TechSpot

Sirefef.b affecting Services.exe

By Fr33m4s0n
Jul 10, 2012
  1. I have FEP2010 installed, it detected SIREFEF.B has affected services.exe
    While attempting to clean it using FEP2010, Windows advises it needs to shutdown.
     
  2. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.10.05
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Paul :: DAKESPC [administrator]
    Protection: Enabled
    10/07/2012 5:05:46 PM
    mbam-log-2012-07-10 (17-05-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 230098
    Time elapsed: 2 minute(s), 54 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  3. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-10 17:17:42
    Windows 6.1.7601 Service Pack 1
    Running: qwepz61z.exe

    ---- Files - GMER 1.0.15 ----
    File C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\LX2T87HE.txt 0 bytes
    File C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Z3WQCDNM.txt 0 bytes
    ---- EOF - GMER 1.0.15 ----
     
  4. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Paul at 17:19:49 on 2012-07-10
    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8126.6238 [GMT 8:00]
    .
    AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\perfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.47\npchrome_frame.dll
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.empired.com/CACHE/stc/2/binaries/vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1C856C38-FB42-4CBE-B3FA-B9047A5E1FEF} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{79908AE1-04D7-472A-8067-C4371104BEF6} : DhcpNameServer = 198.142.0.51 61.88.88.88
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.47\npchrome_frame.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 relog_ap
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.47\npchrome_frame.dll
    BHO-X64: ChromeFrame BHO - No File
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375176]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
    R2 MaxSch2Svc;Maxtor Scheduler2 Service;C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe [2008-6-27 605976]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-4 427192]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-10 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-30 1262400]
    .
    =============== Created Last 30 ================
    .
    2012-07-10 09:03:40 328704 ----a-w- C:\Windows\System32\services.exe.A61724CFD5A8E355
    2012-07-10 09:00:45 -------- d-----w- C:\Users\Paul\AppData\Roaming\Malwarebytes
    2012-07-10 09:00:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-10 09:00:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-10 09:00:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-10 08:49:29 328704 ----a-w- C:\Windows\System32\services.exe.CB33D352F8801EE5
    2012-07-10 08:46:36 328704 ----a-w- C:\Windows\System32\services.exe.499499393379264B
    2012-07-10 08:33:40 328704 ----a-w- C:\Windows\System32\services.exe.60B726C27681222D
    2012-07-10 08:20:17 328704 ----a-w- C:\Windows\System32\services.exe.4A5DFD09C35113B3
    2012-07-10 08:17:00 328704 ----a-w- C:\Windows\System32\services.exe.29D21262F278C3DF
    2012-07-10 08:16:29 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46EBE986-2AC4-4CE0-9BDD-62CDCFFE1CDF}\offreg.dll
    2012-07-10 08:11:19 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{334B4517-DD82-4A01-8F1D-285EEF9CC44A}\gapaengine.dll
    2012-07-10 08:11:15 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46EBE986-2AC4-4CE0-9BDD-62CDCFFE1CDF}\mpengine.dll
    2012-07-10 08:08:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-10 08:08:32 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-10 07:24:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-07-10 07:24:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-10 05:33:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-02 11:13:19 -------- d-----w- C:\Users\Paul\AppData\Local\SIX_Projects
    2012-06-30 15:40:03 -------- d-----r- C:\Program Files (x86)\Skype
    2012-06-30 12:22:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
    2012-06-30 12:22:00 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
    2012-06-30 12:22:00 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
    2012-06-30 12:22:00 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
    2012-06-30 12:22:00 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
    2012-06-30 12:22:00 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
    2012-06-30 12:22:00 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
    2012-06-30 12:22:00 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
    2012-06-30 12:22:00 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
    2012-06-30 12:22:00 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
    2012-06-30 12:21:59 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
    2012-06-30 12:21:59 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
    2012-06-30 12:21:15 -------- d-----w- C:\NVIDIA
    2012-06-30 11:56:47 -------- d-----w- C:\Program Files (x86)\EVGA Precision
    2012-06-30 04:59:42 -------- d-----w- C:\Users\Paul\AppData\Roaming\six-updater
    2012-06-30 04:59:41 -------- d-----w- C:\Users\Paul\AppData\Roaming\six-zsync
    2012-06-30 04:59:05 -------- d-----w- C:\Program Files (x86)\SIX Projects
    2012-06-30 04:58:42 -------- d-----w- C:\Users\Paul\AppData\Local\Downloaded Installations
    2012-06-30 04:45:24 -------- d-----w- C:\Users\Paul\AppData\Local\ArmA 2 OA
    2012-06-30 04:41:50 -------- d-----w- C:\Users\Paul\AppData\Local\ArmA 2
    2012-06-30 04:40:59 506728 ----a-w- C:\Windows\System32\d3dx10_34.dll
    2012-06-27 13:51:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-21 13:17:51 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 13:17:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 13:17:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 13:17:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-14 07:04:23 -------- d-----w- C:\Users\Paul\AppData\Roaming\Woeb
    .
    ==================== Find3M ====================
    .
    2012-05-25 00:06:22 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2012-05-25 00:06:22 80768 ----a-w- C:\Windows\System32\LMIinit.dll
    2012-05-25 00:06:22 34688 ----a-w- C:\Windows\System32\LMIport.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-15 10:48:00 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48:00 68928 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-05-15 10:48:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-05-15 10:48:00 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
    2012-05-15 10:48:00 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-05-15 10:48:00 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
    2012-05-15 10:48:00 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
    2012-05-15 10:48:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-14 18:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 17:20:24.52 ===============
     
  5. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/01/2006 1:15:21 AM
    System Uptime: 10/07/2012 5:05:00 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DP965LT
    Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz | J1PR | 1862/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 36.223 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 23.44 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_514D8086&REV_02\3&2B8E0B4B&0&18
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_514D8086&REV_02\3&2B8E0B4B&0&18
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP97: 4/07/2012 11:28:13 AM - Windows Update
    RP98: 4/07/2012 6:27:21 PM - Windows Update
    RP99: 8/07/2012 11:51:34 AM - Windows Update
    RP100: 10/07/2012 2:14:56 PM - Installed Microsoft Fix it 50123
    RP101: 10/07/2012 2:16:01 PM - Restore Operation
    RP102: 10/07/2012 2:33:27 PM - Removed Windows Mobile 5.0 SDK R2 for Pocket PC
    RP103: 10/07/2012 2:33:58 PM - Removed Windows Mobile 5.0 SDK R2 for Smartphone
    .
    ==== Installed Programs ======================
    .
    .
    Adobe AIR
    Adobe Community Help
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 8.1.0
    Apple Application Support
    Apple Software Update
    ARMA 2
    ARMA 2: Operation Arrowhead
    µTorrent
    Avidemux 2.5
    BattlEye for OA Uninstall
    BattlEye Uninstall
    Cisco AnyConnect VPN Client
    Cisco Packet Tracer 5.3
    Cool MP3 Splitter 2.02
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    EASEUS Data Recovery Wizard Professional 4.3.6
    EPSON Scan
    EVGA Precision 2.0.1
    Flash Movie Player 1.5
    Google Chrome Frame
    Google Earth Plug-in
    Google Update Helper
    HandBrake 0.9.6
    Heroes of Newerth
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
    Java Auto Updater
    Java(TM) 6 Update 30
    LogMeIn
    Malwarebytes Anti-Malware version 1.61.0.1400
    Maxtor MaxBlast
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Document Explorer 2008
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Communicator 2007 R2
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio Team System 2008 Development Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MSVCRT
    NavDesk 7.30
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PDF Settings CS5
    QuickTime
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Six Updater
    Skype™ 5.10
    Spybot - Search & Destroy
    Steam
    Subtitle Edit 3.2.7
    TreeSize Free V2.7
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
    VC Runtimes MSI
    Visual CertExam Suite 1.9
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VLC media player 2.0.0
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/07/2012 8:15:18 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    7/07/2012 1:33:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    4/07/2012 7:16:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    10/07/2012 5:05:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/07/2012 5:05:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    10/07/2012 5:05:17 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/07/2012 5:05:15 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    10/07/2012 4:07:49 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    10/07/2012 4:07:28 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/07/2012 4:07:27 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/07/2012 2:18:11 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    10/07/2012 2:18:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10/07/2012 12:24:01 PM, Error: Schannel [36888] - The following fatal alert was generated: 48. The internal error state is 552.
    10/07/2012 12:24:01 PM, Error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
    10/07/2012 1:10:04 PM, Error: Service Control Manager [7031] - The Microsoft Network Inspection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Download Farbar Recovery Scan Tool and save it to a flash drive.0

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
    Additional Scan Using FRST

    Please also search...

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  7. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
    Ran by SYSTEM at 10-07-2012 20:24:51
    Running from F:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-29] (Microsoft Corporation)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
    HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey [5164120 2012-05-14] (Microsoft Corporation)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-03] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Lsa: [Authentication Packages] msv1_0
    relog_ap
    ==================== Services (Whitelisted) ======
    2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-24] (LogMeIn, Inc.)
    4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-24] (LogMeIn, Inc.)
    4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-15] (LogMeIn, Inc.)
    2 MaxSch2Svc; "C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe" [605976 2008-06-27] (Maxtor)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-03] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2010-11-10] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29293408 2010-12-10] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-06] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [282616 2010-11-10] (Microsoft Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
    ========================== Drivers (Whitelisted) =============
    2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-15] (LogMeIn, Inc.)
    3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-15] (LogMeIn, Inc.)
    2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-15] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-03] (Malwarebytes Corporation)
    3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [446304 2010-04-06] (Ralink Technology, Corp.)
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2012-03-19] (Acronis)
    0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2012-03-19] (Acronis)
    2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2012-03-19] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2012-03-19] (Acronis)
    3 VSPerfDrv90; \??\C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [71024 2007-09-04] (Microsoft Corporation)
    4 LMIRfsClientNP; [x]
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-07-10 04:19 - 2012-07-10 20:24 - 00000000 ____D C:\FRST
    2012-07-10 04:17 - 2012-07-10 04:17 - 01434401 ____A (Farbar) C:\Users\Paul\Downloads\FRST64.exe
    2012-07-10 01:17 - 2012-07-10 01:17 - 00000370 ____A C:\Users\Paul\Desktop\gmer.log
    2012-07-10 01:10 - 2012-07-10 01:10 - 00302592 ____A C:\Users\Paul\Downloads\qwepz61z.exe
    2012-07-10 01:03 - 2012-07-10 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A61724CFD5A8E355
    2012-07-10 01:00 - 2012-07-10 01:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-10 01:00 - 2012-07-10 01:00 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes
    2012-07-10 01:00 - 2012-07-10 01:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-10 01:00 - 2012-07-10 01:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-10 01:00 - 2012-04-03 23:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-10 00:59 - 2012-07-10 01:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-10 00:49 - 2012-07-10 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB33D352F8801EE5
    2012-07-10 00:46 - 2012-07-10 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.499499393379264B
    2012-07-10 00:33 - 2012-07-10 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60B726C27681222D
    2012-07-10 00:20 - 2012-07-10 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5DFD09C35113B3
    2012-07-10 00:17 - 2012-07-10 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D21262F278C3DF
    2012-07-10 00:08 - 2012-07-10 00:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-10 00:08 - 2012-07-10 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-09 23:28 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120710-152822.backup
    2012-07-09 23:25 - 2012-07-09 23:25 - 00001262 ____A C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
    2012-07-09 23:24 - 2012-07-09 23:59 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-07-09 23:24 - 2012-07-09 23:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-09 22:33 - 2012-07-09 22:33 - 00008201 ____A C:\Users\Paul\Documents\Uninstall STAR WARS The Old Republic.log
    2012-07-09 22:26 - 2012-07-10 02:08 - 00007640 ____A C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
    2012-07-09 22:20 - 2012-07-09 22:20 - 00000036 ____A C:\Users\Paul\AppData\Local\housecall.guid.cache
    2012-07-09 21:33 - 2012-07-09 21:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-05 23:22 - 2012-07-05 23:22 - 00563099 ____A C:\Users\Paul\Desktop\MCP Monthly Service Delivery Report June 2012 server .docm
    2012-07-02 03:13 - 2012-07-02 03:13 - 00000000 ____D C:\Users\Paul\AppData\Local\SIX_Projects
    2012-06-30 07:40 - 2012-07-09 22:19 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
    2012-06-30 07:40 - 2012-07-09 22:17 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-06-30 07:40 - 2012-06-30 07:40 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-30 07:39 - 2012-07-09 03:11 - 00000000 ____D C:\Users\All Users\Skype
    2012-06-30 04:22 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-06-30 04:22 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-06-30 04:22 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-06-30 04:21 - 2012-06-30 04:21 - 00000000 ____D C:\NVIDIA
    2012-06-30 04:21 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-06-30 04:21 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-06-30 04:15 - 2012-07-10 01:05 - 00000840 ____A C:\Windows\setupact.log
    2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-30 03:56 - 2012-06-30 04:02 - 00000000 ____D C:\Program Files (x86)\EVGA Precision
    2012-06-30 03:56 - 2012-06-30 03:56 - 00001078 ____A C:\Users\Paul\Desktop\EVGA Precision.lnk
    2012-06-29 20:59 - 2012-07-09 03:11 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
    2012-06-29 20:59 - 2012-07-09 03:11 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
    2012-06-29 20:59 - 2012-07-02 03:13 - 00000000 ____D C:\Users\Paul\AppData\Roaming\six-updater
    2012-06-29 20:59 - 2012-06-29 20:59 - 00000000 ____D C:\Users\Paul\AppData\Roaming\six-zsync
    2012-06-29 20:59 - 2012-06-29 20:59 - 00000000 ____D C:\Program Files (x86)\SIX Projects
    2012-06-29 20:58 - 2012-07-09 22:17 - 00000000 ____D C:\Users\Paul\AppData\Local\Downloaded Installations
    2012-06-29 20:45 - 2012-07-10 01:33 - 00000000 ____D C:\Users\Paul\AppData\Local\ArmA 2 OA
    2012-06-29 20:43 - 2010-02-03 18:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2012-06-29 20:43 - 2010-02-03 18:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2012-06-29 20:43 - 2009-09-04 01:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2012-06-29 20:43 - 2009-09-04 01:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2012-06-29 20:43 - 2009-09-04 01:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2012-06-29 20:43 - 2009-09-04 01:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2012-06-29 20:43 - 2009-09-04 01:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2012-06-29 20:43 - 2009-09-04 01:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2012-06-29 20:43 - 2009-09-04 01:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2012-06-29 20:43 - 2008-10-26 18:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2012-06-29 20:43 - 2008-07-30 18:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2012-06-29 20:43 - 2008-07-30 18:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2012-06-29 20:43 - 2008-07-30 18:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2012-06-29 20:43 - 2008-07-30 18:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2012-06-29 20:43 - 2008-07-30 18:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2012-06-29 20:43 - 2008-07-30 18:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2012-06-29 20:41 - 2012-07-09 22:17 - 00000000 ____D C:\Users\Paul\Documents\ArmA 2
    2012-06-29 20:41 - 2012-06-29 20:42 - 00000000 ____D C:\Users\Paul\AppData\Local\ArmA 2
    2012-06-29 20:41 - 2009-03-15 22:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2012-06-29 20:41 - 2009-03-15 22:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2012-06-29 20:41 - 2009-03-15 22:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2012-06-29 20:41 - 2009-03-15 22:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2012-06-29 20:41 - 2009-03-15 22:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2012-06-29 20:41 - 2009-03-15 22:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2012-06-29 20:41 - 2009-03-08 23:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2012-06-29 20:41 - 2009-03-08 23:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2012-06-29 20:41 - 2009-03-08 23:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2012-06-29 20:41 - 2009-03-08 23:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2012-06-29 20:41 - 2008-10-14 14:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2012-06-29 20:41 - 2008-10-14 14:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2012-06-29 20:41 - 2008-10-14 14:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2012-06-29 20:41 - 2008-10-14 14:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2012-06-29 20:41 - 2008-10-14 14:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2012-06-29 20:41 - 2008-10-14 14:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2012-06-29 20:41 - 2008-07-09 19:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2012-06-29 20:41 - 2008-07-09 19:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2012-06-29 20:41 - 2008-07-09 19:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2012-06-29 20:41 - 2008-07-09 19:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2012-06-29 20:41 - 2008-07-09 19:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2012-06-29 20:41 - 2008-07-09 19:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2012-06-29 20:41 - 2008-05-29 22:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2012-06-29 20:41 - 2008-05-29 22:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2012-06-29 20:41 - 2008-05-29 22:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2012-06-29 20:41 - 2008-05-29 22:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2012-06-29 20:41 - 2008-05-29 22:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2012-06-29 20:41 - 2008-05-29 22:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2012-06-29 20:41 - 2008-05-29 22:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2012-06-29 20:41 - 2008-05-29 22:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2012-06-29 20:41 - 2008-05-29 22:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2012-06-29 20:41 - 2008-05-29 22:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2012-06-29 20:41 - 2008-05-29 22:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2012-06-29 20:41 - 2008-05-29 22:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2012-06-29 20:41 - 2008-03-05 00:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2012-06-29 20:41 - 2008-03-05 00:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2012-06-29 20:41 - 2008-03-05 00:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2012-06-29 20:41 - 2008-03-05 00:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2012-06-29 20:41 - 2008-03-05 00:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2012-06-29 20:41 - 2008-03-05 00:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2012-06-29 20:41 - 2008-03-04 23:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2012-06-29 20:41 - 2008-03-04 23:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2012-06-29 20:41 - 2008-03-04 23:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2012-06-29 20:41 - 2008-03-04 23:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2012-06-29 20:41 - 2008-02-05 07:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2012-06-29 20:41 - 2008-02-05 07:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2012-06-29 20:41 - 2007-10-21 11:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2012-06-29 20:41 - 2007-10-21 11:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2012-06-29 20:41 - 2007-10-11 23:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2012-06-29 20:41 - 2007-10-11 23:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2012-06-29 20:41 - 2007-10-11 23:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2012-06-29 20:41 - 2007-10-11 23:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2012-06-29 20:41 - 2007-10-01 17:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2012-06-29 20:41 - 2007-10-01 17:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2012-06-29 20:41 - 2007-07-19 08:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2012-06-29 20:41 - 2007-07-19 08:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2012-06-29 20:41 - 2007-07-19 02:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2012-06-29 20:41 - 2007-07-19 02:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2012-06-29 20:41 - 2007-07-19 02:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2012-06-29 20:41 - 2007-07-19 02:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2012-06-29 20:41 - 2007-07-19 02:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2012-06-29 20:41 - 2007-07-19 02:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2012-06-29 20:40 - 2012-06-29 20:43 - 00027446 ____A C:\Windows\DirectX.log
    2012-06-29 20:40 - 2007-10-21 11:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2012-06-29 20:40 - 2007-10-21 11:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2012-06-29 20:40 - 2007-06-20 04:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2012-06-29 20:40 - 2007-06-20 04:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2012-06-29 20:40 - 2007-05-16 00:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2012-06-29 20:40 - 2007-05-16 00:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2012-06-29 20:40 - 2007-05-16 00:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2012-06-29 20:40 - 2007-05-16 00:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2012-06-29 20:40 - 2007-05-16 00:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2012-06-29 20:40 - 2007-05-16 00:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2012-06-29 20:40 - 2007-04-04 02:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2012-06-29 20:40 - 2007-04-04 02:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2012-06-29 20:40 - 2007-04-04 02:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2012-06-29 20:40 - 2007-03-15 00:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2012-06-29 20:40 - 2007-03-15 00:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2012-06-29 20:40 - 2007-03-12 00:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2012-06-29 20:40 - 2007-03-12 00:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2012-06-29 20:40 - 2007-03-12 00:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2012-06-29 20:40 - 2007-03-12 00:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2012-06-29 20:40 - 2007-03-04 20:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2012-06-29 20:40 - 2007-03-04 20:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2012-06-29 20:40 - 2007-01-23 23:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2012-06-29 20:40 - 2007-01-23 23:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2012-06-29 20:40 - 2006-12-07 20:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2012-06-29 20:40 - 2006-12-07 20:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2012-06-29 20:40 - 2006-11-28 21:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2012-06-29 20:40 - 2006-11-28 21:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2012-06-29 20:40 - 2006-11-28 21:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2012-06-29 20:40 - 2006-11-28 21:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2012-06-29 20:40 - 2006-09-28 00:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2012-06-29 20:40 - 2006-09-28 00:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2012-06-29 20:40 - 2006-09-28 00:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2012-06-29 20:40 - 2006-09-28 00:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2012-06-29 20:40 - 2006-07-27 17:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2012-06-29 20:40 - 2006-07-27 17:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2012-06-29 20:40 - 2006-07-27 17:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2012-06-29 20:40 - 2006-07-27 17:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2012-06-29 20:40 - 2006-05-30 15:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2012-06-29 20:40 - 2006-05-30 15:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2012-06-29 20:40 - 2006-03-30 20:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2012-06-29 20:40 - 2006-03-30 20:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2012-06-29 20:40 - 2006-03-30 20:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2012-06-29 20:40 - 2006-03-30 20:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2012-06-29 20:40 - 2006-03-30 20:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2012-06-29 20:40 - 2006-03-30 20:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2012-06-29 20:40 - 2006-02-02 16:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2012-06-29 20:40 - 2006-02-02 16:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2012-06-29 20:40 - 2006-02-02 16:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2012-06-29 20:40 - 2006-02-02 16:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2012-06-29 20:40 - 2006-02-02 16:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2012-06-29 20:40 - 2006-02-02 16:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2012-06-29 20:40 - 2005-12-05 02:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2012-06-29 20:40 - 2005-12-05 02:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2012-06-29 20:40 - 2005-07-22 03:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2012-06-29 20:40 - 2005-07-22 03:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2012-06-29 20:40 - 2005-05-25 23:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2012-06-29 20:40 - 2005-05-25 23:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2012-06-29 20:40 - 2005-03-18 01:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2012-06-29 20:40 - 2005-03-18 01:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2012-06-29 20:40 - 2005-02-05 03:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2012-06-29 20:40 - 2005-02-05 03:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2.url
    2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2 Operation Arrowhead.url
    2012-06-27 05:51 - 2012-06-27 05:51 - 00000137 ____A C:\Users\Paul\Desktop\blah.txt
    2012-06-27 05:51 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-27 05:51 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-27 05:51 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-27 05:51 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-27 05:51 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-27 05:51 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-27 05:51 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-27 05:51 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-27 05:51 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-27 05:51 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-27 05:51 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-27 05:51 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-27 05:51 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-27 05:51 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-27 05:51 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-27 05:51 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-27 05:51 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-27 05:51 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-27 05:51 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-27 05:51 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-27 05:51 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-27 05:51 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-27 05:51 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-27 05:51 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-27 05:51 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-27 05:51 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-27 05:51 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-27 05:51 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-27 05:50 - 2012-06-27 05:50 - 00000038 ____A C:\Users\Paul\Desktop\game.txt
    2012-06-25 17:10 - 2012-06-25 17:10 - 00284672 ____A C:\Users\Paul\Downloads\5_Rue_Sesame_(Assorted_Episodes).exe
    2012-06-25 07:51 - 2012-06-25 07:51 - 00306300 ____A C:\Users\Paul\Desktop\ZoomHack.zip
    2012-06-21 05:17 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 05:17 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 05:17 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 05:17 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 05:17 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 05:17 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 05:17 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 05:17 - 2012-06-01 23:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 05:17 - 2012-06-01 23:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 03:19 - 2012-06-18 03:20 - 00000000 ____D C:\Users\Paul\Desktop\Round 7 Diet
    2012-06-17 22:35 - 2012-06-17 22:35 - 00000000 ___SD C:\32788R22FWJFW
    2012-06-17 22:33 - 2012-06-17 22:33 - 00000000 ____D C:\Windows\erdnt
    2012-06-17 22:33 - 2012-06-17 22:33 - 00000000 ____D C:\Qoobox
    2012-06-17 22:05 - 2010-12-01 01:11 - 00000000 ____D C:\Users\Paul\Desktop\client
    2012-06-17 06:00 - 2012-06-17 06:36 - 00002214 ____A C:\Users\Paul\Desktop\subtitles.txt
    2012-06-13 23:04 - 2012-06-16 02:05 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Woeb
    2012-06-13 13:52 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 13:52 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 13:52 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 13:52 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 13:52 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 13:52 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 13:52 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 13:52 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 13:52 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 13:52 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 13:52 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 13:52 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 13:52 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 13:52 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 13:52 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 13:52 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 13:52 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-10 04:43 - 2007-10-31 17:21 - 13320739 ____A C:\Users\Paul\Desktop\ccent16.wmv
    2012-06-10 04:43 - 2007-10-31 17:21 - 09666447 ____A C:\Users\Paul\Desktop\ccent15.wmv
    2012-06-10 04:43 - 2007-10-31 17:21 - 05713979 ____A C:\Users\Paul\Desktop\ccent14.wmv
    ============ 3 Months Modified Files ========================
    2012-07-10 04:22 - 2005-12-31 09:17 - 01888471 ____A C:\Windows\WindowsUpdate.log
    2012-07-10 04:20 - 2009-07-13 21:13 - 00801024 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-10 04:17 - 2012-07-10 04:17 - 01434401 ____A (Farbar) C:\Users\Paul\Downloads\FRST64.exe
    2012-07-10 03:53 - 2012-01-20 06:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-10 02:08 - 2012-07-09 22:26 - 00007640 ____A C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
    2012-07-10 01:17 - 2012-07-10 01:17 - 00000370 ____A C:\Users\Paul\Desktop\gmer.log
    2012-07-10 01:12 - 2009-07-13 20:45 - 00022432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-10 01:12 - 2009-07-13 20:45 - 00022432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-10 01:10 - 2012-07-10 01:10 - 00302592 ____A C:\Users\Paul\Downloads\qwepz61z.exe
    2012-07-10 01:05 - 2012-06-30 04:15 - 00000840 ____A C:\Windows\setupact.log
    2012-07-10 01:05 - 2012-01-20 06:32 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-10 01:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-10 01:03 - 2012-07-10 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A61724CFD5A8E355
    2012-07-10 01:00 - 2012-07-10 01:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-10 01:00 - 2012-07-10 00:59 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-10 00:49 - 2012-07-10 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB33D352F8801EE5
    2012-07-10 00:46 - 2012-07-10 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.499499393379264B
    2012-07-10 00:33 - 2012-07-10 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60B726C27681222D
    2012-07-10 00:20 - 2012-07-10 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5DFD09C35113B3
    2012-07-10 00:17 - 2012-07-10 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D21262F278C3DF
    2012-07-10 00:08 - 2005-12-31 09:24 - 00806426 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-10 00:08 - 2005-12-31 09:24 - 00109280 ____A C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-10 00:08 - 2005-12-31 09:24 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-10 00:07 - 2010-11-20 19:47 - 00015044 ____A C:\Windows\PFRO.log
    2012-07-10 00:07 - 2009-07-13 20:45 - 04969944 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-09 23:25 - 2012-07-09 23:25 - 00001262 ____A C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
    2012-07-09 22:33 - 2012-07-09 22:33 - 00008201 ____A C:\Users\Paul\Documents\Uninstall STAR WARS The Old Republic.log
    2012-07-09 22:20 - 2012-07-09 22:20 - 00000036 ____A C:\Users\Paul\AppData\Local\housecall.guid.cache
    2012-07-09 21:43 - 2012-01-10 02:58 - 00002004 ___AH C:\Users\Paul\Documents\Default.rdp
    2012-07-09 03:11 - 2012-06-29 20:59 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
    2012-07-09 03:11 - 2012-06-29 20:59 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
    2012-07-05 23:22 - 2012-07-05 23:22 - 00563099 ____A C:\Users\Paul\Desktop\MCP Monthly Service Delivery Report June 2012 server .docm
    2012-06-30 07:40 - 2012-06-30 07:40 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-30 03:56 - 2012-06-30 03:56 - 00001078 ____A C:\Users\Paul\Desktop\EVGA Precision.lnk
    2012-06-29 20:43 - 2012-06-29 20:40 - 00027446 ____A C:\Windows\DirectX.log
    2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2.url
    2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2 Operation Arrowhead.url
    2012-06-27 05:54 - 2012-01-06 00:12 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-27 05:51 - 2012-06-27 05:51 - 00000137 ____A C:\Users\Paul\Desktop\blah.txt
    2012-06-27 05:50 - 2012-06-27 05:50 - 00000038 ____A C:\Users\Paul\Desktop\game.txt
    2012-06-25 17:10 - 2012-06-25 17:10 - 00284672 ____A C:\Users\Paul\Downloads\5_Rue_Sesame_(Assorted_Episodes).exe
    2012-06-25 07:51 - 2012-06-25 07:51 - 00306300 ____A C:\Users\Paul\Desktop\ZoomHack.zip
    2012-06-25 07:51 - 2012-05-11 04:41 - 00305692 ____A C:\Users\Paul\Desktop\ZoomHack.rar
    2012-06-17 06:36 - 2012-06-17 06:00 - 00002214 ____A C:\Users\Paul\Desktop\subtitles.txt
    2012-06-08 16:02 - 2012-06-08 16:02 - 00001050 ____A C:\Users\UpdatusUser\Desktop\Flash Movie Player.lnk
    2012-06-08 16:02 - 2012-06-08 16:02 - 00001050 ____A C:\Users\Paul\Desktop\Flash Movie Player.lnk
    2012-06-02 14:19 - 2012-06-21 05:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 05:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 05:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 05:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 05:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 05:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 05:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 00:23 - 2012-06-02 00:19 - 134102710 ____A C:\Users\Paul\Downloads\Parachute Youth - Cant Get Better Than This (Official Video) [www.Keep-Tube.com].mp4
    2012-06-02 00:18 - 2012-06-02 00:16 - 68378758 ____A C:\Users\Paul\Downloads\Hans Zimmer~Time [www.Keep-Tube.com].mp4
    2012-06-02 00:15 - 2012-06-02 00:15 - 07394333 ____A C:\Users\Paul\Downloads\♫ [Hip Hop] eMC - Winds of Change [www.Keep-Tube.com].mp4
    2012-06-02 00:14 - 2012-06-02 00:14 - 07629134 ____A C:\Users\Paul\Downloads\New Navy - Zimbabwe (Flume Remix) [www.Keep-Tube.com].mp4
    2012-06-01 23:19 - 2012-06-21 05:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:15 - 2012-06-21 05:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 23:10 - 2012-06-01 23:10 - 13374478 ____A C:\Users\Paul\Downloads\just friends - avalanche (nicolas jaar) [www.Keep-Tube.com].mp4
     
  8. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    cont....

    2012-06-01 22:02 - 2012-06-01 22:00 - 38810011 ____A C:\Users\Paul\Downloads\Major Lazer - Get Free ft. Amber (What So Not Remix) [www.Keep-Tube.com].mp4
    2012-06-01 01:53 - 2012-06-01 01:53 - 00187612 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-05-30 01:48 - 2012-05-26 04:39 - 00000891 ____A C:\Users\Public\Desktop\Avidemux 2.5.lnk
    2012-05-29 01:44 - 2012-05-29 01:44 - 09776889 ____A C:\Users\Paul\Downloads\The Wiggles, Big Red Car - Toot Toot... [www.Keep-Tube.com].mp4
    2012-05-29 01:44 - 2012-05-29 01:39 - 100610325 ____A C:\Users\Paul\Downloads\Nicki Minaj - Starships (Explicit) [www.Keep-Tube.com].mp4
    2012-05-29 01:44 - 2012-05-29 01:38 - 51569585 ____A C:\Users\Paul\Downloads\Flo Rida - Whistle [Audio] [www.Keep-Tube.com].mp4
    2012-05-29 01:39 - 2012-05-29 01:38 - 24031548 ____A C:\Users\Paul\Downloads\The Black Eyed Peas - I Gotta Feeling [www.Keep-Tube.com].mp4
    2012-05-29 01:33 - 2012-05-29 01:33 - 00000992 ____A C:\Users\UpdatusUser\Desktop\Cool MP3 Splitter.lnk
    2012-05-27 02:40 - 2012-05-27 02:38 - 13496027 ____A C:\Users\Paul\Downloads\Cisco.Lead2pass.640-822.v2012-04-06.by.Daniel.339q.vce
    2012-05-26 04:11 - 2012-05-26 04:11 - 00001233 ____A C:\Users\Paul\Desktop\Cisco Packet Tracer.lnk
    2012-05-26 04:11 - 2012-05-26 04:11 - 00000178 ____A C:\Users\Paul\.packettracer
    2012-05-24 16:06 - 2012-01-18 14:44 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
    2012-05-24 16:06 - 2012-01-18 14:44 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
    2012-05-24 16:06 - 2012-01-18 14:44 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
    2012-05-24 03:17 - 2012-05-24 03:14 - 39567773 ____A C:\Users\Paul\Downloads\SKRILLEX - Bangarang [Official Music Video] [www.Keep-Tube.com].mp4
    2012-05-20 04:27 - 2012-05-20 04:27 - 00021408 ____A C:\Users\Paul\Downloads\564306.zip
    2012-05-20 02:46 - 2012-05-20 02:46 - 00002087 ____A C:\Users\Paul\Desktop\Subtitle Edit.lnk
    2012-05-20 02:43 - 2012-05-20 02:43 - 00033278 ____A C:\Users\Paul\Downloads\192379.rar
    2012-05-17 18:47 - 2012-06-27 05:51 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-27 05:51 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-27 05:51 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-27 05:51 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-27 05:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-27 05:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-27 05:51 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-27 05:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-27 05:51 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-27 05:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-27 05:51 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-27 05:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-27 05:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-27 05:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-27 05:51 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-27 05:51 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-27 05:51 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-27 05:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-27 05:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-27 05:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-27 05:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-27 05:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-27 05:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-27 05:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-27 05:51 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-27 05:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-27 05:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-27 05:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-06-30 04:22 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-06-30 04:22 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-06-30 04:21 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-06-30 04:21 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-01-06 00:41 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2011-05-20 14:01 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2011-05-20 14:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 02:48 - 2009-07-13 13:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 01:29 - 2012-01-06 00:07 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2012-01-06 00:07 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2012-01-06 00:07 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2012-01-06 00:07 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2012-01-06 00:07 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 17:32 - 2012-06-13 13:52 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 10:21 - 2012-05-14 10:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-06 21:33 - 2012-05-04 21:01 - 00000868 ____A C:\Users\Paul\Desktop\Handbrake.lnk
    2012-05-05 23:35 - 2012-01-06 07:04 - 00001929 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-05-05 23:34 - 2012-05-05 22:39 - 1007124176 ____A C:\Users\Paul\Downloads\HoNClient-2.5.19.1.exe
    2012-05-05 22:32 - 2012-04-23 07:33 - 00000028 ____A C:\Windows\ODBC.INI
    2012-05-05 02:02 - 2012-05-05 02:02 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-04 21:01 - 2012-05-04 21:01 - 00000824 ____A C:\Users\UpdatusUser\Desktop\Handbrake.lnk
    2012-05-04 06:36 - 2012-05-04 06:36 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-05-04 03:06 - 2012-06-13 13:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 13:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 13:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-13 13:52 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 23:50 - 2012-04-28 23:49 - 00015863 ____A C:\Users\Paul\Documents\Install STAR WARS The Old Republic.log
    2012-04-27 19:55 - 2012-06-13 13:52 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 07:50 - 2012-04-26 07:50 - 00011389 ____A C:\Users\Paul\Downloads\mobileprovision.mobileprovision
    2012-04-26 07:50 - 2012-04-26 07:50 - 00001637 ____A C:\Users\Paul\Downloads\p12.p12
    2012-04-26 07:12 - 2012-04-26 07:12 - 00010765 ____A C:\Users\Paul\Downloads\fake certificate.zip
    2012-04-26 06:26 - 2012-04-26 06:25 - 14901814 ____A C:\Users\Paul\Downloads\redsn0w_win_0.9.10b6.zip
    2012-04-26 03:20 - 2012-01-18 14:44 - 00001024 ____A C:\.rnd
    2012-04-25 21:41 - 2012-06-13 13:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 13:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 13:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 13:52 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 13:52 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 13:52 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 13:52 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 13:52 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 13:52 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 06:52 - 2012-04-23 06:41 - 187695368 ____A (Ideaworks3D Ltd ) C:\Users\Paul\Downloads\marmalade-sdk-5.2.4-309740-windows.exe
    2012-04-14 01:18 - 2012-04-14 01:18 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    ZeroAccess:
    C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}
    C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}\@
    C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}\L
    C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}\U
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 9%
    Total physical RAM: 8125.57 MB
    Available physical RAM: 7314.14 MB
    Total Pagefile: 8123.77 MB
    Available Pagefile: 7304.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:111.79 GB) (Free:35.09 GB) NTFS
    3 Drive f: (A) (Removable) (Total:7.45 GB) (Free:0.67 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (Library) (Fixed) (Total:931.51 GB) (Free:23.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 111 GB 0 B
    Disk 2 Online 7643 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y Library NTFS Partition 931 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 111 GB 1024 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 111 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7643 MB 31 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F A FAT32 Removable 7643 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-07 19:49
    ======================= End Of Log ==========================
     
  9. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 09-07-2012
    Ran by Paul at 2012-07-10 20:40:52
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 07:19] - [2009-07-14 09:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-14 07:19] - [2009-07-14 09:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Good job! Let's continue with the fixes now...

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    CKScanner

    Please download CKScanner by askey127 from here

    Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
     
  11. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012
    Ran by SYSTEM at 2012-07-11 17:21:32 Run:1
    Running from F:\
    ==============================================
    Could not find C:\Windows\System32\services.exe.
    Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
    ==== End of Fixlog ====
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please search for services.exe again in FRST as noted above and post a log.
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     
  14. Fr33m4s0n

    Fr33m4s0n TS Rookie Topic Starter

    Apologies DMJ,

    Work had taken a toll on my available hours to troubleshoot this. I will provide an updated log in reply tommorow evening.

    Thanks !
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay. Looking forward to it! Topic adjusted to Active again.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...