TechSpot

Win64\Patched.A & Systems32\services.exe

Inactive
By Rizhou
Nov 7, 2012
  1. Hi there, I'm running Windows 7 Home Premium and I have run into a little problem on AVG.

    "";"Virus identified Win64/Patched.A, C:\WINDOWS\System32\services.exe";"Cannot be cleaned
    Remove manually"

    Help would be much appreciated!
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  3. Rizhou

    Rizhou TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-11-2012
    Ran by SYSTEM at 07-11-2012 17:31:00
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
    HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
    HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1617920 2011-03-01] (Intel® Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe [2548056 2009-10-22] (Razer USA Ltd)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKU\Isara\...\Run: [Best Buy pc app] C:\Users\Isara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
    HKU\Isara\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
    HKU\Isara\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671904 2012-08-28] (DT Soft Ltd)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Isara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1314720 2012-10-02] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-02] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-02] (AVG Technologies CZ, s.r.o.)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

    ==================== Drivers (Whitelisted) =====================

    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-13] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-21] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-09-04] (DT Soft Ltd)
    3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-07 18:20 - 2012-11-07 18:21 - 01459919 ____A (Farbar) C:\Users\Isara\Desktop\FRST64.exe
    2012-11-07 12:24 - 2012-11-07 18:08 - 00000000 ____D C:\Users\Isara\Desktop\Virus_Scan
    2012-11-07 11:11 - 2012-11-07 11:11 - 00000218 ____A C:\Users\Isara\.recently-used.xbel
    2012-11-07 10:20 - 2009-07-13 20:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2012-11-07 04:40 - 2012-11-07 00:54 - 1522434136 ____A C:\Users\Isara\Desktop\Dwarfy ****.rar
    2012-11-07 02:55 - 2012-11-07 02:55 - 00000175 ____A C:\Users\Isara\Desktop\Search.txt
    2012-11-07 02:51 - 2012-11-07 18:07 - 00000000 ____D C:\FRST
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\SKIDROW
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\SKIDROW
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\AppData\Local\SKIDROW
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Stardock
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Application Data\Stardock
    2012-11-05 23:30 - 2012-11-05 23:34 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
    2012-11-04 17:01 - 2012-11-07 18:15 - 00000840 ____A C:\Windows\setupact.log
    2012-11-04 17:01 - 2012-11-04 17:01 - 00000000 ____A C:\Windows\setuperr.log
    2012-11-04 12:20 - 2012-08-23 08:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2012-11-04 12:20 - 2012-08-23 08:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-11-04 12:20 - 2012-08-23 08:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2012-11-04 12:19 - 2012-08-23 09:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2012-11-04 12:19 - 2012-08-23 09:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2012-11-04 12:19 - 2012-08-23 09:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2012-11-04 12:19 - 2012-08-23 08:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2012-11-04 12:19 - 2012-08-23 08:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2012-11-04 12:19 - 2012-08-23 08:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2012-11-04 12:19 - 2012-08-23 08:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2012-11-04 12:19 - 2012-08-23 08:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2012-11-04 12:19 - 2012-08-23 08:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2012-11-04 12:19 - 2012-08-23 07:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2012-11-04 12:19 - 2012-08-23 06:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2012-11-04 12:19 - 2012-08-23 06:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2012-11-04 12:19 - 2012-08-23 06:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2012-11-04 12:19 - 2012-08-23 06:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2012-11-04 12:19 - 2012-08-23 05:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2012-11-04 12:19 - 2012-08-23 05:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2012-11-04 12:19 - 2012-08-23 05:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2012-11-04 12:19 - 2012-08-23 05:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2012-11-04 12:19 - 2012-08-23 04:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-11-04 12:19 - 2012-08-23 03:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2012-11-04 12:19 - 2012-08-23 03:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2012-11-04 12:18 - 2012-08-24 13:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-11-04 12:18 - 2012-08-24 13:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-11-04 12:18 - 2012-08-24 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-11-04 12:18 - 2012-08-24 13:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-11-04 12:18 - 2012-08-24 13:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-11-04 12:18 - 2012-08-24 11:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-11-04 12:18 - 2012-08-24 11:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-11-04 12:18 - 2012-08-24 11:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-11-04 12:18 - 2012-08-24 11:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-11-04 12:18 - 2012-05-04 06:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-11-04 12:18 - 2012-05-04 04:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-11-04 08:36 - 2012-11-04 12:53 - 00000000 ____D C:\Windows\Minidump
    2012-11-03 23:25 - 2012-11-06 15:22 - 00000314 ____A C:\Users\Isara\Desktop\Kyle Spring2013 Sched.txt
    2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\Application Data\AVG2013
    2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\AppData\Roaming\AVG2013
    2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\Application Data\TuneUp Software
    2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\AppData\Roaming\TuneUp Software
    2012-11-03 02:25 - 2012-11-07 18:01 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-03 02:25 - 2012-11-07 18:01 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013
    2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ___HD C:\$AVG
    2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-11-03 02:21 - 2012-11-07 18:22 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-03 02:21 - 2012-11-07 18:22 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
    2012-11-03 02:21 - 2012-11-03 17:33 - 00000000 ____D C:\Users\Isara\Local Settings\Avg2013
    2012-11-03 02:21 - 2012-11-03 17:33 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Avg2013
    2012-11-03 02:21 - 2012-11-03 17:33 - 00000000 ____D C:\Users\Isara\AppData\Local\Avg2013
    2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\MFAData
    2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\MFAData
    2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\AppData\Local\MFAData
    2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\Application Data\EliseProfile0.dat
    2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\AppData\Roaming\EliseProfile0.dat
    2012-11-01 09:35 - 2012-11-01 09:35 - 00000000 ____D C:\Program Files (x86)\Gravity
    2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\Application Data\Doublefine
    2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Doublefine
    2012-10-29 17:51 - 2012-10-29 17:52 - 00000000 ____D C:\Program Files (x86)\Costume Quest
    2012-10-29 13:15 - 2012-11-07 12:35 - 00000000 ___RD C:\Users\Isara\Dropbox
    2012-10-29 13:13 - 2012-11-07 17:36 - 00000000 ____D C:\Users\Isara\Application Data\Dropbox
    2012-10-29 13:13 - 2012-11-07 17:36 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Dropbox
    2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\Users\Kyle Cheung\Documents\Emulators
    2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\users\Kyle Cheung
    2012-10-27 00:25 - 2012-10-27 02:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\ESRI
    2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\Application Data\ESRI
    2012-10-22 14:07 - 2012-10-27 00:18 - 00000000 ____D C:\Users\Isara\My Documents\StarCraft II
    2012-10-22 14:07 - 2012-10-27 00:18 - 00000000 ____D C:\Users\Isara\Documents\StarCraft II
    2012-10-21 22:49 - 2012-10-21 22:49 - 00240808 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Ask
    2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Application Data\Ask
    2012-10-18 15:01 - 2012-09-24 22:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-10-18 15:01 - 2012-09-24 22:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-10-18 15:01 - 2012-09-24 22:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-10-18 15:00 - 2012-10-18 15:01 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-15 13:55 - 2012-11-03 02:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
    2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\My Games
    2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\My Games
    2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\AppData\Local\My Games
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Windows\SysWOW64\Saves
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\FLT
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\FLT
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\AppData\Local\FLT
    2012-10-13 14:39 - 2012-10-13 14:55 - 00000000 ____D C:\Users\Isara\My Documents\XCOM
    2012-10-13 14:39 - 2012-10-13 14:55 - 00000000 ____D C:\Users\Isara\Documents\XCOM
    2012-10-13 00:49 - 2012-10-13 12:12 - 00000000 ____D C:\Users\Isara\Local Settings\Skyrim
    2012-10-13 00:49 - 2012-10-13 12:12 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Skyrim
    2012-10-13 00:49 - 2012-10-13 12:12 - 00000000 ____D C:\Users\Isara\AppData\Local\Skyrim
    2012-10-10 22:31 - 2012-10-11 10:37 - 00000000 ____D C:\Users\Isara\Application Data\WinRAR
    2012-10-10 22:31 - 2012-10-11 10:37 - 00000000 ____D C:\Users\Isara\AppData\Roaming\WinRAR
    2012-10-10 22:31 - 2012-10-10 22:31 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\CRE
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\CRE
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\AppData\Local\CRE
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-10-10 16:12 - 2012-10-11 09:29 - 00000000 ____D C:\Users\Isara\Application Data\uTorrent
    2012-10-10 16:12 - 2012-10-11 09:29 - 00000000 ____D C:\Users\Isara\AppData\Roaming\uTorrent
    2012-10-10 16:12 - 2012-10-10 16:14 - 00000000 ____D C:\Users\Isara\Local Settings\Conduit
    2012-10-10 16:12 - 2012-10-10 16:14 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Conduit
    2012-10-10 16:12 - 2012-10-10 16:14 - 00000000 ____D C:\Users\Isara\AppData\Local\Conduit
    2012-10-10 16:12 - 2012-10-10 16:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-10-10 09:47 - 2012-08-31 13:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 09:46 - 2012-09-14 14:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 09:46 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 09:46 - 2012-08-30 13:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-10 09:46 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 09:46 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 09:46 - 2012-08-24 13:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 09:46 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 09:46 - 2012-08-20 13:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 09:46 - 2012-08-20 13:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 09:46 - 2012-08-20 13:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 09:46 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 09:46 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 09:46 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 09:46 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 09:46 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 09:46 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 09:46 - 2012-08-10 19:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 09:46 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 09:45 - 2012-06-02 00:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 09:45 - 2012-06-02 00:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 09:45 - 2012-06-02 00:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 09:45 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 09:45 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 09:45 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\PUTTY.RND
    2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\Application Data\PUTTY.RND
    2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\AppData\Local\PUTTY.RND
    2012-10-09 10:45 - 2012-11-04 09:35 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-10-09 10:45 - 2012-11-04 09:35 - 00000000 ____D C:\Users\All Users\Skype
    2012-10-09 10:45 - 2012-11-04 09:35 - 00000000 ____D C:\Users\All Users\Application Data\Skype
    2012-10-09 10:45 - 2012-11-04 00:11 - 00000000 ____D C:\Users\Isara\Application Data\Skype
    2012-10-09 10:45 - 2012-11-04 00:11 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Skype

    ==================== One Month Modified Files and Folders =======

    2012-11-07 18:26 - 2011-04-24 01:28 - 01257001 ____A C:\Windows\WindowsUpdate.log
    2012-11-07 18:24 - 2012-09-04 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-07 18:23 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-07 18:23 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-07 18:22 - 2012-11-03 02:21 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-07 18:22 - 2012-11-03 02:21 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
    2012-11-07 18:21 - 2012-11-07 18:20 - 01459919 ____A (Farbar) C:\Users\Isara\Desktop\FRST64.exe
    2012-11-07 18:21 - 2012-09-04 00:52 - 00000000 ____D C:\Users\Isara\Application Data\.purple
    2012-11-07 18:21 - 2012-09-04 00:52 - 00000000 ____D C:\Users\Isara\AppData\Roaming\.purple
    2012-11-07 18:18 - 2012-09-03 23:53 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-11-07 18:17 - 2011-04-24 02:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-11-07 18:16 - 2012-09-20 23:42 - 00000000 ____D C:\Users\Isara\Local Settings\LogMeIn Hamachi
    2012-11-07 18:16 - 2012-09-20 23:42 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\LogMeIn Hamachi
    2012-11-07 18:16 - 2012-09-20 23:42 - 00000000 ____D C:\Users\Isara\AppData\Local\LogMeIn Hamachi
    2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
    2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
    2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
    2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
    2012-11-07 18:16 - 2012-09-03 21:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-11-07 18:15 - 2012-11-04 17:01 - 00000840 ____A C:\Windows\setupact.log
    2012-11-07 18:15 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-07 18:08 - 2012-11-07 12:24 - 00000000 ____D C:\Users\Isara\Desktop\Virus_Scan
    2012-11-07 18:07 - 2012-11-07 02:51 - 00000000 ____D C:\FRST
    2012-11-07 18:01 - 2012-11-03 02:25 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-07 18:01 - 2012-11-03 02:25 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013
    2012-11-07 17:36 - 2012-10-29 13:13 - 00000000 ____D C:\Users\Isara\Application Data\Dropbox
    2012-11-07 17:36 - 2012-10-29 13:13 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Dropbox
    2012-11-07 12:35 - 2012-10-29 13:15 - 00000000 ___RD C:\Users\Isara\Dropbox
    2012-11-07 12:22 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-07 11:11 - 2012-11-07 11:11 - 00000218 ____A C:\Users\Isara\.recently-used.xbel
    2012-11-07 11:11 - 2012-09-03 21:24 - 00000000 ____D C:\users\Isara
    2012-11-07 11:04 - 2012-09-04 11:07 - 00000000 ____D C:\Users\Isara\Application Data\gtk-2.0
    2012-11-07 11:04 - 2012-09-04 11:07 - 00000000 ____D C:\Users\Isara\AppData\Roaming\gtk-2.0
    2012-11-07 10:15 - 2012-09-03 19:51 - 00000000 ____D C:\Windows\SMINST
    2012-11-07 02:55 - 2012-11-07 02:55 - 00000175 ____A C:\Users\Isara\Desktop\Search.txt
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\SKIDROW
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\SKIDROW
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\Isara\AppData\Local\SKIDROW
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Stardock
    2012-11-07 01:08 - 2012-11-07 01:08 - 00000000 ____D C:\Users\All Users\Application Data\Stardock
    2012-11-07 01:08 - 2012-09-16 15:39 - 00000000 ____D C:\Users\Isara\My Documents\My Games
    2012-11-07 01:08 - 2012-09-16 15:39 - 00000000 ____D C:\Users\Isara\Documents\My Games
    2012-11-07 00:57 - 2012-09-04 20:10 - 00000000 ____D C:\Users\Isara\Application Data\DAEMON Tools Lite
    2012-11-07 00:57 - 2012-09-04 20:10 - 00000000 ____D C:\Users\Isara\AppData\Roaming\DAEMON Tools Lite
    2012-11-07 00:54 - 2012-11-07 04:40 - 1522434136 ____A C:\Users\Isara\Desktop\Dwarfy ****.rar
    2012-11-06 23:12 - 2012-09-03 11:30 - 00000000 ____D C:\Users\Isara\My Documents\Currently Library
    2012-11-06 23:12 - 2012-09-03 11:30 - 00000000 ____D C:\Users\Isara\Documents\Currently Library
    2012-11-06 20:13 - 2012-09-03 11:50 - 00000000 ____D C:\Users\Isara\My Documents\iRinger Tones
    2012-11-06 20:13 - 2012-09-03 11:50 - 00000000 ____D C:\Users\Isara\Documents\iRinger Tones
    2012-11-06 16:09 - 2012-09-04 22:34 - 00000000 ____D C:\Users\Isara\My Documents\Binghamton 2012 Fall
    2012-11-06 16:09 - 2012-09-04 22:34 - 00000000 ____D C:\Users\Isara\Documents\Binghamton 2012 Fall
    2012-11-06 15:22 - 2012-11-03 23:25 - 00000314 ____A C:\Users\Isara\Desktop\Kyle Spring2013 Sched.txt
    2012-11-06 15:08 - 2011-04-24 01:47 - 00431959 ____A C:\Windows\DirectX.log
    2012-11-05 23:34 - 2012-11-05 23:30 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
    2012-11-05 23:33 - 2012-09-03 11:48 - 00000000 ____D C:\Users\Isara\My Documents\Emulators
    2012-11-05 23:33 - 2012-09-03 11:48 - 00000000 ____D C:\Users\Isara\Documents\Emulators
    2012-11-05 19:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2012-11-05 12:48 - 2012-09-19 22:47 - 00000000 ____D C:\Users\Isara\Application Data\FileZilla
    2012-11-05 12:48 - 2012-09-19 22:47 - 00000000 ____D C:\Users\Isara\AppData\Roaming\FileZilla
    2012-11-05 00:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-04 17:01 - 2012-11-04 17:01 - 00000000 ____A C:\Windows\setuperr.log
    2012-11-04 12:53 - 2012-11-04 08:36 - 00000000 ____D C:\Windows\Minidump
    2012-11-04 12:19 - 2011-04-24 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-11-04 09:35 - 2012-10-09 10:45 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-11-04 09:35 - 2012-10-09 10:45 - 00000000 ____D C:\Users\All Users\Skype
    2012-11-04 09:35 - 2012-10-09 10:45 - 00000000 ____D C:\Users\All Users\Application Data\Skype
    2012-11-04 09:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2012-11-04 08:36 - 2009-07-14 00:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-04 00:11 - 2012-10-09 10:45 - 00000000 ____D C:\Users\Isara\Application Data\Skype
    2012-11-04 00:11 - 2012-10-09 10:45 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Skype
    2012-11-03 17:33 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Avg2013
    2012-11-03 17:33 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Avg2013
    2012-11-03 17:33 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\AppData\Local\Avg2013
    2012-11-03 09:38 - 2011-04-24 01:35 - 00020306 ____A C:\Windows\PFRO.log
    2012-11-03 02:31 - 2012-09-03 21:29 - 00000000 ____D C:\Users\Isara\Application Data\Creative
    2012-11-03 02:31 - 2012-09-03 21:29 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Creative
    2012-11-03 02:29 - 2011-04-24 01:46 - 00000000 ____D C:\Program Files (x86)\Dell
    2012-11-03 02:29 - 2011-04-24 01:41 - 00000000 ____D C:\Users\All Users\Dell
    2012-11-03 02:29 - 2011-04-24 01:41 - 00000000 ____D C:\Users\All Users\Application Data\Dell
    2012-11-03 02:28 - 2012-10-15 13:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
    2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\Application Data\AVG2013
    2012-11-03 02:27 - 2012-11-03 02:27 - 00000000 ____D C:\Users\Isara\AppData\Roaming\AVG2013
    2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\Application Data\TuneUp Software
    2012-11-03 02:26 - 2012-11-03 02:26 - 00000000 ____D C:\Users\Isara\AppData\Roaming\TuneUp Software
    2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ___HD C:\$AVG
    2012-11-03 02:25 - 2012-11-03 02:25 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\MFAData
    2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\MFAData
    2012-11-03 02:21 - 2012-11-03 02:21 - 00000000 ____D C:\Users\Isara\AppData\Local\MFAData
    2012-11-03 02:16 - 2012-09-03 23:55 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-11-03 02:16 - 2012-09-03 23:55 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
    2012-11-01 19:09 - 2012-09-03 23:55 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-11-01 19:03 - 2012-09-04 22:31 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-01 19:03 - 2012-09-04 22:31 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-01 19:03 - 2011-04-24 01:59 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
    2012-11-01 19:03 - 2011-04-24 01:59 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\Application Data\EliseProfile0.dat
    2012-11-01 15:51 - 2012-11-01 15:51 - 00001808 ____A C:\Users\Isara\AppData\Roaming\EliseProfile0.dat
    2012-11-01 09:35 - 2012-11-01 09:35 - 00000000 ____D C:\Program Files (x86)\Gravity
    2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\My Documents\ArcGIS
    2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\Documents\ArcGIS
    2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\Application Data\ESRI
    2012-10-31 13:40 - 2012-09-12 01:14 - 00000000 ____D C:\Users\Isara\AppData\Roaming\ESRI
    2012-10-30 17:50 - 2012-09-03 23:55 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-10-30 16:49 - 2012-09-04 19:59 - 00000000 ____D C:\Users\Isara\Application Data\Ventrilo
    2012-10-30 16:49 - 2012-09-04 19:59 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Ventrilo
    2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\Application Data\Doublefine
    2012-10-29 17:53 - 2012-10-29 17:53 - 00000000 ____D C:\Users\Isara\AppData\Roaming\Doublefine
    2012-10-29 17:52 - 2012-10-29 17:51 - 00000000 ____D C:\Program Files (x86)\Costume Quest
    2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\Users\Kyle Cheung\Documents\Emulators
    2012-10-28 23:12 - 2012-10-28 23:12 - 00000000 ____D C:\users\Kyle Cheung
    2012-10-28 12:26 - 2012-09-03 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-10-27 18:23 - 2012-09-04 18:46 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-10-27 18:23 - 2012-09-04 18:46 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-10-27 02:13 - 2012-10-27 00:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-27 00:18 - 2012-10-22 14:07 - 00000000 ____D C:\Users\Isara\My Documents\StarCraft II
    2012-10-27 00:18 - 2012-10-22 14:07 - 00000000 ____D C:\Users\Isara\Documents\StarCraft II
    2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\ESRI
    2012-10-25 23:37 - 2012-10-25 23:37 - 00000000 ____D C:\Users\All Users\Application Data\ESRI
    2012-10-22 23:45 - 2012-09-04 00:06 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
    2012-10-22 14:07 - 2012-09-15 01:29 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
    2012-10-22 14:07 - 2012-09-15 01:29 - 00000000 ____D C:\Users\All Users\Application Data\Blizzard Entertainment
    2012-10-22 14:07 - 2012-09-15 01:29 - 00000000 ____D C:\Program Files (x86)\StarCraft II
    2012-10-21 22:49 - 2012-10-21 22:49 - 00240808 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Ask
    2012-10-18 15:01 - 2012-10-18 15:01 - 00000000 ____D C:\Users\All Users\Application Data\Ask
    2012-10-18 15:01 - 2012-10-18 15:00 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-18 15:01 - 2012-09-03 23:47 - 00000000 ____D C:\Program Files (x86)\Java
    2012-10-18 15:00 - 2011-04-24 01:57 - 00000000 ____D C:\Users\All Users\McAfee
    2012-10-18 15:00 - 2011-04-24 01:57 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
    2012-10-15 13:32 - 2012-10-03 10:56 - 00000000 ____D C:\Users\Isara\My Documents\Spartan
    2012-10-15 13:32 - 2012-10-03 10:56 - 00000000 ____D C:\Users\Isara\Documents\Spartan
    2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\My Games
    2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\My Games
    2012-10-14 00:53 - 2012-10-14 00:53 - 00000000 ____D C:\Users\Isara\AppData\Local\My Games
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Windows\SysWOW64\Saves
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\FLT
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\FLT
    2012-10-13 15:00 - 2012-10-13 15:00 - 00000000 ____D C:\Users\Isara\AppData\Local\FLT
    2012-10-13 14:55 - 2012-10-13 14:39 - 00000000 ____D C:\Users\Isara\My Documents\XCOM
    2012-10-13 14:55 - 2012-10-13 14:39 - 00000000 ____D C:\Users\Isara\Documents\XCOM
    2012-10-13 12:12 - 2012-10-13 00:49 - 00000000 ____D C:\Users\Isara\Local Settings\Skyrim
    2012-10-13 12:12 - 2012-10-13 00:49 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Skyrim
    2012-10-13 12:12 - 2012-10-13 00:49 - 00000000 ____D C:\Users\Isara\AppData\Local\Skyrim
    2012-10-11 14:07 - 2012-09-04 00:05 - 00000000 ____D C:\Users\Isara\My Documents\Guild Wars 2
    2012-10-11 14:07 - 2012-09-04 00:05 - 00000000 ____D C:\Users\Isara\Documents\Guild Wars 2
    2012-10-11 10:37 - 2012-10-10 22:31 - 00000000 ____D C:\Users\Isara\Application Data\WinRAR
    2012-10-11 10:37 - 2012-10-10 22:31 - 00000000 ____D C:\Users\Isara\AppData\Roaming\WinRAR
    2012-10-11 09:29 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\Application Data\uTorrent
    2012-10-11 09:29 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\AppData\Roaming\uTorrent
    2012-10-11 09:13 - 2012-09-04 11:01 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-10 22:31 - 2012-10-10 22:31 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2012-10-10 16:14 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\Local Settings\Conduit
    2012-10-10 16:14 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\Conduit
    2012-10-10 16:14 - 2012-10-10 16:12 - 00000000 ____D C:\Users\Isara\AppData\Local\Conduit
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\CRE
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\Local Settings\Application Data\CRE
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Users\Isara\AppData\Local\CRE
    2012-10-10 16:13 - 2012-10-10 16:13 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-10-10 16:12 - 2012-10-10 16:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\PUTTY.RND
    2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\Local Settings\Application Data\PUTTY.RND
    2012-10-09 15:28 - 2012-10-09 15:28 - 00000600 ____A C:\Users\Isara\AppData\Local\PUTTY.RND

    ZeroAccess:
    C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}
    C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}\@
    C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}\L
    C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-05 19:28:43
    Restore point made on: 2012-11-05 23:30:10
    Restore point made on: 2012-11-06 00:22:31
    Restore point made on: 2012-11-06 15:07:54
    Restore point made on: 2012-11-07 01:07:50
    Restore point made on: 2012-11-07 02:43:39
    Restore point made on: 2012-11-07 02:45:51

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 6051.18 MB
    Available physical RAM: 5223.27 MB
    Total Pagefile: 6049.32 MB
    Available Pagefile: 5213.29 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:384.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:14.52 GB) (Free:14.41 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 100 MB 1024 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 581 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D Recovery NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 581 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 14 GB Healthy

    =========================================================

    Last Boot: 2012-11-05 19:21

    ==================== End Of Log =============================
  4. Rizhou

    Rizhou TS Rookie Topic Starter

    Farbar Recovery Scan Tool (x64) Version: 07-11-2012
    Ran by SYSTEM at 2012-11-07 17:31:55
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\WINDOWS\SysWOW64\services.exe
    [2012-11-07 10:20] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\WINDOWS\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Greetings. Run the following and let me know how it goes. :)

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  6. Rizhou

    Rizhou TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-11-2012
    Ran by SYSTEM at 2012-11-08 09:28:04 Run:2
    Running from F:\

    ==============================================

    C:\Windows\Installer\{bcef495f-4684-67a2-1ca9-130cbff1c641} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\WINDOWS\System32\services.exe moved successfully.
    C:\WINDOWS\SysWOW64\services.exe copied successfully to C:\WINDOWS\System32\services.exe

    ==== End of Fixlog ====


    It look's like this did it! AVG didn't warn me about anything as it started up, so that's a good sign. Thanks a lot!
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please continue scanning for malware under my lead, because I bet there's still more to remove. Back to Normal Mode...

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. Rizhou

    Rizhou TS Rookie Topic Starter

    ComboFix 12-11-08.01 - Isara 11/08/2012 10:37:11.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4317 [GMT -5:00]
    Running from: C:\Users\Isara\Desktop\ComboFix.exe
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\ProgramData\Roaming
    C:\Users\Public\AlexaNSISPlugin.4700.dll


    ((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))


    2012-11-08 16:23:29 . 2012-11-08 16:23:29 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-11-08 05:29:48 . 2012-11-08 05:29:48 -------- d-----w- C:\Users\Isara\AppData\Roaming\Zeal Game Studio
    2012-11-08 05:18:53 . 2012-11-08 05:19:52 -------- d-----w- C:\Program Files (x86)\A Game of Dwarves
    2012-11-07 15:20:58 . 2009-07-14 01:39:37 328704 ----a-w- C:\Windows\SysWow64\services.exe
    2012-11-07 07:51:46 . 2012-11-07 23:07:53 -------- d-----w- C:\FRST
    2012-11-07 06:08:36 . 2012-11-07 06:08:36 -------- d-----w- C:\Users\Isara\AppData\Local\SKIDROW
    2012-11-07 06:08:36 . 2012-11-07 06:08:36 -------- d-----w- C:\ProgramData\Stardock
    2012-11-06 04:30:17 . 2012-11-06 04:30:17 40960 ----a-r- C:\Users\Isara\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-11-06 04:30:17 . 2012-11-06 04:30:17 40960 ----a-r- C:\Users\Isara\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2012-11-06 04:30:16 . 2012-11-06 04:34:18 -------- d-----w- C:\Program Files (x86)\Project64 1.6
    2012-11-04 17:20:00 . 2012-08-23 15:09:41 3072 ----a-w- C:\Windows\system32\drivers\en-US\tsusbflt.sys.mui
    2012-11-04 17:20:00 . 2012-08-23 13:41:52 13312 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2012-11-04 17:20:00 . 2012-08-23 13:40:56 13312 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-11-04 17:20:00 . 2012-08-23 13:24:57 15360 ----a-w- C:\Windows\system32\RdpGroupPolicyExtension.dll
    2012-11-04 17:18:44 . 2012-08-24 18:13:17 154480 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
    2012-11-04 17:18:44 . 2012-08-24 18:09:34 458712 ----a-w- C:\Windows\system32\drivers\cng.sys
    2012-11-04 17:18:44 . 2012-08-24 18:05:03 340992 ----a-w- C:\Windows\system32\schannel.dll
    2012-11-04 17:18:44 . 2012-08-24 18:04:18 307200 ----a-w- C:\Windows\system32\ncrypt.dll
    2012-11-04 17:18:44 . 2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\system32\lsasrv.dll
    2012-11-04 17:18:44 . 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-11-04 17:18:44 . 2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-11-04 17:18:44 . 2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-04 17:18:43 . 2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-11-04 17:18:40 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll
    2012-11-04 17:18:40 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-11-03 07:27:02 . 2012-11-03 07:27:02 -------- d-----w- C:\Users\Isara\AppData\Roaming\AVG2013
    2012-11-03 07:26:21 . 2012-11-03 07:26:21 -------- d-----w- C:\Users\Isara\AppData\Roaming\TuneUp Software
    2012-11-03 07:25:35 . 2012-11-07 23:01:39 -------- d-----w- C:\ProgramData\AVG2013
    2012-11-03 07:25:35 . 2012-11-03 07:25:35 -------- d-----w- C:\$AVG
    2012-11-03 07:25:07 . 2012-11-03 07:25:07 -------- d-----w- C:\Program Files (x86)\AVG
    2012-11-03 07:21:17 . 2012-11-08 16:24:17 -------- d-----w- C:\ProgramData\MFAData
    2012-11-03 07:21:17 . 2012-11-03 22:33:08 -------- d-----w- C:\Users\Isara\AppData\Local\Avg2013
    2012-11-03 07:21:17 . 2012-11-03 07:21:17 -------- d--h--w- C:\ProgramData\Common Files
    2012-11-03 07:21:17 . 2012-11-03 07:21:17 -------- d-----w- C:\Users\Isara\AppData\Local\MFAData
    2012-11-02 14:43:06 . 2012-10-12 07:19:03 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67A268A9-36BF-4765-AEEB-8303EAF2D239}\mpengine.dll
    2012-11-01 14:35:17 . 2012-11-01 14:35:17 -------- d-----w- C:\Program Files (x86)\Gravity
    2012-10-29 22:53:13 . 2012-10-29 22:53:13 -------- d-----w- C:\Users\Isara\AppData\Roaming\Doublefine
    2012-10-29 22:51:02 . 2012-10-29 22:52:09 -------- d-----w- C:\Program Files (x86)\Costume Quest
    2012-10-29 18:15:05 . 2012-11-07 17:35:48 -------- d-----r- C:\Users\Isara\Dropbox
    2012-10-29 18:13:53 . 2012-11-07 22:36:56 -------- d-----w- C:\Users\Isara\AppData\Roaming\Dropbox
    2012-10-29 04:12:06 . 2012-10-29 04:12:06 -------- d-----w- C:\Users\Kyle Cheung
    2012-10-26 04:37:03 . 2012-10-26 04:37:03 -------- d-----w- C:\ProgramData\ESRI
    2012-10-22 18:02:44 . 2012-10-22 18:02:44 154464 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys
    2012-10-18 20:01:24 . 2012-10-18 20:01:24 -------- d-----w- C:\ProgramData\Ask
    2012-10-18 20:01:09 . 2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-15 18:55:05 . 2012-11-03 07:28:19 -------- d-----w- C:\Program Files (x86)\Microsoft Games
    2012-10-15 08:48:50 . 2012-10-15 08:48:50 63328 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
    2012-10-14 05:53:29 . 2012-10-14 05:53:29 -------- d-----w- C:\Users\Isara\AppData\Local\My Games
    2012-10-13 20:00:21 . 2012-10-13 20:00:21 -------- d-----w- C:\Users\Isara\AppData\Local\FLT
    2012-10-13 20:00:07 . 2012-10-13 20:00:07 -------- d-----w- C:\Windows\SysWow64\Saves
    2012-10-13 05:49:10 . 2012-10-13 17:12:41 -------- d-----w- C:\Users\Isara\AppData\Local\Skyrim
    2012-10-10 21:13:33 . 2012-10-10 21:13:33 -------- d-----w- C:\Users\Isara\AppData\Local\CRE
    2012-10-10 21:13:01 . 2012-10-10 21:13:01 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-10-10 21:12:59 . 2012-10-10 21:14:25 -------- d-----w- C:\Users\Isara\AppData\Local\Conduit
    2012-10-10 21:12:27 . 2012-10-10 21:12:27 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-10-10 21:12:14 . 2012-10-11 14:29:31 -------- d-----w- C:\Users\Isara\AppData\Roaming\uTorrent
    2012-10-10 14:47:07 . 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
    2012-10-10 14:45:58 . 2012-06-02 05:41:27 1464320 ----a-w- C:\Windows\system32\crypt32.dll
    2012-10-10 14:45:57 . 2012-06-02 04:36:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-10 14:45:56 . 2012-06-02 05:41:28 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
    2012-10-10 14:45:56 . 2012-06-02 05:41:28 140288 ----a-w- C:\Windows\system32\cryptnet.dll
    2012-10-10 14:45:56 . 2012-06-02 04:36:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 14:45:56 . 2012-06-02 04:36:29 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-09 15:45:52 . 2012-11-04 05:11:12 -------- d-----w- C:\Users\Isara\AppData\Roaming\Skype
    2012-10-09 15:45:49 . 2012-10-09 15:45:49 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
    2012-10-09 15:45:48 . 2012-11-04 14:35:11 -------- d-----r- C:\Program Files (x86)\Skype
    2012-10-09 15:45:44 . 2012-11-04 14:35:12 -------- d-----w- C:\ProgramData\Skype
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-11-02 00:03:50 . 2012-09-05 03:31:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-02 00:03:50 . 2012-09-05 03:31:08 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-30 22:50:30 . 2012-09-04 04:55:57 285328 ----a-w- C:\Windows\system32\aswBoot.exe
    2012-10-11 14:13:12 . 2012-09-04 16:01:00 65309168 ----a-w- C:\Windows\system32\MRT.exe
    2012-10-05 08:32:50 . 2012-10-05 08:32:50 111456 ----a-w- C:\Windows\system32\drivers\avgmfx64.sys
    2012-10-02 07:30:38 . 2012-10-02 07:30:38 185696 ----a-w- C:\Windows\system32\drivers\avgldx64.sys
    2012-09-21 07:46:04 . 2012-09-21 07:46:04 200032 ----a-w- C:\Windows\system32\drivers\avgtdia.sys
    2012-09-21 07:46:00 . 2012-09-21 07:46:00 225120 ----a-w- C:\Windows\system32\drivers\avgloga.sys
    2012-09-14 07:05:18 . 2012-09-14 07:05:18 40800 ----a-w- C:\Windows\system32\drivers\avgrkx64.sys
    2012-09-08 19:12:18 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
    2012-09-08 19:12:18 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-09-05 01:24:57 . 2012-09-05 01:24:57 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 89088 ----a-w- C:\Windows\system32\ie4uinit.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 85504 ----a-w- C:\Windows\system32\iesetup.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 82432 ----a-w- C:\Windows\system32\icardie.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 76800 ----a-w- C:\Windows\system32\tdc.ocx
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 65024 ----a-w- C:\Windows\system32\pngfilt.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 55296 ----a-w- C:\Windows\system32\msfeedsbs.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 534528 ----a-w- C:\Windows\system32\ieapfltr.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 49664 ----a-w- C:\Windows\system32\imgutil.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 48640 ----a-w- C:\Windows\system32\mshtmler.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 452608 ----a-w- C:\Windows\system32\dxtmsft.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 448512 ----a-w- C:\Windows\system32\html.iec
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 403248 ----a-w- C:\Windows\system32\iedkcs32.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 39936 ----a-w- C:\Windows\system32\iernonce.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 3695416 ----a-w- C:\Windows\system32\ieapfltr.dat
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 367104 ----a-w- C:\Windows\SysWow64\html.iec
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 30720 ----a-w- C:\Windows\system32\licmgr10.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 282112 ----a-w- C:\Windows\system32\dxtrans.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 267776 ----a-w- C:\Windows\system32\ieaksie.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 249344 ----a-w- C:\Windows\system32\webcheck.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 222208 ----a-w- C:\Windows\system32\msls31.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 197120 ----a-w- C:\Windows\system32\msrating.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 165888 ----a-w- C:\Windows\system32\iexpress.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 163840 ----a-w- C:\Windows\system32\ieakui.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 160256 ----a-w- C:\Windows\system32\wextract.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 160256 ----a-w- C:\Windows\system32\ieakeng.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 149504 ----a-w- C:\Windows\system32\occache.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 145920 ----a-w- C:\Windows\system32\iepeers.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 12288 ----a-w- C:\Windows\system32\mshta.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 114176 ----a-w- C:\Windows\system32\admparse.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 111616 ----a-w- C:\Windows\system32\iesysprep.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 10752 ----a-w- C:\Windows\system32\msfeedssync.exe
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 103936 ----a-w- C:\Windows\system32\inseng.dll
    2012-09-04 16:14:11 . 2012-09-04 16:14:11 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
    2012-09-04 15:05:03 . 2010-06-24 16:33:56 19720 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-09-04 14:39:32 . 2012-09-04 14:39:32 50296 ----a-w- C:\Windows\system32\drivers\avgfwd6a.sys
    2012-09-04 04:47:32 . 2012-09-04 04:47:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-04 04:47:32 . 2012-09-04 04:47:46 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-08-24 11:15:45 . 2012-09-22 16:01:49 17810944 ----a-w- C:\Windows\system32\mshtml.dll
    2012-08-24 10:39:42 . 2012-09-22 16:01:49 10925568 ----a-w- C:\Windows\system32\ieframe.dll
    2012-08-24 10:31:32 . 2012-09-22 16:01:55 2312704 ----a-w- C:\Windows\system32\jscript9.dll
    2012-08-24 10:22:46 . 2012-09-22 16:01:56 1346048 ----a-w- C:\Windows\system32\urlmon.dll
    2012-08-24 10:21:18 . 2012-09-22 16:01:54 1392128 ----a-w- C:\Windows\system32\wininet.dll
    2012-08-24 10:20:11 . 2012-09-22 16:01:56 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
    2012-08-24 10:18:46 . 2012-09-22 16:01:57 237056 ----a-w- C:\Windows\system32\url.dll
    2012-08-24 10:17:03 . 2012-09-22 16:01:54 85504 ----a-w- C:\Windows\system32\jsproxy.dll
    2012-08-24 10:14:45 . 2012-09-22 16:01:57 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
    2012-08-24 10:14:34 . 2012-09-22 16:01:53 816640 ----a-w- C:\Windows\system32\jscript.dll
    2012-08-24 10:13:29 . 2012-09-22 16:01:53 599040 ----a-w- C:\Windows\system32\vbscript.dll
    2012-08-24 10:12:04 . 2012-09-22 16:01:53 2144768 ----a-w- C:\Windows\system32\iertutil.dll
    2012-08-24 10:11:57 . 2012-09-22 16:01:55 729088 ----a-w- C:\Windows\system32\msfeeds.dll
    2012-08-24 10:10:14 . 2012-09-22 16:01:59 96768 ----a-w- C:\Windows\system32\mshtmled.dll
    2012-08-24 10:09:42 . 2012-09-22 16:02:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
    2012-08-24 10:04:06 . 2012-09-22 16:01:57 248320 ----a-w- C:\Windows\system32\ieui.dll
    2012-08-24 06:59:17 . 2012-09-22 16:01:54 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 . 2012-09-22 16:01:54 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 . 2012-09-22 16:01:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 . 2012-09-22 16:01:57 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 . 2012-09-22 16:01:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 . 2012-09-22 16:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 . 2012-09-12 15:04:57 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2012-08-22 18:12:40 . 2012-09-12 15:05:02 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
    2012-08-22 18:12:40 . 2012-09-12 15:04:57 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
    2012-08-22 18:12:33 . 2012-09-12 15:04:57 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 . 2012-09-26 16:42:05 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
    2012-08-21 18:01:20 . 2012-09-26 22:06:36 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 18:01:20 . 2012-09-04 16:12:16 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-21 18:01:20 . 2012-09-04 16:12:15 125872 ----a-w- C:\Windows\system32\GEARAspi64.dll
    2012-08-20 17:38:44 . 2012-10-10 14:46:54 44032 ----a-w- C:\Windows\apppatch\acwow64.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 94208 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 18:58:52 495616]
    "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 13:52:56 3671904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 04:54:20 283160]
    "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 17:53:16 113288]
    "RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 10:33:58 240112]
    "Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 15:35:34 514544]
    "Dell Registration"="C:\Program Files (x86)\System Registration\prodreg.exe" [2010-08-23 18:43:24 3926528]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848]
    "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 02:32:54 59280]
    "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 23:36:46 30040]
    "Razer Orochi Driver"="C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe" [2009-10-22 14:43:58 2548056]
    "LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 17:03:38 1996200]
    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 04:30:34 421776]
    "AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 00:00:32 3143800]

    C:\Users\Isara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 10:34:18 219632]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 17:28:36 160944]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 19:28:46 340240]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 10:33:18 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2010-10-30 00:11:42 250984]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 20:00:56 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 18:42:54 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-04 16:11:17 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-06-10 20:35:33 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]
    S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys [2012-10-15 08:48:50 63328]
    S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys [2012-09-21 07:46:00 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 08:32:50 111456]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 07:05:18 40800]
    S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 08:00:00 55856]
    S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 14:39:32 50296]
    S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 18:02:44 154464]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [2012-10-02 07:30:38 185696]
    S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [2012-09-21 07:46:04 200032]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-05 01:24:57 283200]
    S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 10:42:58 89600]
    S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 05:08:48 1340976]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 00:00:04 5814392]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 18:05:08 196664]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 16:53:28 897088]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 17:01:34 983104]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 16:15:36 499200]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 17:03:36 2369960]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 04:54:22 13336]
    S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 15:05:46 1692480]
    S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 16:13:44 3064000]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 20:00:04 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 02:04:12 2655768]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 16:09:36 885248]
    S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 17:01:20 1298496]
    S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys [2011-02-17 17:42:04 75264]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys [2011-02-17 17:42:12 174080]
    S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys [2011-02-17 17:42:06 81920]
    S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys [2010-11-04 10:07:06 58128]
    S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-15 06:13:00 327168]
    S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 00:45:00 60416]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 08:28:16 317440]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 21:50:36 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 21:50:36 181248]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 11:34:52 539240]
    S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys [2010-12-01 10:02:22 42392]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - WS2IFSL

    Contents of the 'Scheduled Tasks' folder

    2012-11-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 03:31:09 . 2012-11-02 00:03:50]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-10-18 21:52:40 97792 ----a-w- C:\Users\Isara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-01-20 08:57:34 167960]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-01-20 08:57:24 391704]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2011-01-20 08:57:28 418328]
    "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-01-25 09:57:18 525312]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-01-05 16:48:48 592240]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960]
    "IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 19:34:16 1933584]
    "BTMTrayAgent"="C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 16:53:02 10228224]
    "IntelWirelessWiMAX"="C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-02 04:24:42 1617920]

    ------- Supplementary Scan -------

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - C:\Users\Isara\AppData\Roaming\Mozilla\Firefox\Profiles\mdz7d2u9.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false

    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)


    I had somebody use my laptop earlier before the post, so I hope they didn't do any damage. Here's what it put out.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.