Sirefef.ez trojan and others

Solved
By thrilla
Dec 6, 2012
Topic Status:
Not open for further replies.
  1. I am having serious virus problems after opening a dodgy file. I have Eset installed and up to date. After Eset notified me of the threat, I chose the 'delete' option but Eset was unable to delete it. I then tried the fix on the Eset website found here http://kb.eset.com/esetkb/index?page=content&id=SOLN2895.

    After trying the steps on the Eset website, it is still finding multiple threats. The threats found are Patched.A.gen trojan, Conedex.c trojan, sirefef.aw, agent.ba, conedex.b and sirefef.ez trojans. I ran SirefefRemover and ServicesRepair off the website. Every time I try to delete a trojan, Eset gives me 'error while deleting.' Eset is stating some of the trojans have been quarantined and often asks me to reboot my laptop. Upon reboot the threats are still there.

    I read the sticky thread on techspot and followed the instructions running Malware Bytes and dds. I will attach the logs as required.

    Please help!
  2. thrilla

    thrilla Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.06.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    thrilla :: THRILLA-PC [administrator]

    Protection: Enabled

    6/12/2012 5:56:31 PM
    mbam-log-2012-12-06 (17-56-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 259291
    Time elapsed: 7 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 16
    C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

    Files Detected: 90
    C:\Users\thrilla\Downloads\FunshionInstall2.4.5.9_S.exe (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\history.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flash\980EF71B_C41B_511C_2591_1C44D72C2CEC.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\009647B6_90F1_DC8A_790F_FEB3EF45FBCB.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\029FAC2B_9B00_AD8A_BB29_9AFA850FDAFB.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\080E30A6_0113_6852_4789_48F93C2A2D6C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\181D685C_9989_F52E_83DC_7E0D010FFAB6.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\1B58E309_1EA3_C424_1B97_DC09E2A7FD4A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\1C9EDDB7_6B0E_1229_F5F0_D75EF39E1ECD.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\20C87A59_1BBF_81C1_AD47_ECCA81AA8DDC.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\2A88A6CD_B346_FD90_AAC6_3D1F91226EB5.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\366706DA_3C9E_7669_3350_EEAC14889217.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\372D2949_9D13_DA72_1E17_5F6260356D5C.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\3ADFC67B_2857_8B81_6085_60F1A87D2752.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\49F55DA3_1C65_681B_DA61_BBF4BDABAD80.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\51E777D9_F0A5_6522_3198_276F23B23363.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\55482A65_0D1A_3641_9AF2_158CDAFC018E.date1323056672.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\59B718F4_2695_B45C_4B0A_3F3F28986F03.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\633B44A4_3D1F_6D7A_D2C3_6DEAFBC71A4F.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\6C4E9081_1EB4_D028_B691_3848EFD948F9.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\6FF01007_8237_F8D3_59A8_2EFCDDF3358A.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\77C07EFD_B715_62BB_6CC1_E653506DB9C3.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\81C61FF3_966C_EA94_557F_A22F75E33270.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\8570FDB4_2A56_E5CE_523F_AB8E72F5EBF2.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\87546677_233E_B050_D425_A43E8D11ECAD.date1323056672.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\89634A54_922E_5E30_8633_E89A4CE8B964.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\8AD4AFBC_1AE3_2433_B53A_EF3D7509E3DB.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\8CD4215A_0842_413C_583E_3E14AD29D4AB.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\90D25BBC_023C_1DAB_EA65_EE019CDE74A4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\9562C7C1_B036_FA45_E02F_F35D5A64CBF3.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\95930481_F0E4_2D97_99D6_4110FEF8C44B.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\9624051F_C03E_2FFE_8523_9D8CCAF08337.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\9C22069D_4B51_6247_048E_8B3E16C5C967.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\9E0C0764_7EC1_068B_94D6_0A4F16037B9B.date1323240320.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\A0F8520E_3273_5B9E_7D95_39B3C4241432.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\A1FA2E55_086B_319D_C294_E15D5EC2EE24.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\AB15CC92_F03C_F952_1F2D_B49D3BB59131.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\B32401BB_24BD_1545_6229_3AD842EB6301.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\B400DA46_C493_7120_5816_51738BD92063.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\B4E3B2DB_340A_AA88_C346_E6197D4BA13A.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\BC4F427A_759C_B00B_7B24_2AFBD86627FA.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\C839BE2B_D54E_8D30_3DD7_A21D85A243E6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\CEA08429_5DBB_D5DE_E6F1_08B27E6A3D20.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\D88096BB_62C8_C44C_707F_D73EEBE94C98.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\DD552B4B_B3BD_1A08_8D7A_D6AB973377DE.date1323056672.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\EFAF920D_DD8A_F7D1_18B6_12A8963C2599.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\EFD6F7A6_D57C_CE91_B4CC_1D9B99A84245.date1325244467.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\cache\flashNew\F968483B_4EB5_B553_2EFB_C00B6CB97AF0.date1325244467.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1318846851_6634280_1291193186_579.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1318846851_6634280_1291193186_579.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319009930_18524595_1292571619_674.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319009930_18524595_1292571619_674.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319186304_18524595_1303201144_38.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319186304_18524595_1303201144_38.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319441805_18277256_1293673144_109.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319441805_18277256_1293673144_109.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319695540_18524595_1300788865_160.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1319695540_18524595_1300788865_160.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1320723839_5881262_1226642496_3.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\control\1320723839_5881262_1226642496_3.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed\18277256_1293673144_109.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed\18524595_1292571619_674.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed\18524595_1300788865_160.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed\18524595_1303201144_38.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed\5881262_1226642496_3.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\Seed\6634280_1291193186_579.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\localad.fax (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\thrilla\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

    (end)
  3. thrilla

    thrilla Newcomer, in training Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by thrilla at 18:23:20 on 2012-12-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4076.1879 [GMT 11:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PrintCtrl.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\PrintDisp.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\m3me\Conductor Server\ConductorServer.exe
    C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
    C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Users\thrilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\thrilla\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\AsScrPro.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=56e83a45000000000000dadf9a5c6377
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [m3me Conductor Server] C:\Program Files (x86)\m3me\Conductor Server\ConductorServer.exe
    uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
    uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
    uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
    uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
    mRun: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    StartupFolder: C:\Users\thrilla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\thrilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    Trusted Zone: google-analytics.com
    Trusted Zone: novastor.com
    Trusted Zone: novastor.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}\2456C6B696E6F5E4B2F5334314636423 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{B03B8C65-B261-40F4-986A-8D976695C988} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
    x64-Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-16 75904]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-16 38016]
    R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\System32\drivers\bftpdskc64.sys [2012-6-8 67712]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-21 270912]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/03/12 14:37:55];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-14 146928]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-7-24 379520]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-5 822624]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-24 296808]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-10 202576]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-23 974944]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-5 137144]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-17 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-19 72216]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-6-16 138024]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-6 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-24 436840]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-2 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-2 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-2 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-2 22376]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-6 44672]
    S1 twzvvzzs;twzvvzzs;C:\Windows\System32\drivers\twzvvzzs.sys [2012-12-6 49872]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-24 46136]
    S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\System32\drivers\bftpusbx64.sys [2012-6-8 20608]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-2 48488]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-11 57344]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-23 246376]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-3 51712]
    SUnknown ineafogs;ineafogs; [x]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-12-06 07:22:4649872----a-w-C:\Windows\System32\drivers\twzvvzzs.sys
    2012-12-06 07:11:2376232----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\offreg.dll
    2012-12-06 06:54:52--------d-----w-C:\Users\thrilla\AppData\Roaming\Malwarebytes
    2012-12-06 06:54:25--------d-----w-C:\ProgramData\Malwarebytes
    2012-12-06 06:54:2325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-12-06 06:54:23--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-05 12:06:08--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-12-05 09:44:14220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-05 09:43:40--------d-----w-C:\Program Files (x86)\Mega Codec Pack
    2012-12-05 01:48:459125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\mpengine.dll
    2012-12-02 06:01:15--------d-----w-C:\Users\thrilla\AppData\Local\Innovative Solutions
    2012-12-02 06:01:10--------d-----w-C:\Program Files (x86)\Innovative Solutions
    2012-12-02 05:03:28--------d-----w-C:\Users\thrilla\AppData\Roaming\DriverFinder
    2012-12-01 15:35:39--------d-----w-C:\Program Files (x86)\AMD APP
    2012-12-01 15:34:08--------d-----w-C:\Program Files\ATI Technologies
    2012-12-01 15:00:06--------d-----w-C:\AMD
    2012-12-01 13:58:0090112----a-w-C:\Windows\unvise32.exe
    2012-11-16 13:53:58--------d-----w-C:\Program Files (x86)\Appnimi
    2012-11-14 16:33:032560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 16:33:019728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-14 16:33:01785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-14 16:33:0154376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-14 16:05:1587040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-14 16:05:15198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-14 16:05:1484992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-14 16:05:13194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 16:05:1145056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 16:05:11229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-14 16:05:10744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-14 05:58:5970656----a-w-C:\Windows\System32\nlaapi.dll
    2012-11-14 05:58:5945568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-11-14 05:58:5918944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-11-14 05:58:5818944----a-w-C:\Windows\System32\netevent.dll
    2012-11-14 05:48:3595744----a-w-C:\Windows\System32\synceng.dll
    2012-11-14 05:48:3478336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-11-14 05:05:51--------d-----w-C:\Program Files (x86)\FreeAlarmClock
    .
    ==================== Find3M ====================
    .
    2012-12-05 12:01:1445056----a-w-C:\Windows\SysWow64\acovcnt.exe
    2012-11-08 05:04:2788008----a-w-C:\Windows\System32\LMIRfsClientNP.dll
    2012-11-08 05:04:1035240----a-w-C:\Windows\System32\LMIport.dll
    2012-11-08 05:04:0683880----a-w-C:\Windows\System32\LMIinit.dll
    2012-10-22 18:54:565623976----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-10-22 18:51:2011270656----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-10-22 18:21:0670144----a-w-C:\Windows\System32\coinst_9.01.8.dll
    2012-10-22 18:15:12163840----a-w-C:\Windows\System32\atiapfxx.exe
    2012-10-22 18:13:4251200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-10-22 18:13:4046080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-10-22 18:13:3623435776----a-w-C:\Windows\System32\atio6axx.dll
    2012-10-22 18:13:3444544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-10-22 18:13:3244032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-10-22 18:13:2216082944----a-w-C:\Windows\System32\aticaldd64.dll
    2012-10-22 18:09:0613703168----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-10-22 18:00:54948224----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-10-22 17:59:081136640----a-w-C:\Windows\System32\aticfx64.dll
    2012-10-22 17:57:086678528----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-10-22 17:56:4818957824----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-10-22 17:52:34442368----a-w-C:\Windows\System32\atidemgy.dll
    2012-10-22 17:52:18548864----a-w-C:\Windows\System32\atieclxx.exe
    2012-10-22 17:51:30240640----a-w-C:\Windows\System32\atiesrxx.exe
    2012-10-22 17:50:06120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-10-22 17:49:4621504----a-w-C:\Windows\System32\atimuixx.dll
    2012-10-22 17:49:4259392----a-w-C:\Windows\System32\atiedu64.dll
    2012-10-22 17:49:3643520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-10-22 17:40:207370240----a-w-C:\Windows\System32\atidxx64.dll
    2012-10-22 17:39:206778880----a-w-C:\Windows\System32\atiumd64.dll
    2012-10-22 17:28:26618496----a-w-C:\Windows\System32\atiadlxx.dll
    2012-10-22 17:28:14421888----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-10-22 17:28:0017920----a-w-C:\Windows\System32\atig6pxx.dll
    2012-10-22 17:27:5614848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-10-22 17:27:5614848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-10-22 17:27:5241984----a-w-C:\Windows\System32\atig6txx.dll
    2012-10-22 17:27:4433280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-10-22 17:27:36546304----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-10-22 17:25:48130048----a-w-C:\Windows\System32\atiuxp64.dll
    2012-10-22 17:25:42109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-10-22 17:25:34104448----a-w-C:\Windows\System32\atiu9p64.dll
    2012-10-22 17:25:2483968----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-10-22 17:24:3653248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-10-22 16:44:504674048----a-w-C:\Windows\System32\atiumd6a.dll
    2012-10-22 16:34:043862528----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-10-22 16:24:0056320----a-w-C:\Windows\System32\atimpc64.dll
    2012-10-22 16:24:0056320----a-w-C:\Windows\System32\amdpcom64.dll
    2012-10-22 16:23:5056832----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-10-22 16:23:5056832----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
    2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-09-28 04:37:02221696----a-w-C:\Windows\System32\clinfo.exe
    2012-09-28 04:36:4475776----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-09-28 04:36:4065536----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-09-28 04:36:3663488----a-w-C:\Windows\System32\OVDecode64.dll
    2012-09-28 04:36:3456320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-09-28 04:36:2432635904----a-w-C:\Windows\System32\amdocl64.dll
    2012-09-28 04:32:1627341824----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-09-28 04:28:4654784----a-w-C:\Windows\System32\OpenCL.dll
    2012-09-28 04:28:4250176----a-w-C:\Windows\SysWow64\OpenCL.dll
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 18:24:46.33 ===============
  4. thrilla

    thrilla Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 16/10/2011 9:01:24 PM
    System Uptime: 6/12/2012 6:07:15 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K73BY
    Processor: AMD E-350 Processor | CPU 1 | 1600/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 256 GiB total, 14.878 GiB free.
    D: is FIXED (NTFS) - 315 GiB total, 8.939 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP206: 29/11/2012 12:28:17 PM - Windows Update
    RP207: 2/12/2012 2:00:42 AM - Installed MSI_TEMPLATE
    RP208: 2/12/2012 5:22:10 PM - DMX_DriverMax Driver Installation
    RP209: 2/12/2012 5:24:46 PM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
    RP210: 2/12/2012 11:12:30 PM - Windows Update
    RP212: 5/12/2012 11:36:33 PM - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    µTorrent
    3.3
    Adobe AIR
    Adobe Community Help
    Adobe Digital Editions 2.0
    Adobe Dreamweaver CS5.5
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Adobe Widget Browser
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Fuel
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_Screensaver
    AsusVibe2.0
    Atheros Client Installation Program
    Atheros Driver Installation Program
    ATK Package
    Bigasoft Total Video Converter 3.7.21.4680
    BitTorrent
    Bluetooth Win7 Suite (64)
    Bonjour
    Bonjour Print Services
    BUFFALO BuffaloTools Launcher
    BUFFALO TurboCopy
    BUFFALO TurboPC for FLASH/HDD
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Conductor Server
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    Counter Strike 1.6 eSK Counter Strike 1.6 eSK UCP 7.4
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDVD 10
    D3DX10
    DAEMON Tools Lite
    dBpoweramp [Multi Encoder] Codec
    dBpoweramp CLI Encoder
    dBpoweramp DSP Effects
    dBpoweramp FLAC Codec
    dBpoweramp m4a Codec
    dBpoweramp m4a Utilities
    dBpoweramp m4b Audio book Encoder
    dBpoweramp Midi Decoder
    dBpoweramp Monkeys Audio Codec
    dBpoweramp mp3 (Fraunhofer IIS) Codec
    dBpoweramp Musepack Codec
    dBpoweramp Music Converter
    dBpoweramp Ogg Vorbis Codec
    dBpoweramp OptimFROG Codec
    dBPoweramp tooLame MP2 codec
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DivX Setup
    Dragon NaturallySpeaking 11
    DriverMax 6
    Dropbox
    ESET NOD32 Antivirus
    ETDWare PS/2-X64 8.0.5.1_WHQL
    Fast Boot
    Free Alarm Clock 2.5.0
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Garmin Communicator Plugin
    Garmin Communicator Plugin x64
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Grand Theft Auto Vice City
    Image Resizer Powertoy Clone for Windows (64 bit)
    Infix 4.31
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29 (64-bit)
    Java(TM) 6 Update 31
    Java(TM) 7 Update 1
    Java(TM) SE Runtime Environment 6 Update 1
    Junk Mail filter update
    JustCloud Setup
    LinuxLive USB Creator
    LogMeIn
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need For Speed Underground
    Nuance PDF Reader
    Painkiller
    PerformanceTest v7.0 (64-bit)
    PunkBuster Services
    Quake Live Mozilla Plugin
    Quick Media Converter
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    ServeToMe 3.6.6.0
    Skype Click to Call
    Skype™ 6.0
    SugarSync Manager
    swMSM
    syncables desktop SE
    System Requirements Lab CYRI
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    VLC media player 1.1.11
    VLC Streamer 1.50
    Winamp
    Winamp Detector Plug-in
    Windows 7 USB/DVD Download Tool
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Mobile Device Center
    WinFlash
    WinRAR 4.01 (64-bit)
    Wireless Console 3
    YouWave for Android
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/12/2012 5:40:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/12/2012 5:37:06 PM, Error: Service Control Manager [7001] -
    6/12/2012 5:37:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/12/2012 5:37:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/12/2012 5:37:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/12/2012 5:36:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/12/2012 5:36:04 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    3/12/2012 1:03:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JOEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  6. thrilla

    thrilla Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
    Ran by SYSTEM at 06-12-2012 20:58:13
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
    HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2278504 2011-10-14] (Realtek Semiconductor)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [x]
    HKLM\...\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe [826368 2011-02-19] (ActMask Co.,Ltd - http://www.all2pdf.com)
    HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" [x]
    HKLM-x32\...\Run: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-30] (BUFFALO INC.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [344 2012-12-06] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-27] (Advanced Micro Devices, Inc.)
    HKU\Guest\...\Run: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
    HKU\Guest\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-20] (BitTorrent, Inc.)
    HKU\Guest\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
    HKU\Guest\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9413712 2012-03-19] (SugarSync, Inc.)
    HKU\Guest\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-08] (Skype Technologies S.A.)
    HKU\Guest\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
    HKU\LogMeInRemoteUser\...\Run: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
    HKU\LogMeInRemoteUser\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-20] (BitTorrent, Inc.)
    HKU\LogMeInRemoteUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
    HKU\LogMeInRemoteUser\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9413712 2012-03-19] (SugarSync, Inc.)
    HKU\LogMeInRemoteUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-08] (Skype Technologies S.A.)
    HKU\LogMeInRemoteUser\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
    HKU\thrilla\...\Run: [Google Update] "C:\Users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
    HKU\thrilla\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-20] (BitTorrent, Inc.)
    HKU\thrilla\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
    HKU\thrilla\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9413712 2012-03-19] (SugarSync, Inc.)
    HKU\thrilla\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKU\thrilla\...\Run: [m3me Conductor Server] C:\Program Files (x86)\m3me\Conductor Server\ConductorServer.exe [557056 2011-08-10] (m3me, Inc.)
    HKU\thrilla\...\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [1327440 2011-11-21] (Comfort Software Group)
    HKU\thrilla\...\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe [x]
    HKU\thrilla\...\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent [11324864 2012-11-13] (Innovative Solutions)
    HKU\thrilla\...\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [11324864 2012-11-13] (Innovative Solutions)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}: [NameServer]8.8.8.8,8.8.4.4
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
    Startup: C:\Users\thrilla\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
    2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375728 2012-11-07] (LogMeIn, Inc.)
    2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147888 2012-11-07] (LogMeIn, Inc.)
    2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-03-23] ()
    2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)
    0 bftpdskc64; C:\Windows\System32\Drivers\bftpdskc64.sys [67712 2010-01-12] (BUFFALO INC.)
    3 bftpusbx64; C:\Windows\System32\Drivers\bftpusbx64.sys [20608 2010-01-18] (BUFFALO INC.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-20] (DT Soft Ltd)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
    2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
    4 LMIRfsClientNP; [x]
    2 TMAgent; [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-05 23:25 - 2012-12-05 23:25 - 00012778 ____A C:\Users\thrilla\Desktop\attach.txt
    2012-12-05 23:25 - 2012-12-05 23:24 - 00031086 ____A C:\Users\thrilla\Desktop\dds.txt
    2012-12-05 23:22 - 2012-12-05 23:22 - 00688992 ____R (Swearware) C:\Users\thrilla\Desktop\dds.com
    2012-12-05 22:54 - 2012-12-05 22:54 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Malwarebytes
    2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-05 22:54 - 2012-09-29 00:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-05 22:52 - 2012-12-05 22:53 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\thrilla\Downloads\mbam-setup-1.65.1.1000.exe
    2012-12-05 22:24 - 2012-12-05 22:24 - 00000000 ____D C:\Users\Public\Desktop\CC Support
    2012-12-05 22:23 - 2012-12-05 22:24 - 04009167 ____A C:\Users\thrilla\Desktop\ServicesRepair.exe
    2012-12-05 22:22 - 2012-12-05 22:22 - 00138120 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefRemover.exe
    2012-12-05 04:16 - 2012-12-05 04:16 - 01859808 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefEVCleaner.exe
    2012-12-05 04:16 - 2012-12-05 04:16 - 00000000 ____D C:\Users\thrilla\Desktop\CC Support
    2012-12-05 04:06 - 2012-12-05 04:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-12-05 01:47 - 2012-12-05 01:47 - 00032195 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E10 Season 7 Episode 10 HDTV x264 [GlowGaze].torrent
    2012-12-05 01:43 - 2012-12-05 01:44 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-03 00:59 - 2012-12-03 00:59 - 00030920 ____A C:\Users\thrilla\Downloads\[isoHunt] Dark Shadows 2012 English (BDRip) x264.DiAMOND.torrent
    2012-12-03 00:56 - 2012-12-03 00:56 - 00057024 ____A C:\Users\thrilla\Downloads\[isoHunt] 207cb1097e4f71157f5c7ee7f46a1eddaae42e25.torrent
    2012-12-02 04:00 - 2012-12-02 04:00 - 00001270 ____A C:\Users\thrilla\Downloads\LPCINTERFACECONTROLLER1.0.64.1ad832b33db432409c9cbe083296134a9.dmx-info
    2012-12-02 03:57 - 2012-12-02 03:57 - 00001280 ____A C:\Users\thrilla\Downloads\AMDSMBUS5.12.0.00151b3c26fde8729f952517ad51c6344944.dmx-info
    2012-12-01 22:23 - 2012-10-22 10:51 - 11270656 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-12-01 22:23 - 2012-10-22 10:21 - 00070144 ____A (AMD) C:\Windows\System32\coinst_9.01.8.dll
    2012-12-01 22:23 - 2012-10-22 10:18 - 00317040 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-12-01 22:23 - 2012-10-22 10:18 - 00317040 ____A C:\Windows\System32\atiapfxx.blb
    2012-12-01 22:23 - 2012-10-22 10:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-12-01 22:23 - 2012-10-22 10:13 - 23435776 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-12-01 22:23 - 2012-10-22 10:13 - 16082944 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-12-01 22:23 - 2012-10-22 10:13 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-12-01 22:23 - 2012-10-22 10:13 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-12-01 22:23 - 2012-10-22 10:13 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-12-01 22:23 - 2012-10-22 10:13 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-12-01 22:23 - 2012-10-22 10:09 - 13703168 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-12-01 22:23 - 2012-10-22 09:57 - 06678528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-12-01 22:23 - 2012-10-22 09:56 - 18957824 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-12-01 22:23 - 2012-10-22 09:52 - 00548864 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-12-01 22:23 - 2012-10-22 09:52 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atidemgy.dll
    2012-12-01 22:23 - 2012-10-22 09:51 - 00240640 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-12-01 22:23 - 2012-10-22 09:50 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-12-01 22:23 - 2012-10-22 09:49 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-12-01 22:23 - 2012-10-22 09:49 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-12-01 22:23 - 2012-10-22 09:49 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-12-01 22:23 - 2012-10-22 09:28 - 00421888 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-12-01 22:23 - 2012-10-22 09:28 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-12-01 22:23 - 2012-10-22 09:27 - 00546304 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-12-01 22:23 - 2012-10-22 09:27 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-12-01 22:23 - 2012-10-22 09:27 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-12-01 22:23 - 2012-10-22 09:27 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-12-01 22:23 - 2012-10-22 09:27 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-12-01 22:23 - 2012-10-22 09:25 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-12-01 22:23 - 2012-10-22 09:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-12-01 22:23 - 2012-10-22 08:41 - 03053056 ____A C:\Windows\System32\atiumd6a.cap
    2012-12-01 22:23 - 2012-10-22 08:41 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
    2012-12-01 22:23 - 2012-10-22 08:41 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
    2012-12-01 22:23 - 2012-10-22 08:41 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
    2012-12-01 22:23 - 2012-10-22 08:41 - 00157144 ____A C:\Windows\System32\ativvsva.dat
    2012-12-01 22:23 - 2012-10-22 08:32 - 03084672 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-12-01 22:23 - 2012-10-22 08:24 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-12-01 22:23 - 2012-10-22 08:24 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-12-01 22:23 - 2012-10-22 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-12-01 22:23 - 2012-10-22 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-12-01 22:23 - 2012-10-16 07:55 - 00040667 ____A C:\Windows\atiogl.xml
    2012-12-01 22:23 - 2012-09-19 02:09 - 00076660 ____A C:\Windows\System32\ativce02.dat
    2012-12-01 22:23 - 2012-09-17 21:00 - 00662787 ____A C:\Windows\System32\atiicdxx.dat
    2012-12-01 22:23 - 2012-09-03 22:20 - 00228528 ____A C:\Windows\System32\ativvaxy_cik_nd.dat
    2012-12-01 22:23 - 2012-09-03 22:20 - 00228528 ____A C:\Windows\System32\ativvaxy_cik.dat
    2012-12-01 22:23 - 2011-09-12 05:06 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat
    2012-12-01 22:23 - 2011-09-12 05:06 - 00003917 ____A C:\Windows\System32\atipblag.dat
    2012-12-01 22:09 - 2012-12-01 22:09 - 00068812 ____A C:\Users\thrilla\Downloads\AMDRADEONHD7400MSERIES9.010.8.0000cdba3a8c7ab0f10f30c1a8e71fb53cc1.dmx-info
    2012-12-01 22:01 - 2012-12-01 22:01 - 00001236 ____A C:\Users\thrilla\Desktop\DriverMax.lnk
    2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Users\thrilla\AppData\Local\Innovative Solutions
    2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
    2012-12-01 21:58 - 2012-12-01 22:00 - 07875488 ____A (Innovative Solutions ) C:\Users\thrilla\Downloads\drivermax.exe
    2012-12-01 21:56 - 2012-12-01 21:56 - 00000200 ____A C:\Users\thrilla\Downloads\DriverFinder Pro 2 + Serial license key.html
    2012-12-01 21:33 - 2012-12-01 21:33 - 00019497 ____A C:\Users\thrilla\Downloads\[isoHunt] 3773212.torrent
    2012-12-01 21:16 - 2012-12-01 21:16 - 00004721 ____A C:\Users\thrilla\Downloads\[isoHunt] 3765357.torrent
    2012-12-01 21:03 - 2012-12-01 21:57 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\DriverFinder
    2012-12-01 21:03 - 2012-12-01 21:03 - 00244896 ____A C:\Users\thrilla\Downloads\DriverFinderSetup.exe
    2012-12-01 20:18 - 2012-12-01 20:36 - 124163060 ____A C:\Users\thrilla\Downloads\A2DVID-00243349-0042.EXE
    2012-12-01 20:06 - 2012-12-01 20:07 - 02053400 ____A (Mister Group ) C:\Users\thrilla\Downloads\SystemExplorerSetup_399.exe
    2012-12-01 19:49 - 2012-12-01 19:49 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util (1).exe
    2012-12-01 17:52 - 2012-12-01 17:52 - 00000000 ____D C:\Users\All Users\ATI
    2012-12-01 07:35 - 2012-12-01 07:35 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-12-01 07:34 - 2012-12-01 07:35 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-12-01 07:09 - 2012-12-01 07:25 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\thrilla\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe
    2012-12-01 07:03 - 2012-12-01 07:04 - 00792704 ____A (AMD) C:\Users\thrilla\Downloads\amddriverdownloader.exe
    2012-12-01 07:00 - 2012-12-01 07:29 - 00000000 ____D C:\AMD
    2012-12-01 06:59 - 2012-12-01 06:59 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util.exe
    2012-12-01 06:28 - 2012-12-01 06:28 - 00005599 ____A C:\Users\thrilla\Downloads\WideScreenWeaponsMod.rar
    2012-12-01 06:28 - 2012-12-01 06:28 - 00000000 ____D C:\Users\thrilla\Downloads\WideScreenWeaponsMod
    2012-12-01 06:07 - 2012-12-01 06:07 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-12-01 05:58 - 2003-03-15 04:15 - 00090112 ____A (MindVision Software) C:\Windows\unvise32.exe
    2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\thrilla\Desktop\Launch Painkiller!.lnk
    2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\LogMeInRemoteUser\Desktop\Launch Painkiller!.lnk
    2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\Guest\Desktop\Launch Painkiller!.lnk
    2012-12-01 00:29 - 2012-12-01 00:29 - 00022763 ____A C:\Users\thrilla\Downloads\[isoHunt] Painkiller.torrent
    2012-11-27 00:00 - 2012-11-27 00:00 - 00034309 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E09 Season 7 Episode 9 HDTV x264 [GlowGaze].torrent
    2012-11-26 22:03 - 2012-11-26 22:03 - 00015332 ____A C:\Users\thrilla\Downloads\[isoHunt] Big Naturals - Adella Skyy (Ready 2 Rock).mp4.torrent
    2012-11-26 01:29 - 2012-11-26 01:29 - 00017096 ____A C:\Users\thrilla\Downloads\[isoHunt] download (2).torrent
    2012-11-24 04:01 - 2012-11-24 04:01 - 00019853 ____A C:\Users\thrilla\Downloads\[isoHunt] download (1).torrent
    2012-11-24 02:23 - 2012-11-24 02:23 - 00031040 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E08 Season 7 Episode 8 HDTV x264 [GlowGaze].torrent
    2012-11-17 01:16 - 2012-11-17 01:16 - 00028856 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E07 Season 7 Episode 7 HDTV x264 [GlowGaze].torrent
    2012-11-16 16:16 - 2012-11-16 16:16 - 00032014 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E06 Season 7 Episode 6 HDTV x264 [GlowGaze].torrent
    2012-11-16 05:53 - 2012-11-16 16:03 - 00000000 ____D C:\Program Files (x86)\Appnimi
    2012-11-16 05:52 - 2012-11-16 05:52 - 00563473 ____A C:\Users\thrilla\Downloads\AppnimiZipPasswordUnlockerSetup.zip
    2012-11-16 05:47 - 2012-11-16 05:47 - 00005297 ____A C:\Users\thrilla\Downloads\[isoHunt] RAR Password Unlocker v4.2.0.0 [h33t.com] Full.torrent
    2012-11-15 04:29 - 2012-11-15 04:29 - 00034132 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E03 HDTV x264-ASAP[ettv].torrent
    2012-11-15 04:29 - 2012-11-15 04:29 - 00028209 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E04 HDTV x264-ASAP[ettv].torrent
    2012-11-15 04:28 - 2012-11-15 04:28 - 00031670 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E02 HDTV x264-EVOLVE[ettv].torrent
    2012-11-15 04:27 - 2012-11-15 04:27 - 00029883 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E01 HDTV x264-EVOLVE[ettv].torrent
    2012-11-14 23:50 - 2012-11-14 23:50 - 00056702 ____A C:\Users\thrilla\Downloads\[isoHunt] The.Matador[2005]DvDrip.AC3[Eng]-aXXo.torrent
    2012-11-14 08:33 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-11-14 08:33 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-11-14 08:33 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-11-14 08:33 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-11-14 08:13 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-14 08:13 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-14 08:13 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-14 08:13 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-14 08:13 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-14 08:13 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-14 08:13 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-14 08:13 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-14 08:13 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-14 08:13 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-14 08:13 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-14 08:13 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-14 08:13 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-14 08:13 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-14 08:13 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-14 08:13 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-14 08:13 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-14 08:13 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-14 08:13 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-14 08:13 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-14 08:13 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-14 08:13 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-14 08:13 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-14 08:13 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-14 08:13 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-14 08:13 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-14 08:13 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-14 08:13 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-14 08:13 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-14 08:13 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-14 08:12 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-14 08:12 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-14 08:05 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-14 08:05 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-14 08:05 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 08:05 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-14 08:05 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 08:05 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-14 08:05 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-14 08:05 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-13 21:59 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-13 21:59 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-11-13 21:59 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-11-13 21:59 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-11-13 21:59 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-11-13 21:59 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-11-13 21:59 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-11-13 21:59 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-11-13 21:59 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-11-13 21:59 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-11-13 21:59 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-11-13 21:59 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-11-13 21:59 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2012-11-13 21:58 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-11-13 21:58 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-11-13 21:58 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-11-13 21:58 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-11-13 21:48 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-13 21:48 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-13 21:05 - 2012-11-13 21:05 - 01715560 ____A (Comfort Software Group ) C:\Users\thrilla\Downloads\FreeAlarmClockSetup.exe
    2012-11-13 21:05 - 2012-11-13 21:05 - 00001005 ____A C:\Users\thrilla\Desktop\Free Alarm Clock.lnk
    2012-11-13 21:05 - 2012-11-13 21:05 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock


    ==================== One Month Modified Files and Folders =======

    2012-12-06 20:54 - 2012-12-06 20:54 - 00000000 ____D C:\FRST
    2012-12-06 01:48 - 2011-10-17 02:00 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\uTorrent
    2012-12-06 01:48 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-06 01:48 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-06 01:47 - 2009-07-13 21:13 - 00742516 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-06 01:41 - 2012-02-16 14:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-12-06 01:41 - 2011-10-18 20:47 - 00000000 ___RD C:\Users\thrilla\Dropbox
    2012-12-06 01:41 - 2011-10-18 20:44 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Dropbox
    2012-12-06 01:41 - 2011-10-16 02:01 - 00000000 ___HD C:\ASUS.DAT
    2012-12-06 01:41 - 2011-07-23 05:20 - 01240221 ____A C:\Windows\WindowsUpdate.log
    2012-12-06 01:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-06 01:40 - 2009-07-13 20:51 - 00098036 ____A C:\Windows\setupact.log
    2012-12-06 01:37 - 2012-02-16 14:52 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-12-06 00:50 - 2011-10-17 01:54 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001UA.job
    2012-12-05 23:25 - 2012-12-05 23:25 - 00012778 ____A C:\Users\thrilla\Desktop\attach.txt
    2012-12-05 23:24 - 2012-12-05 23:25 - 00031086 ____A C:\Users\thrilla\Desktop\dds.txt
    2012-12-05 23:22 - 2012-12-05 23:22 - 00688992 ____R (Swearware) C:\Users\thrilla\Desktop\dds.com
    2012-12-05 23:19 - 2011-07-23 05:52 - 00001415 ____A C:\Windows\System32\ServiceFilter.ini
    2012-12-05 23:07 - 2011-04-01 20:17 - 00437512 ____A C:\Windows\PFRO.log
    2012-12-05 23:05 - 2011-10-16 02:01 - 00000000 ____D C:\users\thrilla
    2012-12-05 22:54 - 2012-12-05 22:54 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Malwarebytes
    2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-12-05 22:54 - 2012-12-05 22:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-05 22:53 - 2012-12-05 22:52 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\thrilla\Downloads\mbam-setup-1.65.1.1000.exe
    2012-12-05 22:24 - 2012-12-05 22:24 - 00000000 ____D C:\Users\Public\Desktop\CC Support
    2012-12-05 22:24 - 2012-12-05 22:23 - 04009167 ____A C:\Users\thrilla\Desktop\ServicesRepair.exe
    2012-12-05 22:22 - 2012-12-05 22:22 - 00138120 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefRemover.exe
    2012-12-05 22:11 - 2011-10-17 01:57 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\Skype
    2012-12-05 05:22 - 2011-10-18 23:33 - 00000000 ____D C:\Users\All Users\LogMeIn
    2012-12-05 04:16 - 2012-12-05 04:16 - 01859808 ____A (ESET) C:\Users\thrilla\Desktop\ESETSirefefEVCleaner.exe
    2012-12-05 04:16 - 2012-12-05 04:16 - 00000000 ____D C:\Users\thrilla\Desktop\CC Support
    2012-12-05 04:06 - 2012-12-05 04:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-12-05 04:01 - 2011-10-16 02:02 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
    2012-12-05 02:50 - 2011-10-17 01:54 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001Core.job
    2012-12-05 01:47 - 2012-12-05 01:47 - 00032195 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E10 Season 7 Episode 10 HDTV x264 [GlowGaze].torrent
    2012-12-05 01:44 - 2012-12-05 01:43 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-03 00:59 - 2012-12-03 00:59 - 00030920 ____A C:\Users\thrilla\Downloads\[isoHunt] Dark Shadows 2012 English (BDRip) x264.DiAMOND.torrent
    2012-12-03 00:56 - 2012-12-03 00:56 - 00057024 ____A C:\Users\thrilla\Downloads\[isoHunt] 207cb1097e4f71157f5c7ee7f46a1eddaae42e25.torrent
    2012-12-02 04:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-12-02 04:00 - 2012-12-02 04:00 - 00001270 ____A C:\Users\thrilla\Downloads\LPCINTERFACECONTROLLER1.0.64.1ad832b33db432409c9cbe083296134a9.dmx-info
    2012-12-02 03:58 - 2011-07-23 05:47 - 00016700 ____A C:\Windows\DPINST.LOG
    2012-12-02 03:57 - 2012-12-02 03:57 - 00001280 ____A C:\Users\thrilla\Downloads\AMDSMBUS5.12.0.00151b3c26fde8729f952517ad51c6344944.dmx-info
    2012-12-01 23:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-01 22:34 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-01 22:09 - 2012-12-01 22:09 - 00068812 ____A C:\Users\thrilla\Downloads\AMDRADEONHD7400MSERIES9.010.8.0000cdba3a8c7ab0f10f30c1a8e71fb53cc1.dmx-info
    2012-12-01 22:01 - 2012-12-01 22:01 - 00001236 ____A C:\Users\thrilla\Desktop\DriverMax.lnk
    2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Users\thrilla\AppData\Local\Innovative Solutions
    2012-12-01 22:01 - 2012-12-01 22:01 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
    2012-12-01 22:00 - 2012-12-01 21:58 - 07875488 ____A (Innovative Solutions ) C:\Users\thrilla\Downloads\drivermax.exe
    2012-12-01 21:57 - 2012-12-01 21:03 - 00000000 ____D C:\Users\thrilla\AppData\Roaming\DriverFinder
    2012-12-01 21:56 - 2012-12-01 21:56 - 00000200 ____A C:\Users\thrilla\Downloads\DriverFinder Pro 2 + Serial license key.html
    2012-12-01 21:33 - 2012-12-01 21:33 - 00019497 ____A C:\Users\thrilla\Downloads\[isoHunt] 3773212.torrent
    2012-12-01 21:16 - 2012-12-01 21:16 - 00004721 ____A C:\Users\thrilla\Downloads\[isoHunt] 3765357.torrent
    2012-12-01 21:03 - 2012-12-01 21:03 - 00244896 ____A C:\Users\thrilla\Downloads\DriverFinderSetup.exe
    2012-12-01 20:36 - 2012-12-01 20:18 - 124163060 ____A C:\Users\thrilla\Downloads\A2DVID-00243349-0042.EXE
    2012-12-01 20:14 - 2011-04-01 20:29 - 03139598 ____A C:\Windows\AsDebug.log
    2012-12-01 20:14 - 2011-02-18 12:12 - 00385734 ____A C:\Windows\AsCDProc.log
    2012-12-01 20:07 - 2012-12-01 20:06 - 02053400 ____A (Mister Group ) C:\Users\thrilla\Downloads\SystemExplorerSetup_399.exe
    2012-12-01 19:49 - 2012-12-01 19:49 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util (1).exe
    2012-12-01 17:52 - 2012-12-01 17:52 - 00000000 ____D C:\Users\All Users\ATI
    2012-12-01 07:35 - 2012-12-01 07:35 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-12-01 07:35 - 2012-12-01 07:34 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-12-01 07:34 - 2011-07-23 05:44 - 00000000 ____D C:\Users\All Users\AMD
    2012-12-01 07:33 - 2012-01-06 01:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
    2012-12-01 07:32 - 2011-10-26 18:20 - 00000000 ____D C:\Users\thrilla\AppData\Local\CrashDumps
    2012-12-01 07:29 - 2012-12-01 07:00 - 00000000 ____D C:\AMD
    2012-12-01 07:25 - 2012-12-01 07:09 - 193293840 ____A (Advanced Micro Devices, Inc.) C:\Users\thrilla\Downloads\12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe
    2012-12-01 07:04 - 2012-12-01 07:03 - 00792704 ____A (AMD) C:\Users\thrilla\Downloads\amddriverdownloader.exe
    2012-12-01 06:59 - 2012-12-01 06:59 - 01165616 ____A (AMD Inc.) C:\Users\thrilla\Downloads\catalyst_mobility_64-bit_util.exe
    2012-12-01 06:28 - 2012-12-01 06:28 - 00005599 ____A C:\Users\thrilla\Downloads\WideScreenWeaponsMod.rar
    2012-12-01 06:28 - 2012-12-01 06:28 - 00000000 ____D C:\Users\thrilla\Downloads\WideScreenWeaponsMod
    2012-12-01 06:07 - 2012-12-01 06:07 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-12-01 06:07 - 2012-02-04 22:38 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-12-01 06:07 - 2011-10-17 01:57 - 00000000 ____D C:\Users\All Users\Skype
    2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\thrilla\Desktop\Launch Painkiller!.lnk
    2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\LogMeInRemoteUser\Desktop\Launch Painkiller!.lnk
    2012-12-01 05:57 - 2012-12-01 05:57 - 00000949 ____A C:\Users\Guest\Desktop\Launch Painkiller!.lnk
    2012-12-01 00:29 - 2012-12-01 00:29 - 00022763 ____A C:\Users\thrilla\Downloads\[isoHunt] Painkiller.torrent
    2012-11-30 18:14 - 2011-10-17 01:54 - 00002457 ____A C:\Users\thrilla\Desktop\Google Chrome.lnk
    2012-11-27 00:00 - 2012-11-27 00:00 - 00034309 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E09 Season 7 Episode 9 HDTV x264 [GlowGaze].torrent
    2012-11-26 22:03 - 2012-11-26 22:03 - 00015332 ____A C:\Users\thrilla\Downloads\[isoHunt] Big Naturals - Adella Skyy (Ready 2 Rock).mp4.torrent
    2012-11-26 01:29 - 2012-11-26 01:29 - 00017096 ____A C:\Users\thrilla\Downloads\[isoHunt] download (2).torrent
    2012-11-24 04:01 - 2012-11-24 04:01 - 00019853 ____A C:\Users\thrilla\Downloads\[isoHunt] download (1).torrent
    2012-11-24 02:23 - 2012-11-24 02:23 - 00031040 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E08 Season 7 Episode 8 HDTV x264 [GlowGaze].torrent
    2012-11-17 01:16 - 2012-11-17 01:16 - 00028856 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E07 Season 7 Episode 7 HDTV x264 [GlowGaze].torrent
    2012-11-16 16:16 - 2012-11-16 16:16 - 00032014 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E06 Season 7 Episode 6 HDTV x264 [GlowGaze].torrent
    2012-11-16 16:03 - 2012-11-16 05:53 - 00000000 ____D C:\Program Files (x86)\Appnimi
    2012-11-16 14:45 - 2012-01-28 19:25 - 00000000 ____D C:\Users\thrilla\AppData\Local\SugarSync
    2012-11-16 05:52 - 2012-11-16 05:52 - 00563473 ____A C:\Users\thrilla\Downloads\AppnimiZipPasswordUnlockerSetup.zip
    2012-11-16 05:47 - 2012-11-16 05:47 - 00005297 ____A C:\Users\thrilla\Downloads\[isoHunt] RAR Password Unlocker v4.2.0.0 [h33t.com] Full.torrent
    2012-11-15 04:29 - 2012-11-15 04:29 - 00034132 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E03 HDTV x264-ASAP[ettv].torrent
    2012-11-15 04:29 - 2012-11-15 04:29 - 00028209 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E04 HDTV x264-ASAP[ettv].torrent
    2012-11-15 04:28 - 2012-11-15 04:28 - 00031670 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E02 HDTV x264-EVOLVE[ettv].torrent
    2012-11-15 04:27 - 2012-11-15 04:27 - 00029883 ____A C:\Users\thrilla\Downloads\[isoHunt] Dexter S07E01 HDTV x264-EVOLVE[ettv].torrent
    2012-11-14 23:50 - 2012-11-14 23:50 - 00056702 ____A C:\Users\thrilla\Downloads\[isoHunt] The.Matador[2005]DvDrip.AC3[Eng]-aXXo.torrent
    2012-11-14 09:10 - 2011-10-16 02:01 - 00109688 ____A C:\Users\thrilla\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-14 09:05 - 2009-07-13 20:45 - 00418584 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-14 08:46 - 2012-07-31 16:48 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-11-14 08:06 - 2011-10-17 01:18 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-14 08:03 - 2009-07-13 18:34 - 00000837 ____A C:\Windows\win.ini
    2012-11-13 21:05 - 2012-11-13 21:05 - 01715560 ____A (Comfort Software Group ) C:\Users\thrilla\Downloads\FreeAlarmClockSetup.exe
    2012-11-13 21:05 - 2012-11-13 21:05 - 00001005 ____A C:\Users\thrilla\Desktop\Free Alarm Clock.lnk
    2012-11-13 21:05 - 2012-11-13 21:05 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
    2012-11-07 21:08 - 2011-10-18 23:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn
    2012-11-07 21:04 - 2011-10-18 23:33 - 00088008 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
    2012-11-07 21:04 - 2011-10-18 23:33 - 00083880 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
    2012-11-07 21:04 - 2011-10-18 23:33 - 00035240 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll


    ZeroAccess:
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\@
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L\00000004.@
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L\201d3dde
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\L\4cce1f70
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\00000008.@
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000032.@
    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-28 17:30:19
    Restore point made on: 2012-12-01 07:01:15
    Restore point made on: 2012-12-01 22:22:41
    Restore point made on: 2012-12-01 22:25:04
    Restore point made on: 2012-12-02 04:12:56
    Restore point made on: 2012-12-05 04:37:07

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4075.72 MB
    Available physical RAM: 3458.93 MB
    Total Pagefile: 4073.87 MB
    Available Pagefile: 3452.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:256.35 GB) (Free:13.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:314.82 GB) (Free:8.94 GB) NTFS
    3 Drive e: (TrendMicro) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
    4 Drive f: (MYLINUXLIVE) (Removable) (Total:3.77 GB) (Free:3.72 GB) NTFS
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 1024 KB
    Disk 1 Online 3864 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 25 GB 1024 KB
    Partition 2 Primary 256 GB 25 GB
    Partition 0 Extended 314 GB 281 GB
    Partition 3 Logical 314 GB 281 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 256 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DATA NTFS Partition 314 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3863 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F MYLINUXLIVE NTFS Removable 3863 MB Healthy

    =========================================================

    Last Boot: 2012-12-05 23:46

    ==================== End Of Log =============================
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I need this done too please:
  8. thrilla

    thrilla Newcomer, in training Topic Starter

    Sorry about that. Here it is.

    Farbar Recovery Scan Tool (x64) Version: 02-12-2012
    Ran by SYSTEM at 2012-12-08 12:03:19
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below (at bottom of this post), and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    Attached Files:

  10. thrilla

    thrilla Newcomer, in training Topic Starter

    Thanks! After I ran FRST64, my antivirus did not detect the trojans anymore, although MalwareBytes was still blocking suspicious web sites.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
    Ran by SYSTEM at 2012-12-09 11:55:57 Run:1
    Running from G:\

    ==============================================

    C:\Windows\Installer\{29442026-b511-1173-2e26-4a1a0511f039} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  11. thrilla

    thrilla Newcomer, in training Topic Starter

    ComboFix 12-12-07.01 - thrilla 09/12/2012 12:13:46.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4076.2357 [GMT 11:00]
    Running from: c:\users\thrilla\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-07 04:54 . 2012-12-07 04:54--------d-----w-C:\FRST
    2012-12-07 02:41 . 2012-12-08 05:0876232----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\offreg.dll
    2012-12-06 06:54 . 2012-12-06 06:54--------d-----w-c:\users\thrilla\AppData\Roaming\Malwarebytes
    2012-12-06 06:54 . 2012-12-06 06:54--------d-----w-c:\programdata\Malwarebytes
    2012-12-06 06:54 . 2012-12-06 06:54--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-12-06 06:54 . 2012-09-29 08:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-12-05 12:06 . 2012-12-05 12:06--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-12-05 09:44 . 2012-12-05 09:44220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-05 09:43 . 2012-12-05 09:44--------d-----w-c:\program files (x86)\Mega Codec Pack
    2012-12-05 01:48 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{53A69B69-9494-4CA7-91D1-189DB1B7AF5F}\mpengine.dll
    2012-12-02 06:01 . 2012-12-02 06:01--------d-----w-c:\users\thrilla\AppData\Local\Innovative Solutions
    2012-12-02 06:01 . 2012-12-02 06:01--------d-----w-c:\program files (x86)\Innovative Solutions
    2012-12-02 05:03 . 2012-12-02 05:57--------d-----w-c:\users\thrilla\AppData\Roaming\DriverFinder
    2012-12-02 01:52 . 2012-12-02 01:52--------d-----w-c:\programdata\ATI
    2012-12-01 15:35 . 2012-12-01 15:35--------d-----w-c:\program files (x86)\AMD APP
    2012-12-01 15:34 . 2012-12-01 15:35--------d-----w-c:\program files\ATI Technologies
    2012-12-01 15:00 . 2012-12-01 15:29--------d-----w-C:\AMD
    2012-12-01 14:07 . 2012-12-01 14:07--------d-----w-c:\program files (x86)\Common Files\Skype
    2012-12-01 13:58 . 2003-03-15 12:1590112----a-w-c:\windows\unvise32.exe
    2012-11-16 13:53 . 2012-11-17 00:03--------d-----w-c:\program files (x86)\Appnimi
    2012-11-14 16:33 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 16:33 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-14 16:33 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-14 16:33 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-14 16:12 . 2012-10-08 11:4210925568----a-w-c:\windows\system32\ieframe.dll
    2012-11-14 16:05 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-14 16:05 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-11-14 16:05 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-14 16:05 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-14 16:05 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-14 16:05 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-14 16:05 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-14 05:58 . 2012-10-03 17:4470656----a-w-c:\windows\system32\nlaapi.dll
    2012-11-14 05:58 . 2012-10-03 16:4218944----a-w-c:\windows\SysWow64\netevent.dll
    2012-11-14 05:58 . 2012-10-03 16:0745568----a-w-c:\windows\system32\drivers\tcpipreg.sys
    2012-11-14 05:58 . 2012-10-03 17:4418944----a-w-c:\windows\system32\netevent.dll
    2012-11-14 05:48 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2012-11-14 05:48 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2012-11-14 05:05 . 2012-11-14 05:05--------d-----w-c:\program files (x86)\FreeAlarmClock
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-05 12:01 . 2011-10-16 10:0245056----a-w-c:\windows\SysWow64\acovcnt.exe
    2012-11-14 16:06 . 2011-10-17 09:1866395536----a-w-c:\windows\system32\MRT.exe
    2012-11-08 05:04 . 2011-10-19 07:3388008----a-w-c:\windows\system32\LMIRfsClientNP.dll
    2012-11-08 05:04 . 2011-10-19 07:3335240----a-w-c:\windows\system32\LMIport.dll
    2012-11-08 05:04 . 2011-10-19 07:3383880----a-w-c:\windows\system32\LMIinit.dll
    2012-10-22 18:54 . 2011-07-14 13:495623976----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-10-22 18:00 . 2011-07-14 14:20948224----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-10-22 17:59 . 2011-07-14 14:191136640----a-w-c:\windows\system32\aticfx64.dll
    2012-10-22 17:40 . 2011-07-14 14:007370240----a-w-c:\windows\system32\atidxx64.dll
    2012-10-22 17:39 . 2011-07-14 13:426778880----a-w-c:\windows\system32\atiumd64.dll
    2012-10-22 17:28 . 2011-07-14 13:34618496----a-w-c:\windows\system32\atiadlxx.dll
    2012-10-22 17:25 . 2011-07-14 13:33130048----a-w-c:\windows\system32\atiuxp64.dll
    2012-10-22 17:25 . 2011-07-14 13:32104448----a-w-c:\windows\system32\atiu9p64.dll
    2012-10-22 17:25 . 2011-07-14 13:3283968----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-10-22 16:44 . 2011-07-14 13:574674048----a-w-c:\windows\system32\atiumd6a.dll
    2012-10-22 16:34 . 2011-07-14 13:483862528----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-10-16 08:38 . 2012-11-28 00:57135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 00:57350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 00:57561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-09-28 04:37 . 2012-09-28 04:37221696----a-w-c:\windows\system32\clinfo.exe
    2012-09-28 04:36 . 2012-09-28 04:3675776----a-w-c:\windows\system32\OpenVideo64.dll
    2012-09-28 04:36 . 2012-09-28 04:3665536----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-09-28 04:36 . 2012-09-28 04:3663488----a-w-c:\windows\system32\OVDecode64.dll
    2012-09-28 04:36 . 2012-09-28 04:3656320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-09-28 04:36 . 2012-09-28 04:3632635904----a-w-c:\windows\system32\amdocl64.dll
    2012-09-28 04:32 . 2012-09-28 04:3227341824----a-w-c:\windows\SysWow64\amdocl.dll
    2012-09-28 04:28 . 2012-09-28 04:2854784----a-w-c:\windows\system32\OpenCL.dll
    2012-09-28 04:28 . 2012-09-28 04:2850176----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-09-14 19:19 . 2012-10-10 18:472048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 18:472048----a-w-c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2012-12-05 09:44220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-21 896912]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "m3me Conductor Server"="c:\program files (x86)\m3me\Conductor Server\ConductorServer.exe" [2011-08-10 557056]
    "FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2011-11-22 1327440]
    "DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-11-14 11324864]
    "DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-11-14 11324864]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "BuffaloTools"="c:\program files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe" [2010-03-30 169336]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
    .
    c:\users\thrilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\thrilla\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-7-24 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    .
    R1 hdtcwgxw;hdtcwgxw;c:\windows\system32\drivers\hdtcwgxw.sys [x]
    R1 xjlyracu;xjlyracu;c:\windows\system32\drivers\xjlyracu.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    R3 bftpusbx64;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx64.sys [2010-01-18 20608]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-17 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
    S0 bftpdskc64;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc64.sys [2010-01-12 67712]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 270912]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/03/12 14:37];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 20:58 146928]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-10-22 240640]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-08 375728]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-01-03 77824]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2011-11-20 202592]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-04 436840]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-30 44672]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 22:52]
    .
    2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 22:52]
    .
    2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001Core.job
    - c:\users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 08:34]
    .
    2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705378939-3791143662-2486378131-1001UA.job
    - c:\users\thrilla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 08:34]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41220160----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41220160----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\thrilla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
    "PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=56e83a45000000000000dadf9a5c6377
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: cleverreach.com\novastor
    Trusted Zone: google-analytics.com
    Trusted Zone: novastor.com
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{6C5CF1DF-ACBC-4D75-B8A8-CE3C77EB8BAC}: NameServer = 8.8.8.8,8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
    Wow6432Node-HKCU-Run-DriverFinder - c:\program files (x86)\DriverFinder\DriverFinder.exe
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
    Toolbar-Locked - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    HKLM-Run-tvncontrol - c:\program files\TightVNC\tvnserver.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    AddRemove-dBpoweramp CLI Encoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4a Utilities - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4b Audio book Encoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Musepack Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-705378939-3791143662-2486378131-1001\Software\SecuROM\License information*]
    "datasecu"=hex:e9,0a,9f,ec,99,85,40,08,5f,9d,54,89,21,e7,00,35,9c,3c,60,cd,df,
    be,fb,f9,5b,fc,c7,c7,5a,75,aa,91,9f,c7,35,a8,d4,fe,b2,cf,29,a8,85,65,ed,cb,\
    "rkeysecu"=hex:e8,21,a8,6e,39,f5,15,aa,3d,f9,18,b3,2c,56,c6,9d
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-09 12:36:57
    ComboFix-quarantined-files.txt 2012-12-09 01:36
    .
    Pre-Run: 16,796,069,888 bytes free
    Post-Run: 18,746,818,560 bytes free
    .
    - - End Of File - - 74B9ABC0463A63D44054978E41FF5301
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  13. thrilla

    thrilla Newcomer, in training Topic Starter

    # AdwCleaner v2.100 - Logfile created 12/10/2012 at 13:58:36
    # Updated 09/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : thrilla - THRILLA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\thrilla\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\thrilla\AppData\Local\Babylon
    Folder Deleted : C:\Users\thrilla\AppData\Local\Conduit
    Folder Deleted : C:\Users\thrilla\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\thrilla\AppData\Roaming\Babylon

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
    Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=56e83a45000000000000dadf9a5c6377 --> hxxp://www.google.com

    -\\ Google Chrome v23.0.1271.95

    File : C:\Users\thrilla\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2828 octets] - [10/12/2012 13:58:36]

    ########## EOF - C:\AdwCleaner[S1].txt - [2888 octets] ##########
  14. thrilla

    thrilla Newcomer, in training Topic Starter

    Just finished the Eset online scanner. It found three issues. Here is the log. Looking good so far much obliged.

    C:\FRST\Quarantine\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000032.@probably a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{29442026-b511-1173-2e26-4a1a0511f039}\U\80000064.@a variant of Win64/Sirefef.AN trojancleaned by deleting - quarantined
    D:\Media\Adobe Acrobat X Pro 10\AcrobatPro_10_Web_WWEFD.exeWin32/InstallMonetizer.AH applicationcleaned by deleting - quarantined
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent! It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  16. thrilla

    thrilla Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET NOD32 Antivirus 5.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 31
    Java(TM) 7 Update 1
    Java(TM) SE Runtime Environment 6 Update 1
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  17. thrilla

    thrilla Newcomer, in training Topic Starter

    Things are looking good. Don't think my PC has ever been this clean! :) You rock!
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Topic solved. :D
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.