Solved Sirefef.ez trojan and others

[thrilla]

I am having serious virus problems after opening a dodgy file. I have Eset installed and up to date. After Eset notified me of the threat, I chose the 'delete' option but Eset was unable to delete it. I then tried the fix on the Eset website found here http://kb.eset.com/esetkb/index?page=content&id=SOLN2895.

After trying the steps on the Eset website, it is still finding multiple threats. The threats found are Patched.A.gen trojan, Conedex.c trojan, sirefef.aw, agent.ba, conedex.b and sirefef.ez trojans. I ran SirefefRemover and ServicesRepair off the website. Every time I try to delete a trojan, Eset gives me 'error while deleting.' Eset is stating some of the trojans have been quarantined and often asks me to reboot my laptop. Upon reboot the threats are still there.

I read the sticky thread on techspot and followed the instructions running Malware Bytes and dds. I will attach the logs as required.

Please help!

 

[thrilla]

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
thrilla :: THRILLA-PC [administrator]

Protection: Enabled

6/12/2012 5:56:31 PM
mbam-log-2012-12-06 (17-56-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259291
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 90
C:\Users\thrilla\Downloads\FunshionInstall2.4.5.9_S.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\history.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flash\980EF71B_C41B_511C_2591_1C44D72C2CEC.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\009647B6_90F1_DC8A_790F_FEB3EF45FBCB.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\029FAC2B_9B00_AD8A_BB29_9AFA850FDAFB.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\080E30A6_0113_6852_4789_48F93C2A2D6C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\181D685C_9989_F52E_83DC_7E0D010FFAB6.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\1B58E309_1EA3_C424_1B97_DC09E2A7FD4A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\1C9EDDB7_6B0E_1229_F5F0_D75EF39E1ECD.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\20C87A59_1BBF_81C1_AD47_ECCA81AA8DDC.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\2A88A6CD_B346_FD90_AAC6_3D1F91226EB5.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\366706DA_3C9E_7669_3350_EEAC14889217.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\372D2949_9D13_DA72_1E17_5F6260356D5C.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\3ADFC67B_2857_8B81_6085_60F1A87D2752.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\49F55DA3_1C65_681B_DA61_BBF4BDABAD80.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\51E777D9_F0A5_6522_3198_276F23B23363.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\55482A65_0D1A_3641_9AF2_158CDAFC018E.date1323056672.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\59B718F4_2695_B45C_4B0A_3F3F28986F03.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\633B44A4_3D1F_6D7A_D2C3_6DEAFBC71A4F.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\6C4E9081_1EB4_D028_B691_3848EFD948F9.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\6FF01007_8237_F8D3_59A8_2EFCDDF3358A.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\77C07EFD_B715_62BB_6CC1_E653506DB9C3.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\81C61FF3_966C_EA94_557F_A22F75E33270.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\8570FDB4_2A56_E5CE_523F_AB8E72F5EBF2.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\87546677_233E_B050_D425_A43E8D11ECAD.date1323056672.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\89634A54_922E_5E30_8633_E89A4CE8B964.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\8AD4AFBC_1AE3_2433_B53A_EF3D7509E3DB.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\8CD4215A_0842_413C_583E_3E14AD29D4AB.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\90D25BBC_023C_1DAB_EA65_EE019CDE74A4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\9562C7C1_B036_FA45_E02F_F35D5A64CBF3.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\95930481_F0E4_2D97_99D6_4110FEF8C44B.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\9624051F_C03E_2FFE_8523_9D8CCAF08337.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\9C22069D_4B51_6247_048E_8B3E16C5C967.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\9E0C0764_7EC1_068B_94D6_0A4F16037B9B.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\A0F8520E_3273_5B9E_7D95_39B3C4241432.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\A1FA2E55_086B_319D_C294_E15D5EC2EE24.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\AB15CC92_F03C_F952_1F2D_B49D3BB59131.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\B32401BB_24BD_1545_6229_3AD842EB6301.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\B400DA46_C493_7120_5816_51738BD92063.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\B4E3B2DB_340A_AA88_C346_E6197D4BA13A.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\BC4F427A_759C_B00B_7B24_2AFBD86627FA.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\C839BE2B_D54E_8D30_3DD7_A21D85A243E6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\CEA08429_5DBB_D5DE_E6F1_08B27E6A3D20.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\D88096BB_62C8_C44C_707F_D73EEBE94C98.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\DD552B4B_B3BD_1A08_8D7A_D6AB973377DE.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\EFAF920D_DD8A_F7D1_18B6_12A8963C2599.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\EFD6F7A6_D57C_CE91_B4CC_1D9B99A84245.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\cache\flashNew\F968483B_4EB5_B553_2EFB_C00B6CB97AF0.date1325244467.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1318846851_6634280_1291193186_579.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1318846851_6634280_1291193186_579.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319009930_18524595_1292571619_674.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319009930_18524595_1292571619_674.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319186304_18524595_1303201144_38.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319186304_18524595_1303201144_38.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319441805_18277256_1293673144_109.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319441805_18277256_1293673144_109.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319695540_18524595_1300788865_160.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1319695540_18524595_1300788865_160.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1320723839_5881262_1226642496_3.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\control\1320723839_5881262_1226642496_3.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed\18277256_1293673144_109.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed\18524595_1292571619_674.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed\18524595_1300788865_160.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed\18524595_1303201144_38.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed\5881262_1226642496_3.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\Seed\6634280_1291193186_579.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\localad.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\thrilla\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

(end)

 

[thrilla]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by thrilla at 18:23:20 on 2012-12-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4076.1879 [GMT 11:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\m3me\Conductor Server\ConductorServer.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Users\thrilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\AsScrPro.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=56e83a45000000000000dadf9a5c6377
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [m3me Conductor Server] C:\Program Files (x86)\m3me\Conductor Server\ConductorServer.exe
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
mRun: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\thrilla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\thrilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: novastor.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}\2456C6B696E6F5E4B2F5334314636423 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B03B8C65-B261-40F4-986A-8D976695C988} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
x64-Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-16 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-16 38016]
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\System32\drivers\bftpdskc64.sys [2012-6-8 67712]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-21 270912]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/03/12 14:37:55];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-14 146928]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-7-24 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-5 822624]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-24 296808]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-10 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-23 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-5 137144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-19 72216]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-6-16 138024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-6 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-24 436840]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-2 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-2 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-2 22376]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-6 44672]
S1 twzvvzzs;twzvvzzs;C:\Windows\System32\drivers\twzvvzzs.sys [2012-12-6 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-24 46136]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\System32\drivers\bftpusbx64.sys [2012-6-8 20608]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-2 48488]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-11 57344]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-23 246376]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-3 51712]
SUnknown ineafogs;ineafogs; [x]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-12-06 07:22:4649872----a-w-C:\Windows\System32\drivers\twzvvzzs.sys
2012-12-06 07:11:2376232----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\offreg.dll
2012-12-06 06:54:52--------d-----w-C:\Users\thrilla\AppData\Roaming\Malwarebytes
2012-12-06 06:54:25--------d-----w-C:\ProgramData\Malwarebytes
2012-12-06 06:54:2325928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-12-06 06:54:23--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-05 12:06:08--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-12-05 09:44:14220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-05 09:43:40--------d-----w-C:\Program Files (x86)\Mega Codec Pack
2012-12-05 01:48:459125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\mpengine.dll
2012-12-02 06:01:15--------d-----w-C:\Users\thrilla\AppData\Local\Innovative Solutions
2012-12-02 06:01:10--------d-----w-C:\Program Files (x86)\Innovative Solutions
2012-12-02 05:03:28--------d-----w-C:\Users\thrilla\AppData\Roaming\DriverFinder
2012-12-01 15:35:39--------d-----w-C:\Program Files (x86)\AMD APP
2012-12-01 15:34:08--------d-----w-C:\Program Files\ATI Technologies
2012-12-01 15:00:06--------d-----w-C:\AMD
2012-12-01 13:58:0090112----a-w-C:\Windows\unvise32.exe
2012-11-16 13:53:58--------d-----w-C:\Program Files (x86)\Appnimi
2012-11-14 16:33:032560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 16:33:019728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-14 16:33:01785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 16:33:0154376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 16:05:1587040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 16:05:15198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 16:05:1484992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-14 16:05:13194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-14 16:05:1145056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 16:05:11229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-14 16:05:10744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-14 05:58:5970656----a-w-C:\Windows\System32\nlaapi.dll
2012-11-14 05:58:5945568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-11-14 05:58:5918944----a-w-C:\Windows\SysWow64\netevent.dll
2012-11-14 05:58:5818944----a-w-C:\Windows\System32\netevent.dll
2012-11-14 05:48:3595744----a-w-C:\Windows\System32\synceng.dll
2012-11-14 05:48:3478336----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-14 05:05:51--------d-----w-C:\Program Files (x86)\FreeAlarmClock
.
==================== Find3M ====================
.
2012-12-05 12:01:1445056----a-w-C:\Windows\SysWow64\acovcnt.exe
2012-11-08 05:04:2788008----a-w-C:\Windows\System32\LMIRfsClientNP.dll
2012-11-08 05:04:1035240----a-w-C:\Windows\System32\LMIport.dll
2012-11-08 05:04:0683880----a-w-C:\Windows\System32\LMIinit.dll
2012-10-22 18:54:565623976----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-10-22 18:51:2011270656----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-10-22 18:21:0670144----a-w-C:\Windows\System32\coinst_9.01.8.dll
2012-10-22 18:15:12163840----a-w-C:\Windows\System32\atiapfxx.exe
2012-10-22 18:13:4251200----a-w-C:\Windows\System32\aticalrt64.dll
2012-10-22 18:13:4046080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-10-22 18:13:3623435776----a-w-C:\Windows\System32\atio6axx.dll
2012-10-22 18:13:3444544----a-w-C:\Windows\System32\aticalcl64.dll
2012-10-22 18:13:3244032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-10-22 18:13:2216082944----a-w-C:\Windows\System32\aticaldd64.dll
2012-10-22 18:09:0613703168----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-10-22 18:00:54948224----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-10-22 17:59:081136640----a-w-C:\Windows\System32\aticfx64.dll
2012-10-22 17:57:086678528----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-10-22 17:56:4818957824----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-10-22 17:52:34442368----a-w-C:\Windows\System32\atidemgy.dll
2012-10-22 17:52:18548864----a-w-C:\Windows\System32\atieclxx.exe
2012-10-22 17:51:30240640----a-w-C:\Windows\System32\atiesrxx.exe
2012-10-22 17:50:06120320----a-w-C:\Windows\System32\atitmm64.dll
2012-10-22 17:49:4621504----a-w-C:\Windows\System32\atimuixx.dll
2012-10-22 17:49:4259392----a-w-C:\Windows\System32\atiedu64.dll
2012-10-22 17:49:3643520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-10-22 17:40:207370240----a-w-C:\Windows\System32\atidxx64.dll
2012-10-22 17:39:206778880----a-w-C:\Windows\System32\atiumd64.dll
2012-10-22 17:28:26618496----a-w-C:\Windows\System32\atiadlxx.dll
2012-10-22 17:28:14421888----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-10-22 17:28:0017920----a-w-C:\Windows\System32\atig6pxx.dll
2012-10-22 17:27:5614848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-10-22 17:27:5614848----a-w-C:\Windows\System32\atiglpxx.dll
2012-10-22 17:27:5241984----a-w-C:\Windows\System32\atig6txx.dll
2012-10-22 17:27:4433280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-10-22 17:27:36546304----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-10-22 17:25:48130048----a-w-C:\Windows\System32\atiuxp64.dll
2012-10-22 17:25:42109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-10-22 17:25:34104448----a-w-C:\Windows\System32\atiu9p64.dll
2012-10-22 17:25:2483968----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-10-22 17:24:3653248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-10-22 16:44:504674048----a-w-C:\Windows\System32\atiumd6a.dll
2012-10-22 16:34:043862528----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-10-22 16:24:0056320----a-w-C:\Windows\System32\atimpc64.dll
2012-10-22 16:24:0056320----a-w-C:\Windows\System32\amdpcom64.dll
2012-10-22 16:23:5056832----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-10-22 16:23:5056832----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-09-28 04:37:02221696----a-w-C:\Windows\System32\clinfo.exe
2012-09-28 04:36:4475776----a-w-C:\Windows\System32\OpenVideo64.dll
2012-09-28 04:36:4065536----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 04:36:3663488----a-w-C:\Windows\System32\OVDecode64.dll
2012-09-28 04:36:3456320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-09-28 04:36:2432635904----a-w-C:\Windows\System32\amdocl64.dll
2012-09-28 04:32:1627341824----a-w-C:\Windows\SysWow64\amdocl.dll
2012-09-28 04:28:4654784----a-w-C:\Windows\System32\OpenCL.dll
2012-09-28 04:28:4250176----a-w-C:\Windows\SysWow64\OpenCL.dll
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 18:24:46.33 ===============

 

[thrilla]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16/10/2011 9:01:24 PM
System Uptime: 6/12/2012 6:07:15 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K73BY
Processor: AMD E-350 Processor | CPU 1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 256 GiB total, 14.878 GiB free.
D: is FIXED (NTFS) - 315 GiB total, 8.939 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP206: 29/11/2012 12:28:17 PM - Windows Update
RP207: 2/12/2012 2:00:42 AM - Installed MSI_TEMPLATE
RP208: 2/12/2012 5:22:10 PM - DMX_DriverMax Driver Installation
RP209: 2/12/2012 5:24:46 PM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
RP210: 2/12/2012 11:12:30 PM - Windows Update
RP212: 5/12/2012 11:36:33 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
µTorrent
3.3
Adobe AIR
Adobe Community Help
Adobe Digital Editions 2.0
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe Widget Browser
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
Atheros Client Installation Program
Atheros Driver Installation Program
ATK Package
Bigasoft Total Video Converter 3.7.21.4680
BitTorrent
Bluetooth Win7 Suite (64)
Bonjour
Bonjour Print Services
BUFFALO BuffaloTools Launcher
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conductor Server
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Counter Strike 1.6 eSK Counter Strike 1.6 eSK UCP 7.4
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
dBpoweramp [Multi Encoder] Codec
dBpoweramp CLI Encoder
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp m4a Utilities
dBpoweramp m4b Audio book Encoder
dBpoweramp Midi Decoder
dBpoweramp Monkeys Audio Codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Musepack Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp OptimFROG Codec
dBPoweramp tooLame MP2 codec
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Dragon NaturallySpeaking 11
DriverMax 6
Dropbox
ESET NOD32 Antivirus
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
Free Alarm Clock 2.5.0
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto Vice City
Image Resizer Powertoy Clone for Windows (64 bit)
Infix 4.31
iTunes
Java Auto Updater
Java(TM) 6 Update 29 (64-bit)
Java(TM) 6 Update 31
Java(TM) 7 Update 1
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
JustCloud Setup
LinuxLive USB Creator
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need For Speed Underground
Nuance PDF Reader
Painkiller
PerformanceTest v7.0 (64-bit)
PunkBuster Services
Quake Live Mozilla Plugin
Quick Media Converter
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
ServeToMe 3.6.6.0
Skype Click to Call
Skype™ 6.0
SugarSync Manager
swMSM
syncables desktop SE
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
VLC media player 1.1.11
VLC Streamer 1.50
Winamp
Winamp Detector Plug-in
Windows 7 USB/DVD Download Tool
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinFlash
WinRAR 4.01 (64-bit)
Wireless Console 3
YouWave for Android
.
==== Event Viewer Messages From Past Week ========
.
6/12/2012 5:40:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/12/2012 5:37:06 PM, Error: Service Control Manager [7001] -
6/12/2012 5:37:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/12/2012 5:37:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/12/2012 5:37:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/12/2012 5:36:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/12/2012 5:36:04 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
3/12/2012 1:03:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JOEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[thrilla]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 06-12-2012 20:58:13
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [x]
HKLM\...\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe [826368 2011-02-19] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" [x]
HKLM-x32\...\Run: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-30] (BUFFALO INC.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [344 2012-12-06] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-27] (Advanced Micro Devices, Inc.)
HKU\Guest\...\Run: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
HKU\Guest\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-20] (BitTorrent, Inc.)
HKU\Guest\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
HKU\Guest\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9413712 2012-03-19] (SugarSync, Inc.)
HKU\Guest\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-08] (Skype Technologies S.A.)
HKU\Guest\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\LogMeInRemoteUser\...\Run: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
HKU\LogMeInRemoteUser\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-20] (BitTorrent, Inc.)
HKU\LogMeInRemoteUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
HKU\LogMeInRemoteUser\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9413712 2012-03-19] (SugarSync, Inc.)
HKU\LogMeInRemoteUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-08] (Skype Technologies S.A.)
HKU\LogMeInRemoteUser\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\thrilla\...\Run: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
HKU\thrilla\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-20] (BitTorrent, Inc.)
HKU\thrilla\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
HKU\thrilla\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9413712 2012-03-19] (SugarSync, Inc.)
HKU\thrilla\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\thrilla\...\Run: [m3me Conductor Server] C:\Program Files (x86)\m3me\Conductor Server\ConductorServer.exe [557056 2011-08-10] (m3me, Inc.)
HKU\thrilla\...\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [1327440 2011-11-21] (Comfort Software Group)
HKU\thrilla\...\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe [x]
HKU\thrilla\...\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent [11324864 2012-11-13] (Innovative Solutions)
HKU\thrilla\...\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [11324864 2012-11-13] (Innovative Solutions)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\thrilla\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375728 2012-11-07] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147888 2012-11-07] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-03-23] ()
2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [x]

==================== Drivers (Whitelisted) =====================

1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)
0 bftpdskc64; C:\Windows\System32\Drivers\bftpdskc64.sys [67712 2010-01-12] (BUFFALO INC.)
3 bftpusbx64; C:\Windows\System32\Drivers\bftpusbx64.sys [20608 2010-01-18] (BUFFALO INC.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-20] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
4 LMIRfsClientNP; [x]
2 TMAgent; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-05 23:25 - 2012-12-05 23:25 - 00012778 ____A C:\Users\thrilla\Desktop\attach.txt
2012-12-05 23:25 - 2012-12-05 23:24 - 00031086 ____A C:\Users\thrilla\Desktop\dds.txt
2012-12-05 23:22 - 2012-12-05 23:22 - 00688992 ____R (Swearware) C:\Users\thrilla\Desktop\dds.com
2012-12-05 22:54 - 2012-12-05 22:54 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Malwarebytes
2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-05 22:54 - 2012-09-29 00:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-05 22:52 - 2012-12-05 22:53 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\thrilla\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-05 22:24 - 2012-12-05 22:24 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-12-05 22:23 - 2012-12-05 22:24 - 04009167 ____A C:\Users\thrilla\Desktop\ServicesRepair.exe
2012-12-05 22:22 - 2012-12-05 22:22 - 00138120 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefRemover.exe
2012-12-05 04:16 - 2012-12-05 04:16 - 01859808 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefEVCleaner.exe
2012-12-05 04:16 - 2012-12-05 04:16 - 00000000 ____D C:\Users\thrilla\Desktop\CC Support
2012-12-05 04:06 - 2012-12-05 04:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-05 01:47 - 2012-12-05 01:47 - 00032195 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E10 Season 7 Episode 10 HDTV x264 [GlowGaze].torrent
2012-12-05 01:43 - 2012-12-05 01:44 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-03 00:59 - 2012-12-03 00:59 - 00030920 ____A C:\Users\thrilla\Downloads\[isoHunt] Dark Shadows 2012 English (BDRip) x264.DiAMOND.torrent
2012-12-03 00:56 - 2012-12-03 00:56 - 00057024 ____A C:\Users\thrilla\Downloads\[isoHunt] 207cb1097e4f71157f5c7ee7f46a1eddaae42e25.torrent
2012-12-02 04:00 - 2012-12-02 04:00 - 00001270 ____A C:\Users\thrilla\Downloads\LPCINTERFACECONTROLLER1.0.64.1ad832b33db432409c9cbe083296134a9.dmx-info
2012-12-02 03:57 - 2012-12-02 03:57 - 00001280 ____A C:\Users\thrilla\Downloads\AMDSMBUS5.12.0.00151b3c26fde8729f952517ad51c6344944.dmx-info
2012-12-01 22:23 - 2012-10-22 10:51 - 11270656 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-12-01 22:23 - 2012-10-22 10:21 - 00070144 ____A (AMD) C:\Windows\System32\coinst_9.01.8.dll
2012-12-01 22:23 - 2012-10-22 10:18 - 00317040 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-12-01 22:23 - 2012-10-22 10:18 - 00317040 ____A C:\Windows\System32\atiapfxx.blb
2012-12-01 22:23 - 2012-10-22 10:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-12-01 22:23 - 2012-10-22 10:13 - 23435776 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-12-01 22:23 - 2012-10-22 10:13 - 16082944 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-12-01 22:23 - 2012-10-22 10:13 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-12-01 22:23 - 2012-10-22 10:13 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-12-01 22:23 - 2012-10-22 10:13 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-12-01 22:23 - 2012-10-22 10:13 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-12-01 22:23 - 2012-10-22 10:09 - 13703168 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-12-01 22:23 - 2012-10-22 09:57 - 06678528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-12-01 22:23 - 2012-10-22 09:56 - 18957824 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-12-01 22:23 - 2012-10-22 09:52 - 00548864 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-12-01 22:23 - 2012-10-22 09:52 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atidemgy.dll
2012-12-01 22:23 - 2012-10-22 09:51 - 00240640 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-12-01 22:23 - 2012-10-22 09:50 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-12-01 22:23 - 2012-10-22 09:49 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-12-01 22:23 - 2012-10-22 09:49 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-12-01 22:23 - 2012-10-22 09:49 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-12-01 22:23 - 2012-10-22 09:28 - 00421888 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-12-01 22:23 - 2012-10-22 09:28 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-12-01 22:23 - 2012-10-22 09:27 - 00546304 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-12-01 22:23 - 2012-10-22 09:27 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-12-01 22:23 - 2012-10-22 09:27 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-12-01 22:23 - 2012-10-22 09:27 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-12-01 22:23 - 2012-10-22 09:27 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-12-01 22:23 - 2012-10-22 09:25 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-12-01 22:23 - 2012-10-22 09:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-12-01 22:23 - 2012-10-22 08:41 - 03053056 ____A C:\Windows\System32\atiumd6a.cap
2012-12-01 22:23 - 2012-10-22 08:41 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-12-01 22:23 - 2012-10-22 08:41 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-12-01 22:23 - 2012-10-22 08:41 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-12-01 22:23 - 2012-10-22 08:41 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-12-01 22:23 - 2012-10-22 08:32 - 03084672 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-12-01 22:23 - 2012-10-22 08:24 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-12-01 22:23 - 2012-10-22 08:24 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-12-01 22:23 - 2012-10-22 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-12-01 22:23 - 2012-10-22 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-12-01 22:23 - 2012-10-16 07:55 - 00040667 ____A C:\Windows\atiogl.xml
2012-12-01 22:23 - 2012-09-19 02:09 - 00076660 ____A C:\Windows\System32\ativce02.dat
2012-12-01 22:23 - 2012-09-17 21:00 - 00662787 ____A C:\Windows\System32\atiicdxx.dat
2012-12-01 22:23 - 2012-09-03 22:20 - 00228528 ____A C:\Windows\System32\ativvaxy_cik_nd.dat
2012-12-01 22:23 - 2012-09-03 22:20 - 00228528 ____A C:\Windows\System32\ativvaxy_cik.dat
2012-12-01 22:23 - 2011-09-12 05:06 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat
2012-12-01 22:23 - 2011-09-12 05:06 - 00003917 ____A C:\Windows\System32\atipblag.dat
2012-12-01 22:09 - 2012-12-01 22:09 - 00068812 ____A C:\Users\thrilla\Downloads\AMDRADEONHD7400MSERIES9.010.8.0000cdba3a8c7ab0f10f30c1a8e71fb53cc1.dmx-info
2012-12-01 22:01 - 2012-12-01 22:01 - 00001236 ____A C:\Users\thrilla\Desktop\DriverMax.lnk
2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Users\thrilla\AppData\Local\Innovative Solutions
2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2012-12-01 21:58 - 2012-12-01 22:00 - 07875488 ____A (Innovative Solutions ) C:\Users\thrilla\Downloads\drivermax.exe
2012-12-01 21:56 - 2012-12-01 21:56 - 00000200 ____A C:\Users\thrilla\Downloads\DriverFinder Pro 2 + Serial license key.html
2012-12-01 21:33 - 2012-12-01 21:33 - 00019497 ____A C:\Users\thrilla\Downloads\[isoHunt] 3773212.torrent
2012-12-01 21:16 - 2012-12-01 21:16 - 00004721 ____A C:\Users\thrilla\Downloads\[isoHunt] 3765357.torrent
2012-12-01 21:03 - 2012-12-01 21:57 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\DriverFinder
2012-12-01 21:03 - 2012-12-01 21:03 - 00244896 ____A C:\Users\thrilla\Downloads\DriverFinderSetup.exe
2012-12-01 20:18 - 2012-12-01 20:36 - 124163060 ____A C:\Users\thrilla\Downloads\A2DVID-00243349-0042.EXE
2012-12-01 20:06 - 2012-12-01 20:07 - 02053400 ____A (Mister Group ) C:\Users\thrilla\Downloads\SystemExplorerSetup_399.exe
2012-12-01 19:49 - 2012-12-01 19:49 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util (1).exe
2012-12-01 17:52 - 2012-12-01 17:52 - 00000000 ____D C:\Users\All Users\ATI
2012-12-01 07:35 - 2012-12-01 07:35 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-12-01 07:34 - 2012-12-01 07:35 - 00000000 ____D C:\Program Files\ATI Technologies
2012-12-01 07:09 - 2012-12-01 07:25 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\thrilla\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe
2012-12-01 07:03 - 2012-12-01 07:04 - 00792704 ____A (AMD) C:\Users\thrilla\Downloads\amddriverdownloader.exe
2012-12-01 07:00 - 2012-12-01 07:29 - 00000000 ____D C:\AMD
2012-12-01 06:59 - 2012-12-01 06:59 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util.exe
2012-12-01 06:28 - 2012-12-01 06:28 - 00005599 ____A C:\Users\thrilla\Downloads\WideScreenWeaponsMod.rar
2012-12-01 06:28 - 2012-12-01 06:28 - 00000000 ____D C:\Users\thrilla\Downloads\WideScreenWeaponsMod
2012-12-01 06:07 - 2012-12-01 06:07 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-12-01 05:58 - 2003-03-15 04:15 - 00090112 ____A (MindVision Software) C:\Windows\unvise32.exe
2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\thrilla\Desktop\Launch Painkiller!.lnk
2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\LogMeInRemoteUser\Desktop\Launch Painkiller!.lnk
2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\Guest\Desktop\Launch Painkiller!.lnk
2012-12-01 00:29 - 2012-12-01 00:29 - 00022763 ____A C:\Users\thrilla\Downloads\[isoHunt] Painkiller.torrent
2012-11-27 00:00 - 2012-11-27 00:00 - 00034309 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E09 Season 7 Episode 9 HDTV x264 [GlowGaze].torrent
2012-11-26 22:03 - 2012-11-26 22:03 - 00015332 ____A C:\Users\thrilla\Downloads\[isoHunt] Big Naturals - Adella Skyy (Ready 2 Rock).mp4.torrent
2012-11-26 01:29 - 2012-11-26 01:29 - 00017096 ____A C:\Users\thrilla\Downloads\[isoHunt] download (2).torrent
2012-11-24 04:01 - 2012-11-24 04:01 - 00019853 ____A C:\Users\thrilla\Downloads\[isoHunt] download (1).torrent
2012-11-24 02:23 - 2012-11-24 02:23 - 00031040 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E08 Season 7 Episode 8 HDTV x264 [GlowGaze].torrent
2012-11-17 01:16 - 2012-11-17 01:16 - 00028856 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E07 Season 7 Episode 7 HDTV x264 [GlowGaze].torrent
2012-11-16 16:16 - 2012-11-16 16:16 - 00032014 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E06 Season 7 Episode 6 HDTV x264 [GlowGaze].torrent
2012-11-16 05:53 - 2012-11-16 16:03 - 00000000 ____D C:\Program Files (x86)\Appnimi
2012-11-16 05:52 - 2012-11-16 05:52 - 00563473 ____A C:\Users\thrilla\Downloads\AppnimiZipPasswordUnlockerSetup.zip
2012-11-16 05:47 - 2012-11-16 05:47 - 00005297 ____A C:\Users\thrilla\Downloads\[isoHunt] RAR Password Unlocker v4.2.0.0 [h33t.com] Full.torrent
2012-11-15 04:29 - 2012-11-15 04:29 - 00034132 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E03 HDTV x264-ASAP[ettv].torrent
2012-11-15 04:29 - 2012-11-15 04:29 - 00028209 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E04 HDTV x264-ASAP[ettv].torrent
2012-11-15 04:28 - 2012-11-15 04:28 - 00031670 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E02 HDTV x264-EVOLVE[ettv].torrent
2012-11-15 04:27 - 2012-11-15 04:27 - 00029883 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E01 HDTV x264-EVOLVE[ettv].torrent
2012-11-14 23:50 - 2012-11-14 23:50 - 00056702 ____A C:\Users\thrilla\Downloads\[isoHunt] The.Matador[2005]DvDrip.AC3[Eng]-aXXo.torrent
2012-11-14 08:33 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 08:33 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 08:33 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 08:33 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 08:13 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 08:13 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 08:13 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 08:13 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 08:13 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 08:13 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 08:13 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 08:13 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 08:13 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 08:13 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 08:13 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 08:13 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 08:13 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 08:13 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 08:13 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 08:13 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 08:13 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 08:13 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 08:13 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 08:13 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 08:13 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 08:13 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 08:13 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 08:13 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 08:13 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 08:13 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 08:13 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 08:13 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 08:13 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 08:13 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 08:12 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 08:12 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 08:05 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 08:05 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 08:05 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 08:05 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 08:05 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 08:05 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 08:05 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 08:05 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-13 21:59 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 21:59 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-13 21:59 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-13 21:59 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-13 21:59 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-13 21:59 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-13 21:59 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-13 21:59 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-13 21:59 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-13 21:59 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-13 21:59 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-13 21:59 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-13 21:59 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-13 21:58 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-13 21:58 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-13 21:58 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-13 21:58 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-13 21:48 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-13 21:48 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-13 21:05 - 2012-11-13 21:05 - 01715560 ____A (Comfort Software Group ) C:\Users\thrilla\Downloads\FreeAlarmClockSetup.exe
2012-11-13 21:05 - 2012-11-13 21:05 - 00001005 ____A C:\Users\thrilla\Desktop\Free Alarm Clock.lnk
2012-11-13 21:05 - 2012-11-13 21:05 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock


==================== One Month Modified Files and Folders =======

2012-12-06 20:54 - 2012-12-06 20:54 - 00000000 ____D C:\FRST
2012-12-06 01:48 - 2011-10-17 02:00 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\uTorrent
2012-12-06 01:48 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-06 01:48 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-06 01:47 - 2009-07-13 21:13 - 00742516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-06 01:41 - 2012-02-16 14:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-06 01:41 - 2011-10-18 20:47 - 00000000 ___RD C:\Users\thrilla\Dropbox
2012-12-06 01:41 - 2011-10-18 20:44 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Dropbox
2012-12-06 01:41 - 2011-10-16 02:01 - 00000000 ___HD C:\ASUS.DAT
2012-12-06 01:41 - 2011-07-23 05:20 - 01240221 ____A C:\Windows\WindowsUpdate.log
2012-12-06 01:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-06 01:40 - 2009-07-13 20:51 - 00098036 ____A C:\Windows\setupact.log
2012-12-06 01:37 - 2012-02-16 14:52 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-06 00:50 - 2011-10-17 01:54 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001UA.job
2012-12-05 23:25 - 2012-12-05 23:25 - 00012778 ____A C:\Users\thrilla\Desktop\attach.txt
2012-12-05 23:24 - 2012-12-05 23:25 - 00031086 ____A C:\Users\thrilla\Desktop\dds.txt
2012-12-05 23:22 - 2012-12-05 23:22 - 00688992 ____R (Swearware) C:\Users\thrilla\Desktop\dds.com
2012-12-05 23:19 - 2011-07-23 05:52 - 00001415 ____A C:\Windows\System32\ServiceFilter.ini
2012-12-05 23:07 - 2011-04-01 20:17 - 00437512 ____A C:\Windows\PFRO.log
2012-12-05 23:05 - 2011-10-16 02:01 - 00000000 ____D C:\users\thrilla
2012-12-05 22:54 - 2012-12-05 22:54 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Malwarebytes
2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-05 22:53 - 2012-12-05 22:52 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\thrilla\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-05 22:24 - 2012-12-05 22:24 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-12-05 22:24 - 2012-12-05 22:23 - 04009167 ____A C:\Users\thrilla\Desktop\ServicesRepair.exe
2012-12-05 22:22 - 2012-12-05 22:22 - 00138120 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefRemover.exe
2012-12-05 22:11 - 2011-10-17 01:57 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Skype
2012-12-05 05:22 - 2011-10-18 23:33 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-12-05 04:16 - 2012-12-05 04:16 - 01859808 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefEVCleaner.exe
2012-12-05 04:16 - 2012-12-05 04:16 - 00000000 ____D C:\Users\thrilla\Desktop\CC Support
2012-12-05 04:06 - 2012-12-05 04:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-05 04:01 - 2011-10-16 02:02 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2012-12-05 02:50 - 2011-10-17 01:54 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001Core.job
2012-12-05 01:47 - 2012-12-05 01:47 - 00032195 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E10 Season 7 Episode 10 HDTV x264 [GlowGaze].torrent
2012-12-05 01:44 - 2012-12-05 01:43 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-03 00:59 - 2012-12-03 00:59 - 00030920 ____A C:\Users\thrilla\Downloads\[isoHunt] Dark Shadows 2012 English (BDRip) x264.DiAMOND.torrent
2012-12-03 00:56 - 2012-12-03 00:56 - 00057024 ____A C:\Users\thrilla\Downloads\[isoHunt] 207cb1097e4f71157f5c7ee7f46a1eddaae42e25.torrent
2012-12-02 04:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-02 04:00 - 2012-12-02 04:00 - 00001270 ____A C:\Users\thrilla\Downloads\LPCINTERFACECONTROLLER1.0.64.1ad832b33db432409c9cbe083296134a9.dmx-info
2012-12-02 03:58 - 2011-07-23 05:47 - 00016700 ____A C:\Windows\DPINST.LOG
2012-12-02 03:57 - 2012-12-02 03:57 - 00001280 ____A C:\Users\thrilla\Downloads\AMDSMBUS5.12.0.00151b3c26fde8729f952517ad51c6344944.dmx-info
2012-12-01 23:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-01 22:34 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-01 22:09 - 2012-12-01 22:09 - 00068812 ____A C:\Users\thrilla\Downloads\AMDRADEONHD7400MSERIES9.010.8.0000cdba3a8c7ab0f10f30c1a8e71fb53cc1.dmx-info
2012-12-01 22:01 - 2012-12-01 22:01 - 00001236 ____A C:\Users\thrilla\Desktop\DriverMax.lnk
2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Users\thrilla\AppData\Local\Innovative Solutions
2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2012-12-01 22:00 - 2012-12-01 21:58 - 07875488 ____A (Innovative Solutions ) C:\Users\thrilla\Downloads\drivermax.exe
2012-12-01 21:57 - 2012-12-01 21:03 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\DriverFinder
2012-12-01 21:56 - 2012-12-01 21:56 - 00000200 ____A C:\Users\thrilla\Downloads\DriverFinder Pro 2 + Serial license key.html
2012-12-01 21:33 - 2012-12-01 21:33 - 00019497 ____A C:\Users\thrilla\Downloads\[isoHunt] 3773212.torrent
2012-12-01 21:16 - 2012-12-01 21:16 - 00004721 ____A C:\Users\thrilla\Downloads\[isoHunt] 3765357.torrent
2012-12-01 21:03 - 2012-12-01 21:03 - 00244896 ____A C:\Users\thrilla\Downloads\DriverFinderSetup.exe
2012-12-01 20:36 - 2012-12-01 20:18 - 124163060 ____A C:\Users\thrilla\Downloads\A2DVID-00243349-0042.EXE
2012-12-01 20:14 - 2011-04-01 20:29 - 03139598 ____A C:\Windows\AsDebug.log
2012-12-01 20:14 - 2011-02-18 12:12 - 00385734 ____A C:\Windows\AsCDProc.log
2012-12-01 20:07 - 2012-12-01 20:06 - 02053400 ____A (Mister Group ) C:\Users\thrilla\Downloads\SystemExplorerSetup_399.exe
2012-12-01 19:49 - 2012-12-01 19:49 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util (1).exe
2012-12-01 17:52 - 2012-12-01 17:52 - 00000000 ____D C:\Users\All Users\ATI
2012-12-01 07:35 - 2012-12-01 07:35 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-12-01 07:35 - 2012-12-01 07:34 - 00000000 ____D C:\Program Files\ATI Technologies
2012-12-01 07:34 - 2011-07-23 05:44 - 00000000 ____D C:\Users\All Users\AMD
2012-12-01 07:33 - 2012-01-06 01:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-12-01 07:32 - 2011-10-26 18:20 - 00000000 ____D C:\Users\thrilla\AppData\Local\CrashDumps
2012-12-01 07:29 - 2012-12-01 07:00 - 00000000 ____D C:\AMD
2012-12-01 07:25 - 2012-12-01 07:09 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\thrilla\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe
2012-12-01 07:04 - 2012-12-01 07:03 - 00792704 ____A (AMD) C:\Users\thrilla\Downloads\amddriverdownloader.exe
2012-12-01 06:59 - 2012-12-01 06:59 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util.exe
2012-12-01 06:28 - 2012-12-01 06:28 - 00005599 ____A C:\Users\thrilla\Downloads\WideScreenWeaponsMod.rar
2012-12-01 06:28 - 2012-12-01 06:28 - 00000000 ____D C:\Users\thrilla\Downloads\WideScreenWeaponsMod
2012-12-01 06:07 - 2012-12-01 06:07 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-12-01 06:07 - 2012-02-04 22:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-12-01 06:07 - 2011-10-17 01:57 - 00000000 ____D C:\Users\All Users\Skype
2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\thrilla\Desktop\Launch Painkiller!.lnk
2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\LogMeInRemoteUser\Desktop\Launch Painkiller!.lnk
2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\Guest\Desktop\Launch Painkiller!.lnk
2012-12-01 00:29 - 2012-12-01 00:29 - 00022763 ____A C:\Users\thrilla\Downloads\[isoHunt] Painkiller.torrent
2012-11-30 18:14 - 2011-10-17 01:54 - 00002457 ____A C:\Users\thrilla\Desktop\Google Chrome.lnk
2012-11-27 00:00 - 2012-11-27 00:00 - 00034309 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E09 Season 7 Episode 9 HDTV x264 [GlowGaze].torrent
2012-11-26 22:03 - 2012-11-26 22:03 - 00015332 ____A C:\Users\thrilla\Downloads\[isoHunt] Big Naturals - Adella Skyy (Ready 2 Rock).mp4.torrent
2012-11-26 01:29 - 2012-11-26 01:29 - 00017096 ____A C:\Users\thrilla\Downloads\[isoHunt] download (2).torrent
2012-11-24 04:01 - 2012-11-24 04:01 - 00019853 ____A C:\Users\thrilla\Downloads\[isoHunt] download (1).torrent
2012-11-24 02:23 - 2012-11-24 02:23 - 00031040 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E08 Season 7 Episode 8 HDTV x264 [GlowGaze].torrent
2012-11-17 01:16 - 2012-11-17 01:16 - 00028856 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E07 Season 7 Episode 7 HDTV x264 [GlowGaze].torrent
2012-11-16 16:16 - 2012-11-16 16:16 - 00032014 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E06 Season 7 Episode 6 HDTV x264 [GlowGaze].torrent
2012-11-16 16:03 - 2012-11-16 05:53 - 00000000 ____D C:\Program Files (x86)\Appnimi
2012-11-16 14:45 - 2012-01-28 19:25 - 00000000 ____D C:\Users\thrilla\AppData\Local\SugarSync
2012-11-16 05:52 - 2012-11-16 05:52 - 00563473 ____A C:\Users\thrilla\Downloads\AppnimiZipPasswordUnlockerSetup.zip
2012-11-16 05:47 - 2012-11-16 05:47 - 00005297 ____A C:\Users\thrilla\Downloads\[isoHunt] RAR Password Unlocker v4.2.0.0 [h33t.com] Full.torrent
2012-11-15 04:29 - 2012-11-15 04:29 - 00034132 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E03 HDTV x264-ASAP[ettv].torrent
2012-11-15 04:29 - 2012-11-15 04:29 - 00028209 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E04 HDTV x264-ASAP[ettv].torrent
2012-11-15 04:28 - 2012-11-15 04:28 - 00031670 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E02 HDTV x264-EVOLVE[ettv].torrent
2012-11-15 04:27 - 2012-11-15 04:27 - 00029883 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E01 HDTV x264-EVOLVE[ettv].torrent
2012-11-14 23:50 - 2012-11-14 23:50 - 00056702 ____A C:\Users\thrilla\Downloads\[isoHunt] The.Matador[2005]DvDrip.AC3[Eng]-aXXo.torrent
2012-11-14 09:10 - 2011-10-16 02:01 - 00109688 ____A C:\Users\thrilla\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 09:05 - 2009-07-13 20:45 - 00418584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 08:46 - 2012-07-31 16:48 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 08:06 - 2011-10-17 01:18 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 08:03 - 2009-07-13 18:34 - 00000837 ____A C:\Windows\win.ini
2012-11-13 21:05 - 2012-11-13 21:05 - 01715560 ____A (Comfort Software Group ) C:\Users\thrilla\Downloads\FreeAlarmClockSetup.exe
2012-11-13 21:05 - 2012-11-13 21:05 - 00001005 ____A C:\Users\thrilla\Desktop\Free Alarm Clock.lnk
2012-11-13 21:05 - 2012-11-13 21:05 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2012-11-07 21:08 - 2011-10-18 23:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-11-07 21:04 - 2011-10-18 23:33 - 00088008 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-11-07 21:04 - 2011-10-18 23:33 - 00083880 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-07 21:04 - 2011-10-18 23:33 - 00035240 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll


ZeroAccess:
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\@
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L\00000004.@
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L\201d3dde
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L\4cce1f70
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\00000008.@
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000032.@
C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-28 17:30:19
Restore point made on: 2012-12-01 07:01:15
Restore point made on: 2012-12-01 22:22:41
Restore point made on: 2012-12-01 22:25:04
Restore point made on: 2012-12-02 04:12:56
Restore point made on: 2012-12-05 04:37:07

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4075.72 MB
Available physical RAM: 3458.93 MB
Total Pagefile: 4073.87 MB
Available Pagefile: 3452.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:256.35 GB) (Free:13.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:314.82 GB) (Free:8.94 GB) NTFS
3 Drive e: (TrendMicro) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
4 Drive f: (MYLINUXLIVE) (Removable) (Total:3.77 GB) (Free:3.72 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 256 GB 25 GB
Partition 0 Extended 314 GB 281 GB
Partition 3 Logical 314 GB 281 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 256 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 314 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F MYLINUXLIVE NTFS Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-12-05 23:46

==================== End Of Log =============================

 

[Jay Pfoutz]

I need this done too please:

Open FRST like before, type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive. Please post that to your next reply.

 

[thrilla]

Sorry about that. Here it is.

Farbar Recovery Scan Tool (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-08 12:03:19
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

 

[Jay Pfoutz]

FRST Fixlist

Please download attached fixlist.txt below (at bottom of this post), and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[thrilla]

Thanks! After I ran FRST64, my antivirus did not detect the trojans anymore, although MalwareBytes was still blocking suspicious web sites.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-09 11:55:57 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[thrilla]

ComboFix 12-12-07.01 - thrilla 09/12/2012 12:13:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4076.2357 [GMT 11:00]
Running from: c:\users\thrilla\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-07 04:54 . 2012-12-07 04:54--------d-----w-C:\FRST
2012-12-07 02:41 . 2012-12-08 05:0876232----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\offreg.dll
2012-12-06 06:54 . 2012-12-06 06:54--------d-----w-c:\users\thrilla\AppData\Roaming\Malwarebytes
2012-12-06 06:54 . 2012-12-06 06:54--------d-----w-c:\programdata\Malwarebytes
2012-12-06 06:54 . 2012-12-06 06:54--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-06 06:54 . 2012-09-29 08:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-05 12:06 . 2012-12-05 12:06--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-12-05 09:44 . 2012-12-05 09:44220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-05 09:43 . 2012-12-05 09:44--------d-----w-c:\program files (x86)\Mega Codec Pack
2012-12-05 01:48 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\mpengine.dll
2012-12-02 06:01 . 2012-12-02 06:01--------d-----w-c:\users\thrilla\AppData\Local\Innovative Solutions
2012-12-02 06:01 . 2012-12-02 06:01--------d-----w-c:\program files (x86)\Innovative Solutions
2012-12-02 05:03 . 2012-12-02 05:57--------d-----w-c:\users\thrilla\AppData\Roaming\DriverFinder
2012-12-02 01:52 . 2012-12-02 01:52--------d-----w-c:\programdata\ATI
2012-12-01 15:35 . 2012-12-01 15:35--------d-----w-c:\program files (x86)\AMD APP
2012-12-01 15:34 . 2012-12-01 15:35--------d-----w-c:\program files\ATI Technologies
2012-12-01 15:00 . 2012-12-01 15:29--------d-----w-C:\AMD
2012-12-01 14:07 . 2012-12-01 14:07--------d-----w-c:\program files (x86)\Common Files\Skype
2012-12-01 13:58 . 2003-03-15 12:1590112----a-w-c:\windows\unvise32.exe
2012-11-16 13:53 . 2012-11-17 00:03--------d-----w-c:\program files (x86)\Appnimi
2012-11-14 16:33 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 16:33 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 16:33 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 16:33 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-14 16:12 . 2012-10-08 11:4210925568----a-w-c:\windows\system32\ieframe.dll
2012-11-14 16:05 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 16:05 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 16:05 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-14 16:05 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-14 16:05 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-14 16:05 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 16:05 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-14 05:58 . 2012-10-03 17:4470656----a-w-c:\windows\system32\nlaapi.dll
2012-11-14 05:58 . 2012-10-03 16:4218944----a-w-c:\windows\SysWow64\netevent.dll
2012-11-14 05:58 . 2012-10-03 16:0745568----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 05:58 . 2012-10-03 17:4418944----a-w-c:\windows\system32\netevent.dll
2012-11-14 05:48 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-14 05:48 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-14 05:05 . 2012-11-14 05:05--------d-----w-c:\program files (x86)\FreeAlarmClock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-05 12:01 . 2011-10-16 10:0245056----a-w-c:\windows\SysWow64\acovcnt.exe
2012-11-14 16:06 . 2011-10-17 09:1866395536----a-w-c:\windows\system32\MRT.exe
2012-11-08 05:04 . 2011-10-19 07:3388008----a-w-c:\windows\system32\LMIRfsClientNP.dll
2012-11-08 05:04 . 2011-10-19 07:3335240----a-w-c:\windows\system32\LMIport.dll
2012-11-08 05:04 . 2011-10-19 07:3383880----a-w-c:\windows\system32\LMIinit.dll
2012-10-22 18:54 . 2011-07-14 13:495623976----a-w-c:\windows\SysWow64\atiumdag.dll
2012-10-22 18:00 . 2011-07-14 14:20948224----a-w-c:\windows\SysWow64\aticfx32.dll
2012-10-22 17:59 . 2011-07-14 14:191136640----a-w-c:\windows\system32\aticfx64.dll
2012-10-22 17:40 . 2011-07-14 14:007370240----a-w-c:\windows\system32\atidxx64.dll
2012-10-22 17:39 . 2011-07-14 13:426778880----a-w-c:\windows\system32\atiumd64.dll
2012-10-22 17:28 . 2011-07-14 13:34618496----a-w-c:\windows\system32\atiadlxx.dll
2012-10-22 17:25 . 2011-07-14 13:33130048----a-w-c:\windows\system32\atiuxp64.dll
2012-10-22 17:25 . 2011-07-14 13:32104448----a-w-c:\windows\system32\atiu9p64.dll
2012-10-22 17:25 . 2011-07-14 13:3283968----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-10-22 16:44 . 2011-07-14 13:574674048----a-w-c:\windows\system32\atiumd6a.dll
2012-10-22 16:34 . 2011-07-14 13:483862528----a-w-c:\windows\SysWow64\atiumdva.dll
2012-10-16 08:38 . 2012-11-28 00:57135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 00:57350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 00:57561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-09-28 04:37 . 2012-09-28 04:37221696----a-w-c:\windows\system32\clinfo.exe
2012-09-28 04:36 . 2012-09-28 04:3675776----a-w-c:\windows\system32\OpenVideo64.dll
2012-09-28 04:36 . 2012-09-28 04:3665536----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-09-28 04:36 . 2012-09-28 04:3663488----a-w-c:\windows\system32\OVDecode64.dll
2012-09-28 04:36 . 2012-09-28 04:3656320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-09-28 04:36 . 2012-09-28 04:3632635904----a-w-c:\windows\system32\amdocl64.dll
2012-09-28 04:32 . 2012-09-28 04:3227341824----a-w-c:\windows\SysWow64\amdocl.dll
2012-09-28 04:28 . 2012-09-28 04:2854784----a-w-c:\windows\system32\OpenCL.dll
2012-09-28 04:28 . 2012-09-28 04:2850176----a-w-c:\windows\SysWow64\OpenCL.dll
2012-09-14 19:19 . 2012-10-10 18:472048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 18:472048----a-w-c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-12-05 09:44220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-21 896912]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"m3me Conductor Server"="c:\program files (x86)\m3me\Conductor Server\ConductorServer.exe" [2011-08-10 557056]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2011-11-22 1327440]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-11-14 11324864]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-11-14 11324864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BuffaloTools"="c:\program files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe" [2010-03-30 169336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\thrilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\thrilla\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-7-24 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
R1 hdtcwgxw;hdtcwgxw;c:\windows\system32\drivers\hdtcwgxw.sys [x]
R1 xjlyracu;xjlyracu;c:\windows\system32\drivers\xjlyracu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 bftpusbx64;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx64.sys [2010-01-18 20608]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
S0 bftpdskc64;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc64.sys [2010-01-12 67712]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 270912]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/03/12 14:37];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 20:58 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-10-22 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-08 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-01-03 77824]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2011-11-20 202592]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-04 436840]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-30 44672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 22:52]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 22:52]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001Core.job
- c:\users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 08:34]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001UA.job
- c:\users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 08:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41220160----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41220160----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=56e83a45000000000000dadf9a5c6377
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
Wow6432Node-HKCU-Run-DriverFinder - c:\program files (x86)\DriverFinder\DriverFinder.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
HKLM-Run-tvncontrol - c:\program files\TightVNC\tvnserver.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-dBpoweramp CLI Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Utilities - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4b Audio book Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Musepack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-705378939-3791143662-2486378131-1001\Software\SecuROM\License information*]
"datasecu"=hex:e9,0a,9f,ec,99,85,40,08,5f,9d,54,89,21,e7,00,35,9c,3c,60,cd,df,
be,fb,f9,5b,fc,c7,c7,5a,75,aa,91,9f,c7,35,a8,d4,fe,b2,cf,29,a8,85,65,ed,cb,\
"rkeysecu"=hex:e8,21,a8,6e,39,f5,15,aa,3d,f9,18,b3,2c,56,c6,9d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-09 12:36:57
ComboFix-quarantined-files.txt 2012-12-09 01:36
.
Pre-Run: 16,796,069,888 bytes free
Post-Run: 18,746,818,560 bytes free
.
- - End Of File - - 74B9ABC0463A63D44054978E41FF5301

 

[Jay Pfoutz]

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[thrilla]

# AdwCleaner v2.100 - Logfile created 12/10/2012 at 13:58:36
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : thrilla - THRILLA-PC
# Boot Mode : Normal
# Running from : C:\Users\thrilla\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\thrilla\AppData\Local\Babylon
Folder Deleted : C:\Users\thrilla\AppData\Local\Conduit
Folder Deleted : C:\Users\thrilla\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\thrilla\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=56e83a45000000000000dadf9a5c6377 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.95

File : C:\Users\thrilla\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2828 octets] - [10/12/2012 13:58:36]

########## EOF - C:\AdwCleaner[S1].txt - [2888 octets] ##########

 

[thrilla]

Just finished the Eset online scanner. It found three issues. Here is the log. Looking good so far much obliged.

C:\FRST\Quarantine\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000032.@probably a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000064.@a variant of Win64/Sirefef.AN trojancleaned by deleting - quarantined
D:\Media\Adobe Acrobat X Pro 10\AcrobatPro_10_Web_WWEFD.exeWin32/InstallMonetizer.AH applicationcleaned by deleting - quarantined

 

[Jay Pfoutz]

Excellent! It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[thrilla]

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 31
Java(TM) 7 Update 1
Java(TM) SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[thrilla]

Things are looking good. Don't think my PC has ever been this clean! You rock!

 

[Jay Pfoutz]

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Topic solved.