Inactive Sirefef got me

[Vitharr]

I recently (Yesterday) got Sirefef.W and Sirefef.AB on my computer. I thought I had cleaned it, like the noob I am, and uninstalled and reinstalled MSE. I had already run Malwarebytes before this, and it stopped all the symptoms at the time, but once I had reinstalled MSE my computer, like many others who have done the same thing, began to restart upon booting. If I let it, it boots and then restarts freely forever. I have a flash drive with Farbar on it, but I wanted to check in with you guys before I follow any other steps I have seen. I don't want to do something stupid. I can't do anything further on my computer that is stated in the 5-Step thread page thing. Help would be appreciated. Thanks!

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button.
• type exit and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

 

[Vitharr]

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 28-07-2012 13:49:47
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet004
========================== Registry (Whitelisted) =============
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\cal\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-05] (Valve Corporation)
HKU\cal\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\cal\...\Run: [condmt] "C:\Windows\System32\rundll32.exe" "C:\Users\cal\AppData\Roaming\condmt.dll",OverflowError [434176 2012-07-27] (BitTorrent, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.3.1
Startup: C:\Users\cal\Start Menu\Programs\Startup\desktop (1).ini ()
==================== Services (Whitelisted) ======
2 AntUpdaterService; "C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe" [520216 2011-06-29] (Ant.com)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-07-13] ()
========================== Drivers (Whitelisted) =============
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-21] (DT Soft Ltd)
3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
1 fevgchvg; \??\C:\Windows\system32\drivers\fevgchvg.sys [x]
1 mjuvgsya; \??\C:\Windows\system32\drivers\mjuvgsya.sys [x]
1 nbodljsr; \??\C:\Windows\system32\drivers\nbodljsr.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-27 20:31 - 2012-07-27 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CCD3E78FA98C94F
2012-07-27 20:27 - 2012-07-27 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DA43F55A93E6778
2012-07-27 20:23 - 2012-07-27 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E43C101B53DC252A
2012-07-27 20:19 - 2012-07-27 20:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BD5E387BA128FF
2012-07-27 20:15 - 2012-07-27 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DB948AC1CCBCA63
2012-07-27 20:08 - 2012-07-27 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6FB4C57B0E967DB
2012-07-27 20:00 - 2012-07-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172582619AC913D0
2012-07-27 19:56 - 2012-07-27 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A5B2A4F40A08197
2012-07-27 19:52 - 2012-07-27 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DB9DB67B32946F3
2012-07-27 19:49 - 2012-07-27 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.087F909DA29B6998
2012-07-27 19:41 - 2012-07-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DEBCF7F21934A0E
2012-07-27 19:33 - 2012-07-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54601271FD8226CF
2012-07-27 19:22 - 2012-07-27 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EEC17ED03A57CAB
2012-07-27 19:18 - 2012-07-27 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E95369A8A87D1F6E
2012-07-27 19:07 - 2012-07-27 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6A597B8AAF6770A
2012-07-27 19:03 - 2012-07-27 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65C9F1F2CD98556F
2012-07-27 19:03 - 2012-07-27 19:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xpluhfga.sys
2012-07-27 19:02 - 2012-07-27 19:02 - 00274384 ____A C:\Windows\Minidump\072712-24585-01.dmp
2012-07-27 19:02 - 2012-07-27 19:02 - 00000000 ____D C:\Windows\Minidump
2012-07-27 19:01 - 2012-07-27 19:01 - 274274446 ____A C:\Windows\MEMORY.DMP
2012-07-27 17:15 - 2012-07-27 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.183FA52B3A5C0912
2012-07-27 17:09 - 2012-07-27 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E02BD63384EBEFC3
2012-07-27 17:05 - 2012-07-27 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E1151B4E8C78FA3
2012-07-27 17:01 - 2012-07-27 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0769342A623DAD
2012-07-27 16:45 - 2012-07-27 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D030BC8E5374ED16
2012-07-27 16:39 - 2012-07-27 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7575F09342F79F
2012-07-27 16:35 - 2012-07-27 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6E621C39A9E46D
2012-07-27 16:31 - 2012-07-27 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28DD07FDFA27BE06
2012-07-27 16:27 - 2012-07-27 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7F6501B8F6C1DAE
2012-07-27 16:23 - 2012-07-27 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE4C12491C5F496B
2012-07-27 16:19 - 2012-07-27 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F8F3497207FF759
2012-07-27 16:15 - 2012-07-27 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46656B8CD5C97199
2012-07-27 16:11 - 2012-07-27 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AFCCB56669F834
2012-07-27 16:07 - 2012-07-27 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AE9664CF1F1BA88
2012-07-27 16:03 - 2012-07-27 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23DBB95DEBB5DFE5
2012-07-27 15:59 - 2012-07-27 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D34D7738608BCE2
2012-07-27 15:55 - 2012-07-27 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.006D7B19150FE90A
2012-07-27 15:51 - 2012-07-27 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCEF6B3D10240A0
2012-07-27 15:47 - 2012-07-27 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FC8CFCACB986FDF
2012-07-27 15:42 - 2012-07-27 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C3C7BAD0C51867F
2012-07-27 15:38 - 2012-07-27 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5BB2AE0AD490D84
2012-07-27 15:34 - 2012-07-27 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111861B8E64D1708
2012-07-27 15:30 - 2012-07-27 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10156286EBCFC62C
2012-07-27 15:26 - 2012-07-27 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41BBF73EAE0287E9
2012-07-27 15:22 - 2012-07-27 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C2502E00EA8519
2012-07-27 15:18 - 2012-07-27 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.170A9607A1BFB923
2012-07-27 15:12 - 2012-07-27 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B1FB702AAF3475C
2012-07-27 15:08 - 2012-07-27 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D961E3F22833B4E3
2012-07-27 15:03 - 2012-07-27 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCC50B6C5D566056
2012-07-27 14:59 - 2012-07-27 14:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.784C1F5459BCD752
2012-07-27 14:55 - 2012-07-27 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2502682792C162C7
2012-07-27 14:51 - 2012-07-27 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B192EAF2E46BF521
2012-07-27 14:47 - 2012-07-27 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA3071B934410DF
2012-07-27 14:41 - 2012-07-27 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40283D2C7A8708F7
2012-07-27 14:37 - 2012-07-27 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5BF994858A91B83
2012-07-27 14:33 - 2012-07-27 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61927ED55B06619A
2012-07-27 14:16 - 2012-07-27 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.801A96E38371FA75
2012-07-27 14:16 - 2012-07-27 14:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bxaknppc.sys
2012-07-27 14:07 - 2012-07-27 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94263988E22B912F
2012-07-27 13:58 - 2012-07-27 13:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-27 13:58 - 2012-07-27 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

 

[Vitharr]

============ 3 Months Modified Files ========================
2012-07-28 09:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 09:39 - 2009-07-13 20:51 - 00034093 ____A C:\Windows\setupact.log
2012-07-27 20:45 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-27 20:31 - 2012-07-27 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CCD3E78FA98C94F
2012-07-27 20:27 - 2012-07-27 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DA43F55A93E6778
2012-07-27 20:23 - 2012-07-27 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E43C101B53DC252A
2012-07-27 20:23 - 2012-04-04 17:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-27 20:19 - 2012-07-27 20:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BD5E387BA128FF
2012-07-27 20:15 - 2012-07-27 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DB948AC1CCBCA63
2012-07-27 20:08 - 2012-07-27 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6FB4C57B0E967DB
2012-07-27 20:00 - 2012-07-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172582619AC913D0
2012-07-27 19:56 - 2012-07-27 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A5B2A4F40A08197
2012-07-27 19:52 - 2012-07-27 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DB9DB67B32946F3
2012-07-27 19:49 - 2012-07-27 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.087F909DA29B6998
2012-07-27 19:41 - 2012-07-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DEBCF7F21934A0E
2012-07-27 19:33 - 2012-07-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54601271FD8226CF
2012-07-27 19:22 - 2012-07-27 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EEC17ED03A57CAB
2012-07-27 19:18 - 2012-07-27 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E95369A8A87D1F6E
2012-07-27 19:07 - 2012-07-27 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6A597B8AAF6770A
2012-07-27 19:03 - 2012-07-27 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65C9F1F2CD98556F
2012-07-27 19:03 - 2012-07-27 19:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xpluhfga.sys
2012-07-27 19:02 - 2012-07-27 19:02 - 00274384 ____A C:\Windows\Minidump\072712-24585-01.dmp
2012-07-27 19:01 - 2012-07-27 19:01 - 274274446 ____A C:\Windows\MEMORY.DMP
2012-07-27 17:16 - 2009-07-13 21:13 - 00729514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-27 17:15 - 2012-07-27 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.183FA52B3A5C0912
2012-07-27 17:09 - 2012-07-27 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E02BD63384EBEFC3
2012-07-27 17:05 - 2012-07-27 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E1151B4E8C78FA3
2012-07-27 17:01 - 2012-07-27 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0769342A623DAD
2012-07-27 16:49 - 2012-04-02 21:03 - 01851499 ____A C:\Windows\WindowsUpdate.log
2012-07-27 16:45 - 2012-07-27 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D030BC8E5374ED16
2012-07-27 16:39 - 2012-07-27 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7575F09342F79F
2012-07-27 16:35 - 2012-07-27 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6E621C39A9E46D
2012-07-27 16:31 - 2012-07-27 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28DD07FDFA27BE06
2012-07-27 16:27 - 2012-07-27 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7F6501B8F6C1DAE
2012-07-27 16:23 - 2012-07-27 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE4C12491C5F496B
2012-07-27 16:19 - 2012-07-27 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F8F3497207FF759
2012-07-27 16:15 - 2012-07-27 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46656B8CD5C97199
2012-07-27 16:11 - 2012-07-27 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AFCCB56669F834
2012-07-27 16:07 - 2012-07-27 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AE9664CF1F1BA88
2012-07-27 16:03 - 2012-07-27 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23DBB95DEBB5DFE5
2012-07-27 15:59 - 2012-07-27 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D34D7738608BCE2
2012-07-27 15:55 - 2012-07-27 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.006D7B19150FE90A
2012-07-27 15:51 - 2012-07-27 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCEF6B3D10240A0
2012-07-27 15:47 - 2012-07-27 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FC8CFCACB986FDF
2012-07-27 15:42 - 2012-07-27 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C3C7BAD0C51867F
2012-07-27 15:38 - 2012-07-27 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5BB2AE0AD490D84
2012-07-27 15:34 - 2012-07-27 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111861B8E64D1708
2012-07-27 15:30 - 2012-07-27 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10156286EBCFC62C
2012-07-27 15:26 - 2012-07-27 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41BBF73EAE0287E9
2012-07-27 15:22 - 2012-07-27 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C2502E00EA8519
2012-07-27 15:18 - 2012-07-27 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.170A9607A1BFB923
2012-07-27 15:12 - 2012-07-27 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B1FB702AAF3475C
2012-07-27 15:08 - 2012-07-27 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D961E3F22833B4E3
2012-07-27 15:03 - 2012-07-27 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCC50B6C5D566056
2012-07-27 14:59 - 2012-07-27 14:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.784C1F5459BCD752
2012-07-27 14:55 - 2012-07-27 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2502682792C162C7
2012-07-27 14:51 - 2012-07-27 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B192EAF2E46BF521
2012-07-27 14:47 - 2012-07-27 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA3071B934410DF
2012-07-27 14:41 - 2012-07-27 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40283D2C7A8708F7
2012-07-27 14:37 - 2012-07-27 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5BF994858A91B83
2012-07-27 14:33 - 2012-07-27 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61927ED55B06619A
2012-07-27 14:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-27 14:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-27 14:16 - 2012-07-27 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.801A96E38371FA75
2012-07-27 14:16 - 2012-07-27 14:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bxaknppc.sys
2012-07-27 14:07 - 2012-07-27 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94263988E22B912F
2012-07-27 13:59 - 2012-04-03 19:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 13:59 - 2012-04-03 19:22 - 00745106 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 10:07 - 2010-11-20 19:47 - 00012324 ____A C:\Windows\PFRO.log
2012-07-27 09:31 - 2012-06-08 09:36 - 00000214 ____A C:\Users\cal\Desktop\100 Greatest Internet Videos In 3 Minutes - YouTube.url
2012-07-27 08:12 - 2012-07-27 08:12 - 00000655 ____A C:\Users\cal\Desktop\File_Recovery.lnk
2012-07-27 08:12 - 2012-07-27 08:12 - 00000368 ____A C:\Users\All Users\6IYqpdniL7Y909
2012-07-27 08:12 - 2012-07-27 08:12 - 00000072 ____A C:\Users\All Users\-6IYqpdniL7Y909r
2012-07-27 08:12 - 2012-07-27 08:12 - 00000072 ____A C:\Users\All Users\-6IYqpdniL7Y909
2012-07-27 08:06 - 2012-07-27 08:06 - 00434176 ____A (BitTorrent, Inc.) C:\Users\cal\AppData\Roaming\condmt.dll
2012-07-25 16:48 - 2012-07-25 16:48 - 00002180 ____A C:\Users\cal\Desktop\Amnesia.lnk
2012-07-25 05:26 - 2012-07-25 05:23 - 349734253 ____A C:\Users\cal\Downloads\Kerbal_0_16.zip
2012-07-24 09:59 - 2012-04-05 13:35 - 00365030 ____A C:\Windows\DirectX.log
2012-07-24 09:14 - 2012-07-24 09:14 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-07-24 09:13 - 2012-07-24 09:13 - 00000779 ____A C:\Users\cal\Desktop\Perfect Uninstaller.lnk
2012-07-23 18:07 - 2012-07-21 00:41 - 131645267 ____A C:\Users\cal\Downloads\Apocalyptica_-_Worlds_Collide_(2007)_320kbps.rar
2012-07-22 16:55 - 2012-07-22 16:55 - 00000214 ____A C:\Users\cal\Desktop\Assassin's Creed Series Cinematic Trailers - YouTube.url
2012-07-19 17:05 - 2012-07-27 12:59 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-19 16:13 - 2012-05-20 18:18 - 00000757 ____A C:\Users\cal\Desktop\Grad Party List.txt
2012-07-18 18:14 - 2012-07-18 15:34 - 2604072960 ____A C:\Users\cal\Downloads\Assassin's Creed by LoxFalcon.iso
2012-07-17 12:36 - 2012-07-17 12:36 - 00000562 ____A C:\Users\cal\Grad List.txt
2012-07-17 08:24 - 2012-07-17 08:24 - 00000160 ____A C:\Users\cal\Users.txt
2012-07-17 08:24 - 2012-07-17 08:24 - 00000038 ____A C:\Users\cal\Bands.txt
2012-07-16 15:48 - 2012-07-16 15:48 - 00000306 ____A C:\Users\cal\Desktop\http--www.stuffistumbledupon.com-wp-content-uploads-2012-04-Black-Metal-Meme-Death-Metal-I-went-to-church-once-left-no-survivors-lol-funny-lolz.jpg.url
2012-07-16 15:48 - 2012-07-16 15:48 - 00000135 ____A C:\Users\cal\Desktop\http--www.tickld.com-images-content-12511.jpg.url
2012-07-14 20:06 - 2012-07-14 20:06 - 00003209 ____A C:\Users\cal\Downloads\DLC+All.outfits+Uplay.gun.capacity.upgrade.rar
2012-07-14 19:55 - 2012-07-14 19:55 - 00001799 ____A C:\Users\cal\Downloads\OPTIONS
2012-07-13 21:53 - 2012-07-13 21:53 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-13 21:53 - 2012-07-13 21:53 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-12 17:15 - 2012-07-12 17:15 - 00002040 ____A C:\Users\cal\Downloads\AC2 DLC Enable.rar
2012-07-10 23:24 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-09 15:50 - 2012-04-04 17:01 - 00000024 ____A C:\Users\cal\random.dat
2012-07-09 14:12 - 2012-04-04 17:01 - 00000042 ____A C:\Users\cal\jagex_cl_runescape_LIVE.dat
2012-07-04 16:36 - 2012-07-04 16:36 - 00001035 ____A C:\Users\cal\Desktop\Dead Space By Synergy.lnk
2012-07-04 14:20 - 2012-06-29 02:44 - 299224008 ____A C:\Users\cal\Downloads\www.NewAlbumReleases.net_Two Steps from Hell - Nero (2011).rar
2012-07-03 09:46 - 2012-04-04 17:19 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 14:39 - 2012-07-27 12:59 - 00001049 ____A C:\Users\Public\Desktop\Dead Space 2.lnk
2012-07-01 20:59 - 2012-07-01 20:59 - 00000101 ____A C:\Users\cal\Desktop\The Site.txt
2012-07-01 18:49 - 2012-07-01 18:49 - 00000219 ____A C:\Users\cal\Desktop\Team Fortress 2.url
2012-06-30 08:31 - 2012-06-29 13:22 - 00000315 ____A C:\Users\cal\Documents\Addresses for 6-30-12.txt
2012-06-29 12:36 - 2012-06-29 12:36 - 00000194 ____A C:\Users\cal\Documents\Captcha.txt
2012-06-28 17:41 - 2012-06-28 17:40 - 73554945 ____A C:\Users\cal\Downloads\receiver_rc4_win.zip
2012-06-28 07:52 - 2012-06-26 12:59 - 00000047 ____A C:\Users\cal\jagex_cl_runescape_LIVE_BETA.dat
2012-06-26 13:00 - 2010-05-04 13:08 - 00000129 ____A C:\Users\cal\jagex_runescape_preferences2.dat
2012-06-26 12:59 - 2010-05-04 13:07 - 00000046 ____A C:\Users\cal\jagex_runescape_preferences.dat
2012-06-24 16:13 - 2012-06-24 16:13 - 00000292 ____A C:\Users\cal\Desktop\Hand-Bras 94 Sexy Babes With All-Natural Undergarments WildAmmo.com.url
2012-06-22 13:31 - 2012-06-22 13:31 - 10619657 ____A C:\Users\cal\Downloads\the-fighters-stronghold.rar
2012-06-21 18:29 - 2012-07-27 12:59 - 00002168 ____A C:\Users\Public\Desktop\Oblivion.lnk
2012-06-21 08:05 - 2012-06-21 07:53 - 89356204 ____A C:\Users\cal\Downloads\1972_The_Magician__s_Birthday_(Bronze_260_135)(320).rar
2012-06-20 10:41 - 2012-06-20 10:30 - 96440183 ____A C:\Users\cal\Downloads\1970_Very_Eavy...Very_Umble_(Bronze_258_294)(320).rar
2012-06-20 08:41 - 2012-06-20 08:30 - 98094126 ____A C:\Users\cal\Downloads\1971_Look_at_Yourself_(Bronze_260_138)(320).rar
2012-06-19 20:48 - 2012-06-19 20:30 - 161546755 ____A C:\Users\cal\Downloads\1972_Demons_And_Wizards_(Remasters_With_Bonus_Tracks)(320).rar
2012-06-19 20:31 - 2012-06-19 20:31 - 00000244 ____A C:\Users\cal\Desktop\High Definition Porn - Passion HD.url
2012-06-19 19:39 - 2012-06-19 19:37 - 83946665 ____A C:\Users\cal\Downloads\[1971] Salisbury.rar
2012-06-17 10:44 - 2011-01-05 14:53 - 00000301 ____A C:\Users\cal\Desktop\YouTube - Crazy Lawn Chair Balloon Flight!.url
2012-06-17 10:41 - 2012-06-17 10:41 - 02660198 ____A C:\Users\cal\Downloads\Sumotori Dreams plus Editor.zip
2012-06-16 09:49 - 2012-06-16 09:49 - 00000141 ____A C:\Users\cal\Documents\Address.txt
2012-06-11 19:08 - 2012-07-10 23:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 17:02 - 2012-06-11 17:02 - 00000132 ____A C:\Users\cal\Desktop\Polish Dell USB Keyboard.url
2012-06-08 21:43 - 2012-07-10 22:42 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 22:42 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 09:39 - 2012-06-08 09:39 - 00000222 ____A C:\Users\cal\Desktop\super...tectonic dance - YouTube.url
2012-06-08 09:37 - 2012-06-08 09:37 - 00000222 ____A C:\Users\cal\Desktop\300 TECHNO VIKING - YouTube.url
2012-06-08 09:37 - 2012-06-08 09:37 - 00000206 ____A C:\Users\cal\Desktop\All hail techno viking - YouTube (2).url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000230 ____A C:\Users\cal\Desktop\Epic Win Compilation 2011 - Part 2 - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000222 ____A C:\Users\cal\Desktop\Techno Viking on dubstep - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000206 ____A C:\Users\cal\Desktop\Trick Shot Basketball Dude Perfect™ Summer Camp Edition (HD) - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000206 ____A C:\Users\cal\Desktop\baby laughing - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000206 ____A C:\Users\cal\Desktop\All hail techno viking - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000229 ____A C:\Users\cal\Desktop\Epic Win Compilation 2011 - Part 1 - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000222 ____A C:\Users\cal\Desktop\Video - Compilation Fail girls - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000222 ____A C:\Users\cal\Desktop\Girls Summer Fail Compilation 2011 - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000222 ____A C:\Users\cal\Desktop\Fail and win compilation - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000206 ____A C:\Users\cal\Desktop\Billy's Balls 2 - YouTube.url
2012-06-05 22:06 - 2012-07-10 22:42 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 22:42 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 22:42 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 22:42 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 22:42 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 22:42 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 07:50 - 2012-06-05 07:50 - 00000229 ____A C:\Users\cal\Desktop\Boo - The World's Cutest Dog on Good Morning America - YouTube.url
2012-06-05 07:50 - 2012-06-05 07:50 - 00000229 ____A C:\Users\cal\Desktop\Baby beavers get a second chance - YouTube.url
2012-06-05 07:50 - 2012-06-05 07:50 - 00000223 ____A C:\Users\cal\Desktop\#.url
2012-06-05 07:50 - 2012-06-05 07:50 - 00000222 ____A C:\Users\cal\Desktop\wolf howl - YouTube.url
2012-06-05 07:49 - 2012-06-05 07:49 - 00000222 ____A C:\Users\cal\Desktop\RCT3-Fantasmic Trip - YouTube.url
2012-06-05 07:49 - 2012-06-05 07:49 - 00000222 ____A C:\Users\cal\Desktop\AladdinThe Ride (RCT3) - YouTube.url
2012-06-04 19:14 - 2012-06-04 19:14 - 00000222 ____A C:\Users\cal\Desktop\HD RCT3 Firework Show - Pirates - YouTube (2).url
2012-06-04 05:29 - 2012-06-04 05:29 - 00000256 ____A C:\Users\cal\Desktop\Emma Watson and Other Child Stars Who Grew Up To Be Hot Mademan.com.url
2012-06-04 04:35 - 2012-06-04 04:35 - 00000222 ____A C:\Users\cal\Desktop\Friendly Deer - YouTube.url
2012-06-04 04:34 - 2012-06-04 04:34 - 00000222 ____A C:\Users\cal\Desktop\Meeting with wolves - YouTube.url
2012-06-02 14:19 - 2012-06-19 01:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 01:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 01:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 01:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 01:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 01:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 01:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 01:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-19 01:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 22:42 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 22:42 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 22:42 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 22:42 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 22:42 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:50 - 2012-06-01 20:50 - 00618105 ____A C:\Users\cal\Downloads\Stratasphere_Finale.fwd
2012-06-01 20:42 - 2012-06-01 20:42 - 00000222 ____A C:\Users\cal\Desktop\HD RCT3 Firework Show - Pirates - YouTube.url
2012-06-01 20:40 - 2012-07-10 22:42 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 22:42 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 22:42 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 22:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 14:56 - 2012-05-29 14:56 - 17091624 ____A C:\Users\cal\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2012-05-29 14:43 - 2012-05-29 14:43 - 00000206 ____A C:\Users\cal\Desktop\Opeth - The Lotus Eater 2010 (DVD Royal Albert Hall) - YouTube.url
2012-05-29 11:49 - 2012-05-29 11:49 - 00000174 ____A C:\Users\cal\Desktop\Theo Spark.url
2012-05-29 11:48 - 2012-05-29 11:48 - 00000223 ____A C:\Users\cal\Desktop\American Power April 2011.url
2012-05-29 11:45 - 2012-05-29 11:45 - 00000208 ____A C:\Users\cal\Desktop\Human Stop Sign Gets Removed Video.url
2012-05-29 03:46 - 2012-05-29 03:46 - 00000560 ____A C:\Users\cal\Desktop\Youtube2.txt
2012-05-26 17:42 - 2012-05-26 17:42 - 00000746 ____A C:\Users\cal\Desktop\Videos.txt
2012-05-26 17:32 - 2012-05-26 17:32 - 00000264 ____A C:\Users\cal\Desktop\http--verydemotivational.files.wordpress.com-2011-11-demotivational-posters-this-is-a-guy.jpg.url
2012-05-26 17:32 - 2012-05-26 17:32 - 00000261 ____A C:\Users\cal\Desktop\http--3.bp.blogspot.com-_28yniOTMoqI-TLFiAiKlmaI-AAAAAAAACAI-K7V60sZmf_o-s1600-Opeth+20+%C3%A5r,+Cirkus+114.JPG.url
2012-05-26 17:32 - 2012-05-26 17:32 - 00000242 ____A C:\Users\cal\Desktop\http--3.bp.blogspot.com-_zvn4w8W7e90-S9R59IcoGpI-AAAAAAAAAmY-R_uDUqq4N-I-s1600-img0005pi.jpg.url
2012-05-26 17:31 - 2012-05-26 17:31 - 00000231 ____A C:\Users\cal\Desktop\http--jonathanbradwell.files.wordpress.com-2010-09-fan-pop.jpg.url
2012-05-25 10:43 - 2012-05-25 10:43 - 00000222 ____A C:\Users\cal\Desktop\The Saga Of Biorn - YouTube.url
2012-05-25 08:01 - 2012-05-25 07:09 - 02756250 ____A C:\Users\cal\Documents\Top 10 Highest Paid Authors of 2011.pptx
2012-05-25 01:01 - 2012-05-25 00:56 - 03626696 ____A C:\Users\cal\Documents\DIRGE FOR NOVEMBER.pptx
2012-05-25 00:38 - 2012-05-25 00:38 - 00000160 ____A C:\Users\cal\Desktop\Shotgun Suicide Bath.url
2012-05-24 23:40 - 2012-05-24 23:40 - 00000163 ____A C:\Users\cal\Desktop\Blah.txt
2012-05-22 15:51 - 2012-05-22 15:51 - 00000966 ____A C:\Users\cal\Desktop\Max Payne 2.lnk
2012-05-22 14:07 - 2012-05-22 14:07 - 00000676 ____A C:\Users\cal\Desktop\Interesting stuff.txt
2012-05-22 13:23 - 2012-05-22 13:23 - 00000348 ____A C:\Users\cal\Desktop\Youtube.txt
2012-05-17 19:20 - 2012-05-17 19:19 - 69097700 ____A C:\Users\cal\Downloads\P-T-N-R.therebels.micael.rar
2012-05-17 19:15 - 2012-05-17 19:15 - 13054345 ____A C:\Users\cal\Downloads\2007 - Nil Recurring.part3.rar
2012-05-16 14:24 - 2012-05-16 14:24 - 00130619 ____A C:\Users\cal\Downloads\9360 Old Plank Ln, Brighton, MI 48114 to 3100 W Highland Rd, Howell, MI 48843 - Google Maps.htm
2012-05-15 19:42 - 2012-05-15 19:00 - 131507343 ____A C:\Users\cal\Downloads\k0l0n.rar
2012-05-09 23:16 - 2012-04-03 17:40 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 10:03 - 2010-05-03 17:48 - 00000277 ____A C:\Users\cal\Documents\password.txt
2012-05-07 11:08 - 2012-07-27 12:59 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2012-05-05 05:40 - 2012-05-05 05:40 - 00001322 ____A C:\Users\cal\Desktop\KSP.exe - Shortcut.lnk
2012-05-04 03:06 - 2012-06-13 07:18 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 07:18 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 07:18 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 11:44 - 2012-05-03 11:43 - 109204617 ____A C:\Users\cal\Downloads\KSP_win_0_13_3.zip
2012-04-30 21:40 - 2012-06-13 07:18 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
ZeroAccess:
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\@
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\L
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\U
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\U\00000001.@
ZeroAccess:
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}\@
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}\L
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 19%
Total physical RAM: 4094.49 MB
Available physical RAM: 3311.21 MB
Total Pagefile: 4092.69 MB
Available Pagefile: 3404.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:232.68 GB) (Free:20.12 GB) NTFS
3 Drive f: () (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 992 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 100 MB 48 MB
Partition 3 Primary 232 GB 148 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 991 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 991 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-17 21:03
======================= End Of Log ==========================

 

[Vitharr]

Oh, and my OS is Windows 7 and my computer is a 64bit. Not sure if you were able to gather that from the above stuff.

 

[Vitharr]

Don't mean to be rude, but is anyone there? I know you have lives and all, but is there someone else who could help if you are busy?

 

[Jay Pfoutz]

Weekends are tough for us to make it in here. My apologies you had to wait so long. Usually for me, I have to work a lot of extra time (offline job anyway) Saturday night into Sunday morning, so weekends bog me down bad.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}
2012-07-27 17:15 - 2012-07-27 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.183FA52B3A5C0912
2012-07-27 17:09 - 2012-07-27 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E02BD63384EBEFC3
2012-07-27 17:05 - 2012-07-27 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E1151B4E8C78FA3
2012-07-27 17:01 - 2012-07-27 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0769342A623DAD
2012-07-27 16:45 - 2012-07-27 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D030BC8E5374ED16
2012-07-27 16:39 - 2012-07-27 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7575F09342F79F
2012-07-27 16:35 - 2012-07-27 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6E621C39A9E46D
2012-07-27 16:31 - 2012-07-27 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28DD07FDFA27BE06
2012-07-27 16:27 - 2012-07-27 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7F6501B8F6C1DAE
2012-07-27 16:23 - 2012-07-27 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE4C12491C5F496B
2012-07-27 16:19 - 2012-07-27 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F8F3497207FF759
2012-07-27 16:15 - 2012-07-27 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46656B8CD5C97199
2012-07-27 16:11 - 2012-07-27 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AFCCB56669F834
2012-07-27 16:07 - 2012-07-27 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AE9664CF1F1BA88
2012-07-27 16:03 - 2012-07-27 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23DBB95DEBB5DFE5
2012-07-27 15:59 - 2012-07-27 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D34D7738608BCE2
2012-07-27 15:55 - 2012-07-27 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.006D7B19150FE90A
2012-07-27 15:51 - 2012-07-27 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCEF6B3D10240A0
2012-07-27 15:47 - 2012-07-27 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FC8CFCACB986FDF
2012-07-27 15:42 - 2012-07-27 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C3C7BAD0C51867F
2012-07-27 15:38 - 2012-07-27 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5BB2AE0AD490D84
2012-07-27 15:34 - 2012-07-27 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111861B8E64D1708
2012-07-27 15:30 - 2012-07-27 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10156286EBCFC62C
2012-07-27 15:26 - 2012-07-27 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41BBF73EAE0287E9
2012-07-27 15:22 - 2012-07-27 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C2502E00EA8519
2012-07-27 15:18 - 2012-07-27 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.170A9607A1BFB923
2012-07-27 15:12 - 2012-07-27 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B1FB702AAF3475C
2012-07-27 15:08 - 2012-07-27 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D961E3F22833B4E3
2012-07-27 15:03 - 2012-07-27 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCC50B6C5D566056
2012-07-27 14:59 - 2012-07-27 14:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.784C1F5459BCD752
2012-07-27 14:55 - 2012-07-27 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2502682792C162C7
2012-07-27 14:51 - 2012-07-27 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B192EAF2E46BF521
2012-07-27 14:47 - 2012-07-27 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA3071B934410DF
2012-07-27 14:41 - 2012-07-27 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40283D2C7A8708F7
2012-07-27 14:37 - 2012-07-27 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5BF994858A91B83
2012-07-27 14:33 - 2012-07-27 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61927ED55B06619A
2012-07-27 20:31 - 2012-07-27 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CCD3E78FA98C94F
2012-07-27 20:27 - 2012-07-27 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DA43F55A93E6778
2012-07-27 20:23 - 2012-07-27 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E43C101B53DC252A
2012-07-27 20:19 - 2012-07-27 20:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BD5E387BA128FF
2012-07-27 20:15 - 2012-07-27 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DB948AC1CCBCA63
2012-07-27 20:08 - 2012-07-27 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6FB4C57B0E967DB
2012-07-27 20:00 - 2012-07-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172582619AC913D0
2012-07-27 19:56 - 2012-07-27 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A5B2A4F40A08197
2012-07-27 19:52 - 2012-07-27 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DB9DB67B32946F3
2012-07-27 19:49 - 2012-07-27 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.087F909DA29B6998
2012-07-27 19:41 - 2012-07-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DEBCF7F21934A0E
2012-07-27 19:33 - 2012-07-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54601271FD8226CF
2012-07-27 19:22 - 2012-07-27 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EEC17ED03A57CAB
2012-07-27 19:18 - 2012-07-27 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E95369A8A87D1F6E
2012-07-27 19:07 - 2012-07-27 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6A597B8AAF6770A
2012-07-27 19:03 - 2012-07-27 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65C9F1F2CD98556F
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

 

[Vitharr]

No need to appologize, mate. I understand perfectly. Just wanted to check to see if everything here is good or if I should try somewhere else. Thanks again for the help!
The log is kind of short. Not sure if I did it correctly.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 18:38:44 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
==== End of Fixlog ====

 

[Jay Pfoutz]

Try the fix again, please. Also, I still need the search scan for services.exe.

 

[Vitharr]

I'll do that. Here is the search.txt file.
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-28 13:44:47
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-27 20:45] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

 

[Vitharr]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 14:13:01 Run:2
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
==== End of Fixlog ====

Same as before, I think?

 

[Jay Pfoutz]

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[Vitharr]

Did I do something wrong? I copied and pasted it into notepad, and everyline after start had a space infront of it. Is that normal?

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 15:28:37 Run:4
Running from F:\
==============================================
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
==== End of Fixlog ====

 

[Jay Pfoutz]

No. It cannot have spaces in front of it.

It should look like this in Notepad:

Therefore, please make sure to turn Wordwrap off in Notepad BEFORE pasting it. Hit Format and press Wordwrap (so that it is unchecked).

Try again, please.

 

[Vitharr]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 15:46:49 Run:5
Running from F:\
==============================================
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

 

[Jay Pfoutz]

Great work! Now, please re-run FRST and post a new log.

 

[Vitharr]

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 16:09:48
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet004
========================== Registry (Whitelisted) =============
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\cal\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-05] (Valve Corporation)
HKU\cal\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\cal\...\Run: [condmt] "C:\Windows\System32\rundll32.exe" "C:\Users\cal\AppData\Roaming\condmt.dll",OverflowError [434176 2012-07-27] (BitTorrent, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.3.1
Startup: C:\Users\cal\Start Menu\Programs\Startup\desktop (1).ini ()
==================== Services (Whitelisted) ======
2 AntUpdaterService; "C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe" [520216 2011-06-29] (Ant.com)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-07-13] ()
========================== Drivers (Whitelisted) =============
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-21] (DT Soft Ltd)
3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
1 fevgchvg; \??\C:\Windows\system32\drivers\fevgchvg.sys [x]
1 mjuvgsya; \??\C:\Windows\system32\drivers\mjuvgsya.sys [x]
1 nbodljsr; \??\C:\Windows\system32\drivers\nbodljsr.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-28 09:53 - 2012-07-28 09:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4A9B7D8D1348223
2012-07-27 20:31 - 2012-07-27 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CCD3E78FA98C94F
2012-07-27 20:27 - 2012-07-27 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DA43F55A93E6778
2012-07-27 20:23 - 2012-07-27 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E43C101B53DC252A
2012-07-27 20:19 - 2012-07-27 20:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BD5E387BA128FF
2012-07-27 20:15 - 2012-07-27 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DB948AC1CCBCA63
2012-07-27 20:08 - 2012-07-27 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6FB4C57B0E967DB
2012-07-27 20:00 - 2012-07-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172582619AC913D0
2012-07-27 19:56 - 2012-07-27 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A5B2A4F40A08197
2012-07-27 19:52 - 2012-07-27 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DB9DB67B32946F3
2012-07-27 19:49 - 2012-07-27 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.087F909DA29B6998
2012-07-27 19:41 - 2012-07-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DEBCF7F21934A0E
2012-07-27 19:33 - 2012-07-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54601271FD8226CF
2012-07-27 19:22 - 2012-07-27 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EEC17ED03A57CAB
2012-07-27 19:18 - 2012-07-27 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E95369A8A87D1F6E
2012-07-27 19:07 - 2012-07-27 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6A597B8AAF6770A
2012-07-27 19:03 - 2012-07-27 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65C9F1F2CD98556F
2012-07-27 19:03 - 2012-07-27 19:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xpluhfga.sys
2012-07-27 19:02 - 2012-07-27 19:02 - 00274384 ____A C:\Windows\Minidump\072712-24585-01.dmp
2012-07-27 19:02 - 2012-07-27 19:02 - 00000000 ____D C:\Windows\Minidump
2012-07-27 19:01 - 2012-07-27 19:01 - 274274446 ____A C:\Windows\MEMORY.DMP
2012-07-27 17:15 - 2012-07-27 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.183FA52B3A5C0912
2012-07-27 17:09 - 2012-07-27 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E02BD63384EBEFC3
2012-07-27 17:05 - 2012-07-27 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E1151B4E8C78FA3
2012-07-27 17:01 - 2012-07-27 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0769342A623DAD
2012-07-27 16:45 - 2012-07-27 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D030BC8E5374ED16
2012-07-27 16:39 - 2012-07-27 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7575F09342F79F
2012-07-27 16:35 - 2012-07-27 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6E621C39A9E46D
2012-07-27 16:31 - 2012-07-27 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28DD07FDFA27BE06
2012-07-27 16:27 - 2012-07-27 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7F6501B8F6C1DAE
2012-07-27 16:23 - 2012-07-27 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE4C12491C5F496B
2012-07-27 16:19 - 2012-07-27 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F8F3497207FF759
2012-07-27 16:15 - 2012-07-27 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46656B8CD5C97199
2012-07-27 16:11 - 2012-07-27 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AFCCB56669F834
2012-07-27 16:07 - 2012-07-27 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AE9664CF1F1BA88
2012-07-27 16:03 - 2012-07-27 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23DBB95DEBB5DFE5
2012-07-27 15:59 - 2012-07-27 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D34D7738608BCE2
2012-07-27 15:55 - 2012-07-27 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.006D7B19150FE90A
2012-07-27 15:51 - 2012-07-27 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCEF6B3D10240A0
2012-07-27 15:47 - 2012-07-27 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FC8CFCACB986FDF
2012-07-27 15:42 - 2012-07-27 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C3C7BAD0C51867F
2012-07-27 15:38 - 2012-07-27 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5BB2AE0AD490D84
2012-07-27 15:34 - 2012-07-27 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111861B8E64D1708
2012-07-27 15:30 - 2012-07-27 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10156286EBCFC62C
2012-07-27 15:26 - 2012-07-27 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41BBF73EAE0287E9
2012-07-27 15:22 - 2012-07-27 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C2502E00EA8519
2012-07-27 15:18 - 2012-07-27 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.170A9607A1BFB923
2012-07-27 15:12 - 2012-07-27 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B1FB702AAF3475C
2012-07-27 15:08 - 2012-07-27 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D961E3F22833B4E3
2012-07-27 15:03 - 2012-07-27 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCC50B6C5D566056
2012-07-27 14:59 - 2012-07-27 14:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.784C1F5459BCD752
2012-07-27 14:55 - 2012-07-27 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2502682792C162C7
2012-07-27 14:51 - 2012-07-27 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B192EAF2E46BF521
2012-07-27 14:47 - 2012-07-27 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA3071B934410DF
2012-07-27 14:41 - 2012-07-27 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40283D2C7A8708F7
2012-07-27 14:37 - 2012-07-27 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5BF994858A91B83
2012-07-27 14:33 - 2012-07-27 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61927ED55B06619A
2012-07-27 14:16 - 2012-07-27 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.801A96E38371FA75
2012-07-27 14:16 - 2012-07-27 14:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bxaknppc.sys
2012-07-27 14:07 - 2012-07-27 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94263988E22B912F
2012-07-27 13:58 - 2012-07-27 13:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-27 13:58 - 2012-07-27 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-27 12:59 - 2012-07-19 17:05 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-27 12:59 - 2012-07-02 14:39 - 00001049 ____A C:\Users\Public\Desktop\Dead Space 2.lnk
2012-07-27 12:59 - 2012-06-21 18:29 - 00002168 ____A C:\Users\Public\Desktop\Oblivion.lnk
2012-07-27 12:59 - 2012-05-07 11:08 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2012-07-27 12:59 - 2012-04-23 11:40 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-27 12:59 - 2012-04-21 14:01 - 00001954 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-07-27 12:59 - 2012-04-06 16:19 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-07-27 12:59 - 2012-04-05 13:42 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-27 08:48 - 2012-04-04 17:19 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 08:12 - 2012-07-27 08:12 - 00000655 ____A C:\Users\cal\Desktop\File_Recovery.lnk
2012-07-27 08:12 - 2012-07-27 08:12 - 00000368 ____A C:\Users\All Users\6IYqpdniL7Y909
2012-07-27 08:12 - 2012-07-27 08:12 - 00000072 ____A C:\Users\All Users\-6IYqpdniL7Y909r
2012-07-27 08:12 - 2012-07-27 08:12 - 00000072 ____A C:\Users\All Users\-6IYqpdniL7Y909
2012-07-27 08:06 - 2012-07-27 08:06 - 00434176 ____A (BitTorrent, Inc.) C:\Users\cal\AppData\Roaming\condmt.dll
2012-07-27 08:06 - 2012-07-27 08:06 - 00000000 ____D C:\Users\cal\AppData\Local\{0BBF6C3D-D805-11E1-8270-B8AC6F996F26}
2012-07-27 08:05 - 2012-07-27 08:14 - 00000000 ____D C:\Users\cal\AppData\Roaming\xsecva
2012-07-25 18:30 - 2012-07-25 18:30 - 00000000 ____D C:\Users\cal\Documents\My Spore Creations
2012-07-25 18:29 - 2012-07-25 18:30 - 00000000 ____D C:\Users\cal\AppData\Roaming\SPORE
2012-07-25 18:22 - 2012-07-25 18:22 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-07-25 16:51 - 2012-07-25 16:51 - 00000000 ____D C:\Users\cal\Documents\Amnesia
2012-07-25 16:48 - 2012-07-25 16:48 - 00002180 ____A C:\Users\cal\Desktop\Amnesia.lnk
2012-07-25 16:41 - 2012-07-25 16:48 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent
2012-07-25 16:39 - 2012-07-25 16:39 - 00000000 ____D C:\Users\cal\Downloads\sr-atdd
2012-07-25 16:35 - 2012-07-25 16:35 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2012-07-25 14:53 - 2012-07-25 15:30 - 00000000 ____D C:\Users\cal\Downloads\Spore-RELOADED
2012-07-25 12:35 - 2012-07-25 16:40 - 00000000 ____D C:\Users\cal\Downloads\Amnesia.The.Dark.Descent-SKIDROW
2012-07-25 05:26 - 2012-07-25 05:28 - 00000000 ____D C:\Users\cal\Downloads\Kerbal_0_16
2012-07-25 05:23 - 2012-07-25 05:26 - 349734253 ____A C:\Users\cal\Downloads\Kerbal_0_16.zip
2012-07-24 09:45 - 2012-07-24 09:45 - 00000000 ____D C:\Program Files (x86)\R.G. Catalyst
2012-07-24 09:14 - 2012-07-24 09:14 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-07-24 09:13 - 2012-07-24 09:13 - 00000779 ____A C:\Users\cal\Desktop\Perfect Uninstaller.lnk
2012-07-24 03:41 - 2012-07-24 03:42 - 00000000 ____D C:\Users\cal\Downloads\The.Elder.Scrolls.V.Skyrim.Update.9-RELOADED
2012-07-23 18:07 - 2012-07-23 18:07 - 00000000 ____D C:\Users\cal\Downloads\Apocalyptica_-_Worlds_Collide_(2007)_320kbps
2012-07-23 15:15 - 2012-07-24 10:02 - 00000000 ____D C:\Users\cal\AppData\Local\Ubisoft Game Launcher
2012-07-23 15:15 - 2012-07-23 15:16 - 00000000 ____D C:\Users\cal\Documents\Assassin's Creed Revelations
2012-07-22 16:55 - 2012-07-22 16:55 - 00000214 ____A C:\Users\cal\Desktop\Assassin's Creed Series Cinematic Trailers - YouTube.url
2012-07-21 00:41 - 2012-07-23 18:07 - 131645267 ____A C:\Users\cal\Downloads\Apocalyptica_-_Worlds_Collide_(2007)_320kbps.rar
2012-07-20 18:28 - 2012-07-20 18:28 - 00000000 ____D C:\Users\cal\Downloads\The commitments vol.1 & 2
2012-07-20 15:21 - 2012-07-20 15:21 - 00000000 ____D C:\Users\cal\Downloads\Damn Yankees Discography
2012-07-18 18:23 - 2012-07-18 18:23 - 00000000 ____D C:\Users\cal\AppData\Roaming\InstallShield
2012-07-18 15:34 - 2012-07-18 18:14 - 2604072960 ____A C:\Users\cal\Downloads\Assassin's Creed by LoxFalcon.iso
2012-07-17 12:36 - 2012-07-17 12:36 - 00000562 ____A C:\Users\cal\Grad List.txt
2012-07-17 08:24 - 2012-07-17 08:24 - 00000160 ____A C:\Users\cal\Users.txt
2012-07-17 08:24 - 2012-07-17 08:24 - 00000038 ____A C:\Users\cal\Bands.txt
2012-07-16 15:48 - 2012-07-16 15:48 - 00000306 ____A C:\Users\cal\Desktop\http--www.stuffistumbledupon.com-wp-content-uploads-2012-04-Black-Metal-Meme-Death-Metal-I-went-to-church-once-left-no-survivors-lol-funny-lolz.jpg.url
2012-07-16 15:48 - 2012-07-16 15:48 - 00000135 ____A C:\Users\cal\Desktop\http--www.tickld.com-images-content-12511.jpg.url
2012-07-14 20:06 - 2012-07-14 20:06 - 00003209 ____A C:\Users\cal\Downloads\DLC+All.outfits+Uplay.gun.capacity.upgrade.rar
2012-07-14 20:06 - 2012-07-14 20:06 - 00000000 ____D C:\Users\cal\Downloads\DLC+All.outfits+Uplay.gun.capacity.upgrade
2012-07-14 19:55 - 2012-07-14 19:55 - 00001799 ____A C:\Users\cal\Downloads\OPTIONS
2012-07-13 21:53 - 2012-07-13 21:53 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-13 21:53 - 2012-07-13 21:53 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-13 21:53 - 2012-07-13 21:53 - 00000000 ____D C:\Users\cal\AppData\Roaming\PunkBuster
2012-07-13 18:41 - 2012-07-13 20:03 - 00000000 ____D C:\Users\cal\Downloads\Assassins.Creed.Brotherhood-SKIDROW
2012-07-12 17:15 - 2012-07-12 17:15 - 00002040 ____A C:\Users\cal\Downloads\AC2 DLC Enable.rar
2012-07-10 23:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 22:42 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:42 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 22:42 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:42 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:42 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 22:42 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 22:42 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 22:42 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 22:42 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 22:42 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 22:42 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:42 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:42 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 22:42 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 22:42 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 22:42 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 22:42 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 22:42 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 22:42 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 11:48 - 2012-07-24 10:02 - 00000000 ____D C:\Users\All Users\Ubisoft
2012-07-10 11:48 - 2012-07-18 18:43 - 00000000 ____D C:\Users\cal\AppData\Roaming\Ubisoft
2012-07-10 11:15 - 2012-07-24 09:14 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-07-10 08:47 - 2012-07-10 10:51 - 00000000 ____D C:\Users\cal\Downloads\Assassin's Creed II + Patch 1.01 [PC ~ ENG GER FRA SPA ITA DEN NOR SWE][SKIDROW][Colombo-BT.i2p]
2012-07-04 16:41 - 2012-07-04 16:41 - 00000000 ____D C:\Users\cal\Documents\Electronic Arts
2012-07-04 16:41 - 2012-07-04 16:41 - 00000000 ____D C:\Users\cal\AppData\Local\Electronic Arts
2012-07-04 16:36 - 2012-07-04 16:36 - 00001035 ____A C:\Users\cal\Desktop\Dead Space By Synergy.lnk
2012-07-04 15:49 - 2012-07-04 15:49 - 00000000 ____D C:\Users\cal\AppData\Local\ArmA 2 Free
2012-07-04 15:43 - 2012-07-04 15:43 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2012-07-04 15:38 - 2012-07-04 15:40 - 00000000 ____D C:\Users\cal\Downloads\ARMA2Free_setup
2012-07-04 14:29 - 2012-07-04 14:29 - 00000000 ____D C:\Users\cal\Documents\Arma2
2012-07-02 17:17 - 2012-07-02 17:17 - 00000000 ____D C:\Users\cal\Documents\EA Games
2012-07-02 17:16 - 2012-07-02 17:16 - 00000000 ____D C:\Users\cal\AppData\Local\EA Games
2012-07-02 14:44 - 2012-07-04 16:37 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-07-02 14:39 - 2012-07-04 16:37 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-07-02 14:08 - 2012-07-02 14:39 - 00000000 ____D C:\Program Files (x86)\Dead Space 2
2012-07-02 10:31 - 2012-07-02 10:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-01 20:59 - 2012-07-01 20:59 - 00000101 ____A C:\Users\cal\Desktop\The Site.txt
2012-07-01 20:58 - 2012-07-01 20:58 - 00000000 ____D C:\Users\All Users\Ant.com
2012-07-01 20:58 - 2012-07-01 20:58 - 00000000 ____D C:\Program Files (x86)\Ant.com
2012-07-01 18:49 - 2012-07-01 18:49 - 00000219 ____A C:\Users\cal\Desktop\Team Fortress 2.url

 

[Vitharr]

============ 3 Months Modified Files ========================
2012-07-28 10:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 10:07 - 2009-07-13 20:51 - 00034373 ____A C:\Windows\setupact.log
2012-07-28 09:53 - 2012-07-28 09:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4A9B7D8D1348223
2012-07-27 20:31 - 2012-07-27 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CCD3E78FA98C94F
2012-07-27 20:27 - 2012-07-27 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DA43F55A93E6778
2012-07-27 20:23 - 2012-07-27 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E43C101B53DC252A
2012-07-27 20:23 - 2012-04-04 17:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-27 20:19 - 2012-07-27 20:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BD5E387BA128FF
2012-07-27 20:15 - 2012-07-27 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DB948AC1CCBCA63
2012-07-27 20:08 - 2012-07-27 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6FB4C57B0E967DB
2012-07-27 20:00 - 2012-07-27 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172582619AC913D0
2012-07-27 19:56 - 2012-07-27 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A5B2A4F40A08197
2012-07-27 19:52 - 2012-07-27 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DB9DB67B32946F3
2012-07-27 19:49 - 2012-07-27 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.087F909DA29B6998
2012-07-27 19:41 - 2012-07-27 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DEBCF7F21934A0E
2012-07-27 19:33 - 2012-07-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54601271FD8226CF
2012-07-27 19:22 - 2012-07-27 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EEC17ED03A57CAB
2012-07-27 19:18 - 2012-07-27 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E95369A8A87D1F6E
2012-07-27 19:07 - 2012-07-27 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6A597B8AAF6770A
2012-07-27 19:03 - 2012-07-27 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65C9F1F2CD98556F
2012-07-27 19:03 - 2012-07-27 19:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xpluhfga.sys
2012-07-27 19:02 - 2012-07-27 19:02 - 00274384 ____A C:\Windows\Minidump\072712-24585-01.dmp
2012-07-27 19:01 - 2012-07-27 19:01 - 274274446 ____A C:\Windows\MEMORY.DMP
2012-07-27 17:16 - 2009-07-13 21:13 - 00729514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-27 17:15 - 2012-07-27 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.183FA52B3A5C0912
2012-07-27 17:09 - 2012-07-27 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E02BD63384EBEFC3
2012-07-27 17:05 - 2012-07-27 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E1151B4E8C78FA3
2012-07-27 17:01 - 2012-07-27 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0769342A623DAD
2012-07-27 16:49 - 2012-04-02 21:03 - 01851499 ____A C:\Windows\WindowsUpdate.log
2012-07-27 16:45 - 2012-07-27 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D030BC8E5374ED16
2012-07-27 16:39 - 2012-07-27 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7575F09342F79F
2012-07-27 16:35 - 2012-07-27 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6E621C39A9E46D
2012-07-27 16:31 - 2012-07-27 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28DD07FDFA27BE06
2012-07-27 16:27 - 2012-07-27 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7F6501B8F6C1DAE
2012-07-27 16:23 - 2012-07-27 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE4C12491C5F496B
2012-07-27 16:19 - 2012-07-27 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F8F3497207FF759
2012-07-27 16:15 - 2012-07-27 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46656B8CD5C97199
2012-07-27 16:11 - 2012-07-27 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4AFCCB56669F834
2012-07-27 16:07 - 2012-07-27 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AE9664CF1F1BA88
2012-07-27 16:03 - 2012-07-27 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23DBB95DEBB5DFE5
2012-07-27 15:59 - 2012-07-27 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D34D7738608BCE2
2012-07-27 15:55 - 2012-07-27 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.006D7B19150FE90A
2012-07-27 15:51 - 2012-07-27 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCEF6B3D10240A0
2012-07-27 15:47 - 2012-07-27 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FC8CFCACB986FDF
2012-07-27 15:42 - 2012-07-27 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C3C7BAD0C51867F
2012-07-27 15:38 - 2012-07-27 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5BB2AE0AD490D84
2012-07-27 15:34 - 2012-07-27 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111861B8E64D1708
2012-07-27 15:30 - 2012-07-27 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10156286EBCFC62C
2012-07-27 15:26 - 2012-07-27 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41BBF73EAE0287E9
2012-07-27 15:22 - 2012-07-27 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C2502E00EA8519
2012-07-27 15:18 - 2012-07-27 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.170A9607A1BFB923
2012-07-27 15:12 - 2012-07-27 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B1FB702AAF3475C
2012-07-27 15:08 - 2012-07-27 15:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D961E3F22833B4E3
2012-07-27 15:03 - 2012-07-27 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCC50B6C5D566056
2012-07-27 14:59 - 2012-07-27 14:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.784C1F5459BCD752
2012-07-27 14:55 - 2012-07-27 14:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2502682792C162C7
2012-07-27 14:51 - 2012-07-27 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B192EAF2E46BF521
2012-07-27 14:47 - 2012-07-27 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA3071B934410DF
2012-07-27 14:41 - 2012-07-27 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40283D2C7A8708F7
2012-07-27 14:37 - 2012-07-27 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5BF994858A91B83
2012-07-27 14:33 - 2012-07-27 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61927ED55B06619A
2012-07-27 14:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-27 14:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-27 14:16 - 2012-07-27 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.801A96E38371FA75
2012-07-27 14:16 - 2012-07-27 14:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bxaknppc.sys
2012-07-27 14:07 - 2012-07-27 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94263988E22B912F
2012-07-27 13:59 - 2012-04-03 19:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 13:59 - 2012-04-03 19:22 - 00745106 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 10:07 - 2010-11-20 19:47 - 00012324 ____A C:\Windows\PFRO.log
2012-07-27 09:31 - 2012-06-08 09:36 - 00000214 ____A C:\Users\cal\Desktop\100 Greatest Internet Videos In 3 Minutes - YouTube.url
2012-07-27 08:12 - 2012-07-27 08:12 - 00000655 ____A C:\Users\cal\Desktop\File_Recovery.lnk
2012-07-27 08:12 - 2012-07-27 08:12 - 00000368 ____A C:\Users\All Users\6IYqpdniL7Y909
2012-07-27 08:12 - 2012-07-27 08:12 - 00000072 ____A C:\Users\All Users\-6IYqpdniL7Y909r
2012-07-27 08:12 - 2012-07-27 08:12 - 00000072 ____A C:\Users\All Users\-6IYqpdniL7Y909
2012-07-27 08:06 - 2012-07-27 08:06 - 00434176 ____A (BitTorrent, Inc.) C:\Users\cal\AppData\Roaming\condmt.dll
2012-07-25 16:48 - 2012-07-25 16:48 - 00002180 ____A C:\Users\cal\Desktop\Amnesia.lnk
2012-07-25 05:26 - 2012-07-25 05:23 - 349734253 ____A C:\Users\cal\Downloads\Kerbal_0_16.zip
2012-07-24 09:59 - 2012-04-05 13:35 - 00365030 ____A C:\Windows\DirectX.log
2012-07-24 09:14 - 2012-07-24 09:14 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-07-24 09:13 - 2012-07-24 09:13 - 00000779 ____A C:\Users\cal\Desktop\Perfect Uninstaller.lnk
2012-07-23 18:07 - 2012-07-21 00:41 - 131645267 ____A C:\Users\cal\Downloads\Apocalyptica_-_Worlds_Collide_(2007)_320kbps.rar
2012-07-22 16:55 - 2012-07-22 16:55 - 00000214 ____A C:\Users\cal\Desktop\Assassin's Creed Series Cinematic Trailers - YouTube.url
2012-07-19 17:05 - 2012-07-27 12:59 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-19 16:13 - 2012-05-20 18:18 - 00000757 ____A C:\Users\cal\Desktop\Grad Party List.txt
2012-07-18 18:14 - 2012-07-18 15:34 - 2604072960 ____A C:\Users\cal\Downloads\Assassin's Creed by LoxFalcon.iso
2012-07-17 12:36 - 2012-07-17 12:36 - 00000562 ____A C:\Users\cal\Grad List.txt
2012-07-17 08:24 - 2012-07-17 08:24 - 00000160 ____A C:\Users\cal\Users.txt
2012-07-17 08:24 - 2012-07-17 08:24 - 00000038 ____A C:\Users\cal\Bands.txt
2012-07-16 15:48 - 2012-07-16 15:48 - 00000306 ____A C:\Users\cal\Desktop\http--www.stuffistumbledupon.com-wp-content-uploads-2012-04-Black-Metal-Meme-Death-Metal-I-went-to-church-once-left-no-survivors-lol-funny-lolz.jpg.url
2012-07-16 15:48 - 2012-07-16 15:48 - 00000135 ____A C:\Users\cal\Desktop\http--www.tickld.com-images-content-12511.jpg.url
2012-07-14 20:06 - 2012-07-14 20:06 - 00003209 ____A C:\Users\cal\Downloads\DLC+All.outfits+Uplay.gun.capacity.upgrade.rar
2012-07-14 19:55 - 2012-07-14 19:55 - 00001799 ____A C:\Users\cal\Downloads\OPTIONS
2012-07-13 21:53 - 2012-07-13 21:53 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-13 21:53 - 2012-07-13 21:53 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-12 17:15 - 2012-07-12 17:15 - 00002040 ____A C:\Users\cal\Downloads\AC2 DLC Enable.rar
2012-07-10 23:24 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-09 15:50 - 2012-04-04 17:01 - 00000024 ____A C:\Users\cal\random.dat
2012-07-09 14:12 - 2012-04-04 17:01 - 00000042 ____A C:\Users\cal\jagex_cl_runescape_LIVE.dat
2012-07-04 16:36 - 2012-07-04 16:36 - 00001035 ____A C:\Users\cal\Desktop\Dead Space By Synergy.lnk
2012-07-04 14:20 - 2012-06-29 02:44 - 299224008 ____A C:\Users\cal\Downloads\www.NewAlbumReleases.net_Two Steps from Hell - Nero (2011).rar
2012-07-03 09:46 - 2012-04-04 17:19 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 14:39 - 2012-07-27 12:59 - 00001049 ____A C:\Users\Public\Desktop\Dead Space 2.lnk
2012-07-01 20:59 - 2012-07-01 20:59 - 00000101 ____A C:\Users\cal\Desktop\The Site.txt
2012-07-01 18:49 - 2012-07-01 18:49 - 00000219 ____A C:\Users\cal\Desktop\Team Fortress 2.url
2012-06-30 08:31 - 2012-06-29 13:22 - 00000315 ____A C:\Users\cal\Documents\Addresses for 6-30-12.txt
2012-06-29 12:36 - 2012-06-29 12:36 - 00000194 ____A C:\Users\cal\Documents\Captcha.txt
2012-06-28 17:41 - 2012-06-28 17:40 - 73554945 ____A C:\Users\cal\Downloads\receiver_rc4_win.zip
2012-06-28 07:52 - 2012-06-26 12:59 - 00000047 ____A C:\Users\cal\jagex_cl_runescape_LIVE_BETA.dat
2012-06-26 13:00 - 2010-05-04 13:08 - 00000129 ____A C:\Users\cal\jagex_runescape_preferences2.dat
2012-06-26 12:59 - 2010-05-04 13:07 - 00000046 ____A C:\Users\cal\jagex_runescape_preferences.dat
2012-06-24 16:13 - 2012-06-24 16:13 - 00000292 ____A C:\Users\cal\Desktop\Hand-Bras 94 Sexy Babes With All-Natural Undergarments WildAmmo.com.url
2012-06-22 13:31 - 2012-06-22 13:31 - 10619657 ____A C:\Users\cal\Downloads\the-fighters-stronghold.rar
2012-06-21 18:29 - 2012-07-27 12:59 - 00002168 ____A C:\Users\Public\Desktop\Oblivion.lnk
2012-06-21 08:05 - 2012-06-21 07:53 - 89356204 ____A C:\Users\cal\Downloads\1972_The_Magician__s_Birthday_(Bronze_260_135)(320).rar
2012-06-20 10:41 - 2012-06-20 10:30 - 96440183 ____A C:\Users\cal\Downloads\1970_Very_Eavy...Very_Umble_(Bronze_258_294)(320).rar
2012-06-20 08:41 - 2012-06-20 08:30 - 98094126 ____A C:\Users\cal\Downloads\1971_Look_at_Yourself_(Bronze_260_138)(320).rar
2012-06-19 20:48 - 2012-06-19 20:30 - 161546755 ____A C:\Users\cal\Downloads\1972_Demons_And_Wizards_(Remasters_With_Bonus_Tracks)(320).rar
2012-06-19 20:31 - 2012-06-19 20:31 - 00000244 ____A C:\Users\cal\Desktop\High Definition Porn - Passion HD.url
2012-06-19 19:39 - 2012-06-19 19:37 - 83946665 ____A C:\Users\cal\Downloads\[1971] Salisbury.rar
2012-06-17 10:44 - 2011-01-05 14:53 - 00000301 ____A C:\Users\cal\Desktop\YouTube - Crazy Lawn Chair Balloon Flight!.url
2012-06-17 10:41 - 2012-06-17 10:41 - 02660198 ____A C:\Users\cal\Downloads\Sumotori Dreams plus Editor.zip
2012-06-16 09:49 - 2012-06-16 09:49 - 00000141 ____A C:\Users\cal\Documents\Address.txt
2012-06-11 19:08 - 2012-07-10 23:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 17:02 - 2012-06-11 17:02 - 00000132 ____A C:\Users\cal\Desktop\Polish Dell USB Keyboard.url
2012-06-08 21:43 - 2012-07-10 22:42 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 22:42 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 09:39 - 2012-06-08 09:39 - 00000222 ____A C:\Users\cal\Desktop\super...tectonic dance - YouTube.url
2012-06-08 09:37 - 2012-06-08 09:37 - 00000222 ____A C:\Users\cal\Desktop\300 TECHNO VIKING - YouTube.url
2012-06-08 09:37 - 2012-06-08 09:37 - 00000206 ____A C:\Users\cal\Desktop\All hail techno viking - YouTube (2).url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000230 ____A C:\Users\cal\Desktop\Epic Win Compilation 2011 - Part 2 - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000222 ____A C:\Users\cal\Desktop\Techno Viking on dubstep - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000206 ____A C:\Users\cal\Desktop\Trick Shot Basketball Dude Perfect™ Summer Camp Edition (HD) - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000206 ____A C:\Users\cal\Desktop\baby laughing - YouTube.url
2012-06-08 09:36 - 2012-06-08 09:36 - 00000206 ____A C:\Users\cal\Desktop\All hail techno viking - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000229 ____A C:\Users\cal\Desktop\Epic Win Compilation 2011 - Part 1 - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000222 ____A C:\Users\cal\Desktop\Video - Compilation Fail girls - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000222 ____A C:\Users\cal\Desktop\Girls Summer Fail Compilation 2011 - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000222 ____A C:\Users\cal\Desktop\Fail and win compilation - YouTube.url
2012-06-08 09:35 - 2012-06-08 09:35 - 00000206 ____A C:\Users\cal\Desktop\Billy's Balls 2 - YouTube.url
2012-06-05 22:06 - 2012-07-10 22:42 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 22:42 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 22:42 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 22:42 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 22:42 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 22:42 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 07:50 - 2012-06-05 07:50 - 00000229 ____A C:\Users\cal\Desktop\Boo - The World's Cutest Dog on Good Morning America - YouTube.url
2012-06-05 07:50 - 2012-06-05 07:50 - 00000229 ____A C:\Users\cal\Desktop\Baby beavers get a second chance - YouTube.url
2012-06-05 07:50 - 2012-06-05 07:50 - 00000223 ____A C:\Users\cal\Desktop\#.url
2012-06-05 07:50 - 2012-06-05 07:50 - 00000222 ____A C:\Users\cal\Desktop\wolf howl - YouTube.url
2012-06-05 07:49 - 2012-06-05 07:49 - 00000222 ____A C:\Users\cal\Desktop\RCT3-Fantasmic Trip - YouTube.url
2012-06-05 07:49 - 2012-06-05 07:49 - 00000222 ____A C:\Users\cal\Desktop\AladdinThe Ride (RCT3) - YouTube.url
2012-06-04 19:14 - 2012-06-04 19:14 - 00000222 ____A C:\Users\cal\Desktop\HD RCT3 Firework Show - Pirates - YouTube (2).url
2012-06-04 05:29 - 2012-06-04 05:29 - 00000256 ____A C:\Users\cal\Desktop\Emma Watson and Other Child Stars Who Grew Up To Be Hot Mademan.com.url
2012-06-04 04:35 - 2012-06-04 04:35 - 00000222 ____A C:\Users\cal\Desktop\Friendly Deer - YouTube.url
2012-06-04 04:34 - 2012-06-04 04:34 - 00000222 ____A C:\Users\cal\Desktop\Meeting with wolves - YouTube.url
2012-06-02 14:19 - 2012-06-19 01:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 01:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 01:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 01:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 01:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 01:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 01:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 01:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-19 01:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 22:42 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 22:42 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 22:42 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 22:42 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 22:42 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:50 - 2012-06-01 20:50 - 00618105 ____A C:\Users\cal\Downloads\Stratasphere_Finale.fwd
2012-06-01 20:42 - 2012-06-01 20:42 - 00000222 ____A C:\Users\cal\Desktop\HD RCT3 Firework Show - Pirates - YouTube.url
2012-06-01 20:40 - 2012-07-10 22:42 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 22:42 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 22:42 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 22:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 14:56 - 2012-05-29 14:56 - 17091624 ____A C:\Users\cal\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2012-05-29 14:43 - 2012-05-29 14:43 - 00000206 ____A C:\Users\cal\Desktop\Opeth - The Lotus Eater 2010 (DVD Royal Albert Hall) - YouTube.url
2012-05-29 11:49 - 2012-05-29 11:49 - 00000174 ____A C:\Users\cal\Desktop\Theo Spark.url
2012-05-29 11:48 - 2012-05-29 11:48 - 00000223 ____A C:\Users\cal\Desktop\American Power April 2011.url
2012-05-29 11:45 - 2012-05-29 11:45 - 00000208 ____A C:\Users\cal\Desktop\Human Stop Sign Gets Removed Video.url
2012-05-29 03:46 - 2012-05-29 03:46 - 00000560 ____A C:\Users\cal\Desktop\Youtube2.txt
2012-05-26 17:42 - 2012-05-26 17:42 - 00000746 ____A C:\Users\cal\Desktop\Videos.txt
2012-05-26 17:32 - 2012-05-26 17:32 - 00000264 ____A C:\Users\cal\Desktop\http--verydemotivational.files.wordpress.com-2011-11-demotivational-posters-this-is-a-guy.jpg.url
2012-05-26 17:32 - 2012-05-26 17:32 - 00000261 ____A C:\Users\cal\Desktop\http--3.bp.blogspot.com-_28yniOTMoqI-TLFiAiKlmaI-AAAAAAAACAI-K7V60sZmf_o-s1600-Opeth+20+%C3%A5r,+Cirkus+114.JPG.url
2012-05-26 17:32 - 2012-05-26 17:32 - 00000242 ____A C:\Users\cal\Desktop\http--3.bp.blogspot.com-_zvn4w8W7e90-S9R59IcoGpI-AAAAAAAAAmY-R_uDUqq4N-I-s1600-img0005pi.jpg.url
2012-05-26 17:31 - 2012-05-26 17:31 - 00000231 ____A C:\Users\cal\Desktop\http--jonathanbradwell.files.wordpress.com-2010-09-fan-pop.jpg.url
2012-05-25 10:43 - 2012-05-25 10:43 - 00000222 ____A C:\Users\cal\Desktop\The Saga Of Biorn - YouTube.url
2012-05-25 08:01 - 2012-05-25 07:09 - 02756250 ____A C:\Users\cal\Documents\Top 10 Highest Paid Authors of 2011.pptx
2012-05-25 01:01 - 2012-05-25 00:56 - 03626696 ____A C:\Users\cal\Documents\DIRGE FOR NOVEMBER.pptx
2012-05-25 00:38 - 2012-05-25 00:38 - 00000160 ____A C:\Users\cal\Desktop\Shotgun Suicide Bath.url
2012-05-24 23:40 - 2012-05-24 23:40 - 00000163 ____A C:\Users\cal\Desktop\Blah.txt
2012-05-22 15:51 - 2012-05-22 15:51 - 00000966 ____A C:\Users\cal\Desktop\Max Payne 2.lnk
2012-05-22 14:07 - 2012-05-22 14:07 - 00000676 ____A C:\Users\cal\Desktop\Interesting stuff.txt
2012-05-22 13:23 - 2012-05-22 13:23 - 00000348 ____A C:\Users\cal\Desktop\Youtube.txt
2012-05-17 19:20 - 2012-05-17 19:19 - 69097700 ____A C:\Users\cal\Downloads\P-T-N-R.therebels.micael.rar
2012-05-17 19:15 - 2012-05-17 19:15 - 13054345 ____A C:\Users\cal\Downloads\2007 - Nil Recurring.part3.rar
2012-05-16 14:24 - 2012-05-16 14:24 - 00130619 ____A C:\Users\cal\Downloads\9360 Old Plank Ln, Brighton, MI 48114 to 3100 W Highland Rd, Howell, MI 48843 - Google Maps.htm
2012-05-15 19:42 - 2012-05-15 19:00 - 131507343 ____A C:\Users\cal\Downloads\k0l0n.rar
2012-05-09 23:16 - 2012-04-03 17:40 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 10:03 - 2010-05-03 17:48 - 00000277 ____A C:\Users\cal\Documents\password.txt
2012-05-07 11:08 - 2012-07-27 12:59 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2012-05-05 05:40 - 2012-05-05 05:40 - 00001322 ____A C:\Users\cal\Desktop\KSP.exe - Shortcut.lnk
2012-05-04 03:06 - 2012-06-13 07:18 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 07:18 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 07:18 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 11:44 - 2012-05-03 11:43 - 109204617 ____A C:\Users\cal\Downloads\KSP_win_0_13_3.zip
ZeroAccess:
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\@
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\L
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\U
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}\U\00000001.@
ZeroAccess:
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}\@
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}\L
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4094.49 MB
Available physical RAM: 3487.71 MB
Total Pagefile: 4092.69 MB
Available Pagefile: 3484.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:232.68 GB) (Free:20.11 GB) NTFS
3 Drive f: () (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 992 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 100 MB 48 MB
Partition 3 Primary 232 GB 148 MB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 47 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 991 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 991 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-17 21:03
======================= End Of Log ==========================

 

[Jay Pfoutz]

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-07-27 19:03 - 2012-07-27 19:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xpluhfga.sys
1 fevgchvg; \??\C:\Windows\system32\drivers\fevgchvg.sys [x]
1 mjuvgsya; \??\C:\Windows\system32\drivers\mjuvgsya.sys [x]
1 nbodljsr; \??\C:\Windows\system32\drivers\nbodljsr.sys [x]
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897}
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[Vitharr]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-31 07:18:22 Run:6
Running from F:\
==============================================
C:\Windows\System32\Drivers\xpluhfga.sys moved successfully.
fevgchvg service deleted successfully.
mjuvgsya service deleted successfully.
nbodljsr service deleted successfully.
C:\Windows\Installer\{c87bc561-eefd-ed9f-5262-78af73b1c897} moved successfully.
C:\Users\cal\AppData\Local\{c87bc561-eefd-ed9f-5262-78af73b1c897} moved successfully.
==== End of Fixlog ====

 

[Jay Pfoutz]

Back to Normal Mode, if you can...

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

 

[Vitharr]

It's nice to be back on my own computer, even if it's not yet entirely mine again. Thanks again for the help. Wish me luck with this... I've heard bad things about this program. XD I won't be on tomorrow, so I'm not bailing or anything. I'll let ya know how it goes in a bit. It just annoys me that people make these things...

 

[Vitharr]

ComboFix 12-07-31.03 - cal 08/01/2012 12:58:52.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2689 [GMT -4:00]
Running from: c:\users\cal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\6IYqpdniL7Y909
c:\users\cal\AppData\Roaming\condmt.dll
c:\users\cal\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
c:\users\cal\AppData\Roaming\Microsoft\Windows\Recent\Desktop (1).ini
c:\users\cal\Documents\~WRL0608.tmp
c:\users\cal\Documents\~WRL1080.tmp
c:\users\cal\Documents\~WRL2369.tmp
c:\users\cal\Documents\~WRL3619.tmp
c:\users\cal\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 17:07 . 2012-08-01 17:07 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF1719D9-6B84-4653-805E-2F86211F2178}\offreg.dll
2012-07-28 21:42 . 2012-07-28 21:42 -------- d-----w- C:\FRST
2012-07-28 17:53 . 2012-07-28 17:53 328704 ----a-w- c:\windows\system32\services.exe.B4A9B7D8D1348223
2012-07-28 04:31 . 2012-07-28 04:31 328704 ----a-w- c:\windows\system32\services.exe.8CCD3E78FA98C94F
2012-07-28 04:27 . 2012-07-28 04:27 328704 ----a-w- c:\windows\system32\services.exe.8DA43F55A93E6778
2012-07-28 04:23 . 2012-07-28 04:23 328704 ----a-w- c:\windows\system32\services.exe.E43C101B53DC252A
2012-07-28 04:19 . 2012-07-28 04:19 328704 ----a-w- c:\windows\system32\services.exe.52BD5E387BA128FF
2012-07-28 04:15 . 2012-07-28 04:15 328704 ----a-w- c:\windows\system32\services.exe.3DB948AC1CCBCA63
2012-07-28 04:08 . 2012-07-28 04:08 328704 ----a-w- c:\windows\system32\services.exe.F6FB4C57B0E967DB
2012-07-28 04:00 . 2012-07-28 04:00 328704 ----a-w- c:\windows\system32\services.exe.172582619AC913D0
2012-07-28 03:56 . 2012-07-28 03:56 328704 ----a-w- c:\windows\system32\services.exe.6A5B2A4F40A08197
2012-07-28 03:52 . 2012-07-28 03:52 328704 ----a-w- c:\windows\system32\services.exe.2DB9DB67B32946F3
2012-07-28 03:49 . 2012-07-28 03:49 328704 ----a-w- c:\windows\system32\services.exe.087F909DA29B6998
2012-07-28 03:41 . 2012-07-28 03:41 328704 ----a-w- c:\windows\system32\services.exe.9DEBCF7F21934A0E
2012-07-28 03:33 . 2012-07-28 03:33 328704 ----a-w- c:\windows\system32\services.exe.54601271FD8226CF
2012-07-28 03:22 . 2012-07-28 03:22 328704 ----a-w- c:\windows\system32\services.exe.1EEC17ED03A57CAB
2012-07-28 03:18 . 2012-07-28 03:18 328704 ----a-w- c:\windows\system32\services.exe.E95369A8A87D1F6E
2012-07-28 03:07 . 2012-07-28 03:07 328704 ----a-w- c:\windows\system32\services.exe.B6A597B8AAF6770A
2012-07-28 03:03 . 2012-07-28 03:03 328704 ----a-w- c:\windows\system32\services.exe.65C9F1F2CD98556F
2012-07-28 01:15 . 2012-07-28 01:15 328704 ----a-w- c:\windows\system32\services.exe.183FA52B3A5C0912
2012-07-28 01:13 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF1719D9-6B84-4653-805E-2F86211F2178}\mpengine.dll
2012-07-28 01:09 . 2012-07-28 01:09 328704 ----a-w- c:\windows\system32\services.exe.E02BD63384EBEFC3
2012-07-28 01:05 . 2012-07-28 01:05 328704 ----a-w- c:\windows\system32\services.exe.4E1151B4E8C78FA3
2012-07-28 01:01 . 2012-07-28 01:01 328704 ----a-w- c:\windows\system32\services.exe.8F0769342A623DAD
2012-07-28 00:45 . 2012-07-28 00:45 328704 ----a-w- c:\windows\system32\services.exe.D030BC8E5374ED16
2012-07-28 00:39 . 2012-07-28 00:39 328704 ----a-w- c:\windows\system32\services.exe.0E7575F09342F79F
2012-07-28 00:35 . 2012-07-28 00:35 328704 ----a-w- c:\windows\system32\services.exe.8C6E621C39A9E46D
2012-07-28 00:31 . 2012-07-28 00:31 328704 ----a-w- c:\windows\system32\services.exe.28DD07FDFA27BE06
2012-07-28 00:27 . 2012-07-28 00:27 328704 ----a-w- c:\windows\system32\services.exe.A7F6501B8F6C1DAE
2012-07-28 00:23 . 2012-07-28 00:23 328704 ----a-w- c:\windows\system32\services.exe.DE4C12491C5F496B
2012-07-28 00:19 . 2012-07-28 00:19 328704 ----a-w- c:\windows\system32\services.exe.5F8F3497207FF759
2012-07-28 00:15 . 2012-07-28 00:15 328704 ----a-w- c:\windows\system32\services.exe.46656B8CD5C97199
2012-07-28 00:11 . 2012-07-28 00:11 328704 ----a-w- c:\windows\system32\services.exe.B4AFCCB56669F834
2012-07-28 00:07 . 2012-07-28 00:07 328704 ----a-w- c:\windows\system32\services.exe.3AE9664CF1F1BA88
2012-07-28 00:03 . 2012-07-28 00:03 328704 ----a-w- c:\windows\system32\services.exe.23DBB95DEBB5DFE5
2012-07-27 23:59 . 2012-07-27 23:59 328704 ----a-w- c:\windows\system32\services.exe.9D34D7738608BCE2
2012-07-27 23:55 . 2012-07-27 23:55 328704 ----a-w- c:\windows\system32\services.exe.006D7B19150FE90A
2012-07-27 23:51 . 2012-07-27 23:51 328704 ----a-w- c:\windows\system32\services.exe.0FCEF6B3D10240A0
2012-07-27 23:47 . 2012-07-27 23:47 328704 ----a-w- c:\windows\system32\services.exe.2FC8CFCACB986FDF
2012-07-27 23:42 . 2012-07-27 23:42 328704 ----a-w- c:\windows\system32\services.exe.1C3C7BAD0C51867F
2012-07-27 23:38 . 2012-07-27 23:38 328704 ----a-w- c:\windows\system32\services.exe.D5BB2AE0AD490D84
2012-07-27 23:34 . 2012-07-27 23:34 328704 ----a-w- c:\windows\system32\services.exe.111861B8E64D1708
2012-07-27 23:30 . 2012-07-27 23:30 328704 ----a-w- c:\windows\system32\services.exe.10156286EBCFC62C
2012-07-27 23:26 . 2012-07-27 23:26 328704 ----a-w- c:\windows\system32\services.exe.41BBF73EAE0287E9
2012-07-27 23:22 . 2012-07-27 23:22 328704 ----a-w- c:\windows\system32\services.exe.C6C2502E00EA8519
2012-07-27 23:18 . 2012-07-27 23:18 328704 ----a-w- c:\windows\system32\services.exe.170A9607A1BFB923
2012-07-27 23:12 . 2012-07-27 23:12 328704 ----a-w- c:\windows\system32\services.exe.3B1FB702AAF3475C
2012-07-27 23:08 . 2012-07-27 23:08 328704 ----a-w- c:\windows\system32\services.exe.D961E3F22833B4E3
2012-07-27 23:03 . 2012-07-27 23:03 328704 ----a-w- c:\windows\system32\services.exe.CCC50B6C5D566056
2012-07-27 22:59 . 2012-07-27 22:59 328704 ----a-w- c:\windows\system32\services.exe.784C1F5459BCD752
2012-07-27 22:55 . 2012-07-27 22:55 328704 ----a-w- c:\windows\system32\services.exe.2502682792C162C7
2012-07-27 22:51 . 2012-07-27 22:51 328704 ----a-w- c:\windows\system32\services.exe.B192EAF2E46BF521
2012-07-27 22:47 . 2012-07-27 22:47 328704 ----a-w- c:\windows\system32\services.exe.9AA3071B934410DF
2012-07-27 22:41 . 2012-07-27 22:41 328704 ----a-w- c:\windows\system32\services.exe.40283D2C7A8708F7
2012-07-27 22:37 . 2012-07-27 22:37 328704 ----a-w- c:\windows\system32\services.exe.E5BF994858A91B83
2012-07-27 22:33 . 2012-07-27 22:33 328704 ----a-w- c:\windows\system32\services.exe.61927ED55B06619A
2012-07-27 22:16 . 2012-07-27 22:16 50392 ----a-w- c:\windows\system32\drivers\bxaknppc.sys
2012-07-27 22:16 . 2012-07-27 22:16 328704 ----a-w- c:\windows\system32\services.exe.801A96E38371FA75
2012-07-27 22:07 . 2012-07-27 22:07 328704 ----a-w- c:\windows\system32\services.exe.94263988E22B912F
2012-07-27 21:59 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F287D2A5-A0A7-4CEE-83C2-3F3696D59572}\gapaengine.dll
2012-07-27 21:58 . 2012-07-27 21:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-27 21:58 . 2012-07-27 21:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 16:06 . 2012-07-27 16:06 -------- d-----w- c:\users\cal\AppData\Local\{0BBF6C3D-D805-11E1-8270-B8AC6F996F26}
2012-07-27 16:05 . 2012-07-27 16:14 -------- d-----w- c:\users\cal\AppData\Roaming\xsecva
2012-07-26 02:29 . 2012-07-26 02:30 -------- d-----w- c:\users\cal\AppData\Roaming\SPORE
2012-07-26 02:22 . 2012-07-26 02:22 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-07-26 00:41 . 2012-07-26 00:48 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-07-26 00:35 . 2012-07-26 00:35 -------- d-----w- c:\program files (x86)\DAMN NFO Viewer
2012-07-24 17:45 . 2012-07-24 17:45 -------- d-----w- c:\program files (x86)\R.G. Catalyst
2012-07-24 17:13 . 2012-07-24 17:14 -------- d-----w- c:\program files\Perfect Uninstaller
2012-07-23 23:15 . 2012-07-24 18:02 -------- d-----w- c:\users\cal\AppData\Local\Ubisoft Game Launcher
2012-07-19 02:23 . 2012-07-19 02:23 -------- d-----w- c:\users\cal\AppData\Roaming\InstallShield
2012-07-14 05:53 . 2012-07-14 05:53 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-14 05:53 . 2012-07-14 05:53 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-14 05:53 . 2012-07-14 05:53 -------- d-----w- c:\users\cal\AppData\Roaming\PunkBuster
2012-07-11 07:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 06:42 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 19:48 . 2012-07-24 18:02 -------- d-----w- c:\programdata\Ubisoft
2012-07-10 19:48 . 2012-07-19 02:43 -------- d-----w- c:\users\cal\AppData\Roaming\Ubisoft
2012-07-10 19:15 . 2012-07-24 17:14 -------- d-----w- c:\program files (x86)\Ubisoft
2012-07-05 00:41 . 2012-07-05 00:41 -------- d-----w- c:\users\cal\AppData\Local\Electronic Arts
2012-07-04 23:49 . 2012-07-04 23:49 -------- d-----w- c:\users\cal\AppData\Local\ArmA 2 Free
2012-07-04 23:43 . 2012-07-04 23:43 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-07-03 01:16 . 2012-07-03 01:16 -------- d-----w- c:\users\cal\AppData\Local\EA Games
2012-07-02 22:44 . 2012-07-05 00:37 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-02 22:08 . 2012-07-02 22:39 -------- d-----w- c:\program files (x86)\Dead Space 2
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-02 18:32 . 2012-07-02 18:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-02 18:31 . 2012-07-02 18:32 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-04-05 01:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 09:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:19 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:19 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 09:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 09:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-10 07:16 . 2012-04-04 01:40 57848688 ----a-w- c:\windows\system32\MRT.exe
2012-05-04 11:06 . 2012-06-13 15:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-05 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\cal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop (1).ini [2004-6-6 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-04 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-21 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
S2 AntUpdaterService;Ant Toolbar updater service;c:\program files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: kongregate.com\www
Trusted Zone: newgrounds.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.3.1
FF - ProfilePath - c:\users\cal\AppData\Roaming\Mozilla\Firefox\Profiles\yemr2qba.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-condmt - c:\users\cal\AppData\Roaming\condmt.dll
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-08-01 13:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 17:16
.
Pre-Run: 21,405,380,608 bytes free
Post-Run: 22,538,944,512 bytes free
.
- - End Of File - - 0C696F7E0CE3DF6714AB9782D9B2700A

 

[Jay Pfoutz]

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Copy and paste the entire report in your next reply.

 

[Vitharr]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cal :: CAL_DELL531S [administrator]
8/2/2012 11:17:55 PM
mbam-log-2012-08-02 (23-17-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208258
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

I ran malwarebytes before my computer really hit the wall and died on me. I removed some stuff back then, which may be why it didn't find anything this time. I'll see if I can find those logs.