also @ TechSpot: Microsoft officially announces Xbox One: here's what we know so far

Sirefef trojans... ugh

Discussion in 'Virus and Malware Removal' started by Jesterical, Jul 20, 2012.

Post New Reply
Page 1 of 2

  1. Jesterical Newcomer, in training Posts: 21

    Hello, I was wondering if you could possibly help me with detaching all parts of this virus from my computer. I've read your 5 step instruction guide as well as your T.O.S. so here goes. I've been infected originally with a Trojan injector going by the identification of ScrInject.B.Gen. I am running ESET Nod 32. Since then it has been hit or miss whether or not my computer could clean the oncoming horde of variations that this trojan created. I'm getting reports of

    -Sirefef.AE
    -Sirefef.AN
    -Patched.B.Gen
    -Agent.BA
    -Sirefef.AD
    -Sirefef.EZ
    -Olmarik.TDL4
    -Olmarik.AK
    -Olmarik.AYL
    -Olmarik.AH
    -Olmarik.AK
    -Olmarik.AFK

    I didn't get any report from GMER so the following will be my mwb and dds logs.


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.20.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514

    Protection: Enabled

    7/19/2012 11:30:15 PM
    mbam-log-2012-07-19 (23-30-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229865
    Time elapsed: 3 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

    =================================================================


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Morisoli at 9:19:02 on 2012-07-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2069 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&tbp=homepage
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [<NO NAME>]
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{1F177412-7B9A-468F-9D3D-D3D377EE0624} : DhcpNameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{628E18C3-E348-4825-96E1-8B587D1A7135} : DhcpNameServer = 208.180.42.100 208.180.42.68
    TCP: Interfaces\{628E18C3-E348-4825-96E1-8B587D1A7135}\D4F6279637F6C6960275962756C6563737 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7BB8E6F1-577D-4A0A-9FC8-DD2D33344520} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8E95BB16-2DB2-41F9-8927-C60DB3BDBB43} : DhcpNameServer = 208.180.42.100 208.180.42.68
    TCP: Interfaces\{8E95BB16-2DB2-41F9-8927-C60DB3BDBB43}\C696E6B6379737 : DhcpNameServer = 208.180.42.100 208.180.42.68
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [(Default)]
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\
    FF - prefs.js: browser.search.selectedEngine - Blekko
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Morisoli\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
    FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 TsVp;TsVp;C:\Windows\system32\DRIVERS\tsvp.sys --> C:\Windows\system32\DRIVERS\tsvp.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-22 2214504]
    R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2011-11-21 377088]
    R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2011-11-21 455424]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
    S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
    S3 CV2K1;CommView Network Monitor;C:\Windows\system32\DRIVERS\cv2k1.sys --> C:\Windows\system32\DRIVERS\cv2k1.sys [?]
    S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsVlb;TsVlb;C:\Windows\system32\DRIVERS\tsvlb.sys --> C:\Windows\system32\DRIVERS\tsvlb.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-20 04:29:22 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-20 04:29:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-20 04:29:16 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-20 04:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-20 03:30:14 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
    2012-07-20 03:28:53 303616 ----a-w- C:\SetACL.exe
    2012-07-20 03:02:30 290304 ----a-w- C:\subinacl.exe
    2012-07-19 05:28:21 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
    2012-07-19 05:24:19 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
    2012-07-19 05:19:04 -------- d-----w- C:\ProgramData\HitmanPro
    2012-07-18 01:28:41 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-17 10:40:52 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5C40441-EFA1-48D5-89D1-55F861E48F86}\mpengine.dll
    2012-07-12 01:30:14 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-07-12 01:29:25 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 08:03:33 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-05 16:04:50 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-07-04 00:30:46 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2012-07-02 22:59:21 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 22:57:00 -------- d-----w- C:\Program Files (x86)\StepMania 5
    2012-07-02 18:44:27 -------- d-----w- C:\Program Files\CoreFTP
    2012-07-02 18:22:53 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-01 23:15:39 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
    2012-06-30 16:29:29 -------- d-----w- C:\Users\Morisoli\AppData\Local\THQ
    2012-06-30 02:35:31 -------- d-----w- C:\Users\Morisoli\AppData\Local\Macromedia
    2012-06-30 02:13:03 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\TuneUp Software
    2012-06-30 02:12:21 -------- d-----w- C:\ProgramData\TuneUp Software
    2012-06-30 02:12:14 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-30 02:07:01 -------- d-----w- C:\Users\Morisoli\AppData\Local\Google
    2012-06-29 01:03:07 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\.minecraft
    2012-06-26 02:50:53 -------- d-----w- C:\ProgramData\TamoSoft
    2012-06-26 02:50:44 -------- d-----w- C:\Program Files (x86)\CommView
    2012-06-26 02:46:31 -------- d-----w- C:\ProgramData\blekko toolbars
    2012-06-26 02:46:22 -------- d-----w- C:\Users\Morisoli\AppData\Local\blekkotb_031
    2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
    .
    ==================== Find3M ====================
    .
    2012-07-18 01:30:14 25640 ----a-w- C:\Windows\gdrv.sys
    2012-07-12 17:56:02 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-12 17:56:02 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-12 16:34:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 16:34:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-02 01:39:34 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-06-11 18:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-06-11 18:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-06-11 18:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-06-11 18:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-06-11 18:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-06-11 18:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-06-11 18:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
    2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-06-01 15:20:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-16 01:25:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-05-16 01:25:11 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-05-16 01:25:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-05-16 01:25:11 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-29 03:26:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 9:19:29.96 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/22/2011 7:05:49 PM
    System Uptime: 7/19/2012 11:34:46 PM (10 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3
    Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 585.494 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
    Service:
    .
    ==== System Restore Points ===================
    .
    RP150: 7/11/2012 3:00:20 AM - Windows Update
    RP151: 7/17/2012 5:40:05 AM - Windows Update
    RP152: 7/17/2012 8:33:37 PM - Removed Fantapper Player
    RP153: 7/17/2012 8:34:52 PM - Removed Fantapper Player
    RP154: 7/17/2012 8:35:43 PM - Removed Fantapper Updater
    RP155: 7/17/2012 8:37:21 PM - Removed EasySaver B9.1214.1
    RP156: 7/19/2012 10:01:54 PM - Tweaking.com - Windows Repair
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    AMD VISION Engine Control Center
    APB Reloaded
    ASIO4ALL
    Browser Configuration Utility
    Business Contact Manager for Outlook 2007 SP2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CommView
    Core FTP LE (x64)
    Coupon Printer for Windows
    Deckadance
    Diablo III
    DiRT 3
    Dota 2
    erLT
    FL Studio 10
    Google Talk Plugin
    Heroes of Newerth
    HP Deskjet 3050 J610 series Help
    HP Photo Creations
    HP Update
    HydraVision
    IL Download Manager
    iSEEK AnswerWorks English Runtime
    Java Auto Updater
    Java(TM) 6 Update 31
    League of Legends
    Left 4 Dead 2
    Magic: The Gathering — Duels of the Planeswalkers 2012
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2008
    Microsoft Office Accounting 2008 Equifax Addin
    Microsoft Office Accounting 2008 Fixed Asset Manager
    Microsoft Office Accounting 2008 PayPal Addin
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoHelper 2.0.51 Driver 5.1.0
    MotoHelper MergeModules
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Mumble 1.2.3
    NETGEAR WNDA4100
    NETGEAR WNDA4100 Genie
    NVIDIA PhysX
    OpenAL
    Pando Media Booster
    PunkBuster Services
    Quicken 2012
    QuickTime
    Rainmeter
    Rapture3D 2.4.8 Game
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Steam
    StepMania v5.0 alpha 2 (remove only)
    Team Fortress 2
    TeamSpeak 3 Client
    TERA
    Total War: SHOGUN 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Warhammer 40,000 Space Marine
    Warhammer® 40,000™: Dawn of War® II
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
    Warhammer® 40,000™: Dawn of War® II – Retribution™
    World of Warcraft
    XSplit
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/19/2012 11:35:03 PM, Error: Service Control Manager [7000] -
    7/17/2012 8:17:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff8000328a442). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-20077-01.
    7/17/2012 8:13:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003300405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-19578-01.
    .
    ==== End Of File ===========================
    Jesterical, Jul 20, 2012
    #1

  2. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
    Jay Pfoutz, Jul 20, 2012
    #2

  3. Jesterical Newcomer, in training Posts: 21

    undefinedScan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 20-07-2012 11:36:42
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
    HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
    HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

    ==================== Services (Whitelisted) ======

    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
    2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
    3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
    1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:56 - 2012-07-20 08:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-09 01:56 - 2012-07-18 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    Jesterical, Jul 20, 2012
    #3

  4. Jay Pfoutz Malware Helper Posts: 4,286   +49

    There are parts missing from the log. Please try again. I will need a full log for best analysis.
    Jay Pfoutz, Jul 20, 2012
    #4

  5. Jesterical Newcomer, in training Posts: 21

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 20-07-2012 14:46:21
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
    HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
    HKU\Morisoli\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-10-25] (AMD)
    HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

    ==================== Services (Whitelisted) ======

    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
    2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
    3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
    1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:56 - 2012-07-20 11:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-09 01:56 - 2012-07-18 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:39 - 2012-07-08 12:41 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Skype Voice Records
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Clownfish Avatars
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-07-03 16:30 - 2012-07-20 07:04 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-03 16:30 - 2012-07-20 07:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2012-07-03 16:28 - 2012-07-03 16:30 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 15:39 - 2012-07-13 07:39 - 00000000 ___RD C:\Users\Morisoli\Desktop\Games
    2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 14:57 - 2012-07-02 15:10 - 00000000 ____D C:\Program Files (x86)\StepMania 5
    2012-07-02 14:53 - 2012-07-02 14:55 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:44 - 00000000 ____D C:\Program Files\CoreFTP
    2012-07-02 10:43 - 2012-07-02 10:44 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:22 - 2012-07-02 14:14 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00000000 ____D C:\Users\Morisoli\Documents\Heroes of Newerth
    2012-07-01 15:15 - 2012-07-01 15:52 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
    2012-07-01 11:51 - 2012-07-01 12:29 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-06-30 08:29 - 00000000 ____D C:\Users\Morisoli\AppData\Local\THQ
    2012-06-29 18:35 - 2012-06-29 18:35 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Macromedia
    2012-06-29 18:13 - 2012-06-29 18:13 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:13 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:12 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-29 18:10 - 2012-06-29 18:12 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:07 - 2012-07-09 01:56 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Google
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 17:03 - 2012-07-11 19:55 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\.minecraft
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-27 12:04 - 2012-06-27 12:04 - 00000000 ____D C:\Users\Morisoli\Documents\Wizards of the Coast
    2012-06-25 18:50 - 2012-06-25 18:52 - 00000000 ____D C:\Program Files (x86)\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\Morisoli\Documents\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\All Users\TamoSoft
    2012-06-25 18:46 - 2012-07-17 17:32 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-06-25 18:46 - 2012-06-25 18:46 - 00000000 ____D C:\Users\Morisoli\AppData\Local\blekkotb_031
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll


    ============ 3 Months Modified Files ========================

    2012-07-20 11:44 - 2011-09-22 18:50 - 01147780 ____A C:\Windows\WindowsUpdate.log
    2012-07-20 11:33 - 2012-04-12 14:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-20 11:06 - 2012-07-09 01:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-20 08:45 - 2009-07-13 21:13 - 00796216 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-20 08:43 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-20 08:43 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-20 08:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-20 08:38 - 2009-07-13 20:51 - 00036732 ____A C:\Windows\setupact.log
    2012-07-20 07:04 - 2012-07-03 16:30 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:34 - 2011-10-24 17:36 - 00020136 ____A C:\Windows\PFRO.log
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:44 - 2011-10-05 10:17 - 00147336 ____A C:\Users\Morisoli\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 19:39 - 2009-07-13 20:45 - 00504968 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-19 19:38 - 2012-07-19 19:37 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:38 - 2012-07-18 21:28 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-19 19:30 - 2011-10-24 13:45 - 00796216 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:18 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-18 21:02 - 2012-04-07 16:33 - 18932287 ____A C:\service.log
    2012-07-18 18:06 - 2012-07-09 01:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-17 17:30 - 2012-04-07 16:35 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-07-17 17:17 - 2012-07-17 17:16 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:16 - 2012-07-17 17:13 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-12 09:56 - 2012-06-01 07:23 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-12 09:56 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-12 08:34 - 2012-04-12 14:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 08:34 - 2011-09-23 05:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 17:29 - 2012-07-11 17:28 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-11 00:01 - 2011-10-24 17:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:41 - 2012-07-08 12:39 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-03 16:30 - 2012-07-03 16:28 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 10:46 - 2012-07-19 20:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 14:55 - 2012-07-02 14:53 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:43 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 17:39 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 12:29 - 2012-07-01 11:51 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-04-18 22:03 - 00348353 ____A C:\Windows\DirectX.log
    2012-06-29 18:12 - 2012-06-29 18:10 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-11 19:08 - 2012-07-11 00:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-10-25 18:05 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-10-25 18:04 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2011-10-25 17:55 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-10-25 17:46 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-10-25 17:20 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 21:43 - 2012-07-10 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 02:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-19 02:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-19 02:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-10 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 20:06 - 2012-06-01 20:06 - 00735889 ____A C:\Users\Morisoli\Downloads\pbsetup.zip
    2012-06-01 07:20 - 2012-06-01 07:20 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-31 10:07 - 2012-05-31 10:07 - 03591333 ____A C:\Users\Morisoli\Downloads\BlueEye1-0.wmz
    2012-05-31 10:02 - 2012-05-31 10:02 - 00907673 ____A C:\Users\Morisoli\Downloads\X-FHLWMP1-0.wmz
    2012-05-31 09:25 - 2011-09-22 16:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-19 08:04 - 2012-05-19 08:04 - 03857920 ____A C:\Users\Morisoli\Downloads\hamachi.msi
    2012-05-17 05:34 - 2012-05-17 05:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Morisoli\Downloads\12-4_vista_win7_64_dd_ccc.exe
    2012-05-16 17:50 - 2012-05-16 17:48 - 32288896 ____A (Blizzard Entertainment) C:\Users\Morisoli\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-15 17:25 - 2012-05-15 17:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-14 20:01 - 2012-06-12 12:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-12 12:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-12 12:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-12 12:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-13 18:40 - 2012-05-13 18:40 - 00001231 ____A C:\Users\Morisoli\Desktop\TeamSpeak 3 Client.lnk
    2012-05-13 16:52 - 2012-05-13 16:46 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Morisoli\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
    2012-05-11 16:01 - 2012-05-11 16:01 - 00002109 ____A C:\Users\Morisoli\Desktop\Deckadance.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\UpdatusUser\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Cindy\Desktop\FL Studio 10.lnk
    2012-05-11 14:29 - 2012-05-11 14:29 - 00428657 ____A C:\Users\Morisoli\Downloads\FruityLoops_download.exe
    2012-05-09 18:25 - 2012-05-09 18:25 - 00000924 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-09 18:19 - 2012-05-09 18:19 - 01606656 ____A C:\Users\Morisoli\Downloads\SteamInstall.msi
    2012-05-09 14:34 - 2012-05-09 14:31 - 00009950 ____A C:\Windows\System32\RaCoInst.log
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:19 - 01136022 ____A C:\Windows\SetPointII_000.log
    2012-05-09 14:20 - 2012-05-09 14:19 - 00003762 ____A C:\Windows\LDPINST.LOG
    2012-05-04 03:06 - 2012-06-12 12:56 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-12 12:56 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 19:01 - 2012-04-30 19:01 - 04135696 ____A C:\Users\Morisoli\Downloads\ventrilo-3.0.8-Windows-x64.exe
    2012-04-30 19:01 - 2012-04-30 19:01 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-04-29 18:46 - 2012-04-29 18:41 - 00000369 ____A C:\Users\Morisoli\Documents\practice.html
    2012-04-28 19:26 - 2012-04-28 19:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-28 19:26 - 2012-04-28 19:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-28 19:25 - 2012-04-28 19:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Morisoli\Downloads\jxpiinstall.exe
    2012-04-28 16:18 - 2012-04-28 16:18 - 00002379 ____A C:\Users\Morisoli\Documents\MumbleAutomaticCertificateBackup.p12
    2012-04-28 16:14 - 2012-04-28 16:14 - 17904640 ____A C:\Users\Morisoli\Downloads\mumble-1.2.3a.msi
    2012-04-27 19:55 - 2012-06-12 12:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 16:48 - 2011-12-23 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-04-25 21:41 - 2012-06-12 12:56 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 12:56 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 12:56 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-12 12:56 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 12:56 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 12:56 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 12:56 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 12:56 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 12:56 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ZeroAccess:
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L\00000004.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\00000004.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\00000008.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\000000cb.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\80000032.@

    ZeroAccess:
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\@
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4093.55 MB
    Available physical RAM: 3451.82 MB
    Total Pagefile: 4091.7 MB
    Available Pagefile: 3441.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:585.27 GB) NTFS
    2 Drive e: (SIMPLY_GUITAR_NTSCV2) (CDROM) (Total:3.71 GB) (Free:0 GB) UDF
    3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 488 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 01:31

    ======================= End Of Log ==========================
    Jesterical, Jul 20, 2012
    #5

  6. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
    Jay Pfoutz, Jul 21, 2012
    #6
     

  7. Jesterical Newcomer, in training Posts: 21

    Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 2012-07-21 12:12:40
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows.old\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
    Jesterical, Jul 21, 2012
    #7

  8. Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
    Jay Pfoutz, Jul 22, 2012
    #8

  9. Jesterical Newcomer, in training Posts: 21

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
    Ran by SYSTEM at 2012-07-22 18:50:19 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f} moved successfully.
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
    Jesterical, Jul 22, 2012
    #9

  10. Jay Pfoutz Malware Helper Posts: 4,286   +49

    The computer should be able to boot normally. If not, let me know. Do not try the step below, if the computer reboots often...

    ComboFix

    Please download ComboFix[IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
    Jay Pfoutz, Jul 23, 2012
    #10

  11. Jesterical Newcomer, in training Posts: 21

    I am no longer receiving pop up messages for blocked sites on Malwarebytes as well as ESET was detecting a new strain of the Trojan every second. That has stopped. The computer started up fine but I do have to do constant restarts on this computer so I will take your advice and not do combo fix.

    EDIT: I ran a scan on my ESET and within seconds it found 3 infiltrations, all of which are variants of the Sirefef.
    Jesterical, Jul 23, 2012
    #11

  12. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please post a new log from FRST and the addition scan to search for services.exe just in case.
    Jay Pfoutz, Jul 23, 2012
    #12

  13. Jesterical Newcomer, in training Posts: 21

    FRST scan =

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 25-07-2012 11:44:37
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
    HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
    HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
    HKU\Morisoli\...\Run: [{E444EA44-901C-F84C-01BD-2680A0973F75}] C:\Users\Morisoli\AppData\Roaming\Imdeiq\heak.exe [x]
    HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
    Startup: C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe ()
    Startup: C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe ()
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe ()

    ==================== Services (Whitelisted) ======

    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
    2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
    3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
    1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-23 18:18 - 2012-07-23 18:41 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Vaxa
    2012-07-23 15:07 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
    2012-07-23 10:39 - 2012-07-23 10:39 - 00002036 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2012-07-23 10:39 - 2012-07-23 10:39 - 00000000 ____D C:\Program Files\Microsoft LifeCam
    2012-07-23 10:39 - 2012-07-23 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
    2012-07-21 01:20 - 2012-07-21 01:20 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-20 08:21 - 2012-07-20 11:36 - 00000000 ____D C:\FRST
    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:56 - 2012-07-25 08:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-09 01:56 - 2012-07-24 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:39 - 2012-07-08 12:41 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Skype Voice Records
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Clownfish Avatars
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-07-03 16:30 - 2012-07-20 14:01 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-03 16:30 - 2012-07-20 14:01 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2012-07-03 16:28 - 2012-07-03 16:30 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 15:39 - 2012-07-13 07:39 - 00000000 ___RD C:\Users\Morisoli\Desktop\Games
    2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 14:57 - 2012-07-02 15:10 - 00000000 ____D C:\Program Files (x86)\StepMania 5
    2012-07-02 14:53 - 2012-07-02 14:55 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:44 - 00000000 ____D C:\Program Files\CoreFTP
    2012-07-02 10:43 - 2012-07-02 10:44 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:22 - 2012-07-02 14:14 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00000000 ____D C:\Users\Morisoli\Documents\Heroes of Newerth
    2012-07-01 15:15 - 2012-07-01 15:52 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
    2012-07-01 11:51 - 2012-07-01 12:29 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-06-30 08:29 - 00000000 ____D C:\Users\Morisoli\AppData\Local\THQ
    2012-06-29 18:35 - 2012-06-29 18:35 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Macromedia
    2012-06-29 18:13 - 2012-06-29 18:13 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:13 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:12 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-29 18:10 - 2012-06-29 18:12 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:07 - 2012-07-09 01:56 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Google
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 17:03 - 2012-07-11 19:55 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\.minecraft
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-27 12:04 - 2012-06-27 12:04 - 00000000 ____D C:\Users\Morisoli\Documents\Wizards of the Coast
    2012-06-25 18:50 - 2012-06-25 18:52 - 00000000 ____D C:\Program Files (x86)\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\Morisoli\Documents\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\All Users\TamoSoft
    2012-06-25 18:46 - 2012-07-17 17:32 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-06-25 18:46 - 2012-06-25 18:46 - 00000000 ____D C:\Users\Morisoli\AppData\Local\blekkotb_031
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll


    ============ 3 Months Modified Files ========================

    2012-07-25 08:33 - 2012-04-12 14:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-25 08:06 - 2012-07-09 01:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-24 18:06 - 2012-07-09 01:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-24 16:49 - 2011-09-22 18:50 - 01205374 ____A C:\Windows\WindowsUpdate.log
    2012-07-23 15:12 - 2009-07-13 21:13 - 00796042 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-23 15:11 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 15:11 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 15:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-23 15:06 - 2009-07-13 20:51 - 00037442 ____A C:\Windows\setupact.log
    2012-07-23 15:05 - 2011-10-24 17:36 - 00020470 ____A C:\Windows\PFRO.log
    2012-07-23 10:39 - 2012-07-23 10:39 - 00002036 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2012-07-20 14:01 - 2012-07-03 16:30 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:44 - 2011-10-05 10:17 - 00147336 ____A C:\Users\Morisoli\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 19:39 - 2009-07-13 20:45 - 00504968 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-19 19:38 - 2012-07-19 19:37 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:38 - 2012-07-18 21:28 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-19 19:30 - 2011-10-24 13:45 - 00796216 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:18 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-18 21:02 - 2012-04-07 16:33 - 18932287 ____A C:\service.log
    2012-07-17 17:30 - 2012-04-07 16:35 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-07-17 17:17 - 2012-07-17 17:16 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:16 - 2012-07-17 17:13 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-12 09:56 - 2012-06-01 07:23 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-12 09:56 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-12 08:34 - 2012-04-12 14:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 08:34 - 2011-09-23 05:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 17:29 - 2012-07-11 17:28 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-11 00:01 - 2011-10-24 17:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:41 - 2012-07-08 12:39 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-03 16:30 - 2012-07-03 16:28 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 10:46 - 2012-07-19 20:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 14:55 - 2012-07-02 14:53 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:43 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 17:39 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 12:29 - 2012-07-01 11:51 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-04-18 22:03 - 00348353 ____A C:\Windows\DirectX.log
    2012-06-29 18:12 - 2012-06-29 18:10 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-11 19:08 - 2012-07-11 00:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-10-25 18:05 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-10-25 18:04 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2011-10-25 17:55 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-10-25 17:46 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-10-25 17:20 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 21:43 - 2012-07-10 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 02:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-19 02:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-19 02:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-10 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 20:06 - 2012-06-01 20:06 - 00735889 ____A C:\Users\Morisoli\Downloads\pbsetup.zip
    2012-06-01 07:20 - 2012-06-01 07:20 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-31 10:07 - 2012-05-31 10:07 - 03591333 ____A C:\Users\Morisoli\Downloads\BlueEye1-0.wmz
    2012-05-31 10:02 - 2012-05-31 10:02 - 00907673 ____A C:\Users\Morisoli\Downloads\X-FHLWMP1-0.wmz
    2012-05-31 09:25 - 2011-09-22 16:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-19 08:04 - 2012-05-19 08:04 - 03857920 ____A C:\Users\Morisoli\Downloads\hamachi.msi
    2012-05-17 05:34 - 2012-05-17 05:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Morisoli\Downloads\12-4_vista_win7_64_dd_ccc.exe
    2012-05-16 17:50 - 2012-05-16 17:48 - 32288896 ____A (Blizzard Entertainment) C:\Users\Morisoli\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-15 17:25 - 2012-05-15 17:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-14 20:01 - 2012-06-12 12:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-12 12:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-12 12:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-12 12:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-13 18:40 - 2012-05-13 18:40 - 00001231 ____A C:\Users\Morisoli\Desktop\TeamSpeak 3 Client.lnk
    2012-05-13 16:52 - 2012-05-13 16:46 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Morisoli\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
    2012-05-11 16:01 - 2012-05-11 16:01 - 00002109 ____A C:\Users\Morisoli\Desktop\Deckadance.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\UpdatusUser\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Cindy\Desktop\FL Studio 10.lnk
    2012-05-11 14:29 - 2012-05-11 14:29 - 00428657 ____A C:\Users\Morisoli\Downloads\FruityLoops_download.exe
    2012-05-09 18:25 - 2012-05-09 18:25 - 00000924 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-09 18:19 - 2012-05-09 18:19 - 01606656 ____A C:\Users\Morisoli\Downloads\SteamInstall.msi
    2012-05-09 14:34 - 2012-05-09 14:31 - 00009950 ____A C:\Windows\System32\RaCoInst.log
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:19 - 01136022 ____A C:\Windows\SetPointII_000.log
    2012-05-09 14:20 - 2012-05-09 14:19 - 00003762 ____A C:\Windows\LDPINST.LOG
    2012-05-04 03:06 - 2012-06-12 12:56 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-12 12:56 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 19:01 - 2012-04-30 19:01 - 04135696 ____A C:\Users\Morisoli\Downloads\ventrilo-3.0.8-Windows-x64.exe
    2012-04-30 19:01 - 2012-04-30 19:01 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-04-29 18:46 - 2012-04-29 18:41 - 00000369 ____A C:\Users\Morisoli\Documents\practice.html
    2012-04-28 19:26 - 2012-04-28 19:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-28 19:26 - 2012-04-28 19:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-28 19:25 - 2012-04-28 19:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Morisoli\Downloads\jxpiinstall.exe
    2012-04-28 16:18 - 2012-04-28 16:18 - 00002379 ____A C:\Users\Morisoli\Documents\MumbleAutomaticCertificateBackup.p12
    2012-04-28 16:14 - 2012-04-28 16:14 - 17904640 ____A C:\Users\Morisoli\Downloads\mumble-1.2.3a.msi
    2012-04-27 19:55 - 2012-06-12 12:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 16:48 - 2011-12-23 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

    Possible MBR infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4093.55 MB
    Available physical RAM: 3448.63 MB
    Total Pagefile: 4091.7 MB
    Available Pagefile: 3437.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:582.45 GB) NTFS
    2 Drive e: (LifeCam_3_5) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
    3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 488 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 01:31

    ======================= End Of Log ==========================








    Search.txt =

    Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 2012-07-25 11:45:46
    Running from F:\

    ================== Search: "sevices.exe" ===================

    ====== End Of Search ======
    Jesterical, Jul 25, 2012
    #13

  14. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Was supposed to be services.exe. But, no biggie.

    Let's do this...

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
    Jay Pfoutz, Jul 26, 2012
    #14

  15. Jesterical Newcomer, in training Posts: 21

    Woops, missed the r...Q_Q.

    Here's the fix log. I will run scans for traces in just a moment.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
    Ran by SYSTEM at 2012-07-27 11:33:46 Run:2
    Running from F:\

    ==============================================


    ========= bootrec /FixMBR =========

    ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

    ========= End of CMD: =========

    HKEY_USERS\Morisoli\Software\Microsoft\Windows\CurrentVersion\Run\\{E444EA44-901C-F84C-01BD-2680A0973F75} Value deleted successfully.

    ========================= Folder: C:\Users\Morisoli\AppData\Roaming\Imdeiq ========================


    ====== End of Folder: ======
    C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe moved successfully.
    C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe moved successfully.
    C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe not found.
    C:\Windows\svchost.exe moved successfully.
    C:\Users\Morisoli\Downloads\9gpxx0yy.exe moved successfully.

    ==== End of Fixlog ====
    Jesterical, Jul 27, 2012
    #15

  16. Jesterical Newcomer, in training Posts: 21

    I am already detecting a number of infections on my computer. Some were trojans which have been quarantined properly by ESET. It is now recognizing Microsoft Silverlight as a possible infection though.
    Jesterical, Jul 27, 2012
    #16

  17. Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
    Jay Pfoutz, Jul 28, 2012
    #17

  18. Jesterical Newcomer, in training Posts: 21

    You mentioned renaming combofix before the download. I was not given an option to do that in the DL process.
    Jesterical, Jul 28, 2012
    #18

  19. Jesterical Newcomer, in training Posts: 21

    I have run the combo fix in normal and safe mode as well as tried renaming it and doing the same thing. It continually gets to stage 6 and then my computer shuts itself off and no log is created.
    Jesterical, Jul 28, 2012
    #19

  20. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scan for malware

    [IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
    Jay Pfoutz, Jul 29, 2012
    #20
Page 1 of 2

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.