Sirefef trojans... ugh

Inactive
By Jesterical
Jul 20, 2012
  1. Hello, I was wondering if you could possibly help me with detaching all parts of this virus from my computer. I've read your 5 step instruction guide as well as your T.O.S. so here goes. I've been infected originally with a Trojan injector going by the identification of ScrInject.B.Gen. I am running ESET Nod 32. Since then it has been hit or miss whether or not my computer could clean the oncoming horde of variations that this trojan created. I'm getting reports of

    -Sirefef.AE
    -Sirefef.AN
    -Patched.B.Gen
    -Agent.BA
    -Sirefef.AD
    -Sirefef.EZ
    -Olmarik.TDL4
    -Olmarik.AK
    -Olmarik.AYL
    -Olmarik.AH
    -Olmarik.AK
    -Olmarik.AFK

    I didn't get any report from GMER so the following will be my mwb and dds logs.


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.20.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514

    Protection: Enabled

    7/19/2012 11:30:15 PM
    mbam-log-2012-07-19 (23-30-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229865
    Time elapsed: 3 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

    =================================================================


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Morisoli at 9:19:02 on 2012-07-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2069 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&tbp=homepage
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [<NO NAME>]
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{1F177412-7B9A-468F-9D3D-D3D377EE0624} : DhcpNameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{628E18C3-E348-4825-96E1-8B587D1A7135} : DhcpNameServer = 208.180.42.100 208.180.42.68
    TCP: Interfaces\{628E18C3-E348-4825-96E1-8B587D1A7135}\D4F6279637F6C6960275962756C6563737 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7BB8E6F1-577D-4A0A-9FC8-DD2D33344520} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8E95BB16-2DB2-41F9-8927-C60DB3BDBB43} : DhcpNameServer = 208.180.42.100 208.180.42.68
    TCP: Interfaces\{8E95BB16-2DB2-41F9-8927-C60DB3BDBB43}\C696E6B6379737 : DhcpNameServer = 208.180.42.100 208.180.42.68
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [(Default)]
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\
    FF - prefs.js: browser.search.selectedEngine - Blekko
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Morisoli\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
    FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 TsVp;TsVp;C:\Windows\system32\DRIVERS\tsvp.sys --> C:\Windows\system32\DRIVERS\tsvp.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-22 2214504]
    R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2011-11-21 377088]
    R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2011-11-21 455424]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
    S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
    S3 CV2K1;CommView Network Monitor;C:\Windows\system32\DRIVERS\cv2k1.sys --> C:\Windows\system32\DRIVERS\cv2k1.sys [?]
    S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsVlb;TsVlb;C:\Windows\system32\DRIVERS\tsvlb.sys --> C:\Windows\system32\DRIVERS\tsvlb.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-20 04:29:22 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-20 04:29:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-20 04:29:16 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-20 04:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-20 03:30:14 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
    2012-07-20 03:28:53 303616 ----a-w- C:\SetACL.exe
    2012-07-20 03:02:30 290304 ----a-w- C:\subinacl.exe
    2012-07-19 05:28:21 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
    2012-07-19 05:24:19 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
    2012-07-19 05:19:04 -------- d-----w- C:\ProgramData\HitmanPro
    2012-07-18 01:28:41 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-17 10:40:52 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5C40441-EFA1-48D5-89D1-55F861E48F86}\mpengine.dll
    2012-07-12 01:30:14 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-07-12 01:29:25 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 08:03:33 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-05 16:04:50 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-07-04 00:30:46 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2012-07-02 22:59:21 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 22:57:00 -------- d-----w- C:\Program Files (x86)\StepMania 5
    2012-07-02 18:44:27 -------- d-----w- C:\Program Files\CoreFTP
    2012-07-02 18:22:53 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-01 23:15:39 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
    2012-06-30 16:29:29 -------- d-----w- C:\Users\Morisoli\AppData\Local\THQ
    2012-06-30 02:35:31 -------- d-----w- C:\Users\Morisoli\AppData\Local\Macromedia
    2012-06-30 02:13:03 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\TuneUp Software
    2012-06-30 02:12:21 -------- d-----w- C:\ProgramData\TuneUp Software
    2012-06-30 02:12:14 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-30 02:07:01 -------- d-----w- C:\Users\Morisoli\AppData\Local\Google
    2012-06-29 01:03:07 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\.minecraft
    2012-06-26 02:50:53 -------- d-----w- C:\ProgramData\TamoSoft
    2012-06-26 02:50:44 -------- d-----w- C:\Program Files (x86)\CommView
    2012-06-26 02:46:31 -------- d-----w- C:\ProgramData\blekko toolbars
    2012-06-26 02:46:22 -------- d-----w- C:\Users\Morisoli\AppData\Local\blekkotb_031
    2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
    .
    ==================== Find3M ====================
    .
    2012-07-18 01:30:14 25640 ----a-w- C:\Windows\gdrv.sys
    2012-07-12 17:56:02 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-12 17:56:02 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-12 16:34:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 16:34:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-02 01:39:34 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-06-11 18:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-06-11 18:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-06-11 18:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-06-11 18:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-06-11 18:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-06-11 18:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-06-11 18:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
    2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-06-01 15:20:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-16 01:25:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-05-16 01:25:11 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-05-16 01:25:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-05-16 01:25:11 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-29 03:26:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 9:19:29.96 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/22/2011 7:05:49 PM
    System Uptime: 7/19/2012 11:34:46 PM (10 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3
    Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 585.494 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
    Service:
    .
    ==== System Restore Points ===================
    .
    RP150: 7/11/2012 3:00:20 AM - Windows Update
    RP151: 7/17/2012 5:40:05 AM - Windows Update
    RP152: 7/17/2012 8:33:37 PM - Removed Fantapper Player
    RP153: 7/17/2012 8:34:52 PM - Removed Fantapper Player
    RP154: 7/17/2012 8:35:43 PM - Removed Fantapper Updater
    RP155: 7/17/2012 8:37:21 PM - Removed EasySaver B9.1214.1
    RP156: 7/19/2012 10:01:54 PM - Tweaking.com - Windows Repair
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    AMD VISION Engine Control Center
    APB Reloaded
    ASIO4ALL
    Browser Configuration Utility
    Business Contact Manager for Outlook 2007 SP2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CommView
    Core FTP LE (x64)
    Coupon Printer for Windows
    Deckadance
    Diablo III
    DiRT 3
    Dota 2
    erLT
    FL Studio 10
    Google Talk Plugin
    Heroes of Newerth
    HP Deskjet 3050 J610 series Help
    HP Photo Creations
    HP Update
    HydraVision
    IL Download Manager
    iSEEK AnswerWorks English Runtime
    Java Auto Updater
    Java(TM) 6 Update 31
    League of Legends
    Left 4 Dead 2
    Magic: The Gathering — Duels of the Planeswalkers 2012
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2008
    Microsoft Office Accounting 2008 Equifax Addin
    Microsoft Office Accounting 2008 Fixed Asset Manager
    Microsoft Office Accounting 2008 PayPal Addin
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoHelper 2.0.51 Driver 5.1.0
    MotoHelper MergeModules
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Mumble 1.2.3
    NETGEAR WNDA4100
    NETGEAR WNDA4100 Genie
    NVIDIA PhysX
    OpenAL
    Pando Media Booster
    PunkBuster Services
    Quicken 2012
    QuickTime
    Rainmeter
    Rapture3D 2.4.8 Game
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Steam
    StepMania v5.0 alpha 2 (remove only)
    Team Fortress 2
    TeamSpeak 3 Client
    TERA
    Total War: SHOGUN 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Warhammer 40,000 Space Marine
    Warhammer® 40,000™: Dawn of War® II
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
    Warhammer® 40,000™: Dawn of War® II – Retribution™
    World of Warcraft
    XSplit
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/19/2012 11:35:03 PM, Error: Service Control Manager [7000] -
    7/17/2012 8:17:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff8000328a442). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-20077-01.
    7/17/2012 8:13:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003300405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-19578-01.
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  3. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    undefinedScan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 20-07-2012 11:36:42
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
    HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
    HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

    ==================== Services (Whitelisted) ======

    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
    2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
    3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
    1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:56 - 2012-07-20 08:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-09 01:56 - 2012-07-18 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    There are parts missing from the log. Please try again. I will need a full log for best analysis.
  5. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 20-07-2012 14:46:21
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
    HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
    HKU\Morisoli\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-10-25] (AMD)
    HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

    ==================== Services (Whitelisted) ======

    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
    2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
    3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
    1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:56 - 2012-07-20 11:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-09 01:56 - 2012-07-18 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:39 - 2012-07-08 12:41 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Skype Voice Records
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Clownfish Avatars
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-07-03 16:30 - 2012-07-20 07:04 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-03 16:30 - 2012-07-20 07:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2012-07-03 16:28 - 2012-07-03 16:30 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 15:39 - 2012-07-13 07:39 - 00000000 ___RD C:\Users\Morisoli\Desktop\Games
    2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 14:57 - 2012-07-02 15:10 - 00000000 ____D C:\Program Files (x86)\StepMania 5
    2012-07-02 14:53 - 2012-07-02 14:55 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:44 - 00000000 ____D C:\Program Files\CoreFTP
    2012-07-02 10:43 - 2012-07-02 10:44 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:22 - 2012-07-02 14:14 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00000000 ____D C:\Users\Morisoli\Documents\Heroes of Newerth
    2012-07-01 15:15 - 2012-07-01 15:52 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
    2012-07-01 11:51 - 2012-07-01 12:29 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-06-30 08:29 - 00000000 ____D C:\Users\Morisoli\AppData\Local\THQ
    2012-06-29 18:35 - 2012-06-29 18:35 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Macromedia
    2012-06-29 18:13 - 2012-06-29 18:13 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:13 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:12 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-29 18:10 - 2012-06-29 18:12 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:07 - 2012-07-09 01:56 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Google
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 17:03 - 2012-07-11 19:55 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\.minecraft
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-27 12:04 - 2012-06-27 12:04 - 00000000 ____D C:\Users\Morisoli\Documents\Wizards of the Coast
    2012-06-25 18:50 - 2012-06-25 18:52 - 00000000 ____D C:\Program Files (x86)\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\Morisoli\Documents\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\All Users\TamoSoft
    2012-06-25 18:46 - 2012-07-17 17:32 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-06-25 18:46 - 2012-06-25 18:46 - 00000000 ____D C:\Users\Morisoli\AppData\Local\blekkotb_031
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll


    ============ 3 Months Modified Files ========================

    2012-07-20 11:44 - 2011-09-22 18:50 - 01147780 ____A C:\Windows\WindowsUpdate.log
    2012-07-20 11:33 - 2012-04-12 14:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-20 11:06 - 2012-07-09 01:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-20 08:45 - 2009-07-13 21:13 - 00796216 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-20 08:43 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-20 08:43 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-20 08:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-20 08:38 - 2009-07-13 20:51 - 00036732 ____A C:\Windows\setupact.log
    2012-07-20 07:04 - 2012-07-03 16:30 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:34 - 2011-10-24 17:36 - 00020136 ____A C:\Windows\PFRO.log
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:44 - 2011-10-05 10:17 - 00147336 ____A C:\Users\Morisoli\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 19:39 - 2009-07-13 20:45 - 00504968 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-19 19:38 - 2012-07-19 19:37 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:38 - 2012-07-18 21:28 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-19 19:30 - 2011-10-24 13:45 - 00796216 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:18 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-18 21:02 - 2012-04-07 16:33 - 18932287 ____A C:\service.log
    2012-07-18 18:06 - 2012-07-09 01:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-17 17:30 - 2012-04-07 16:35 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-07-17 17:17 - 2012-07-17 17:16 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:16 - 2012-07-17 17:13 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-12 09:56 - 2012-06-01 07:23 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-12 09:56 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-12 08:34 - 2012-04-12 14:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 08:34 - 2011-09-23 05:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 17:29 - 2012-07-11 17:28 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-11 00:01 - 2011-10-24 17:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:41 - 2012-07-08 12:39 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-03 16:30 - 2012-07-03 16:28 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 10:46 - 2012-07-19 20:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 14:55 - 2012-07-02 14:53 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:43 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 17:39 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 12:29 - 2012-07-01 11:51 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-04-18 22:03 - 00348353 ____A C:\Windows\DirectX.log
    2012-06-29 18:12 - 2012-06-29 18:10 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-11 19:08 - 2012-07-11 00:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-10-25 18:05 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-10-25 18:04 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2011-10-25 17:55 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-10-25 17:46 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-10-25 17:20 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 21:43 - 2012-07-10 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 02:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-19 02:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-19 02:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-10 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 20:06 - 2012-06-01 20:06 - 00735889 ____A C:\Users\Morisoli\Downloads\pbsetup.zip
    2012-06-01 07:20 - 2012-06-01 07:20 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-31 10:07 - 2012-05-31 10:07 - 03591333 ____A C:\Users\Morisoli\Downloads\BlueEye1-0.wmz
    2012-05-31 10:02 - 2012-05-31 10:02 - 00907673 ____A C:\Users\Morisoli\Downloads\X-FHLWMP1-0.wmz
    2012-05-31 09:25 - 2011-09-22 16:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-19 08:04 - 2012-05-19 08:04 - 03857920 ____A C:\Users\Morisoli\Downloads\hamachi.msi
    2012-05-17 05:34 - 2012-05-17 05:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Morisoli\Downloads\12-4_vista_win7_64_dd_ccc.exe
    2012-05-16 17:50 - 2012-05-16 17:48 - 32288896 ____A (Blizzard Entertainment) C:\Users\Morisoli\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-15 17:25 - 2012-05-15 17:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-14 20:01 - 2012-06-12 12:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-12 12:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-12 12:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-12 12:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-13 18:40 - 2012-05-13 18:40 - 00001231 ____A C:\Users\Morisoli\Desktop\TeamSpeak 3 Client.lnk
    2012-05-13 16:52 - 2012-05-13 16:46 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Morisoli\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
    2012-05-11 16:01 - 2012-05-11 16:01 - 00002109 ____A C:\Users\Morisoli\Desktop\Deckadance.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\UpdatusUser\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Cindy\Desktop\FL Studio 10.lnk
    2012-05-11 14:29 - 2012-05-11 14:29 - 00428657 ____A C:\Users\Morisoli\Downloads\FruityLoops_download.exe
    2012-05-09 18:25 - 2012-05-09 18:25 - 00000924 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-09 18:19 - 2012-05-09 18:19 - 01606656 ____A C:\Users\Morisoli\Downloads\SteamInstall.msi
    2012-05-09 14:34 - 2012-05-09 14:31 - 00009950 ____A C:\Windows\System32\RaCoInst.log
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:19 - 01136022 ____A C:\Windows\SetPointII_000.log
    2012-05-09 14:20 - 2012-05-09 14:19 - 00003762 ____A C:\Windows\LDPINST.LOG
    2012-05-04 03:06 - 2012-06-12 12:56 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-12 12:56 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 19:01 - 2012-04-30 19:01 - 04135696 ____A C:\Users\Morisoli\Downloads\ventrilo-3.0.8-Windows-x64.exe
    2012-04-30 19:01 - 2012-04-30 19:01 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-04-29 18:46 - 2012-04-29 18:41 - 00000369 ____A C:\Users\Morisoli\Documents\practice.html
    2012-04-28 19:26 - 2012-04-28 19:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-28 19:26 - 2012-04-28 19:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-28 19:25 - 2012-04-28 19:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Morisoli\Downloads\jxpiinstall.exe
    2012-04-28 16:18 - 2012-04-28 16:18 - 00002379 ____A C:\Users\Morisoli\Documents\MumbleAutomaticCertificateBackup.p12
    2012-04-28 16:14 - 2012-04-28 16:14 - 17904640 ____A C:\Users\Morisoli\Downloads\mumble-1.2.3a.msi
    2012-04-27 19:55 - 2012-06-12 12:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 16:48 - 2011-12-23 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-04-25 21:41 - 2012-06-12 12:56 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 12:56 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 12:56 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-12 12:56 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 12:56 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 12:56 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 12:56 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 12:56 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 12:56 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ZeroAccess:
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L\00000004.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\00000004.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\00000008.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\000000cb.@
    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\80000032.@

    ZeroAccess:
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\@
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4093.55 MB
    Available physical RAM: 3451.82 MB
    Total Pagefile: 4091.7 MB
    Available Pagefile: 3441.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:585.27 GB) NTFS
    2 Drive e: (SIMPLY_GUITAR_NTSCV2) (CDROM) (Total:3.71 GB) (Free:0 GB) UDF
    3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 488 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 01:31

    ======================= End Of Log ==========================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
  7. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 2012-07-21 12:12:40
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows.old\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  9. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
    Ran by SYSTEM at 2012-07-22 18:50:19 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f} moved successfully.
    C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    The computer should be able to boot normally. If not, let me know. Do not try the step below, if the computer reboots often...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  11. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    I am no longer receiving pop up messages for blocked sites on Malwarebytes as well as ESET was detecting a new strain of the Trojan every second. That has stopped. The computer started up fine but I do have to do constant restarts on this computer so I will take your advice and not do combo fix.

    EDIT: I ran a scan on my ESET and within seconds it found 3 infiltrations, all of which are variants of the Sirefef.
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please post a new log from FRST and the addition scan to search for services.exe just in case.
  13. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    FRST scan =

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 25-07-2012 11:44:37
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
    HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
    HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
    HKU\Morisoli\...\Run: [{E444EA44-901C-F84C-01BD-2680A0973F75}] C:\Users\Morisoli\AppData\Roaming\Imdeiq\heak.exe [x]
    HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
    Startup: C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe ()
    Startup: C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe ()
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe ()

    ==================== Services (Whitelisted) ======

    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
    2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
    3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
    1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-23 18:18 - 2012-07-23 18:41 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Vaxa
    2012-07-23 15:07 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
    2012-07-23 10:39 - 2012-07-23 10:39 - 00002036 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2012-07-23 10:39 - 2012-07-23 10:39 - 00000000 ____D C:\Program Files\Microsoft LifeCam
    2012-07-23 10:39 - 2012-07-23 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
    2012-07-21 01:20 - 2012-07-21 01:20 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-20 08:21 - 2012-07-20 11:36 - 00000000 ____D C:\FRST
    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:56 - 2012-07-25 08:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-09 01:56 - 2012-07-24 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:39 - 2012-07-08 12:41 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Skype Voice Records
    2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Clownfish Avatars
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-07-03 16:30 - 2012-07-20 14:01 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-03 16:30 - 2012-07-20 14:01 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2012-07-03 16:28 - 2012-07-03 16:30 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 15:39 - 2012-07-13 07:39 - 00000000 ___RD C:\Users\Morisoli\Desktop\Games
    2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 14:57 - 2012-07-02 15:10 - 00000000 ____D C:\Program Files (x86)\StepMania 5
    2012-07-02 14:53 - 2012-07-02 14:55 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:44 - 00000000 ____D C:\Program Files\CoreFTP
    2012-07-02 10:43 - 2012-07-02 10:44 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:22 - 2012-07-02 14:14 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00000000 ____D C:\Users\Morisoli\Documents\Heroes of Newerth
    2012-07-01 15:15 - 2012-07-01 15:52 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
    2012-07-01 11:51 - 2012-07-01 12:29 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-06-30 08:29 - 00000000 ____D C:\Users\Morisoli\AppData\Local\THQ
    2012-06-29 18:35 - 2012-06-29 18:35 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Macromedia
    2012-06-29 18:13 - 2012-06-29 18:13 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:13 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-06-29 18:12 - 2012-06-29 18:12 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-29 18:10 - 2012-06-29 18:12 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:07 - 2012-07-09 01:56 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Google
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 17:03 - 2012-07-11 19:55 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\.minecraft
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-27 12:04 - 2012-06-27 12:04 - 00000000 ____D C:\Users\Morisoli\Documents\Wizards of the Coast
    2012-06-25 18:50 - 2012-06-25 18:52 - 00000000 ____D C:\Program Files (x86)\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\Morisoli\Documents\CommView
    2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\All Users\TamoSoft
    2012-06-25 18:46 - 2012-07-17 17:32 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-06-25 18:46 - 2012-06-25 18:46 - 00000000 ____D C:\Users\Morisoli\AppData\Local\blekkotb_031
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll


    ============ 3 Months Modified Files ========================

    2012-07-25 08:33 - 2012-04-12 14:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-25 08:06 - 2012-07-09 01:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    2012-07-24 18:06 - 2012-07-09 01:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    2012-07-24 16:49 - 2011-09-22 18:50 - 01205374 ____A C:\Windows\WindowsUpdate.log
    2012-07-23 15:12 - 2009-07-13 21:13 - 00796042 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-23 15:11 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 15:11 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 15:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-23 15:06 - 2009-07-13 20:51 - 00037442 ____A C:\Windows\setupact.log
    2012-07-23 15:05 - 2011-10-24 17:36 - 00020470 ____A C:\Windows\PFRO.log
    2012-07-23 10:39 - 2012-07-23 10:39 - 00002036 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2012-07-20 14:01 - 2012-07-03 16:30 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
    2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
    2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-19 19:44 - 2011-10-05 10:17 - 00147336 ____A C:\Users\Morisoli\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 19:39 - 2009-07-13 20:45 - 00504968 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-19 19:38 - 2012-07-19 19:37 - 00000042 ____A C:\repairs_running.dat
    2012-07-19 19:38 - 2012-07-18 21:28 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-07-19 19:30 - 2011-10-24 13:45 - 00796216 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
    2012-07-18 21:19 - 2012-07-18 21:18 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
    2012-07-18 21:02 - 2012-04-07 16:33 - 18932287 ____A C:\service.log
    2012-07-17 17:30 - 2012-04-07 16:35 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-07-17 17:17 - 2012-07-17 17:16 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
    2012-07-17 17:16 - 2012-07-17 17:13 - 416104481 ____A C:\Windows\MEMORY.DMP
    2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
    2012-07-12 09:56 - 2012-06-01 07:23 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-12 09:56 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-12 08:34 - 2012-04-12 14:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 08:34 - 2011-09-23 05:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 17:29 - 2012-07-11 17:28 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
    2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-11 00:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-11 00:01 - 2011-10-24 17:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
    2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
    2012-07-08 12:41 - 2012-07-08 12:39 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
    2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
    2012-07-03 16:30 - 2012-07-03 16:28 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
    2012-07-03 10:46 - 2012-07-19 20:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 14:55 - 2012-07-02 14:53 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
    2012-07-02 10:44 - 2012-07-02 10:43 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
    2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
    2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
    2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
    2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
    2012-07-01 17:39 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
    2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
    2012-07-01 12:29 - 2012-07-01 11:51 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
    2012-06-30 08:29 - 2012-04-18 22:03 - 00348353 ____A C:\Windows\DirectX.log
    2012-06-29 18:12 - 2012-06-29 18:10 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
    2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
    2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
    2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-11 19:08 - 2012-07-11 00:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-10-25 18:05 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-10-25 18:04 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2011-10-25 17:55 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-10-25 17:46 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:25 - 2011-10-25 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-10-25 17:20 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 21:43 - 2012-07-10 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 02:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 02:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 02:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-19 02:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-19 02:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-10 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 20:06 - 2012-06-01 20:06 - 00735889 ____A C:\Users\Morisoli\Downloads\pbsetup.zip
    2012-06-01 07:20 - 2012-06-01 07:20 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-31 10:07 - 2012-05-31 10:07 - 03591333 ____A C:\Users\Morisoli\Downloads\BlueEye1-0.wmz
    2012-05-31 10:02 - 2012-05-31 10:02 - 00907673 ____A C:\Users\Morisoli\Downloads\X-FHLWMP1-0.wmz
    2012-05-31 09:25 - 2011-09-22 16:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-19 08:04 - 2012-05-19 08:04 - 03857920 ____A C:\Users\Morisoli\Downloads\hamachi.msi
    2012-05-17 05:34 - 2012-05-17 05:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Morisoli\Downloads\12-4_vista_win7_64_dd_ccc.exe
    2012-05-16 17:50 - 2012-05-16 17:48 - 32288896 ____A (Blizzard Entertainment) C:\Users\Morisoli\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-15 17:25 - 2012-05-15 17:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-05-15 17:25 - 2012-05-15 17:25 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-14 20:01 - 2012-06-12 12:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-12 12:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-12 12:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-12 12:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-13 18:40 - 2012-05-13 18:40 - 00001231 ____A C:\Users\Morisoli\Desktop\TeamSpeak 3 Client.lnk
    2012-05-13 16:52 - 2012-05-13 16:46 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Morisoli\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
    2012-05-11 16:01 - 2012-05-11 16:01 - 00002109 ____A C:\Users\Morisoli\Desktop\Deckadance.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\UpdatusUser\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
    2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Cindy\Desktop\FL Studio 10.lnk
    2012-05-11 14:29 - 2012-05-11 14:29 - 00428657 ____A C:\Users\Morisoli\Downloads\FruityLoops_download.exe
    2012-05-09 18:25 - 2012-05-09 18:25 - 00000924 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-09 18:19 - 2012-05-09 18:19 - 01606656 ____A C:\Users\Morisoli\Downloads\SteamInstall.msi
    2012-05-09 14:34 - 2012-05-09 14:31 - 00009950 ____A C:\Windows\System32\RaCoInst.log
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2012-05-09 14:20 - 2012-05-09 14:19 - 01136022 ____A C:\Windows\SetPointII_000.log
    2012-05-09 14:20 - 2012-05-09 14:19 - 00003762 ____A C:\Windows\LDPINST.LOG
    2012-05-04 03:06 - 2012-06-12 12:56 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 12:56 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-12 12:56 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 19:01 - 2012-04-30 19:01 - 04135696 ____A C:\Users\Morisoli\Downloads\ventrilo-3.0.8-Windows-x64.exe
    2012-04-30 19:01 - 2012-04-30 19:01 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-04-29 18:46 - 2012-04-29 18:41 - 00000369 ____A C:\Users\Morisoli\Documents\practice.html
    2012-04-28 19:26 - 2012-04-28 19:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-28 19:26 - 2012-04-28 19:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-28 19:25 - 2012-04-28 19:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Morisoli\Downloads\jxpiinstall.exe
    2012-04-28 16:18 - 2012-04-28 16:18 - 00002379 ____A C:\Users\Morisoli\Documents\MumbleAutomaticCertificateBackup.p12
    2012-04-28 16:14 - 2012-04-28 16:14 - 17904640 ____A C:\Users\Morisoli\Downloads\mumble-1.2.3a.msi
    2012-04-27 19:55 - 2012-06-12 12:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 16:48 - 2011-12-23 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

    Possible MBR infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4093.55 MB
    Available physical RAM: 3448.63 MB
    Total Pagefile: 4091.7 MB
    Available Pagefile: 3437.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:582.45 GB) NTFS
    2 Drive e: (LifeCam_3_5) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
    3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 488 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 01:31

    ======================= End Of Log ==========================








    Search.txt =

    Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 2012-07-25 11:45:46
    Running from F:\

    ================== Search: "sevices.exe" ===================

    ====== End Of Search ======
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Was supposed to be services.exe. But, no biggie.

    Let's do this...

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  15. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    Woops, missed the r...Q_Q.

    Here's the fix log. I will run scans for traces in just a moment.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
    Ran by SYSTEM at 2012-07-27 11:33:46 Run:2
    Running from F:\

    ==============================================


    ========= bootrec /FixMBR =========

    ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

    ========= End of CMD: =========

    HKEY_USERS\Morisoli\Software\Microsoft\Windows\CurrentVersion\Run\\{E444EA44-901C-F84C-01BD-2680A0973F75} Value deleted successfully.

    ========================= Folder: C:\Users\Morisoli\AppData\Roaming\Imdeiq ========================


    ====== End of Folder: ======
    C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe moved successfully.
    C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe moved successfully.
    C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe not found.
    C:\Windows\svchost.exe moved successfully.
    C:\Users\Morisoli\Downloads\9gpxx0yy.exe moved successfully.

    ==== End of Fixlog ====
  16. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    I am already detecting a number of infections on my computer. Some were trojans which have been quarantined properly by ESET. It is now recognizing Microsoft Silverlight as a possible infection though.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  18. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    You mentioned renaming combofix before the download. I was not given an option to do that in the DL process.
  19. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    I have run the combo fix in normal and safe mode as well as tried renaming it and doing the same thing. It continually gets to stage 6 and then my computer shuts itself off and no log is created.
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
  21. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.30.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Morisoli :: MORISOLI-PC [administrator]

    Protection: Enabled

    7/30/2012 1:34:12 PM
    mbam-log-2012-07-30 (13-34-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233780
    Time elapsed: 3 minute(s), 43 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3496 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  23. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    ComboFix 12-07-30.03 - Morisoli 07/31/2012 15:00:38.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2097 [GMT -5:00]
    Running from: c:\users\Morisoli\Desktop\iexplorer.exe.exe
    Command switches used :: c:\users\Morisoli\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-31 20:11 . 2012-07-31 20:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-31 20:11 . 2012-07-31 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-31 20:11 . 2012-07-31 20:11 -------- d-----w- c:\users\Cindy\AppData\Local\temp
    2012-07-31 09:30 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ACD05F4-1094-455F-A987-8E11EDE2558D}\mpengine.dll
    2012-07-30 19:43 . 2012-07-30 19:43 -------- d-----w- c:\programdata\Nexon
    2012-07-26 20:08 . 2012-06-06 22:59 4328248 ----a-w- c:\windows\SysWow64\GameMon.des
    2012-07-26 20:08 . 2005-01-05 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
    2012-07-26 20:08 . 2003-07-21 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
    2012-07-26 20:07 . 2012-07-26 20:07 -------- d-----w- c:\program files\Common Files\INCA Shared
    2012-07-26 18:56 . 2012-07-26 18:56 -------- d-----w- C:\SG Interactive
    2012-07-24 02:18 . 2012-07-24 08:22 -------- d-----w- c:\users\Morisoli\AppData\Roaming\Imdeiq
    2012-07-24 02:18 . 2012-07-24 02:41 -------- d-----w- c:\users\Morisoli\AppData\Roaming\Vaxa
    2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files\Microsoft LifeCam
    2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
    2012-07-21 09:20 . 2012-07-21 09:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-20 16:21 . 2012-07-20 19:36 -------- d-----w- C:\FRST
    2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\users\Morisoli\AppData\Roaming\Malwarebytes
    2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-20 04:29 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-20 03:30 . 2012-07-20 03:30 -------- d-----w- c:\windows\SysWow64\wbem\Performance
    2012-07-20 03:28 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
    2012-07-20 03:02 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
    2012-07-19 05:28 . 2012-07-20 03:38 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2012-07-19 05:24 . 2012-07-19 05:24 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
    2012-07-19 05:19 . 2012-07-19 05:23 -------- d-----w- c:\programdata\HitmanPro
    2012-07-12 01:30 . 2012-07-12 01:30 -------- d-----w- c:\program files (x86)\uTorrent
    2012-07-12 01:29 . 2012-07-16 01:31 -------- d-----w- c:\users\Morisoli\AppData\Roaming\uTorrent
    2012-07-11 08:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-05 16:04 . 2012-07-05 16:04 -------- d-----w- c:\programdata\ATI
    2012-07-05 16:04 . 2012-07-05 16:04 -------- d-----w- c:\program files (x86)\AMD APP
    2012-07-04 00:30 . 2012-07-20 22:01 -------- d-----w- c:\program files (x86)\World of Warcraft
    2012-07-02 22:59 . 2012-07-02 22:59 -------- d-----w- c:\users\Morisoli\AppData\Roaming\StepMania 5
    2012-07-02 22:57 . 2012-07-02 23:10 -------- d-----w- c:\program files (x86)\StepMania 5
    2012-07-02 18:44 . 2012-07-02 18:44 -------- d-----w- c:\program files\CoreFTP
    2012-07-02 18:22 . 2012-07-02 22:14 -------- d-----w- c:\users\Morisoli\AppData\Roaming\CoreFTP
    2012-07-01 23:15 . 2012-07-01 23:52 -------- d-----w- c:\program files (x86)\Heroes of Newerth
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 11:33 . 2012-04-12 22:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 11:33 . 2011-09-23 13:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 01:30 . 2012-04-08 00:35 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-12 17:56 . 2012-06-01 15:23 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-12 17:56 . 2012-06-01 15:20 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-11 08:01 . 2011-10-25 01:40 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-02 01:39 . 2012-06-01 15:20 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-10-26 02:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-10-26 02:04 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2011-10-26 01:55 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-10-26 01:46 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-10-26 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2011-10-26 01:21 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-10-26 01:20 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-02 22:19 . 2012-06-19 10:08 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 10:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 10:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 10:08 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 10:08 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 10:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 10:08 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-19 10:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-19 10:07 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-01 15:20 . 2012-06-01 15:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-05-31 17:25 . 2011-09-23 00:12 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-16 04:38 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-05-16 04:38 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-05-16 01:25 . 2012-05-16 01:25 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-05-16 01:25 . 2012-05-16 01:25 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-05-16 01:25 . 2012-05-16 01:25 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-05-16 01:25 . 2012-05-16 01:25 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-05-15 04:01 . 2012-06-12 20:57 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-12 20:56 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-12 20:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-04 11:06 . 2012-06-12 20:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-12 20:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-12 20:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-10 1242448]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNDA4100 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE [2012-5-15 4980992]
    SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-03-23 1101600]
    R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-19 30496]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1255736]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 32872]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2011-11-21 455424]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-13 1675840]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:33]
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
    - c:\users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 09:56]
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
    - c:\users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 09:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&tbp=homepage
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
    FF - ProfilePath - c:\users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\
    FF - prefs.js: browser.search.selectedEngine - Blekko
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&q=
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SharedTaskScheduler-{F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\program files (x86)\Skype\Phone\Skype.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-31 17:01:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-31 22:01
    .
    Pre-Run: 619,966,717,952 bytes free
    Post-Run: 619,826,077,696 bytes free
    .
    - - End Of File - - 72325EBC3DE9744C411AAF6A36C110C8
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  25. Jesterical

    Jesterical Newcomer, in training Topic Starter Posts: 21

    [Here is the report in two posts]

    17:33:22.0001 7692 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    17:33:22.0504 7692 ============================================================
    17:33:22.0504 7692 Current date / time: 2012/08/01 17:33:22.0504
    17:33:22.0504 7692 SystemInfo:
    17:33:22.0504 7692
    17:33:22.0505 7692 OS Version: 6.1.7601 ServicePack: 1.0
    17:33:22.0505 7692 Product type: Workstation
    17:33:22.0505 7692 ComputerName: MORISOLI-PC
    17:33:22.0505 7692 UserName: Morisoli
    17:33:22.0505 7692 Windows directory: C:\Windows
    17:33:22.0505 7692 System windows directory: C:\Windows
    17:33:22.0505 7692 Running under WOW64
    17:33:22.0505 7692 Processor architecture: Intel x64
    17:33:22.0505 7692 Number of processors: 4
    17:33:22.0505 7692 Page size: 0x1000
    17:33:22.0506 7692 Boot type: Normal boot
    17:33:22.0506 7692 ============================================================
    17:33:23.0449 7692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    17:33:23.0465 7692 Drive \Device\Harddisk1\DR1 - Size: 0x1E900000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:33:23.0467 7692 ============================================================
    17:33:23.0467 7692 \Device\Harddisk0\DR0:
    17:33:23.0467 7692 MBR partitions:
    17:33:23.0467 7692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:33:23.0467 7692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    17:33:23.0467 7692 \Device\Harddisk1\DR1:
    17:33:23.0468 7692 MBR partitions:
    17:33:23.0468 7692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF46E0
    17:33:23.0468 7692 ============================================================
    17:33:23.0490 7692 C: <-> \Device\Harddisk0\DR0\Partition1
    17:33:23.0490 7692 ============================================================
    17:33:23.0490 7692 Initialize success
    17:33:23.0490 7692 ============================================================
    17:33:27.0289 7984 ============================================================
    17:33:27.0289 7984 Scan started
    17:33:27.0289 7984 Mode: Manual; SigCheck; TDLFS;
    17:33:27.0289 7984 ============================================================
    17:33:29.0048 7984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:33:29.0381 7984 1394ohci - ok
    17:33:29.0409 7984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:33:29.0427 7984 ACPI - ok
    17:33:29.0459 7984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:33:29.0512 7984 AcpiPmi - ok
    17:33:29.0596 7984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:33:29.0615 7984 AdobeARMservice - ok
    17:33:29.0824 7984 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:33:29.0838 7984 AdobeFlashPlayerUpdateSvc - ok
    17:33:29.0880 7984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:33:29.0905 7984 adp94xx - ok
    17:33:29.0929 7984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:33:29.0946 7984 adpahci - ok
    17:33:29.0961 7984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:33:29.0976 7984 adpu320 - ok
    17:33:30.0045 7984 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys
    17:33:30.0096 7984 AE1000 - ok
    17:33:30.0126 7984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:33:30.0252 7984 AeLookupSvc - ok
    17:33:30.0310 7984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:33:30.0384 7984 AFD - ok
    17:33:30.0397 7984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:33:30.0410 7984 agp440 - ok
    17:33:30.0428 7984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:33:30.0464 7984 ALG - ok
    17:33:30.0477 7984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:33:30.0489 7984 aliide - ok
    17:33:30.0540 7984 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
    17:33:30.0641 7984 AMD External Events Utility - ok
    17:33:30.0704 7984 AMD FUEL Service - ok
    17:33:30.0724 7984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:33:30.0736 7984 amdide - ok
    17:33:30.0758 7984 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    17:33:31.0360 7984 amdiox64 - ok
    17:33:31.0465 7984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:33:31.0545 7984 AmdK8 - ok
    17:33:31.0828 7984 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:33:32.0110 7984 amdkmdag - ok
    17:33:32.0387 7984 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
    17:33:32.0452 7984 amdkmdap - ok
    17:33:32.0479 7984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:33:32.0517 7984 AmdPPM - ok
    17:33:32.0546 7984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:33:32.0560 7984 amdsata - ok
    17:33:32.0581 7984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:33:32.0592 7984 amdsbs - ok
    17:33:32.0606 7984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:33:32.0614 7984 amdxata - ok
    17:33:32.0676 7984 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    17:33:32.0703 7984 AODDriver4.01 - ok
    17:33:32.0714 7984 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    17:33:32.0725 7984 AODDriver4.1 - ok
    17:33:32.0766 7984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:33:32.0890 7984 AppID - ok
    17:33:32.0915 7984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:33:32.0963 7984 AppIDSvc - ok
    17:33:32.0993 7984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:33:33.0017 7984 Appinfo - ok
    17:33:33.0038 7984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:33:33.0047 7984 arc - ok
    17:33:33.0057 7984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:33:33.0066 7984 arcsas - ok
    17:33:33.0069 7984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:33:33.0114 7984 AsyncMac - ok
    17:33:33.0124 7984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:33:33.0131 7984 atapi - ok
    17:33:33.0176 7984 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    17:33:33.0203 7984 AtiHDAudioService - ok
    17:33:33.0252 7984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:33:33.0361 7984 AudioEndpointBuilder - ok
    17:33:33.0368 7984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:33:33.0408 7984 AudioSrv - ok
    17:33:33.0434 7984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:33:33.0551 7984 AxInstSV - ok
    17:33:33.0607 7984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:33:33.0700 7984 b06bdrv - ok
    17:33:33.0734 7984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:33:33.0791 7984 b57nd60a - ok
    17:33:33.0924 7984 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    17:33:33.0951 7984 BcmSqlStartupSvc - ok
    17:33:34.0024 7984 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    17:33:34.0058 7984 BCUService - ok
    17:33:34.0091 7984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:33:34.0131 7984 BDESVC - ok
    17:33:34.0148 7984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:33:34.0210 7984 Beep - ok
    17:33:34.0253 7984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:33:34.0304 7984 BFE - ok
    17:33:34.0318 7984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:33:34.0327 7984 blbdrive - ok
    17:33:34.0404 7984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    17:33:34.0453 7984 Bonjour Service - ok
    17:33:34.0494 7984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:33:34.0532 7984 bowser - ok
    17:33:34.0540 7984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:33:34.0592 7984 BrFiltLo - ok
    17:33:34.0595 7984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:33:34.0609 7984 BrFiltUp - ok
    17:33:34.0614 7984 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    17:33:34.0666 7984 BridgeMP - ok
    17:33:34.0693 7984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:33:34.0728 7984 Browser - ok
    17:33:34.0739 7984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:33:34.0761 7984 Brserid - ok
    17:33:34.0764 7984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:33:34.0774 7984 BrSerWdm - ok
    17:33:34.0777 7984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:33:34.0787 7984 BrUsbMdm - ok
    17:33:34.0789 7984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:33:34.0805 7984 BrUsbSer - ok
    17:33:34.0819 7984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:33:34.0838 7984 BTHMODEM - ok
    17:33:34.0856 7984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:33:34.0894 7984 bthserv - ok
    17:33:34.0904 7984 catchme - ok
    17:33:34.0914 7984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:33:34.0957 7984 cdfs - ok
    17:33:34.0983 7984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:33:35.0014 7984 cdrom - ok
    17:33:35.0064 7984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:33:35.0117 7984 CertPropSvc - ok
    17:33:35.0134 7984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:33:35.0162 7984 circlass - ok
    17:33:35.0190 7984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:33:35.0202 7984 CLFS - ok
    17:33:35.0285 7984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:33:35.0326 7984 clr_optimization_v2.0.50727_32 - ok
    17:33:35.0396 7984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:33:35.0431 7984 clr_optimization_v2.0.50727_64 - ok
    17:33:35.0534 7984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:33:35.0582 7984 clr_optimization_v4.0.30319_32 - ok
    17:33:35.0607 7984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:33:35.0619 7984 clr_optimization_v4.0.30319_64 - ok
    17:33:35.0623 7984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:33:35.0651 7984 CmBatt - ok
    17:33:35.0665 7984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:33:35.0676 7984 cmdide - ok
    17:33:35.0723 7984 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    17:33:35.0755 7984 CNG - ok
    17:33:35.0765 7984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:33:35.0777 7984 Compbatt - ok
    17:33:35.0817 7984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:33:35.0847 7984 CompositeBus - ok
    17:33:35.0850 7984 COMSysApp - ok
    17:33:35.0868 7984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:33:35.0880 7984 crcdisk - ok
    17:33:35.0927 7984 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    17:33:36.0004 7984 CryptSvc - ok
    17:33:36.0044 7984 CV2K1 (2f0e9e92c30bdaeadcca577ff09743a8) C:\Windows\system32\DRIVERS\cv2k1.sys
    17:33:36.0067 7984 CV2K1 - ok
    17:33:36.0124 7984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:33:36.0203 7984 DcomLaunch - ok
    17:33:36.0243 7984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:33:36.0282 7984 defragsvc - ok
    17:33:36.0315 7984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:33:36.0366 7984 DfsC - ok
    17:33:36.0438 7984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:33:36.0519 7984 Dhcp - ok
    17:33:36.0529 7984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:33:36.0572 7984 discache - ok
    17:33:36.0585 7984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:33:36.0594 7984 Disk - ok
    17:33:36.0632 7984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:33:36.0659 7984 Dnscache - ok
    17:33:36.0700 7984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:33:36.0756 7984 dot3svc - ok
    17:33:36.0785 7984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:33:36.0815 7984 DPS - ok
    17:33:36.0853 7984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:33:36.0872 7984 drmkaud - ok
    17:33:36.0935 7984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:33:36.0965 7984 DXGKrnl - ok
    17:33:36.0973 7984 EagleX64 - ok
    17:33:37.0013 7984 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
    17:33:37.0044 7984 eamonm - ok
    17:33:37.0086 7984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:33:37.0148 7984 EapHost - ok
    17:33:37.0257 7984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:33:37.0369 7984 ebdrv - ok
    17:33:37.0568 7984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:33:37.0646 7984 EFS - ok
    17:33:37.0713 7984 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
    17:33:37.0742 7984 ehdrv - ok
    17:33:37.0817 7984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:33:37.0896 7984 ehRecvr - ok
    17:33:37.0936 7984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:33:37.0988 7984 ehSched - ok
    17:33:38.0110 7984 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    17:33:38.0181 7984 ekrn - ok
    17:33:38.0241 7984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:33:38.0264 7984 elxstor - ok
    17:33:38.0298 7984 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    17:33:38.0326 7984 epfwwfpr - ok
    17:33:38.0358 7984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:33:38.0379 7984 ErrDev - ok
    17:33:38.0410 7984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:33:38.0459 7984 EventSystem - ok
    17:33:38.0476 7984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:33:38.0502 7984 exfat - ok
    17:33:38.0521 7984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:33:38.0547 7984 fastfat - ok
    17:33:38.0596 7984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:33:38.0639 7984 Fax - ok
    17:33:38.0642 7984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:33:38.0672 7984 fdc - ok
    17:33:38.0691 7984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:33:38.0716 7984 fdPHost - ok
    17:33:38.0728 7984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:33:38.0752 7984 FDResPub - ok
    17:33:38.0770 7984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:33:38.0778 7984 FileInfo - ok
    17:33:38.0789 7984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:33:38.0823 7984 Filetrace - ok
    17:33:38.0826 7984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:33:38.0836 7984 flpydisk - ok
    17:33:38.0873 7984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:33:38.0885 7984 FltMgr - ok
    17:33:38.0980 7984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:33:39.0112 7984 FontCache - ok
    17:33:39.0215 7984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:33:39.0233 7984 FontCache3.0.0.0 - ok
    17:33:39.0239 7984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:33:39.0251 7984 FsDepends - ok
    17:33:39.0276 7984 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:33:39.0288 7984 Fs_Rec - ok
    17:33:39.0315 7984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:33:39.0333 7984 fvevol - ok
    17:33:39.0348 7984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:33:39.0357 7984 gagp30kx - ok
    17:33:39.0393 7984 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
    17:33:39.0399 7984 gdrv - ok
    17:33:39.0468 7984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:33:39.0573 7984 gpsvc - ok
    17:33:39.0612 7984 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    17:33:39.0623 7984 hamachi - ok
    17:33:39.0638 7984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:33:39.0688 7984 hcw85cir - ok
    17:33:39.0736 7984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:33:39.0755 7984 HdAudAddService - ok
    17:33:39.0775 7984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:33:39.0801 7984 HDAudBus - ok
    17:33:39.0804 7984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:33:39.0813 7984 HidBatt - ok
    17:33:39.0818 7984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:33:39.0838 7984 HidBth - ok
    17:33:39.0852 7984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:33:39.0874 7984 HidIr - ok
    17:33:39.0903 7984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    17:33:39.0928 7984 hidserv - ok
    17:33:39.0947 7984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:33:39.0955 7984 HidUsb - ok
    17:33:39.0995 7984 hitmanpro36 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
    17:33:40.0003 7984 hitmanpro36 - ok
    17:33:40.0029 7984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:33:40.0053 7984 hkmsvc - ok
    17:33:40.0089 7984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:33:40.0154 7984 HomeGroupListener - ok
    17:33:40.0174 7984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:33:40.0189 7984 HomeGroupProvider - ok
    17:33:40.0208 7984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:33:40.0221 7984 HpSAMD - ok
    17:33:40.0293 7984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:33:40.0345 7984 HTTP - ok
    17:33:40.0374 7984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:33:40.0381 7984 hwpolicy - ok
    17:33:40.0427 7984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:33:40.0436 7984 i8042prt - ok
    17:33:40.0473 7984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:33:40.0487 7984 iaStorV - ok
    17:33:40.0621 7984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:33:40.0656 7984 idsvc - ok
    17:33:40.0666 7984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:33:40.0678 7984 iirsp - ok
    17:33:40.0739 7984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:33:40.0798 7984 IKEEXT - ok
    17:33:40.0912 7984 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
    17:33:40.0974 7984 IntcAzAudAddService - ok
    17:33:41.0088 7984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:33:41.0117 7984 intelide - ok
    17:33:41.0144 7984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:33:41.0161 7984 intelppm - ok
    17:33:41.0196 7984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:33:41.0239 7984 IPBusEnum - ok
    17:33:41.0264 7984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:33:41.0298 7984 IpFilterDriver - ok
    17:33:41.0349 7984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:33:41.0387 7984 iphlpsvc - ok
    17:33:41.0401 7984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:33:41.0420 7984 IPMIDRV - ok
    17:33:41.0438 7984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:33:41.0470 7984 IPNAT - ok
    17:33:41.0482 7984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:33:41.0546 7984 IRENUM - ok
    17:33:41.0562 7984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:33:41.0573 7984 isapnp - ok
    17:33:41.0595 7984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:33:41.0611 7984 iScsiPrt - ok
    17:33:41.0633 7984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:33:41.0646 7984 kbdclass - ok
    17:33:41.0657 7984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:33:41.0683 7984 kbdhid - ok
    17:33:41.0693 7984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:33:41.0704 7984 KeyIso - ok
    17:33:41.0727 7984 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    17:33:41.0740 7984 KSecDD - ok
    17:33:41.0766 7984 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    17:33:41.0780 7984 KSecPkg - ok
    17:33:41.0793 7984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:33:41.0834 7984 ksthunk - ok
    17:33:41.0881 7984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:33:41.0938 7984 KtmRm - ok
    17:33:41.0964 7984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    17:33:42.0002 7984 LanmanServer - ok
    17:33:42.0041 7984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:33:42.0092 7984 LanmanWorkstation - ok
    17:33:42.0154 7984 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    17:33:42.0181 7984 LHidFilt - ok
    17:33:42.0191 7984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:33:42.0232 7984 lltdio - ok
    17:33:42.0273 7984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:33:42.0322 7984 lltdsvc - ok
    17:33:42.0346 7984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:33:42.0370 7984 lmhosts - ok
    17:33:42.0381 7984 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    17:33:42.0388 7984 LMouFilt - ok
    17:33:42.0405 7984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:33:42.0415 7984 LSI_FC - ok
    17:33:42.0427 7984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:33:42.0436 7984 LSI_SAS - ok
    17:33:42.0445 7984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:33:42.0454 7984 LSI_SAS2 - ok
    17:33:42.0472 7984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:33:42.0481 7984 LSI_SCSI - ok
    17:33:42.0496 7984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:33:42.0529 7984 luafv - ok
    17:33:42.0581 7984 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    17:33:42.0611 7984 MBAMProtector - ok
    17:33:42.0704 7984 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:33:42.0759 7984 MBAMService - ok
    17:33:42.0800 7984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:33:42.0832 7984 Mcx2Svc - ok
    17:33:42.0876 7984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:33:42.0909 7984 megasas - ok
    17:33:42.0951 7984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:33:43.0002 7984 MegaSR - ok
    17:33:43.0035 7984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:33:43.0080 7984 MMCSS - ok
    17:33:43.0104 7984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:33:43.0148 7984 Modem - ok
    17:33:43.0161 7984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:33:43.0183 7984 monitor - ok
    17:33:43.0245 7984 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    17:33:43.0276 7984 MotoHelper - ok
    17:33:43.0311 7984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:33:43.0323 7984 mouclass - ok
    17:33:43.0344 7984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:33:43.0356 7984 mouhid - ok
    17:33:43.0383 7984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:33:43.0395 7984 mountmgr - ok
    17:33:43.0462 7984 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:33:43.0495 7984 MozillaMaintenance - ok
    17:33:43.0535 7984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:33:43.0570 7984 mpio - ok
    17:33:43.0593 7984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:33:43.0629 7984 mpsdrv - ok
    17:33:43.0701 7984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:33:43.0782 7984 MpsSvc - ok
    17:33:43.0812 7984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:33:43.0844 7984 MRxDAV - ok
    17:33:43.0872 7984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:33:43.0928 7984 mrxsmb - ok
    17:33:43.0954 7984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:33:43.0981 7984 mrxsmb10 - ok
    17:33:44.0012 7984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:33:44.0025 7984 mrxsmb20 - ok
    17:33:44.0036 7984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:33:44.0047 7984 msahci - ok
    17:33:44.0120 7984 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    17:33:44.0151 7984 MSCamSvc - ok
    17:33:44.0186 7984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:33:44.0214 7984 msdsm - ok
    17:33:44.0231 7984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:33:44.0245 7984 MSDTC - ok
    17:33:44.0265 7984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:33:44.0299 7984 Msfs - ok
    17:33:44.0316 7984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:33:44.0340 7984 mshidkmdf - ok
    17:33:44.0373 7984 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
    17:33:44.0380 7984 MSHUSBVideo - ok
    17:33:44.0390 7984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:33:44.0398 7984 msisadrv - ok
    17:33:44.0433 7984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:33:44.0459 7984 MSiSCSI - ok
    17:33:44.0461 7984 msiserver - ok
    17:33:44.0482 7984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:33:44.0514 7984 MSKSSRV - ok
    17:33:44.0531 7984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:33:44.0571 7984 MSPCLOCK - ok
    17:33:44.0585 7984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:33:44.0616 7984 MSPQM - ok
    17:33:44.0658 7984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:33:44.0671 7984 MsRPC - ok
    17:33:44.0679 7984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:33:44.0687 7984 mssmbios - ok
    17:33:44.0768 7984 MSSQL$MSSMLBIZ - ok
    17:33:44.0826 7984 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    17:33:44.0845 7984 MSSQLServerADHelper - ok
    17:33:44.0849 7984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:33:44.0891 7984 MSTEE - ok
    17:33:44.0904 7984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:33:44.0917 7984 MTConfig - ok
    17:33:44.0937 7984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:33:44.0945 7984 Mup - ok
    17:33:44.0987 7984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:33:45.0034 7984 napagent - ok
    17:33:45.0066 7984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:33:45.0086 7984 NativeWifiP - ok
    17:33:45.0128 7984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:33:45.0148 7984 NDIS - ok
    17:33:45.0161 7984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:33:45.0185 7984 NdisCap - ok
    17:33:45.0209 7984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:33:45.0233 7984 NdisTapi - ok
    17:33:45.0264 7984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:33:45.0287 7984 Ndisuio - ok
    17:33:45.0319 7984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:33:45.0375 7984 NdisWan - ok
    17:33:45.0401 7984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:33:45.0425 7984 NDProxy - ok
    17:33:45.0441 7984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:33:45.0465 7984 NetBIOS - ok
    17:33:45.0506 7984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:33:45.0574 7984 NetBT - ok
    17:33:45.0594 7984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:33:45.0605 7984 Netlogon - ok
    17:33:45.0654 7984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:33:45.0699 7984 Netman - ok
    17:33:45.0727 7984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:33:45.0773 7984 netprofm - ok
    17:33:45.0899 7984 netr28ux (b330ce846d1c672f640d3b3647cef86d) C:\Windows\system32\DRIVERS\netr28ux.sys
    17:33:45.0966 7984 netr28ux - ok
    17:33:46.0102 7984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.