2012-07-11 07:01 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-06-06 05:05 . 2012-07-10 23:01 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-10 23:01 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-10 23:01 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-06-21 01:46 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 01:46 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 01:46 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 01:46 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 01:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 01:46 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 01:46 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 01:45 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-06-21 01:45 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33 . 2012-07-11 07:04 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25 . 2012-07-11 07:04 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25 . 2012-07-11 07:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20 . 2012-07-11 07:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16 . 2012-07-11 07:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 04:45 . 2012-07-10 23:01 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-10 23:01 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-10 23:01 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-10 23:01 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-10 23:01 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-23 01:29 . 2012-05-23 01:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-23 01:29 . 2012-05-23 01:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-08 95576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-05-23 296056]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-05-22 421888]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

.

c:\users\EternalKharas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-7-2 0]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-5-14 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-7-25 541976]

iReboot 1.1.0.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2008-4-27 205312]

Snap-tite Components E-Catalog - Auto Update.lnk - c:\program files\Snap-tite\QDecatupdate.exe [2011-9-17 189648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 CHWBOLOCH;CHWBOLOCH;c:\users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [x]

R3 CPETLYED;CPETLYED;c:\users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [x]

R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x]

R3 GPU-Z;GPU-Z;c:\users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [x]

S1 MpKsle69fc4d4;MpKsle69fc4d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA219FEE-A8AF-4A86-9C2A-B0432D3EF7F4}\MpKsle69fc4d4.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [x]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]

S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [x]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]

S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [x]

S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - FSUSBEXDISK

*NewlyCreated* - MPKSL488B0B2E

*Deregistered* - MpKsl488b0b2e

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:09]

.

2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job

- c:\users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-29 09:35]

.

2012-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job

- c:\users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-29 09:35]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 02:50]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 02:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

mStart Page = about:blank

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

Trusted Zone: frozencpu.com\www

Trusted Zone: newegg.com\secure

Trusted Zone: newegg.com\www

Trusted Zone: sidewinder.com\www

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://173.74.122.228:8150/en/cab/ipcamera.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-hysoxqihotur - c:\users\EternalKharas\hysoxqihotur.exe

AddRemove-MinecraftCrack1.0 - c:\minecraftcrack\uninstall.exe

AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1850465905-1816852967-2060930716-1000_Classes\VirtualStore\MACHINE\SOFTWARE\DICE\PYTHON]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1850465905-1816852967-2060930716-1000_Classes\VirtualStore\MACHINE\SOFTWARE\PandeGroup\Folding@home]

@Class="Folding@Home"

@DACL=(02 0000)

"UserID"=hex:52,9f,82,51,24,a7,12,23

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1668)

c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll

.

- - - - - - - > 'explorer.exe'(3292)

c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\taskhost.exe

c:\program files\EVGA Precision\EVGAPrecision.exe

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\windows\system32\CISVC.EXE

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\nHancer\nHancerService.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\SAgent4.exe

c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

c:\windows\system32\sppsvc.exe

c:\program files\EVGA Precision\Bundle\OSDServer\RTSS.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-08-15 16:34:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-15 20:34

.

Pre-Run: 6,298,157,056 bytes free

Post-Run: 7,697,100,800 bytes free

.

- - End Of File - - 0630EC5570D30EEE9BF13095A3C29595
2012-08-15 20:33:43 . 2012-08-15 20:33:43 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-22_WiBro_WiMAX.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-21_Searsburg.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-20_NXP_Driver.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-19_VIA_driver.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 948 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-18_Zinia_Serial_Driver.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-17_EMP_Chipset2.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-16_Shrewsbury.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 936 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-11_HSP_Plus_Default.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 884 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-09_Hsp.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-08_EMPChipset.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-07_Schorl.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 904 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-06_Spencer.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-05_Sloan.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-04_semseyite.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 920 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-03_Swallowtail.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-02_Siberian.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-01_Simmental.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 1,348 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RealPlayer 15.0.reg.dat

2012-08-15 20:33:43 . 2012-08-15 20:33:43 1,224 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-MinecraftCrack1.0.reg.dat

2012-08-15 20:33:05 . 2012-08-15 20:33:05 140 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-hysoxqihotur.reg.dat

2012-08-15 20:17:49 . 2012-08-15 20:17:49 6,107 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-08-11 22:17:52 . 2012-08-15 20:22:35 399 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-03-08 08:49:54 . 2010-12-08 21:58:04 140,736 ----a-w- C:\Qoobox\Quarantine\C\Users\EternalKharas\Desktop\Setup.exe.vir

2011-01-20 01:51:40 . 2011-01-20 01:51:40 177 ----a-w- C:\Qoobox\Quarantine\C\a.bat.vir

N9ZN-Extra · Aug 17, 2012

Note: I do have some concerns about the directories left on the computers C: drive for FRST and QOOBOX which contain quarantine files. Should these directories and their contents be deleted when we are finished with this cleanup?

FRST scan log is followed by FRST search for services.exe log.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 17-08-2012 01:04:39

Running from F:\FarBar recovery tool

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [273672 2010-10-11] (Microsoft Corp.)

HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1573448 2010-02-18] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [3203144 2010-02-18] (Logitech Inc.)

HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [357448 2010-02-18] (Logitech Inc.)

HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM\...\Run: [ProfilerU] "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [237568 2009-06-03] (Saitek)

HKLM\...\Run: [SaiMfd] "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [131072 2009-06-03] (Saitek)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-08] (NVIDIA Corporation)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)

HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)

HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-22] (RealNetworks, Inc.)

HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-05-21] (Apple Inc.)

HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKU\Administrator\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)

HKU\Administrator\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)

HKU\EternalKharas\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)

HKU\EternalKharas\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)

HKU\Guest\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)

HKU\Guest\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Camera Monitor SD.lnk

ShortcutTarget: Camera Monitor SD.lnk -> C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\iReboot 1.1.0.lnk

ShortcutTarget: iReboot 1.1.0.lnk -> C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk

ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk -> C:\Program Files\Snap-tite\QDecatupdate.exe (Snap-tite Components)

Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

================================ Services (Whitelisted) ==================

2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)

2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()

3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)

2 iReboot; "C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe" [9216 2008-04-27] ()

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)

2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2010-05-02] (KSE - Korndörfer Software Engineering)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)

2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()

2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [191080 2010-03-22] (NVIDIA)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [167936 2007-01-20] ()

2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)

2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)

3 CHWBOLOCH; C:\Users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [x]

3 CPETLYED; C:\Users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [x]

========================== Drivers (Whitelisted) =============

2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)

3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-07-12] (Phoenix Technologies)

3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-07-05] ()

1 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2012-05-10] (REALiX(tm))

3 LHidFlt2; C:\Windows\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.)

3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)

3 LMouFlt2; C:\Windows\System32\DRIVERS\LMouFlt2.Sys [70801 2003-12-17] (Logitech, Inc.)

0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [295272 2009-11-11] (NVIDIA Corporation)

3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)

3 physX32; C:\Windows\System32\DRIVERS\physX32.sys [120960 2008-02-29] (AGEIA Technologies, Inc.)

3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()

3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-10] (Duplex Secure Ltd.)

3 catchme; \??\C:\Users\ETERNA~1\AppData\Local\Temp\catchme.sys [x]

3 GPU-Z; \??\C:\Users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

　

============ One Month Created Files and Folders ==============

2012-08-15 12:44 - 2012-08-15 12:44 - 00000000 ___SD C:\Computer

2012-08-15 12:36 - 2012-08-15 12:36 - 00000000 ____D C:\found.002

2012-08-11 14:28 - 2012-08-15 12:09 - 04731145 ____R (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe

2012-08-11 14:17 - 2012-08-15 12:44 - 00000000 ____D C:\Qoobox

2012-08-11 14:17 - 2012-08-15 12:32 - 00000000 ____D C:\Windows\erdnt

2012-08-11 14:17 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-08-11 14:17 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-08-11 14:17 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-08-10 05:24 - 2012-08-10 05:24 - 00000000 ____D C:\FRST

2012-08-09 22:51 - 2012-08-09 22:51 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-08-09 22:09 - 2012-08-09 22:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp

2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps

2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt

2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps

2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps

2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps

2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps

2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps

2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms

2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps

2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt

2012-07-30 15:48 - 2012-07-30 15:49 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp

2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps

2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps

2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps

2012-07-28 05:56 - 2012-07-28 07:26 - 00000000 ____D C:\Users\EternalKharas\Documents\Business donations

2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps

2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Users\All Users\SolarWinds

2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Program Files\SolarWinds

2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip

2012-07-27 17:02 - 2012-07-27 17:02 - 00000000 ____D C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0

2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm

2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm

2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm

2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm

2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm

2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm

2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm

2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm

2012-07-23 21:15 - 2012-08-01 22:16 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt

2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps

2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps

2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\EternalKharas\Downloads\the_whigs

2012-07-21 09:01 - 2012-07-21 10:29 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip

2012-07-20 22:27 - 2012-07-21 02:13 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt

2012-07-19 05:23 - 2012-07-19 05:24 - 00000000 ____D C:\Program Files\HWiNFO32

2012-07-18 18:16 - 2012-07-18 18:16 - 00000000 ____D C:\found.001

============ 3 Months Modified Files ========================

2012-08-16 21:00 - 2011-06-29 04:33 - 01752041 ____A C:\Windows\WindowsUpdate.log

2012-08-16 20:59 - 2010-12-31 18:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-16 20:09 - 2012-06-19 07:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-16 19:59 - 2010-12-31 18:50 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-16 19:40 - 2011-08-28 16:30 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job

2012-08-16 19:37 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-16 19:37 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-16 19:30 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-16 19:30 - 2009-07-13 20:39 - 01927872 ____A C:\Windows\setupact.log

2012-08-16 19:22 - 2012-03-19 19:22 - 00203836 __RSH C:\grldr

2012-08-16 19:22 - 2012-03-19 19:22 - 00000000 __RSH C:\winx.ld

2012-08-15 13:01 - 2009-07-13 20:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG

2012-08-15 13:01 - 2009-07-13 20:52 - 00028672 ___AH C:\Windows\System32\config\BCD-Template

2012-08-15 12:25 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini

2012-08-15 12:24 - 2009-07-13 20:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-15 12:23 - 2010-05-04 16:08 - 00149148 ____A C:\Windows\PFRO.log

2012-08-15 12:09 - 2012-08-11 14:28 - 04731145 ____R (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe

2012-08-15 12:09 - 2012-04-03 20:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-15 12:09 - 2011-05-19 12:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-08-15 12:05 - 2011-07-01 22:55 - 00007674 ____A C:\Users\EternalKharas\AppData\Local\Resmon.ResmonCfg

2012-08-15 11:00 - 2012-05-04 13:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-08-09 22:52 - 2011-01-27 01:11 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-09 22:51 - 2011-06-29 03:46 - 00838082 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-09 14:29 - 2012-07-15 23:12 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt

2012-08-09 04:21 - 2012-07-09 02:48 - 00009549 ____A C:\Users\EternalKharas\Desktop\crash.txt

2012-08-09 03:34 - 2011-08-28 16:30 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job

2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp

2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps

2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt

2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps

2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps

2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps

2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps

2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps

2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms

2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps

2012-08-01 22:16 - 2012-07-23 21:15 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt

2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt

2012-07-30 15:49 - 2012-07-30 15:48 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp

2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps

2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps

2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps

2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps

2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip

2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm

2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm

2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm

2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm

2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm

2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm

2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm

2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm

2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps

2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps

2012-07-21 10:29 - 2012-07-21 09:01 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip

2012-07-21 02:13 - 2012-07-20 22:27 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt

2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm

2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps

2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps

2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps

2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps

2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps

2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp

2012-07-10 23:39 - 2009-07-13 20:33 - 00415344 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-10 23:01 - 2011-07-14 03:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 18:58 - 2012-07-10 18:58 - 00014336 ____A C:\Users\EternalKharas\Desktop\PAST and PRESENT.xls

2012-07-09 19:41 - 2010-06-11 02:33 - 00001220 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-07-09 08:08 - 2012-07-09 08:08 - 00111187 ____A C:\Users\EternalKharas\Documents\bank transfer 070912.xps

2012-07-08 17:25 - 2012-07-08 17:25 - 00224817 ____A C:\Users\EternalKharas\Desktop\Bubble.xps

2012-07-06 23:51 - 2012-07-06 23:51 - 00110723 ____A C:\Users\EternalKharas\Documents\bank transfer 070712.xps

2012-07-06 13:08 - 2012-07-06 12:46 - 00000724 ____A C:\Users\EternalKharas\Desktop\bigmyke.txt

2012-07-02 03:22 - 2012-07-02 03:22 - 00135354 ____A C:\Users\EternalKharas\Desktop\NeweggOrder.xps

2012-07-02 01:20 - 2012-07-02 01:20 - 00001226 ____A C:\Users\EternalKharas\Desktop\Revo Uninstaller.lnk

2012-07-01 09:04 - 2012-07-01 09:04 - 00110732 ____A C:\Users\EternalKharas\Documents\bank transfer 070112.xps

2012-06-29 23:05 - 2012-06-29 23:05 - 00020622 ____A C:\Users\EternalKharas\Documents\Backup of GTX480.wbk

2012-06-29 22:47 - 2012-06-27 08:38 - 00003940 ____A C:\Users\EternalKharas\Documents\GTX480.txt

2012-06-27 20:53 - 2012-06-27 08:57 - 00000193 ____A C:\Users\EternalKharas\Documents\GTX.txt

2012-06-26 12:33 - 2012-06-26 12:33 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (2).exe

2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2.exe

2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (1).exe

2012-06-25 12:19 - 2012-05-06 23:24 - 00209920 __ASH C:\Users\EternalKharas\Documents\Thumbs.db

2012-06-25 12:14 - 2012-06-25 12:03 - 00001766 ____A C:\Users\EternalKharas\Desktop\LCD Calculator v2.Vbs

2012-06-25 07:54 - 2012-06-25 07:54 - 00111388 ____A C:\Users\EternalKharas\Documents\bank transfer 062512.xps

2012-06-22 18:31 - 2012-06-22 18:30 - 00151229 ____A C:\Users\EternalKharas\Documents\WOW CARD 062212.xps

2012-06-22 03:11 - 2012-06-22 03:11 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter (1).vcf

2012-06-22 03:09 - 2012-06-22 03:09 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter.vcf

2012-06-21 23:35 - 2012-06-21 23:35 - 00187801 ____A C:\Users\EternalKharas\Documents\metropcs payment 062212.xps

2012-06-19 06:41 - 2012-06-19 06:41 - 00111381 ____A C:\Users\EternalKharas\Documents\bank transfer 061912.xps

2012-06-19 03:06 - 2012-06-19 03:06 - 00158616 ____A C:\Windows\Minidump\061912-24164-01.dmp

2012-06-19 01:30 - 2012-06-19 01:30 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk

2012-06-17 01:10 - 2012-06-17 01:10 - 00130488 ____A C:\Users\EternalKharas\Documents\Toshiba repair disk.xps

2012-06-16 06:46 - 2012-06-16 06:46 - 00111031 ____A C:\Users\EternalKharas\Documents\bank transfer 061612.xps

2012-06-11 18:40 - 2012-07-10 23:01 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-11 06:48 - 2012-06-11 06:48 - 00110917 ____A C:\Users\EternalKharas\Documents\bank transfer 061112.xps

2012-06-09 13:10 - 2012-06-09 13:10 - 00111512 ____A C:\Users\EternalKharas\Documents\bank transfer 060912(2).xps

2012-06-09 12:58 - 2012-06-09 12:58 - 00111496 ____A C:\Users\EternalKharas\Documents\bank transfer 060912.xps

2012-06-08 20:41 - 2012-07-10 15:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 18:47 - 2012-06-08 18:47 - 00111386 ____A C:\Users\EternalKharas\Documents\bank transfer 060812.xps

2012-06-08 11:23 - 2012-06-08 11:23 - 00001219 ___AH C:\Windows\System32\config\Journal - Shortcut.lnk

2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\userdiff - Shortcut.lnk

2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\software - Shortcut.lnk

2012-06-08 11:23 - 2012-06-08 11:23 - 00000902 ___AH C:\Windows\System32\config\system - Shortcut.lnk

2012-06-08 09:42 - 2012-06-08 09:25 - 1060726784 ____A C:\Users\EternalKharas\Desktop\jonathan.iso

2012-06-05 21:05 - 2012-07-10 15:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 21:05 - 2012-07-10 15:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 21:03 - 2012-07-10 15:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-04 04:29 - 2012-06-04 04:29 - 00111204 ____A C:\Users\EternalKharas\Documents\bank transfer 060412.xps

2012-06-02 14:19 - 2012-06-20 17:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-20 17:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-20 17:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-20 17:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-20 17:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-20 17:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-20 17:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-20 17:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:12 - 2012-06-20 17:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:07 - 2012-07-10 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 00:43 - 2012-07-10 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 00:33 - 2012-07-10 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 00:26 - 2012-07-10 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 00:25 - 2012-07-10 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 00:25 - 2012-07-10 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 00:23 - 2012-07-10 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 00:21 - 2012-07-10 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 00:20 - 2012-07-10 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 00:19 - 2012-07-10 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 00:19 - 2012-07-10 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 00:17 - 2012-07-10 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 00:16 - 2012-07-10 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 00:14 - 2012-07-10 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-01 22:13 - 2012-06-01 22:13 - 00001036 ____A C:\Users\EternalKharas\Desktop\EVGA Precision.lnk

2012-06-01 20:45 - 2012-07-10 15:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 20:45 - 2012-07-10 15:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 20:40 - 2012-07-10 15:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 20:40 - 2012-07-10 15:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 20:39 - 2012-07-10 15:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-31 20:13 - 2012-03-22 19:27 - 00001050 ____A C:\Users\EternalKharas\Desktop\EVGA Precision X.lnk

2012-05-31 19:54 - 2012-05-31 19:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini

2012-05-31 08:25 - 2010-04-08 00:40 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-25 09:38 - 2012-05-25 09:38 - 00001108 ____A C:\Users\EternalKharas\Documents\sally ansell (2).txt

2012-05-24 19:01 - 2012-05-24 19:01 - 00001362 ____A C:\Users\EternalKharas\Documents\sallyansel(2).txt

2012-05-24 13:38 - 2012-05-24 13:38 - 00187937 ____A C:\Users\EternalKharas\Documents\metropcs payment 052412.xps

2012-05-23 05:55 - 2012-05-23 05:55 - 00002885 ____A C:\Users\EternalKharas\Documents\sallyansel.txt

2012-05-23 01:35 - 2012-05-23 01:35 - 00111345 ____A C:\Users\EternalKharas\Documents\bank transfer 052312.xps

2012-05-22 17:30 - 2012-05-22 17:30 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll

2012-05-22 17:30 - 2012-05-22 17:30 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll

2012-05-22 17:30 - 2012-05-22 17:30 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll

2012-05-22 17:30 - 2012-05-22 17:30 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-05-22 17:29 - 2012-05-22 17:29 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll

2012-05-22 17:29 - 2012-05-22 17:29 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll

2012-05-22 17:29 - 2012-05-22 17:29 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll

2012-05-21 19:30 - 2012-05-21 19:30 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk

2012-05-21 18:18 - 2012-05-21 18:18 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-21 10:28 - 2012-05-21 10:28 - 03896832 ____A C:\Users\EternalKharas\Downloads\ARGALIWYSETUP.EXE

========================= Known DLLs (Whitelisted) ============

　

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%

Total physical RAM: 8190.54 MB

Available physical RAM: 7602.55 MB

Total Pagefile: 8188.82 MB

Available Pagefile: 7621.73 MB

Total Virtual: 2047.88 MB

Available Virtual: 1977.4 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:6.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF

4 Drive f: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 Online 123 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 47 MB 31 KB

Partition 2 Primary 148 GB 48 MB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 47 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 148 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 122 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F USB MEMORY FAT Removable 122 MB Healthy

==================================================================================

Last Boot: 2012-08-07 08:07

======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-17 01:10:49

Running from F:\FarBar recovery tool

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\erdnt\cache\services.exe

[2012-08-15 12:32] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\FRST\Quarantine\services.exe

[2009-07-13 15:11] - [2012-08-13 09:04] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

N9ZN-Extra · Aug 17, 2012

SIREFEF.R and CUTWAIL.BS are on the computer now. I just noticed this and I believe they changed the creation time to 12:33 on 08/17/2012. They did not show up prior to 7:00 am in MS security essentials (MSSE). I have removed both of the infected files via MSSE.
Quarantined TROJAN DOWNLOADER: Win32/cutwail.BS <REMOVED>
Disinfected VIRUS: Win32/Sirefef.R <REMOVED>

I re-ran FRST SCAN and FRST SEARCH (services.exe) they are posted below.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 17-08-2012 07:39:29

Running from G:\FarBar recovery tool

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [273672 2010-10-11] (Microsoft Corp.)

HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1573448 2010-02-18] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [3203144 2010-02-18] (Logitech Inc.)

HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [357448 2010-02-18] (Logitech Inc.)

HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM\...\Run: [ProfilerU] "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [237568 2009-06-03] (Saitek)

HKLM\...\Run: [SaiMfd] "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [131072 2009-06-03] (Saitek)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [163944 2010-04-08] (NVIDIA Corporation)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)

HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)

HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-22] (RealNetworks, Inc.)

HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-05-21] (Apple Inc.)

HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKU\Administrator\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)

HKU\Administrator\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)

HKU\EternalKharas\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)

HKU\EternalKharas\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)

HKU\Guest\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-08] (Samsung Electronics Co., Ltd.)

HKU\Guest\...\Run: [Facebook Update] "C:\Users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Camera Monitor SD.lnk

ShortcutTarget: Camera Monitor SD.lnk -> C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\iReboot 1.1.0.lnk

ShortcutTarget: iReboot 1.1.0.lnk -> C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snap-tite Components E-Catalog - Auto Update.lnk

ShortcutTarget: Snap-tite Components E-Catalog - Auto Update.lnk -> C:\Program Files\Snap-tite\QDecatupdate.exe (Snap-tite Components)

Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\EternalKharas\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

================================ Services (Whitelisted) ==================

2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)

2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] ()

3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)

2 iReboot; "C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe" [9216 2008-04-27] ()

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)

2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2010-05-02] (KSE - Korndörfer Software Engineering)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)

2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] ()

2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [191080 2010-03-22] (NVIDIA)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [167936 2007-01-20] ()

2 StatusAgent4; C:\Windows\system32\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)

2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)

3 CHWBOLOCH; C:\Users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [x]

3 CPETLYED; C:\Users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [x]

========================== Drivers (Whitelisted) =============

2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)

3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-07-12] (Phoenix Technologies)

3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-07-05] ()

1 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2012-05-10] (REALiX(tm))

3 LHidFlt2; C:\Windows\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.)

3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)

3 LMouFlt2; C:\Windows\System32\DRIVERS\LMouFlt2.Sys [70801 2003-12-17] (Logitech, Inc.)

0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [295272 2009-11-11] (NVIDIA Corporation)

3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)

3 physX32; C:\Windows\System32\DRIVERS\physX32.sys [120960 2008-02-29] (AGEIA Technologies, Inc.)

3 RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [4608 2005-05-25] ()

3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [132232 2007-05-01] (Saitek)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-10] (Duplex Secure Ltd.)

3 catchme; \??\C:\Users\ETERNA~1\AppData\Local\Temp\catchme.sys [x]

3 GPU-Z; \??\C:\Users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

　

============ One Month Created Files and Folders ==============

2012-08-15 12:44 - 2012-08-15 12:44 - 00000000 ___SD C:\Computer

2012-08-15 12:36 - 2012-08-15 12:36 - 00000000 ____D C:\found.002

2012-08-11 14:28 - 2012-08-15 12:09 - 04731145 ____R (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe

2012-08-11 14:17 - 2012-08-15 12:44 - 00000000 ____D C:\Qoobox

2012-08-11 14:17 - 2012-08-15 12:32 - 00000000 ____D C:\Windows\erdnt

2012-08-11 14:17 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-08-11 14:17 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-08-11 14:17 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-08-11 14:17 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-08-10 05:24 - 2012-08-10 05:24 - 00000000 ____D C:\FRST

2012-08-09 22:51 - 2012-08-09 22:51 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-08-09 22:09 - 2012-08-09 22:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp

2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps

2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt

2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps

2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps

2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps

2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps

2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps

2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms

2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps

2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt

2012-07-30 15:48 - 2012-07-30 15:49 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp

2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps

2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps

2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps

2012-07-28 05:56 - 2012-07-28 07:26 - 00000000 ____D C:\Users\EternalKharas\Documents\Business donations

2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps

2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Users\All Users\SolarWinds

2012-07-27 17:03 - 2012-07-27 17:03 - 00000000 ____D C:\Program Files\SolarWinds

2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip

2012-07-27 17:02 - 2012-07-27 17:02 - 00000000 ____D C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0

2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm

2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm

2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm

2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm

2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm

2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm

2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm

2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm

2012-07-23 21:15 - 2012-08-01 22:16 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt

2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps

2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps

2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\EternalKharas\Downloads\the_whigs

2012-07-21 09:01 - 2012-07-21 10:29 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip

2012-07-20 22:27 - 2012-07-21 02:13 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt

2012-07-19 05:23 - 2012-07-19 05:24 - 00000000 ____D C:\Program Files\HWiNFO32

2012-07-18 18:16 - 2012-07-18 18:16 - 00000000 ____D C:\found.001

============ 3 Months Modified Files ========================

2012-08-17 03:33 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-17 03:33 - 2010-05-04 16:01 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-17 03:31 - 2010-12-31 18:50 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-17 03:31 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-17 03:31 - 2009-07-13 20:39 - 02146942 ____A C:\Windows\setupact.log

2012-08-17 03:30 - 2011-06-29 04:33 - 01790403 ____A C:\Windows\WindowsUpdate.log

2012-08-17 03:09 - 2012-06-19 07:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-17 02:59 - 2010-12-31 18:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-17 01:40 - 2011-08-28 16:30 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job

2012-08-17 01:40 - 2011-08-28 16:30 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job

2012-08-16 19:22 - 2012-03-19 19:22 - 00203836 __RSH C:\grldr

2012-08-16 19:22 - 2012-03-19 19:22 - 00000000 __RSH C:\winx.ld

2012-08-15 13:01 - 2009-07-13 20:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG

2012-08-15 13:01 - 2009-07-13 20:52 - 00028672 ___AH C:\Windows\System32\config\BCD-Template

2012-08-15 12:25 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini

2012-08-15 12:24 - 2009-07-13 20:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-15 12:23 - 2010-05-04 16:08 - 00149148 ____A C:\Windows\PFRO.log

2012-08-15 12:09 - 2012-08-11 14:28 - 04731145 ____R (Swearware) C:\Users\EternalKharas\Desktop\ComboFix.exe

2012-08-15 12:09 - 2012-04-03 20:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-15 12:09 - 2011-05-19 12:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-08-15 12:05 - 2011-07-01 22:55 - 00007674 ____A C:\Users\EternalKharas\AppData\Local\Resmon.ResmonCfg

2012-08-15 11:00 - 2012-05-04 13:03 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-08-09 22:52 - 2011-01-27 01:11 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-09 22:51 - 2011-06-29 03:46 - 00838082 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-09 14:29 - 2012-07-15 23:12 - 00000345 ____A C:\Users\EternalKharas\Desktop\MUSIC CODES (MARLBORO).txt

2012-08-09 04:21 - 2012-07-09 02:48 - 00009549 ____A C:\Users\EternalKharas\Desktop\crash.txt

2012-08-08 08:24 - 2012-08-08 08:24 - 00155840 ____A C:\Windows\Minidump\080812-25911-01.dmp

2012-08-07 09:02 - 2012-08-07 09:02 - 00111487 ____A C:\Users\EternalKharas\Documents\bank transfer 080712(2).xps

2012-08-07 05:49 - 2012-08-07 05:49 - 00000124 ____A C:\Users\EternalKharas\Desktop\HOME PAGE.txt

2012-08-07 04:07 - 2012-08-07 04:07 - 00111173 ____A C:\Users\EternalKharas\Documents\bank transfer 080712.xps

2012-08-03 07:29 - 2012-08-03 07:29 - 00196947 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage E-mailconfirmnation080312.xps

2012-08-03 07:00 - 2012-08-03 07:00 - 00159584 ____A C:\Users\EternalKharas\Documents\BrightHouse080312.xps

2012-08-03 05:54 - 2012-08-03 05:54 - 00111378 ____A C:\Users\EternalKharas\Documents\bank transfer 080312.xps

2012-08-03 04:56 - 2012-08-03 04:56 - 00117132 ____A C:\Users\EternalKharas\Documents\MetroSelfStorage080312.xps

2012-08-03 03:50 - 2012-08-03 03:50 - 00000318 ____A C:\Users\EternalKharas\Desktop\Curse Client.appref-ms

2012-08-02 13:14 - 2012-08-02 13:14 - 00110956 ____A C:\Users\EternalKharas\Documents\bank transfer 080212.xps

2012-08-01 22:16 - 2012-07-23 21:15 - 00008655 ____A C:\Users\EternalKharas\Desktop\Christina.txt

2012-07-31 21:32 - 2012-07-31 21:32 - 00000097 ____A C:\Users\EternalKharas\Desktop\sephora.txt

2012-07-30 15:49 - 2012-07-30 15:48 - 00159552 ____A C:\Windows\Minidump\073012-34491-01.dmp

2012-07-30 14:38 - 2012-07-30 14:38 - 00161846 ____A C:\Users\EternalKharas\Documents\THIAGO2.xps

2012-07-30 14:10 - 2012-07-30 14:10 - 00111119 ____A C:\Users\EternalKharas\Documents\bank transfer 073012.xps

2012-07-29 00:43 - 2012-07-29 00:43 - 00111225 ____A C:\Users\EternalKharas\Documents\bank transfer 072912.xps

2012-07-27 21:14 - 2012-07-27 21:14 - 00111373 ____A C:\Users\EternalKharas\Documents\bank transfer 072812.xps

2012-07-27 17:02 - 2012-07-27 17:02 - 00922042 ____A C:\Users\EternalKharas\Downloads\SolarWinds-Permissions-Analyzer-v1.0.0.zip

2012-07-24 02:17 - 2012-07-24 02:17 - 00001794 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(11).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00106888 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(10).htm

2012-07-24 02:16 - 2012-07-24 02:16 - 00102602 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(9).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00165939 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(6).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00138056 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(8).htm

2012-07-24 02:15 - 2012-07-24 02:15 - 00134007 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(7).htm

2012-07-24 02:14 - 2012-07-24 02:14 - 00104885 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(5).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00072213 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(9).htm

2012-07-24 02:13 - 2012-07-24 02:13 - 00056712 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(10).htm

2012-07-24 02:12 - 2012-07-24 02:12 - 00095829 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(8).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00115579 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(7).htm

2012-07-24 02:11 - 2012-07-24 02:11 - 00113343 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(6).htm

2012-07-24 02:10 - 2012-07-24 02:10 - 00155229 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(5).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00190068 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(3).htm

2012-07-24 02:00 - 2012-07-24 02:00 - 00181032 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(4).htm

2012-07-24 01:56 - 2012-07-24 01:56 - 00081496 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(4).htm

2012-07-24 01:55 - 2012-07-24 01:55 - 00070096 ____A C:\Users\EternalKharas\Documents\READPMArchive_2012-07-24(3).htm

2012-07-24 01:54 - 2012-07-24 01:54 - 00116002 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24(2).htm

2012-07-24 01:53 - 2012-07-24 01:53 - 00115839 ____A C:\Users\EternalKharas\Documents\SENTPMArchive_2012-07-24.htm

2012-07-23 15:04 - 2012-07-23 15:04 - 00246295 ____A C:\Users\EternalKharas\Documents\Thiago's order 1.xps

2012-07-23 13:12 - 2012-07-23 13:12 - 00111120 ____A C:\Users\EternalKharas\Documents\bank transfer THIAGO 1.xps

2012-07-21 10:29 - 2012-07-21 09:01 - 07251231 ____A C:\Users\EternalKharas\Downloads\the_whigs.zip

2012-07-21 02:13 - 2012-07-20 22:27 - 00002961 ____A C:\Users\EternalKharas\Desktop\Stacy.txt

2012-07-16 23:24 - 2012-07-16 23:24 - 00000524 ____A C:\Users\EternalKharas\Desktop\Turn off Media Center Updates.htm

2012-07-16 06:13 - 2012-07-16 06:13 - 00111145 ____A C:\Users\EternalKharas\Documents\bank transfer 071612.xps

2012-07-14 22:49 - 2012-07-14 22:49 - 00136219 ____A C:\Users\EternalKharas\Documents\newegg071512.xps

2012-07-13 10:43 - 2012-07-13 10:43 - 00111413 ____A C:\Users\EternalKharas\Documents\bank transfer 071312.xps

2012-07-12 19:28 - 2012-07-12 19:28 - 00110872 ____A C:\Users\EternalKharas\Documents\bank transfer 071212.xps

2012-07-12 00:15 - 2012-07-12 00:15 - 00159400 ____A C:\Users\EternalKharas\Documents\BrightHouse071212.xps

2012-07-11 01:42 - 2012-07-11 01:42 - 00153512 ____A C:\Windows\Minidump\071112-36660-01.dmp

2012-07-10 23:39 - 2009-07-13 20:33 - 00415344 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-10 23:01 - 2011-07-14 03:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 18:58 - 2012-07-10 18:58 - 00014336 ____A C:\Users\EternalKharas\Desktop\PAST and PRESENT.xls

2012-07-09 19:41 - 2010-06-11 02:33 - 00001220 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-07-09 08:08 - 2012-07-09 08:08 - 00111187 ____A C:\Users\EternalKharas\Documents\bank transfer 070912.xps

2012-07-08 17:25 - 2012-07-08 17:25 - 00224817 ____A C:\Users\EternalKharas\Desktop\Bubble.xps

2012-07-06 23:51 - 2012-07-06 23:51 - 00110723 ____A C:\Users\EternalKharas\Documents\bank transfer 070712.xps

2012-07-06 13:08 - 2012-07-06 12:46 - 00000724 ____A C:\Users\EternalKharas\Desktop\bigmyke.txt

2012-07-02 03:22 - 2012-07-02 03:22 - 00135354 ____A C:\Users\EternalKharas\Desktop\NeweggOrder.xps

2012-07-02 01:20 - 2012-07-02 01:20 - 00001226 ____A C:\Users\EternalKharas\Desktop\Revo Uninstaller.lnk

2012-07-01 09:04 - 2012-07-01 09:04 - 00110732 ____A C:\Users\EternalKharas\Documents\bank transfer 070112.xps

2012-06-29 23:05 - 2012-06-29 23:05 - 00020622 ____A C:\Users\EternalKharas\Documents\Backup of GTX480.wbk

2012-06-29 22:47 - 2012-06-27 08:38 - 00003940 ____A C:\Users\EternalKharas\Documents\GTX480.txt

2012-06-27 20:53 - 2012-06-27 08:57 - 00000193 ____A C:\Users\EternalKharas\Documents\GTX.txt

2012-06-26 12:33 - 2012-06-26 12:33 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (2).exe

2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2.exe

2012-06-26 12:30 - 2012-06-26 12:30 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\EternalKharas\Downloads\GPU-Z.0.6.2 (1).exe

2012-06-25 12:19 - 2012-05-06 23:24 - 00209920 __ASH C:\Users\EternalKharas\Documents\Thumbs.db

2012-06-25 12:14 - 2012-06-25 12:03 - 00001766 ____A C:\Users\EternalKharas\Desktop\LCD Calculator v2.Vbs

2012-06-25 07:54 - 2012-06-25 07:54 - 00111388 ____A C:\Users\EternalKharas\Documents\bank transfer 062512.xps

2012-06-22 18:31 - 2012-06-22 18:30 - 00151229 ____A C:\Users\EternalKharas\Documents\WOW CARD 062212.xps

2012-06-22 03:11 - 2012-06-22 03:11 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter (1).vcf

2012-06-22 03:09 - 2012-06-22 03:09 - 00000274 ____A C:\Users\EternalKharas\Downloads\Performance_PC's_Newsletter.vcf

2012-06-21 23:35 - 2012-06-21 23:35 - 00187801 ____A C:\Users\EternalKharas\Documents\metropcs payment 062212.xps

2012-06-19 06:41 - 2012-06-19 06:41 - 00111381 ____A C:\Users\EternalKharas\Documents\bank transfer 061912.xps

2012-06-19 03:06 - 2012-06-19 03:06 - 00158616 ____A C:\Windows\Minidump\061912-24164-01.dmp

2012-06-19 01:30 - 2012-06-19 01:30 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk

2012-06-17 01:10 - 2012-06-17 01:10 - 00130488 ____A C:\Users\EternalKharas\Documents\Toshiba repair disk.xps

2012-06-16 06:46 - 2012-06-16 06:46 - 00111031 ____A C:\Users\EternalKharas\Documents\bank transfer 061612.xps

2012-06-11 18:40 - 2012-07-10 23:01 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-11 06:48 - 2012-06-11 06:48 - 00110917 ____A C:\Users\EternalKharas\Documents\bank transfer 061112.xps

2012-06-09 13:10 - 2012-06-09 13:10 - 00111512 ____A C:\Users\EternalKharas\Documents\bank transfer 060912(2).xps

2012-06-09 12:58 - 2012-06-09 12:58 - 00111496 ____A C:\Users\EternalKharas\Documents\bank transfer 060912.xps

2012-06-08 20:41 - 2012-07-10 15:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 18:47 - 2012-06-08 18:47 - 00111386 ____A C:\Users\EternalKharas\Documents\bank transfer 060812.xps

2012-06-08 11:23 - 2012-06-08 11:23 - 00001219 ___AH C:\Windows\System32\config\Journal - Shortcut.lnk

2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\userdiff - Shortcut.lnk

2012-06-08 11:23 - 2012-06-08 11:23 - 00000914 ___AH C:\Windows\System32\config\software - Shortcut.lnk

2012-06-08 11:23 - 2012-06-08 11:23 - 00000902 ___AH C:\Windows\System32\config\system - Shortcut.lnk

2012-06-08 09:42 - 2012-06-08 09:25 - 1060726784 ____A C:\Users\EternalKharas\Desktop\jonathan.iso

2012-06-05 21:05 - 2012-07-10 15:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 21:05 - 2012-07-10 15:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 21:03 - 2012-07-10 15:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-04 04:29 - 2012-06-04 04:29 - 00111204 ____A C:\Users\EternalKharas\Documents\bank transfer 060412.xps

2012-06-02 14:19 - 2012-06-20 17:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-20 17:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-20 17:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-20 17:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-20 17:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-20 17:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-20 17:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-20 17:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:12 - 2012-06-20 17:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:07 - 2012-07-10 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 00:43 - 2012-07-10 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 00:33 - 2012-07-10 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 00:26 - 2012-07-10 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 00:25 - 2012-07-10 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 00:25 - 2012-07-10 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 00:23 - 2012-07-10 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 00:21 - 2012-07-10 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 00:20 - 2012-07-10 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 00:19 - 2012-07-10 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 00:19 - 2012-07-10 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 00:17 - 2012-07-10 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 00:16 - 2012-07-10 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 00:14 - 2012-07-10 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-01 22:13 - 2012-06-01 22:13 - 00001036 ____A C:\Users\EternalKharas\Desktop\EVGA Precision.lnk

2012-06-01 20:45 - 2012-07-10 15:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 20:45 - 2012-07-10 15:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 20:40 - 2012-07-10 15:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 20:40 - 2012-07-10 15:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 20:39 - 2012-07-10 15:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-31 20:13 - 2012-03-22 19:27 - 00001050 ____A C:\Users\EternalKharas\Desktop\EVGA Precision X.lnk

2012-05-31 19:54 - 2012-05-31 19:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini

2012-05-31 08:25 - 2010-04-08 00:40 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-25 09:38 - 2012-05-25 09:38 - 00001108 ____A C:\Users\EternalKharas\Documents\sally ansell (2).txt

2012-05-24 19:01 - 2012-05-24 19:01 - 00001362 ____A C:\Users\EternalKharas\Documents\sallyansel(2).txt

2012-05-24 13:38 - 2012-05-24 13:38 - 00187937 ____A C:\Users\EternalKharas\Documents\metropcs payment 052412.xps

2012-05-23 05:55 - 2012-05-23 05:55 - 00002885 ____A C:\Users\EternalKharas\Documents\sallyansel.txt

2012-05-23 01:35 - 2012-05-23 01:35 - 00111345 ____A C:\Users\EternalKharas\Documents\bank transfer 052312.xps

2012-05-22 17:30 - 2012-05-22 17:30 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll

2012-05-22 17:30 - 2012-05-22 17:30 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll

2012-05-22 17:30 - 2012-05-22 17:30 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll

2012-05-22 17:30 - 2012-05-22 17:30 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-05-22 17:29 - 2012-05-22 17:29 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll

2012-05-22 17:29 - 2012-05-22 17:29 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll

2012-05-22 17:29 - 2012-05-22 17:29 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll

2012-05-21 19:30 - 2012-05-21 19:30 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk

2012-05-21 18:18 - 2012-05-21 18:18 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-21 10:28 - 2012-05-21 10:28 - 03896832 ____A C:\Users\EternalKharas\Downloads\ARGALIWYSETUP.EXE

========================= Known DLLs (Whitelisted) ============

　

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%

Total physical RAM: 8190.54 MB

Available physical RAM: 7600.9 MB

Total Pagefile: 8188.82 MB

Available Pagefile: 7620.83 MB

Total Virtual: 2047.88 MB

Available Virtual: 1977.38 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:5.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]

2 Drive d: () (Fixed) (Total:224.08 GB) (Free:82.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]

3 Drive e: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF

5 Drive g: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 Online 232 GB 3072 KB

Disk 2 Online 123 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 47 MB 31 KB

Partition 2 Primary 148 GB 48 MB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 FAT Partition 47 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 148 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 224 GB 1024 KB

Partition 2 OEM 8 GB 224 GB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 224 GB Healthy

==================================================================================

Disk: 1

Partition 2

Type : 12

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 Respawn Rec NTFS Partition 8 GB Healthy Hidden

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 122 MB 16 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB MEMORY FAT Removable 122 MB Healthy

==================================================================================

Last Boot: 2012-08-16 22:41

======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-17 07:44:08

Running from G:\FarBar recovery tool

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\erdnt\cache\services.exe

[2012-08-15 12:32] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\FRST\Quarantine\services.exe

[2009-07-13 15:11] - [2012-08-13 09:04] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

Jay Pfoutz · Aug 17, 2012

C:\Windows\System32\services.exe => MD5 is legit

Services.exe is not infected. That is a false positive from MSE, because it is detecting it in one of the quarantine directories. Since the threats are reliably contained inside the quarantine, they won't be a problem.

But, the quarantines should be deleted after cleanup.

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

N9ZN-Extra · Aug 17, 2012

I understand what your saying on the false positive. When I notice those alerts I failed to remember MSSE did not know about the quarantine areas for other software, ie: combofix.

ComboFix ran more than 50 passes before finishing. The log is below.
ComboFix 12-08-15.01 - EternalKharas 08/17/2012 19:50:46.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1922 [GMT -4:00]
Running from: c:\users\EternalKharas\Desktop\ComboFix.exe
Command switches used :: c:\users\EternalKharas\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 00:00 . 2012-08-18 00:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-18 00:00 . 2012-08-18 00:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-18 00:00 . 2012-08-18 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 00:00 . 2012-08-18 00:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-17 23:42 . 2012-08-17 23:42 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AECFD62-FDC9-4E21-8670-7F03814ECC7F}\MpKslfa8c3c54.sys
2012-08-17 03:36 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AECFD62-FDC9-4E21-8670-7F03814ECC7F}\mpengine.dll
2012-08-15 20:48 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 20:44 . 2012-08-15 20:44 -------- d-----w- C:\Computer
2012-08-15 20:36 . 2012-08-15 20:36 -------- d-----w- C:\found.002
2012-08-10 13:24 . 2012-08-10 13:24 -------- d-----w- C:\FRST
2012-08-10 06:52 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96B73A2B-01A7-4A16-92EC-17A812AFD9F2}\gapaengine.dll
2012-08-10 06:51 . 2012-08-10 06:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-10 06:09 . 2012-08-10 06:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-28 01:03 . 2012-07-28 01:03 -------- d-----w- c:\programdata\SolarWinds
2012-07-28 01:03 . 2012-07-28 01:03 -------- d-----w- c:\program files\SolarWinds
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-07-19 13:23 . 2012-07-19 13:24 -------- d-----w- c:\program files\HWiNFO32
2012-07-19 02:16 . 2012-07-19 02:16 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 20:09 . 2012-04-04 04:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 20:09 . 2011-05-19 20:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-07 02:33 . 2012-07-07 02:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-07 02:33 . 2012-07-07 02:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-07 02:33 . 2012-07-07 02:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-07 02:33 . 2012-07-07 02:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-12 02:40 . 2012-07-11 07:01 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-10 23:01 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:01 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:01 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 01:46 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:46 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:46 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:46 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 01:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 01:46 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 01:46 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 01:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 01:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 07:04 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 07:04 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 07:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 07:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 07:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-10 23:01 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 23:01 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 23:01 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 23:01 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 23:01 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2010-04-08 08:40 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-23 01:29 . 2012-05-23 01:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-23 01:29 . 2012-05-23 01:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_20.25.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-29 15:01 . 2012-08-17 23:43 56658 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-17 23:44 46382 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-29 14:47 . 2012-08-17 23:44 14014 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1850465905-1816852967-2060930716-1000_UserData.bin
- 2011-06-29 18:42 . 2012-08-15 16:15 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2011-06-29 18:42 . 2012-08-17 11:00 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2011-06-29 11:46 . 2012-08-17 23:58 98304 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-29 11:46 . 2012-08-15 20:09 98304 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2012-08-17 11:22 88968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-08-15 18:53 . 2012-08-15 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 23:41 . 2012-08-17 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 23:41 . 2012-08-17 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-15 18:53 . 2012-08-15 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-29 11:46 . 2012-08-17 23:58 933888 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-29 11:46 . 2012-08-15 20:09 933888 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-08-17 23:58 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-08-15 20:09 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:47 . 2012-08-14 21:08 394236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-08-17 12:41 394236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearmhelper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2012-08-15 22:14 . 2012-08-17 11:19 4355096 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-05-16 00:30 . 2012-08-17 12:41 3549624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-15 14:20 . 2012-08-16 01:00 2435163 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1850465905-1816852967-2060930716-1000-12288.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2010-05-05 06:06 . 2012-08-17 12:41 10334276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1850465905-1816852967-2060930716-1000-8192.dat
+ 2010-11-21 00:46 . 2012-08-17 12:41 33019664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1850465905-1816852967-2060930716-1000-4096.dat
+ 2012-08-14 20:42 . 2012-08-14 20:42 13123584 c:\windows\Installer\3f6c8.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-08 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-05-23 296056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-05-22 421888]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
c:\users\EternalKharas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-2 0]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-5-14 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-7-25 541976]
iReboot 1.1.0.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2008-4-27 205312]
Snap-tite Components E-Catalog - Auto Update.lnk - c:\program files\Snap-tite\QDecatupdate.exe [2011-9-17 189648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CHWBOLOCH;CHWBOLOCH;c:\users\ETERNA~1\AppData\Local\Temp\CHWBOLOCH.exe [x]
R3 CPETLYED;CPETLYED;c:\users\ETERNA~1\AppData\Local\Temp\CPETLYED.exe [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GPU-Z;GPU-Z;c:\users\ETERNA~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [x]
S1 MpKslfa8c3c54;MpKslfa8c3c54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AECFD62-FDC9-4E21-8670-7F03814ECC7F}\MpKslfa8c3c54.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [x]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL488B0B2E
*NewlyCreated* - MPKSLFA8C3C54
*Deregistered* - MpKsl488b0b2e
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:09]
.
2012-08-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000Core.job
- c:\users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-29 09:35]
.
2012-08-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1850465905-1816852967-2060930716-1000UA.job
- c:\users\EternalKharas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-29 09:35]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 02:50]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 02:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = about:blank
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: frozencpu.com\www
Trusted Zone: newegg.com\secure
Trusted Zone: newegg.com\www
Trusted Zone: sidewinder.com\www
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://173.74.122.228:8150/en/cab/ipcamera.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1850465905-1816852967-2060930716-1000_Classes\VirtualStore\MACHINE\SOFTWARE\DICE\PYTHON]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1850465905-1816852967-2060930716-1000_Classes\VirtualStore\MACHINE\SOFTWARE\PandeGroup\Folding@home]
@Class="Folding@Home"
@DACL=(02 0000)
"UserID"=hex:52,9f,82,51,24,a7,12,23
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3348)
c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
Completion time: 2012-08-17 20:03:21
ComboFix-quarantined-files.txt 2012-08-18 00:03
ComboFix2.txt 2012-08-15 20:34
.
Pre-Run: 6,109,794,304 bytes free
Post-Run: 6,029,668,352 bytes free
.
- - End Of File - - 076FF0BEEB38F985D6102153CF5370A8

Jay Pfoutz · Aug 18, 2012

Please run the F-Secure Online Scanner

Accept the License Agreement and check the box. Then click on Run Check.
It will ask you to Run the Java plugin. Please confirm.
Once the download completes, the window for the scanner will launch.
Please confirm anymore prompts, and then select Full Scan.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
It will run its cleaning.
Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.

Solved Sirefef - 1 minute boot loop

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Attachments

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Similar threads