TechSpot

Win64 Sirefef removal!

By Norman56
Jul 10, 2012
  1. Hello,

    I'm in desperate need to remove both Sirefef.B and Sirefef.Y trojans infecting my laptop.
    My laptop is running on Windows 7 64-Bit Home Premium.
    I believe that my laptop may have contracted the trojans when I downloaded a "new" update for Adobe Flash Player, since I have read on the internet that these sirefef trojans are capable of disguising themselves as Adobe updates. Although, I'm not entirely sure if this is the case.

    Regardless of the cause, I noticed the symptoms of a sirefef trojan when my Microsoft Security Essentials disabled real-time updates. I uninstalled MSE and installed a fresh MSE, however I believe this may have worsened the infection on my laptop. I tried installing Super AntiSpyware and made it perform a full scan, however my laptop keeps displaying a pop-up telling me that the laptop will restart after one minute.I essentially have no time to perform any sort of scan since the laptop keeps restarting. I was at least able to identify the trojans through MSE's history of detected malware.


    What can I do to remove the Sirefef.B and Sirefef.Y trojans?
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply along with the FRST report above.
     
  3. Norman56

    Norman56 TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 10-07-01
    Ran by SYSTEM at 10-07-01 0:7:59
    Running from F:\
    Windows 7 Home Premium (X6) OS Language: English(US)
    The current controlset is ControlSet00
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
    HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [1950 010-10-1] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [8 010-09-17] (Trend Micro Inc.)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl6.exe -s [168 01-01-1] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [61710 011-0-1] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [7955 011-0-1] (Atheros Commnucations)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [56 010-11-9] ()
    HKLM\...\Run: [THXCfg6] C:\Windows\system\RunDLL.exe C:\Windows\system\THXCfg6.dll,RunDLLEntry THXCfg6 [5600 010-09-1] (Creative Technology Ltd.)
    HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [869008 01-01-6] (Synaptics Incorporated)
    HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [10011 01-01-6] (Synaptics Incorporated)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [171168 01-0-6] (Microsoft Corporation)
    HKLM-x\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [57 01-07-10] ()
    HKLM-x\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [0180 011-0-01] (ASUSTek Computer Inc.)
    HKLM-x\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\.0.8.161\AsusWSPanel.exe /S [717 011-0-] (ecareme)
    HKLM-x\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [0580 011-11-9] (ASUS)
    HKLM-x\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [9091 011-0-16] (Creative Technology Ltd)
    HKLM-x\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [9011 000-05-11] (Creative Technology Ltd.)
    HKLM-x\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [86 011-0-01] ()
    HKLM-x\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [58 011-0-07] ()
    HKLM-x\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\.5" [50 009-05-19] (CyberLink Corp.)
    HKLM-x\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerGo\CLMLSvc.exe" [1070 009-11-0] (CyberLink)
    HKLM-x\...\Run: [UpdatePGoShortCut] "C:\Program Files (x86)\CyberLink\PowerGo\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerGo" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerGo\6.0" [50 009-05-19] (CyberLink Corp.)
    HKLM-x\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [5696 01-01-18] (Sun Microsystems, Inc.)
    HKLM-x\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [590 01-0-0] (Apple Inc.)
    HKLM-x\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [1888 011-10-] (Apple Inc.)
    HKLM-x\...\Run: [ATKOSD] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD\ATKOSD.exe [18080 011-1-] (ASUSTek Computer Inc.)
    HKLM-x\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [1770 011-10-] (ASUS)
    HKLM-x\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 009-06-19] (ASUS)
    HKLM-x\...\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [10568 01-0-06] (ASUS)
    HKLM-x\...\Run: [FLxHCIm6] "C:\Program Files\Fresco Logic\Fresco Logic USB.0 Host Controller\amd6_host\FLxHCIm.exe" [818 01-01-15] (Windows (R) Win 7 DDK provider)
    HKLM-x\...\Run: [Wireless Console ] C:\Program Files (x86)\ASUS\Wireless Console \wcourier.exe [107 01-0-0] (ASUSTeK Computer Inc.)
    HKLM-x\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [15976 011-07-8] ()
    HKLM-x\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [176 01-0-7] (Apple Inc.)
    HKLM-x\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [96056 01-06-06] (RealNetworks, Inc.)
    HKU\Dawson\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [18 01-0-17] (Valve Corporation)
    HKU\Dawson\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17179 01-07-0] (Skype Technologies S.A.)
    HKU\Dawson\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]
    HKU\Dawson\...\Run: [Facebook Update] "C:\Users\Dawson\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [1756 01-0-17] (Facebook Inc.)
    Tcpip\Parameters: [DhcpNameServer] 09.18.7.61 09.18.7.6
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
    Startup: C:\Users\Dawson\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor .0.lnk
    ShortcutTarget: Intel(R) Turbo Boost Technology Monitor .0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
    ==================== Services (Whitelisted) ======
    ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [8051 011-11-1] (ASUS)
    AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [1180 010-07-7] ()
    Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [1800 011-0-1] (Atheros)
    AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [791 011-0-1] (Atheros Commnucations)
    ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 011-11-1] (ASUS)
    NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [91696 01-0-6] (Microsoft Corporation)
    TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [188 010-09-17] (Trend Micro Inc.)
    UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [655768 010-10-05] (Intel Corporation)
    VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [916 011-0-5] ()
    Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
    ========================== Drivers (Whitelisted) =============
    19ohci; C:\Windows\System\Drivers\19ohci.sys [9888 010-11-0] (Microsoft Corporation)
    0 ACPI; C:\Windows\System\Drivers\ACPI.sys [08 010-11-0] (Microsoft Corporation)
    AcpiPmi; C:\Windows\System\Drivers\AcpiPmi.sys [1800 010-11-0] (Microsoft Corporation)
    adp9xx; C:\Windows\System\Drivers\adp9xx.sys [91088 009-07-1] (Adaptec, Inc.)
    adpahci; C:\Windows\System\Drivers\adpahci.sys [956 009-07-1] (Adaptec, Inc.)
    adpu0; C:\Windows\System\Drivers\adpu0.sys [1886 009-07-1] (Adaptec, Inc.)
    1 AFD; C:\Windows\System\Drivers\AFD.sys [98688 011-1-7] (Microsoft Corporation)
    agp0; C:\Windows\System\Drivers\agp0.sys [61008 009-07-1] (Microsoft Corporation)
    AiCharger; C:\Windows\System\Drivers\AiCharger.sys [1715 01-01-0] (ASUSTek Computer Inc.)
    AiCharger; C:\Windows\SysWow6\Drivers\AiCharger.sys [1715 01-01-0] (ASUSTek Computer Inc.)
    amdide; C:\Windows\System\Drivers\amdide.sys [150 009-07-1] (Microsoft Corporation)
    AmdK8; C:\Windows\System\Drivers\AmdK8.sys [651 009-07-1] (Microsoft Corporation)
    AmdPPM; C:\Windows\System\Drivers\AmdPPM.sys [6098 009-07-1] (Microsoft Corporation)
    amdsata; C:\Windows\System\Drivers\amdsata.sys [10790 011-0-10] (Advanced Micro Devices)
    0 amdxata; C:\Windows\System\Drivers\amdxata.sys [7008 011-0-10] (Advanced Micro Devices)
    AppID; C:\Windows\System\Drivers\AppID.sys [610 010-11-0] (Microsoft Corporation)
    arc; C:\Windows\System\Drivers\arc.sys [876 009-07-1] (Adaptec, Inc.)
    arcsas; C:\Windows\System\Drivers\arcsas.sys [97856 009-07-1] (Adaptec, Inc.)
    ASMMAP6; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP6.sys [1516 009-07-0] (ASUS)
    AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [00 009-07-1] (Microsoft Corporation)
    0 atapi; C:\Windows\System\Drivers\atapi.sys [18 009-07-1] (Microsoft Corporation)
    AthBTPort; C:\Windows\System\DRIVERS\btath_flt.sys [6000 011-0-1] (Atheros)
    1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi6.sys [1756 011-09-07] (ASUS)
    b06bdrv; C:\Windows\system\drivers\bxvbda.sys [6880 009-06-10] (Broadcom Corporation)
    b57nd60a; C:\Windows\System\Drivers\b57nd60a.sys [7088 009-06-10] (Broadcom Corporation)
    1 Beep; C:\Windows\System\Drivers\Beep.sys [6656 009-07-1] (Microsoft Corporation)
    1 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5056 009-07-1] (Microsoft Corporation)
    bowser; C:\Windows\System\Drivers\bowser.sys [906 011-05-0] (Microsoft Corporation)
    BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 009-06-10] (Brother Industries, Ltd.)
    BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 009-06-10] (Brother Industries, Ltd.)
    Brserid; C:\Windows\System\Drivers\Brserid.sys [8670 009-07-1] (Brother Industries Ltd.)
    BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 009-06-10] (Brother Industries Ltd.)
    BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 009-06-10] (Brother Industries Ltd.)
    BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 009-06-10] (Brother Industries Ltd.)
    BTATH_ADP; C:\Windows\System\Drivers\BTATH_ADP.sys [98656 011-0-1] (Atheros)
    BTATH_BUS; C:\Windows\System\Drivers\BTATH_BUS.sys [88 011-0-1] (Atheros)
    BTATH_HCRP; C:\Windows\System\Drivers\BTATH_HCRP.sys [0176 011-0-1] (Atheros)
    BTATH_LWFLT; C:\Windows\System\Drivers\BTATH_LWFLT.sys [5556 011-0-1] (Atheros)
    BTATH_RCP; C:\Windows\System\Drivers\BTATH_RCP.sys [157 011-0-1] (Atheros)
    BtFilter; C:\Windows\System\Drivers\BtFilter.sys [80 011-0-1] (Atheros)
    BthEnum; C:\Windows\System\Drivers\BthEnum.sys [198 009-07-1] (Microsoft Corporation)
    BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [719 009-07-1] (Microsoft Corporation)
    BthPan; C:\Windows\System\Drivers\BthPan.sys [11878 009-07-1] (Microsoft Corporation)
    BTHPORT; C:\Windows\System\Drivers\BTHPORT.sys [55960 011-0-7] (Microsoft Corporation)
    BTHUSB; C:\Windows\System\Drivers\BTHUSB.sys [808 011-0-7] (Microsoft Corporation)
    cdfs; C:\Windows\System\Drivers\cdfs.sys [9160 009-07-1] (Microsoft Corporation)
    1 cdrom; C:\Windows\System\Drivers\cdrom.sys [1756 010-11-0] (Microsoft Corporation)
    circlass; C:\Windows\System\Drivers\circlass.sys [5568 009-07-1] (Microsoft Corporation)
    CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1766 009-07-1] (Microsoft Corporation)
    0 CNG; C:\Windows\System\Drivers\CNG.sys [59 011-11-16] (Microsoft Corporation)
    0 Compbatt; C:\Windows\System\Drivers\Compbatt.sys [158 009-07-1] (Microsoft Corporation)
    CompositeBus; C:\Windows\System\Drivers\CompositeBus.sys [891 010-11-0] (Microsoft Corporation)
    crcdisk; C:\Windows\System\Drivers\crcdisk.sys [1 009-07-1] (Microsoft Corporation)
    1 DfsC; C:\Windows\System\Drivers\DfsC.sys [1000 010-11-0] (Microsoft Corporation)
    1 discache; C:\Windows\System\Drivers\discache.sys [08 009-07-1] (Microsoft Corporation)
    0 Disk; C:\Windows\System\Drivers\Disk.sys [780 009-07-1] (Microsoft Corporation)
    drmkaud; C:\Windows\System\Drivers\drmkaud.sys [56 009-07-1] (Microsoft Corporation)
    DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [9891 010-11-0] (Microsoft Corporation)
    ebdrv; C:\Windows\system\drivers\evbda.sys [86016 009-06-10] (Broadcom Corporation)
    ErrDev; C:\Windows\System\Drivers\ErrDev.sys [978 009-07-1] (Microsoft Corporation)
    exfat; C:\Windows\System\Drivers\exfat.sys [19507 009-07-1] (Microsoft Corporation)
    fastfat; C:\Windows\System\Drivers\fastfat.sys [0800 009-07-1] (Microsoft Corporation)
    fdc; C:\Windows\System\Drivers\fdc.sys [9696 009-07-1] (Microsoft Corporation)
    0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [70 009-07-1] (Microsoft Corporation)
    Filetrace; C:\Windows\System\Drivers\Filetrace.sys [0 009-07-1] (Microsoft Corporation)
    flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 009-07-1] (Microsoft Corporation)
    0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [8966 010-11-0] (Microsoft Corporation)
    FLxHCIc; C:\Windows\System\Drivers\FLxHCIc.sys [1968 01-01-10] (Fresco Logic)
    FLxHCIh; C:\Windows\System\Drivers\FLxHCIh.sys [650 01-01-10] (Fresco Logic)
    FsDepends; C:\Windows\System\Drivers\FsDepends.sys [5576 009-07-1] (Microsoft Corporation)
    fssfltr; C:\Windows\System\Drivers\fssfltr.sys [888 010-09-] (Microsoft Corporation)
    0 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [08 01-0-9] (Microsoft Corporation)
    0 fvevol; C:\Windows\System\Drivers\fvevol.sys [8 010-11-0] (Microsoft Corporation)
    gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [65088 009-07-1] (Microsoft Corporation)
    HdAudAddService; C:\Windows\System\drivers\HdAudio.sys [5008 010-11-0] (Microsoft Corporation)
    HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [168 010-11-0] (Microsoft Corporation)
    HidBatt; C:\Windows\System\Drivers\HidBatt.sys [66 009-07-1] (Microsoft Corporation)
    HidBth; C:\Windows\System\Drivers\HidBth.sys [10086 009-07-1] (Microsoft Corporation)
    HidIr; C:\Windows\System\Drivers\HidIr.sys [659 009-07-1] (Microsoft Corporation)
    HidUsb; C:\Windows\System\Drivers\HidUsb.sys [008 010-11-0] (Microsoft Corporation)
    HpSAMD; C:\Windows\System\Drivers\HpSAMD.sys [7870 010-11-0] (Hewlett-Packard Company)
    HTTP; C:\Windows\System\Drivers\HTTP.sys [7566 010-11-0] (Microsoft Corporation)
    0 hwpolicy; C:\Windows\System\Drivers\hwpolicy.sys [170 010-11-0] (Microsoft Corporation)
    i80prt; C:\Windows\System\Drivers\i80prt.sys [1057 009-07-1] (Microsoft Corporation)
    0 iaStor; C:\Windows\System\Drivers\iaStor.sys [8808 010-11-05] (Intel Corporation)
    iaStorV; C:\Windows\System\Drivers\iaStorV.sys [1096 011-0-10] (Intel Corporation)
    iirsp; C:\Windows\System\Drivers\iirsp.sys [11 009-07-1] (Intel Corp./ICP vortex GmbH)
    IntcAzAudAddService; C:\Windows\System\drivers\RTKVHD6.sys [7056 01-0-06] (Realtek Semiconductor Corp.)
    intelide; C:\Windows\System\Drivers\intelide.sys [16960 009-07-1] (Microsoft Corporation)
    intelppm; C:\Windows\System\Drivers\intelppm.sys [66 009-07-1] (Microsoft Corporation)
    IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [89 010-11-0] (Microsoft Corporation)
    IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7888 010-11-0] (Microsoft Corporation)
    IPNAT; C:\Windows\System\Drivers\IPNAT.sys [116 009-07-1] (Microsoft Corporation)
    IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1790 009-07-1] (Microsoft Corporation)
    isapnp; C:\Windows\System\Drivers\isapnp.sys [05 009-07-1] (Microsoft Corporation)
    iScsiPrt; C:\Windows\system\drivers\msiscsi.sys [779 010-11-0] (Microsoft Corporation)
    kbdclass; C:\Windows\System\Drivers\kbdclass.sys [50768 009-07-1] (Microsoft Corporation)
    kbdhid; C:\Windows\System\Drivers\kbdhid.sys [80 010-11-0] (Microsoft Corporation)
    kbfiltr; C:\Windows\System\Drivers\kbfiltr.sys [1516 009-07-0] ( )
    0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [95600 011-11-16] (Microsoft Corporation)
    0 KSecPkg; C:\Windows\System\Drivers\KSecPkg.sys [15 011-11-16] (Microsoft Corporation)
    ksthunk; C:\Windows\System\Drivers\ksthunk.sys [099 009-07-1] (Microsoft Corporation)
    lltdio; C:\Windows\System\Drivers\lltdio.sys [6098 009-07-1] (Microsoft Corporation)
    LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1175 009-07-1] (LSI Corporation)
    LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [106560 009-07-1] (LSI Corporation)
    LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [65600 009-07-1] (LSI Corporation)
    LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [115776 009-07-1] (LSI Corporation)
    luafv; C:\Windows\System\Drivers\luafv.sys [1115 009-07-1] (Microsoft Corporation)
    MBfilt; C:\Windows\System\drivers\MBfilt6.sys [ 009-11-17] (Creative Technology Ltd.)
    megasas; C:\Windows\System\Drivers\megasas.sys [59 009-07-1] (LSI Corporation)
    MegaSR; C:\Windows\System\Drivers\MegaSR.sys [876 009-07-1] (LSI Corporation, Inc.)
    MEIx6; C:\Windows\System\DRIVERS\HECIx6.sys [56 010-10-19] (Intel Corporation)
    Modem; C:\Windows\System\Drivers\Modem.sys [08 009-07-1] (Microsoft Corporation)
    monitor; C:\Windows\System\Drivers\monitor.sys [008 009-07-1] (Microsoft Corporation)
    mouclass; C:\Windows\System\Drivers\mouclass.sys [916 009-07-1] (Microsoft Corporation)
    mouhid; C:\Windows\System\Drivers\mouhid.sys [1 009-07-1] (Microsoft Corporation)
    0 mountmgr; C:\Windows\System\Drivers\mountmgr.sys [959 010-11-0] (Microsoft Corporation)
    0 MpFilter; C:\Windows\System\Drivers\MpFilter.sys [0888 01-0-0] (Microsoft Corporation)
    mpio; C:\Windows\System\Drivers\mpio.sys [155008 010-11-0] (Microsoft Corporation)
    mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [771 009-07-1] (Microsoft Corporation)
    MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [10800 010-11-0] (Microsoft Corporation)
    mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15808 011-0-6] (Microsoft Corporation)
    mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [88768 011-07-08] (Microsoft Corporation)
    mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [18000 011-0-6] (Microsoft Corporation)
    0 msahci; C:\Windows\System\Drivers\msahci.sys [110 010-11-0] (Microsoft Corporation)
    msdsm; C:\Windows\System\Drivers\msdsm.sys [1067 010-11-0] (Microsoft Corporation)
    1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 009-07-1] (Microsoft Corporation)
    mshidkmdf; C:\Windows\System\Drivers\mshidkmdf.sys [819 009-07-1] (Microsoft Corporation)
    0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [15 009-07-1] (Microsoft Corporation)
    MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [1116 009-07-1] (Microsoft Corporation)
    MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [7168 009-07-1] (Microsoft Corporation)
    MSPQM; C:\Windows\System\Drivers\MSPQM.sys [678 009-07-1] (Microsoft Corporation)
    MsRPC; C:\Windows\System\Drivers\MsRPC.sys [66976 010-11-0] (Microsoft Corporation)
    1 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [0 009-07-1] (Microsoft Corporation)
    MSTEE; C:\Windows\System\Drivers\MSTEE.sys [806 009-07-1] (Microsoft Corporation)
    MTConfig; C:\Windows\System\Drivers\MTConfig.sys [1560 009-07-1] (Microsoft Corporation)
    0 Mup; C:\Windows\System\Drivers\Mup.sys [6096 009-07-1] (Microsoft Corporation)
    NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [18976 009-07-1] (Microsoft Corporation)
    0 NDIS; C:\Windows\System\Drivers\NDIS.sys [951680 010-1-9] (Microsoft Corporation)
    NdisCap; C:\Windows\System\Drivers\NdisCap.sys [58 009-07-1] (Microsoft Corporation)
    NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 009-07-1] (Microsoft Corporation)
    Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [568 010-11-0] (Microsoft Corporation)
    NdisWan; C:\Windows\System\Drivers\NdisWan.sys [165 010-11-0] (Microsoft Corporation)
    NDProxy; C:\Windows\System\Drivers\NDProxy.sys [57856 010-11-0] (Microsoft Corporation)
    1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 009-07-1] (Microsoft Corporation)
    1 NetBT; C:\Windows\System\Drivers\NetBT.sys [616 010-11-0] (Microsoft Corporation)
    NisDrv; C:\Windows\System\DRIVERS\NisDrvWFP.sys [98688 01-0-0] (Microsoft Corporation)
    1 Npfs; C:\Windows\System\Drivers\Npfs.sys [0 009-07-1] (Microsoft Corporation)
    1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [576 009-07-1] (Microsoft Corporation)
    Ntfs; C:\Windows\System\Drivers\Ntfs.sys [1659776 011-0-10] (Microsoft Corporation)
    1 Null; C:\Windows\System\Drivers\Null.sys [61 009-07-1] (Microsoft Corporation)
    NVHDA; C:\Windows\System\drivers\nvhda6v.sys [188 01-01-17] (NVIDIA Corporation)
    nvlddmkm; C:\Windows\System\Drivers\nvlddmkm.sys [1 01-0-05] (NVIDIA Corporation)
    nvraid; C:\Windows\System\Drivers\nvraid.sys [185 011-0-10] (NVIDIA Corporation)
    nvstor; C:\Windows\System\Drivers\nvstor.sys [1667 011-0-10] (NVIDIA Corporation)
    nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1960 009-07-1] (Microsoft Corporation)
    ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-07-1] (Microsoft Corporation)
    Parport; C:\Windows\System\Drivers\Parport.sys [9780 009-07-1] (Microsoft Corporation)
    0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7510 01-0-16] (Microsoft Corporation)
    0 pci; C:\Windows\System\Drivers\pci.sys [1870 010-11-0] (Microsoft Corporation)
    0 pciide; C:\Windows\System\Drivers\pciide.sys [15 009-07-1] (Microsoft Corporation)
    pcmcia; C:\Windows\System\Drivers\pcmcia.sys [075 009-07-1] (Microsoft Corporation)
    0 pcw; C:\Windows\System\Drivers\pcw.sys [50768 009-07-1] (Microsoft Corporation)
    PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [6516 009-07-1] (Microsoft Corporation)
    PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [11110 010-11-0] (Microsoft Corporation)
    Processor; C:\Windows\system\drivers\processr.sys [6016 009-07-1] (Microsoft Corporation)
    1 Psched; C:\Windows\System\DRIVERS\pacer.sys [1158 010-11-0] (Microsoft Corporation)
    QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 009-07-1] (Microsoft Corporation)
    RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 009-07-1] (Microsoft Corporation)
    RasAgileVpn; C:\Windows\System\DRIVERS\AgileVpn.sys [6016 009-07-1] (Microsoft Corporation)
    Rasltp; C:\Windows\System\Drivers\Rasltp.sys [1956 010-11-0] (Microsoft Corporation)
    RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [967 009-07-1] (Microsoft Corporation)
    RasSstp; C:\Windows\System\Drivers\RasSstp.sys [8968 009-07-1] (Microsoft Corporation)
    1 rdbss; C:\Windows\System\Drivers\rdbss.sys [098 010-11-0] (Microsoft Corporation)
    rdpbus; C:\Windows\System\Drivers\rdpbus.sys [06 009-07-1] (Microsoft Corporation)
    1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7680 009-07-1] (Microsoft Corporation)
    1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7680 009-07-1] (Microsoft Corporation)
    1 RDPREFMP; C:\Windows\System\Drivers\RDPREFMP.sys [819 009-07-1] (Microsoft Corporation)
    RDPWD; C:\Windows\System\Drivers\RDPWD.sys [109 01-0-7] (Microsoft Corporation)
    0 rdyboost; C:\Windows\System\Drivers\rdyboost.sys [1888 010-11-0] (Microsoft Corporation)
    RFCOMM; C:\Windows\System\Drivers\RFCOMM.sys [15870 009-07-1] (Microsoft Corporation)
    rspndr; C:\Windows\System\Drivers\rspndr.sys [76800 009-07-1] (Microsoft Corporation)
    RSUSBVSTOR; C:\Windows\System\Drivers\RtsUVStor.sys [9090 010-08-0] (Realtek Semiconductor Corp.)
    RTL8167; C:\Windows\System\DRIVERS\Rt6win7.sys [711 011-0-1] (Realtek )
    sbpport; C:\Windows\System\Drivers\sbpport.sys [10808 010-11-0] (Microsoft Corporation)
    scfilter; C:\Windows\System\Drivers\scfilter.sys [9696 010-11-0] (Microsoft Corporation)
    Serenum; C:\Windows\System\Drivers\Serenum.sys [55 009-07-1] (Microsoft Corporation)
    Serial; C:\Windows\System\Drivers\Serial.sys [908 009-07-1] (Microsoft Corporation)
    sermouse; C:\Windows\System\Drivers\sermouse.sys [66 009-07-1] (Microsoft Corporation)
    sffdisk; C:\Windows\System\Drivers\sffdisk.sys [16 009-07-1] (Microsoft Corporation)
    sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [18 009-07-1] (Microsoft Corporation)
    sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [16 010-11-0] (Microsoft Corporation)
    sfloppy; C:\Windows\System\Drivers\sfloppy.sys [16896 009-07-1] (Microsoft Corporation)
    Smb; C:\Windows\System\Drivers\Smb.sys [918 009-07-1] (Microsoft Corporation)
    SmbDrv; C:\Windows\System\DRIVERS\Smb_driver.sys [800 01-01-6] (Synaptics Incorporated)
    0 spldr; C:\Windows\System\Drivers\spldr.sys [19008 009-07-1] (Microsoft Corporation)
    srv; C:\Windows\System\Drivers\srv.sys [6756 011-0-8] (Microsoft Corporation)
    srv; C:\Windows\System\Drivers\srv.sys [1011 011-0-8] (Microsoft Corporation)
    srvnet; C:\Windows\System\Drivers\srvnet.sys [1688 011-0-8] (Microsoft Corporation)
    swenum; C:\Windows\System\Drivers\swenum.sys [196 009-07-1] (Microsoft Corporation)
    0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [19180 01-0-0] (Microsoft Corporation)
    TCPIP6; C:\Windows\System\DRIVERS\tcpip.sys [19180 01-0-0] (Microsoft Corporation)
    tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [5056 010-11-0] (Microsoft Corporation)
    TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [1587 009-07-1] (Microsoft Corporation)
    TDTCP; C:\Windows\System\Drivers\TDTCP.sys [55 01-0-16] (Microsoft Corporation)
    1 tdx; C:\Windows\System\Drivers\tdx.sys [11996 010-11-0] (Microsoft Corporation)
    1 TermDD; C:\Windows\System\Drivers\TermDD.sys [660 010-11-0] (Microsoft Corporation)
    tmactmon; C:\Windows\System\Drivers\tmactmon.sys [9070 010-09-17] (Trend Micro Inc.)
    tmcomm; C:\Windows\System\Drivers\tmcomm.sys [16 010-09-17] (Trend Micro Inc.)
    tmevtmgr; C:\Windows\System\Drivers\tmevtmgr.sys [6766 010-09-17] (Trend Micro Inc.)
    1 tmtdi; C:\Windows\System\Drivers\tmtdi.sys [10555 010-09-17] (Trend Micro Inc.)
    tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [9 010-11-0] (Microsoft Corporation)
    TsUsbFlt; C:\Windows\System\Drivers\TsUsbFlt.sys [599 010-11-0] (Microsoft Corporation)
    TsUsbGD; C:\Windows\System\Drivers\TsUsbGD.sys [1 010-11-0] (Microsoft Corporation)
    tunnel; C:\Windows\System\Drivers\tunnel.sys [150 010-11-0] (Microsoft Corporation)
    TurboB; C:\Windows\System\Drivers\TurboB.sys [1610 010-11-9] (Intel(R) Corporation)
    uagp5; C:\Windows\System\Drivers\uagp5.sys [6080 009-07-1] (Microsoft Corporation)
    udfs; C:\Windows\System\Drivers\udfs.sys [819 010-11-0] (Microsoft Corporation)
    uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [659 009-07-1] (Microsoft Corporation)
    umbus; C:\Windows\System\Drivers\umbus.sys [860 010-11-0] (Microsoft Corporation)
    UmPass; C:\Windows\System\Drivers\UmPass.sys [978 009-07-1] (Microsoft Corporation)
    USBAAPL6; C:\Windows\System\Drivers\USBAAPL6.sys [576 01-0-15] (Apple, Inc.)
    usbccgp; C:\Windows\System\Drivers\usbccgp.sys [98816 011-0-] (Microsoft Corporation)
    usbcir; C:\Windows\System\Drivers\usbcir.sys [1005 009-07-1] (Microsoft Corporation)
    usbehci; C:\Windows\System\Drivers\usbehci.sys [576 011-0-] (Microsoft Corporation)
    usbhub; C:\Windows\System\Drivers\usbhub.sys [00 011-0-] (Microsoft Corporation)
    usbohci; C:\Windows\System\Drivers\usbohci.sys [5600 011-0-] (Microsoft Corporation)
    usbprint; C:\Windows\System\Drivers\usbprint.sys [5088 009-07-1] (Microsoft Corporation)
    USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [9168 011-0-10] (Microsoft Corporation)
    usbuhci; C:\Windows\System\Drivers\usbuhci.sys [070 011-0-] (Microsoft Corporation)
    usbvideo; C:\Windows\System\Drivers\usbvideo.sys [18960 010-11-0] (Microsoft Corporation)
    0 vdrvroot; C:\Windows\System\Drivers\vdrvroot.sys [6 009-07-1] (Microsoft Corporation)
    vga; C:\Windows\System\Drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
    1 VgaSave; C:\Windows\System\drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
    vhdmp; C:\Windows\System\Drivers\vhdmp.sys [1596 010-11-0] (Microsoft Corporation)
    0 volmgr; C:\Windows\System\Drivers\volmgr.sys [7155 010-11-0] (Microsoft Corporation)
    0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [69 010-11-0] (Microsoft Corporation)
    vwifibus; C:\Windows\System\Drivers\vwifibus.sys [576 009-07-1] (Microsoft Corporation)
    1 vwififlt; C:\Windows\System\Drivers\vwififlt.sys [5990 009-07-1] (Microsoft Corporation)
    WacomPen; C:\Windows\System\Drivers\WacomPen.sys [7776 009-07-1] (Microsoft Corporation)
    WANARP; C:\Windows\System\Drivers\WANARP.sys [88576 010-11-0] (Microsoft Corporation)
    1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [88576 010-11-0] (Microsoft Corporation)
    Wd; C:\Windows\System\Drivers\Wd.sys [1056 009-07-1] (Microsoft Corporation)
    0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [6598 009-07-1] (Microsoft Corporation)
    1 WfpLwf; C:\Windows\System\Drivers\WfpLwf.sys [1800 009-07-1] (Microsoft Corporation)
    WimFltr; C:\Windows\System\Drivers\WimFltr.sys [15168 008-05-] (Microsoft Corporation)
    WIMMount; C:\Windows\System\Drivers\WIMMount.sys [096 009-07-1] (Microsoft Corporation)
    WIMMount; C:\Windows\SysWow6\Drivers\WIMMount.sys [19008 009-07-1] (Microsoft Corporation)
    WinUsb; C:\Windows\System\Drivers\WinUsb.sys [198 010-11-0] (Microsoft Corporation)
    wsifsl; C:\Windows\System\Drivers\wsifsl.sys [150 009-07-1] (Microsoft Corporation)
    WudfPf; C:\Windows\System\Drivers\WudfPf.sys [1118 010-11-0] (Microsoft Corporation)
    WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [175 010-11-0] (Microsoft Corporation)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    01-07-10 05:56 - 01-07-10 10:17 - 00000000 ____D C:\Windows\18F97AF0F889AFE5A570E1CC.TMP
    01-07-10 05:56 - 01-07-10 05:59 - 00000000 ____D C:\shldr
    01-07-10 05:56 - 01-07-10 05:56 - 00000000 ____D C:\Program Files\Enigma Software Group
    01-07-10 05:18 - 01-07-10 05:19 - 161696 ____A (Microsoft Corporation) C:\Users\Dawson\Downloads\mseinstall.exe
    01-07-09 0: - 01-07-09 0:5 - 08700 ____A C:\Users\Dawson\Downloads\ARMA_OA_Build_9.zip
    01-07-09 0:19 - 01-07-09 0:0 - 00000000 ____D C:\Users\Dawson\AppData\Roaming\six-updater
    01-07-09 0:19 - 01-07-09 0:19 - 00000000 ____D C:\Users\Dawson\AppData\Roaming\six-zsync
    01-07-09 0:18 - 01-07-10 10:17 - 00000000 ____D C:\Users\Dawson\AppData\Local\Downloaded Installations
    01-07-09 0:18 - 01-07-09 0:18 - 00000000 ____D C:\Program Files (x86)\SIX Projects
    01-07-09 0:17 - 01-07-09 0:17 - 1687089 ____A (Oleg N. Scherbakov) C:\Users\Dawson\Downloads\Six Updater v.9.7pre1 setup.exe
    01-07-09 19:7 - 01-07-10 10:16 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
    01-07-09 19:7 - 01-07-09 0:6 - 00000000 ____D C:\Users\Dawson\AppData\Local\ArmA OA
    01-07-09 19:5 - 01-07-10 10:17 - 00000000 ____D C:\Users\Dawson\Documents\ArmA
    01-07-09 19:5 - 01-07-09 19:5 - 00000000 ____D C:\Users\Dawson\AppData\Local\ArmA
    01-07-09 19: - 01-07-09 19: - 0001055 ____A C:\Users\Dawson\Downloads\latest().torrent
    01-07-09 19:1 - 01-07-09 19:1 - 0001055 ____A C:\Users\Dawson\Downloads\latest(1).torrent
    01-07-09 17: - 01-07-09 17: - 00000000 __SHD C:\Windows\SysWOW6\%APPDATA%
    01-07-09 16:51 - 01-07-09 16:51 - 000001 ____A C:\Users\Dawson\Desktop\ARMA .url
    01-07-09 16:51 - 01-07-09 16:51 - 000001 ____A C:\Users\Dawson\Desktop\ARMA Operation Arrowhead.url
    01-07-09 16:9 - 01-07-09 16:9 - 00000000 ____D C:\Users\Dawson\Downloads\DayZ-1.7.
    01-07-09 16:8 - 01-07-09 16:8 - 0001055 ____A C:\Users\Dawson\Downloads\latest.torrent
    01-07-09 06: - 01-07-09 06: - 0000018 ____A C:\Users\Dawson\Desktop\Callback info.txt
    01-07-05 0:8 - 01-07-05 0:8 - 00000000 ____D C:\Users\Dawson\Documents\Spartan
    01-07-0 10:5 - 01-07-0 10:0 - 00000000 ____D C:\Users\Dawson\Documents\Endless Space
    01-07-0 08:05 - 01-07-0 08:05 - 00000 ____A C:\Users\Dawson\Desktop\Endless Space.url
    01-07-0 0:0 - 01-07-0 0:0 - 00000000 ____D C:\Users\Dawson\AppData\Local\Micro_Systemation_AB
    01-07-0 19:0 - 01-07-0 19:0 - 71890 ____A (George Zhu and AViegas ) C:\Users\Dawson\Downloads\iLibertySetup_1..0.11.exe
    01-07-0 16:9 - 01-07-0 16:0 - 610806 ____A (FlashCrest Software ) C:\Users\Dawson\Downloads\demo_undelete.exe
     
  4. Norman56

    Norman56 TS Rookie Topic Starter

    01-06-6 19:55 - 01-06-6 19:56 - 00000000 ____D C:\Users\Dawson\AppData\Local\{F56F0D-EA6-A0D-8BE6-197F9C98}
    01-06-5 05:6 - 01-06-5 05:6 - 0000099 ____A C:\Users\Public\Desktop\µTorrent.lnk
    01-06-5 05:6 - 01-06-5 05:6 - 00000000 ____D C:\Program Files (x86)\uTorrent
    01-06-5 05:5 - 01-07-10 10:17 - 00000000 ____D C:\Users\Dawson\AppData\Roaming\uTorrent
    01-06-5 05: - 01-06-5 05: - 010180 ____A (BitTorrent, Inc.) C:\Users\Dawson\Downloads\uTorrent.exe
    01-06-0 1:51 - 01-06-0 1:51 - 00000 ____A C:\Users\Dawson\Desktop\Splice.url
    01-06-18 18:11 - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
    01-06-18 18:11 - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
    01-06-18 18:11 - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
    01-06-18 18:11 - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-18 18:11 - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-18 18:11 - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
    01-06-18 18:11 - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
    01-06-18 18:11 - 01-06-0 11:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
    01-06-18 18:11 - 01-06-0 11:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
    01-06-1 0:6 - 01-06-1 0:6 - 00000000 ____D C:\Users\Dawson\AppData\Local\Macromedia
    01-06-1 :00 - 01-05-17 18:7 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
    01-06-1 :00 - 01-05-17 18:16 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
    01-06-1 :00 - 01-05-17 18:06 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
    01-06-1 :00 - 01-05-17 17:59 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
    01-06-1 :00 - 01-05-17 17:59 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
    01-06-1 :00 - 01-05-17 17:58 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
    01-06-1 :00 - 01-05-17 17:58 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
    01-06-1 :00 - 01-05-17 17:56 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
    01-06-1 :00 - 01-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
    01-06-1 :00 - 01-05-17 17:55 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
    01-06-1 :00 - 01-05-17 17:5 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
    01-06-1 :00 - 01-05-17 17:51 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
    01-06-1 :00 - 01-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
    01-06-1 :00 - 01-05-17 17:7 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
    01-06-1 :00 - 01-05-17 15:11 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
    01-06-1 :00 - 01-05-17 1:8 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
    01-06-1 :00 - 01-05-17 1:5 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
    01-06-1 :00 - 01-05-17 1:6 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
    01-06-1 :00 - 01-05-17 1:5 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
    01-06-1 :00 - 01-05-17 1:5 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
    01-06-1 :00 - 01-05-17 1: - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
    01-06-1 :00 - 01-05-17 1:1 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
    01-06-1 :00 - 01-05-17 1:9 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
    01-06-1 :00 - 01-05-17 1:9 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
    01-06-1 :00 - 01-05-17 1:7 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
    01-06-1 :00 - 01-05-17 1:5 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
    01-06-1 :00 - 01-05-17 1: - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
    01-06-1 :00 - 01-05-17 1:0 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
    01-06-1 17: - 01-05-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
    01-06-1 17: - 01-05-0 0:06 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
    01-06-1 17: - 01-05-0 0:0 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
    01-06-1 17: - 01-05-0 0:0 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
    01-06-1 17: - 01-0-0 1:0 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
    01-06-1 17: - 01-0-7 19:55 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
    01-06-1 17: - 01-0-5 1:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
    01-06-1 17: - 01-0-5 1:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
    01-06-1 17: - 01-0-5 1: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
    01-06-1 17: - 01-0- 1:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
    01-06-1 17: - 01-0- 1:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
    01-06-1 17: - 01-0- 1:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
    01-06-1 17: - 01-0- 0:6 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
    01-06-1 17: - 01-0- 0:6 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
    01-06-1 17: - 01-0- 0:6 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
    01-06-1 17: - 01-0-07 0:1 - 0168 ____A (Microsoft Corporation) C:\Windows\System\msi.dll
    01-06-1 17: - 01-0-07 0:6 - 000 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msi.dll

    ============ Months Modified Files ========================
    01-07-10 16: - 01-0-9 :5 - 000009 ____A C:\Users\Dawson\AppData\Roaming\sp_data.sys
    01-07-10 16: - 009-07-1 1:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    01-07-10 16: - 009-07-1 0:51 - 0007996 ____A C:\Windows\setupact.log
    01-07-10 06:5 - 009-07-1 0:5 - 0000990 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-1.C7856-A89-9d-8115-6016D005A0
    01-07-10 06:5 - 009-07-1 0:5 - 0000990 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-0.C7856-A89-9d-8115-6016D005A0
    01-07-10 05:19 - 01-07-10 05:18 - 161696 ____A (Microsoft Corporation) C:\Users\Dawson\Downloads\mseinstall.exe
    01-07-09 0:5 - 01-07-09 0: - 08700 ____A C:\Users\Dawson\Downloads\ARMA_OA_Build_9.zip
    01-07-09 0:18 - 011-11-9 05:0 - 011709 ____A C:\Windows\WindowsUpdate.log
    01-07-09 0:17 - 01-07-09 0:17 - 1687089 ____A (Oleg N. Scherbakov) C:\Users\Dawson\Downloads\Six Updater v.9.7pre1 setup.exe
    01-07-09 19:7 - 011-0-01 0:8 - 005588 ____A C:\Windows\DirectX.log
    01-07-09 19: - 01-0-17 19:8 - 000009 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-1-171660768-111786877-1168580-1000UA.job
    01-07-09 19: - 01-0-17 19:8 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-1-171660768-111786877-1168580-1000Core.job
    01-07-09 19: - 01-07-09 19: - 0001055 ____A C:\Users\Dawson\Downloads\latest().torrent
    01-07-09 19:1 - 01-07-09 19:1 - 0001055 ____A C:\Users\Dawson\Downloads\latest(1).torrent
    01-07-09 17:1 - 01-0-9 :9 - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
    01-07-09 17:1 - 01-0-16 09:58 - 00070 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerCPLApp.cpl
    01-07-09 16:51 - 01-07-09 16:51 - 000001 ____A C:\Users\Dawson\Desktop\ARMA .url
    01-07-09 16:51 - 01-07-09 16:51 - 000001 ____A C:\Users\Dawson\Desktop\ARMA Operation Arrowhead.url
    01-07-09 16:9 - 009-07-1 1:1 - 0081890 ____A C:\Windows\System\PerfStringBackup.INI
    01-07-09 16:8 - 01-07-09 16:8 - 0001055 ____A C:\Users\Dawson\Downloads\latest.torrent
    01-07-09 06: - 01-07-09 06: - 0000018 ____A C:\Users\Dawson\Desktop\Callback info.txt
    01-07-0 08:05 - 01-07-0 08:05 - 00000 ____A C:\Users\Dawson\Desktop\Endless Space.url
    01-07-0 19:0 - 01-07-0 19:0 - 71890 ____A (George Zhu and AViegas ) C:\Users\Dawson\Downloads\iLibertySetup_1..0.11.exe
    01-07-0 16:0 - 01-07-0 16:9 - 610806 ____A (FlashCrest Software ) C:\Users\Dawson\Downloads\demo_undelete.exe
    01-06-5 05:6 - 01-06-5 05:6 - 0000099 ____A C:\Users\Public\Desktop\µTorrent.lnk
    01-06-5 05: - 01-06-5 05: - 010180 ____A (BitTorrent, Inc.) C:\Users\Dawson\Downloads\uTorrent.exe
    01-06-0 1:51 - 01-06-0 1:51 - 00000 ____A C:\Users\Dawson\Desktop\Splice.url
    01-06-1 : - 009-07-1 0:5 - 0000 ____A C:\Windows\System\FNTCACHE.DAT
    01-06-1 :0 - 01-05-01 06:6 - 589578 ____A (Microsoft Corporation) C:\Windows\System\MRT.exe
    01-06-1 19:08 - 01-0-08 1:0 - 00001 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
    01-06-06 :8 - 01-06-06 :8 - 0000106 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    01-06-06 :8 - 01-0-1 :6 - 007896 ____A (Progressive Networks) C:\Windows\SysWOW6\pncrt.dll
    01-06-06 :8 - 01-0-1 :6 - 001988 ____A (RealNetworks, Inc.) C:\Windows\SysWOW6\rmoc60.dll
    01-06-06 :8 - 01-0-1 :6 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW6\pndx5016.dll
    01-06-06 :8 - 01-0-1 :6 - 000056 ____A (RealNetworks, Inc.) C:\Windows\SysWOW6\pndx50.dll
    01-06-06 :7 - 01-0-1 :6 - 009971 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msvcp71.dll
    01-06-06 :7 - 01-0-1 :6 - 008160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msvcr71.dll
    01-06-0 1:19 - 01-06-18 18:11 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
    01-06-0 1:19 - 01-06-18 18:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
    01-06-0 1:19 - 01-06-18 18:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
    01-06-0 1:19 - 01-06-18 18:11 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-0 1:19 - 01-06-18 18:11 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-0 1:15 - 01-06-18 18:11 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
    01-06-0 1:15 - 01-06-18 18:11 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
    01-06-0 11:19 - 01-06-18 18:11 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
    01-06-0 11:15 - 01-06-18 18:11 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
    01-06-01 16: - 01-06-01 16:9 - 169197 ____A C:\Users\Dawson\Downloads\Banjo-Kazooie (USA).zip
    01-05-1 1:5 - 01-05-1 1:7 - 156067 ____A C:\Users\Dawson\Downloads\StarForge_V0.1.zip
    01-05-0 18:00 - 011-0-01 0:17 - 0010 ____A C:\Windows\PFRO.log
    01-05-9 0:05 - 01-05-9 0:05 - 010188 ____A C:\Users\Dawson\Downloads\SkyBlock.1.zip
    01-05-6 18:55 - 01-05-6 18:5 - 1616 ____A (NVIDIA Corporation) C:\Users\Dawson\Downloads\01.-notebook-win7-winvista-6bit-international-whql.exe
    01-05-5 18:8 - 01-05-5 18:8 - 0000000 ___SH C:\Users\UpdatusUser\ntuser.ini
    01-05- 05:01 - 01-05- 05:01 - 017 ____A (Macroplant, LLC ) C:\Users\Dawson\Downloads\iExplorer_Setup.exe
    01-05-17 18:7 - 01-06-1 :00 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
    01-05-17 18:16 - 01-06-1 :00 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
    01-05-17 18:06 - 01-06-1 :00 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
    01-05-17 17:59 - 01-06-1 :00 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
    01-05-17 17:59 - 01-06-1 :00 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
    01-05-17 17:58 - 01-06-1 :00 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
    01-05-17 17:58 - 01-06-1 :00 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
    01-05-17 17:56 - 01-06-1 :00 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
    01-05-17 17:55 - 01-06-1 :00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
    01-05-17 17:55 - 01-06-1 :00 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
    01-05-17 17:5 - 01-06-1 :00 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
    01-05-17 17:51 - 01-06-1 :00 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
    01-05-17 17:51 - 01-06-1 :00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
    01-05-17 17:7 - 01-06-1 :00 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
    01-05-17 15:11 - 01-06-1 :00 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
    01-05-17 1:8 - 01-06-1 :00 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
    01-05-17 1:5 - 01-06-1 :00 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
    01-05-17 1:6 - 01-06-1 :00 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
    01-05-17 1:5 - 01-06-1 :00 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
    01-05-17 1:5 - 01-06-1 :00 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
    01-05-17 1: - 01-06-1 :00 - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
    01-05-17 1:1 - 01-06-1 :00 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
    01-05-17 1:9 - 01-06-1 :00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
    01-05-17 1:9 - 01-06-1 :00 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
    01-05-17 1:7 - 01-06-1 :00 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
    01-05-17 1:5 - 01-06-1 :00 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
    01-05-17 1: - 01-06-1 :00 - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
    01-05-17 1:0 - 01-06-1 :00 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
    01-05-15 16: - 01-05-15 16: - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    01-05-1 1:15 - 01-05-1 0:55 - 00001195 ____A C:\Users\Public\Desktop\Diablo III.lnk
    01-05-1 0:5 - 01-05-1 0:5 - 000106 ____A C:\Users\Dawson\Documents\Uninstall STAR WARS The Old Republic.log
    01-05-1 17: - 01-06-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
    01-05-09 1:10 - 01-05-09 1:09 - 09156 ____A C:\Users\Dawson\Downloads\pokemonsnap.zip
    01-05-09 1:06 - 01-05-09 1:06 - 0599 ____A C:\Users\Dawson\Downloads\Bomberman 6.zip
    01-05-09 0:57 - 01-05-09 0:56 - 158510 ____A C:\Users\Dawson\Downloads\Super Smash Bros..zip
    01-05-09 0:55 - 01-05-09 0:5 - 1067856 ____A C:\Users\Dawson\Downloads\Star Fox 6(1).zip
    01-05-09 0:5 - 01-05-09 0:51 - 1067856 ____A C:\Users\Dawson\Downloads\Star Fox 6.zip
    01-05-09 0: - 01-05-09 0:1 - 09699096 ____A C:\Users\Dawson\Downloads\Yoshi's Story.zip
    01-05-09 0:1 - 01-05-09 0:0 - 0676900 ____A C:\Users\Dawson\Downloads\Super Mario 6.zip
    01-05-09 0:6 - 01-05-09 0: - 6598570 ____A C:\Users\Dawson\Downloads\Zelda - Ocarina of Time.zip
    01-05-09 0:5 - 01-05-09 0:5 - 0080797 ____A (Project6 ) C:\Users\Dawson\Desktop\setupProject61.6.exe
    01-05-09 0: - 01-05-09 0: - 00016 ____A (Softonic) C:\Users\Dawson\Downloads\SoftonicDownloader_for_project6.exe
    01-05-0 0:06 - 01-06-1 17: - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
    01-05-0 0:0 - 01-06-1 17: - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
    01-05-0 0:0 - 01-06-1 17: - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
    01-05-0 1:01 - 01-0-16 08:1 - 0008619 ____A C:\Users\Dawson\AppData\Local\GDIPFONTCACHEV1.DAT
    01-0-0 1:0 - 01-06-1 17: - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
    01-0-9 1:9 - 01-0-9 1:9 - 000001 ____A C:\Users\Dawson\Desktop\Mount & Blade Warband.url
    01-0-9 05:5 - 01-0-16 09:5 - 008990 ____A C:\Windows\SysWOW6\PerfStringBackup.INI
    01-0-9 05:5 - 01-0-16 09:5 - 0000195 ____A C:\Windows\epplauncher.mif
    01-0-7 0:55 - 01-0-7 18:1 - 168 ____A (ArenaNet) C:\Users\Dawson\Desktop\Gw.exe
    01-0-7 0:9 - 01-0-7 18:5 - 816708 ____A C:\Users\Dawson\Downloads\Gw.dat
    01-0-7 0:8 - 01-0-7 0:8 - 00000000 ____A C:\Users\Dawson\Downloads\chrome.log
    01-0-7 19:55 - 01-06-1 17: - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
    01-0-7 18:5 - 01-0-7 18:5 - 00000000 ____A C:\Users\Dawson\Downloads\Gw.tmp
    01-0-7 06:56 - 01-0-7 06:56 - 0078561 ____A C:\Users\Dawson\Downloads\Minecraft.exe
    01-0-5 1:1 - 01-06-1 17: - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
    01-0-5 1:1 - 01-06-1 17: - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
    01-0-5 1: - 01-06-1 17: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
    01-0- 1:7 - 01-06-1 17: - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
    01-0- 1:7 - 01-06-1 17: - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
    01-0- 1:7 - 01-06-1 17: - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
    01-0- 0:6 - 01-06-1 17: - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
    01-0- 0:6 - 01-06-1 17: - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
    01-0- 0:6 - 01-06-1 17: - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
    01-0-0 18:07 - 01-0-0 17:5 - 61090 ____A (Blizzard Entertainment) C:\Users\Dawson\Downloads\Diablo-III-Beta-enUS-Setup.exe
    01-0-17 1:9 - 01-0-17 1:8 - 1597776 ____A C:\Users\Dawson\Downloads\LogMeIn.msi
    01-0-17 0:11 - 01-0-17 0:11 - 0096 ____A (Skype Technologies S.A.) C:\Users\Dawson\Downloads\SkypeSetup.exe
    01-0-17 19:8 - 01-0-17 19:8 - 00950 ____A (Facebook Inc.) C:\Users\Dawson\Downloads\FacebookVideoCallSetup_v1..0.0.exe
    01-0-1 0:58 - 01-0-1 0:58 - 06810 ____A C:\Users\Dawson\Downloads\CRAZYJAKEY.psd
    01-0-1 0:0 - 01-0-1 0:0 - 00001 ____A C:\Users\Public\Desktop\Adobe Photoshop CS5.lnk
    01-0-1 0:15 - 01-0-1 0:15 - 660571 ____A (Foroozani Software) C:\Users\Dawson\Downloads\Adobe Photoshop CS5.exe
    01-0-1 1:56 - 01-0-1 1:56 - 000058 ____A C:\Users\Dawson\AppData\Local\DCBCA71-70D8-DAN-EHR8-E0D61DEAFDF.ini
    01-0-1 17:6 - 01-0-1 17:6 - 0067 ____A C:\Users\Dawson\Downloads\Factions_1.6.7.zip
    01-0-1 17: - 01-0-1 17: - 00001061 ____A C:\Users\Dawson\Desktop\Notepad++.lnk
    01-0-1 17:1 - 01-0-1 17:0 - 05778 ____A C:\Users\Dawson\Downloads\npp.6.1.Installer.exe

    ZeroAccess:
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\L
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\n
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\L\0000000.@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\L\1afbd56
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\L\01ddde
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U\0000000.@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U\00000008.@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U\000000cb.@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U\80000000.@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U\800000.@
    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568}\U\8000006.@
    ZeroAccess:
    C:\Users\Dawson\AppData\Local\{ceb88-e76-cf-e757-eec8d5568}
    C:\Users\Dawson\AppData\Local\{ceb88-e76-cf-e757-eec8d5568}\@
    C:\Users\Dawson\AppData\Local\{ceb88-e76-cf-e757-eec8d5568}\L
    C:\Users\Dawson\AppData\Local\{ceb88-e76-cf-e757-eec8d5568}\U
    ZeroAccess:
    C:\Windows\assembly\GAC_\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_6\Desktop.ini
    ========================= Known DLLs (Whitelisted) ============
    [009-07-1 16:00] - [009-07-1 17:0] - 06077 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
    [009-07-1 15:] - [009-07-1 17:15] - 050 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 08691 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
    [011-0-18 11:9] - [010-11-0 0:0] - 111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
    [009-07-1 16:1] - [009-07-1 17:0] - 0877056 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
    [011-0-18 11:9] - [010-11-0 0:18] - 06051 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
    [011-0-18 11:9] - [010-11-0 05:6] - 059 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
    [011-0-18 11:9] - [010-11-0 0:18] - 085888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
    [011-0-18 11:9] - [010-11-0 05:6] - 00968 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
    [011-0-18 11:9] - [010-11-0 0:08] - 01196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
    [01-06-1 :00] - [01-05-17 17:5] - 1768 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
    [01-06-1 :00] - [01-05-17 1:7] - 1790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
    [01-0-1 06:6] - [01-0-9 :] - 008108 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
    [01-0-1 06:6] - [01-0-9 1:] - 0159 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
    [009-07-1 15:8] - [009-07-1 17:1] - 0167 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
    [011-0-18 11:9] - [010-11-0 0:08] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
    [01-0-17 10:1] - [011-07-15 1:7] - 11675 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
    [01-0-17 10:1] - [011-07-15 0:] - 11111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
    [009-07-1 15:8] - [009-07-1 17:1] - 00198 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
    [009-07-1 15:5] - [009-07-1 17:11] - 005600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
    [009-07-1 15:0] - [009-07-1 17:1] - 1067008 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
    [009-07-1 15:8] - [009-07-1 17:15] - 08898 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
    [01-0-17 10:1] - [011-1-16 00:6] - 06880 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
    [01-0-17 10:1] - [011-1-15 :5] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
    [009-07-1 15:6] - [009-07-1 17:1] - 000560 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
    [009-07-1 15:15] - [009-07-1 17:09] - 00008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
    [009-07-1 15:1] - [009-07-1 17:1] - 0018 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
    [009-07-1 15:1] - [009-07-1 17:16] - 000870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
    [01-0-17 10:1] - [011-08-6 1:7] - 0861696 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
    [01-0-17 10:1] - [011-08-6 0:6] - 057190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
    [009-07-1 15:6] - [009-07-1 17:1] - 000916 ____A (Microsoft Corporation) C:\Windows\System\PSAPI.dll
    [009-07-1 15:15] - [009-07-1 17:16] - 00061 ____A (Microsoft Corporation) C:\Windows\SysWOW6\PSAPI.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 11958 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
    [011-0-18 11:9] - [010-11-0 0:08] - 06600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
    [009-07-1 15:0] - [009-07-1 17:1] - 01166 ____A (Microsoft Corporation) C:\Windows\System\sechost.dll
    [009-07-1 15:11] - [009-07-1 17:16] - 009160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\sechost.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 19005 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
    [011-0-18 11:9] - [010-11-0 0:1] - 166758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
    [01-0-17 10:15] - [01-01-0 0:] - 11767 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
    [01-0-17 10:15] - [01-01-0 00:59] - 18770 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 0851 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
    [011-0-18 11:9] - [010-11-0 0:1] - 05008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
    [01-06-1 :00] - [01-05-17 17:59] - 1608 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
    [01-06-1 :00] - [01-05-17 1:6] - 11087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 100818 ____A (Microsoft Corporation) C:\Windows\System\user.dll
    [011-0-18 11:9] - [010-11-0 0:08] - 080 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 080056 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
    [011-0-18 11:9] - [010-11-0 0:1] - 066176 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
    [01-06-1 :00] - [01-05-17 17:59] - 1918 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
    [01-06-1 :00] - [01-05-17 1:5] - 1197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 018 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
    [011-0-18 11:9] - [010-11-0 0:1] - 0698 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
    [011-0-18 11:9] - [010-11-0 05:7] - 09798 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
    [011-0-18 11:9] - [010-11-0 0:1] - 00688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
    [009-07-1 15:7] - [009-07-1 17:0] - 0500 ____A (Microsoft Corporation) C:\Windows\System\DifxApi.dll
    [009-07-1 15:16] - [009-07-1 17:15] - 01590 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DifxApi.dll
    ========================= Bamital & volsnap Check ============
    C:\Windows\System\winlogon.exe => MD5 is legit
    C:\Windows\System\wininit.exe => MD5 is legit
    C:\Windows\SysWOW6\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW6\explorer.exe => MD5 is legit
    C:\Windows\System\svchost.exe => MD5 is legit
    C:\Windows\SysWOW6\svchost.exe => MD5 is legit
    C:\Windows\System\services.exe 01A9CB951E7C010761DF76BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System\User.dll => MD5 is legit
    C:\Windows\SysWOW6\User.dll => MD5 is legit
    C:\Windows\System\userinit.exe => MD5 is legit
    C:\Windows\SysWOW6\userinit.exe => MD5 is legit
    C:\Windows\System\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 8%
    Total physical RAM: 12265.16 MB
    Available physical RAM: 11271.94 MB
    Total Pagefile: 12263.31 MB
    Available Pagefile: 11267.02 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:3.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:240.71 GB) NTFS
    3 Drive e: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF
    4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 960 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 25 GB 1024 KB
    Partition 2 Primary 186 GB 25 GB
    Partition 3 Primary 254 GB 211 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 186 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DATA NTFS Partition 254 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 960 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 960 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-06-27 21:49
    ======================= End Of Log ==========================
     
  5. Norman56

    Norman56 TS Rookie Topic Starter

    Those first two are the entire FRST log, next will be the search log
     
  6. Norman56

    Norman56 TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 10-07-2012
    Ran by SYSTEM at 2012-07-10 20:58:18
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  8. Norman56

    Norman56 TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
    Ran by SYSTEM at 2012-07-11 08:10:52 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{ceb88-e76-cf-e757-eec8d5568} not found.
    C:\Users\Dawson\AppData\Local\{ceb88-e76-cf-e757-eec8d5568} not found.
    C:\Windows\assembly\GAC_\Desktop.ini not found.
    C:\Windows\assembly\GAC_6\Desktop.ini not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  9. Norman56

    Norman56 TS Rookie Topic Starter

    Well my firewall still won't turn on, and my internet connection is being a little off. It was telling me that my computer couldn't get internet connection from my home router for a bit, and when I turned the hotspot on my phone on it was telling me that settings saved on this computer for the network do not meet the requirements for the network. This is odd because just before I *****ically clicked yes on the "Adobe Update" that started this nonsense it was working fine as a wireless network.
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay, we'll get that solved eventually. Let's move on to the next tool to use in the cleaning, please:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  11. Norman56

    Norman56 TS Rookie Topic Starter

    ComboFix 12-07-11.03 - Dawson 07/11/2012 21:04:09.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.10135 [GMT -4:00]
    Running from: c:\users\Dawson\Desktop\svchost.exe.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\AsPatch10430001.exe
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L\00000004.@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L\1afb2d56
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L\201d3dde
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\n
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000004.@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000008.@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\000000cb.@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\80000000.@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\80000032.@
    c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\80000064.@
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-11 04:47 . 2012-07-11 04:47 -------- d-----w- C:\FRST
    2012-07-10 13:56 . 2012-07-10 13:59 -------- d-----w- C:\sh4ldr
    2012-07-10 13:56 . 2012-07-10 13:56 -------- d-----w- c:\program files\Enigma Software Group
    2012-07-10 13:56 . 2012-07-10 18:17 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-10 13:56 . 2012-07-10 18:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-07-10 04:19 . 2012-07-10 04:20 -------- d-----w- c:\users\Dawson\AppData\Roaming\six-updater
    2012-07-10 04:19 . 2012-07-10 04:19 -------- d-----w- c:\users\Dawson\AppData\Roaming\six-zsync
    2012-07-10 04:18 . 2012-07-10 04:18 -------- d-----w- c:\program files (x86)\SIX Projects
    2012-07-10 04:18 . 2012-07-10 18:17 -------- d-----w- c:\users\Dawson\AppData\Local\Downloaded Installations
    2012-07-10 03:47 . 2012-07-10 04:36 -------- d-----w- c:\users\Dawson\AppData\Local\ArmA 2 OA
    2012-07-10 03:47 . 2012-07-10 18:16 -------- d-----w- c:\program files (x86)\Bohemia Interactive
    2012-07-10 03:45 . 2012-07-10 03:45 -------- d-----w- c:\users\Dawson\AppData\Local\ArmA 2
    2012-07-10 01:23 . 2012-07-10 01:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-10 00:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D02EF2DF-4751-438D-8888-7488618974A1}\mpengine.dll
    2012-07-08 21:19 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-04 04:02 . 2012-07-04 04:02 -------- d-----w- c:\users\Dawson\AppData\Local\Micro_Systemation_AB
    2012-07-04 00:36 . 2012-02-16 17:56 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EF761C-5EED-4B14-A3DF-92D559897DE6}\gapaengine.dll
    2012-06-25 13:46 . 2012-06-25 13:46 -------- d-----w- c:\program files (x86)\uTorrent
    2012-06-25 13:45 . 2012-07-10 18:17 -------- d-----w- c:\users\Dawson\AppData\Roaming\uTorrent
    2012-06-22 12:54 . 2012-06-22 12:54 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-22 12:54 . 2012-06-22 12:54 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-19 02:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 02:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 02:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 02:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 02:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 02:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 02:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 02:11 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 02:11 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 12:46 . 2012-06-14 12:46 -------- d-----w- c:\users\Dawson\AppData\Local\Macromedia
    2012-06-14 01:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 21:51 . 2012-02-16 17:56 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 00:52 . 2012-03-30 07:35 439 ----a-w- c:\users\Dawson\AppData\Roaming\sp_data.sys
    2012-07-10 01:14 . 2012-03-30 07:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-10 01:14 . 2012-02-16 17:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-07 07:37 . 2012-03-15 06:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-06-07 07:37 . 2012-03-15 06:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-05-10 04:36 . 2012-05-10 04:36 40960 ----a-r- c:\users\Dawson\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-05-10 04:36 . 2012-05-10 04:36 40960 ----a-r- c:\users\Dawson\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-17 1242448]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
    "Facebook Update"="c:\users\Dawson\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-18 137536]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-11-29 3058304]
    "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-04-01 84464]
    "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568]
    "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-01-15 48128]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-07 296056]
    .
    c:\users\Dawson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-29 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-29 79360]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
    S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-05 2458944]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-04 382272]
    S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-01-10 219648]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-01-10 65024]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716607468-1131786877-3116285480-1000Core.job
    - c:\users\Dawson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 03:38]
    .
    2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716607468-1131786877-3116285480-1000UA.job
    - c:\users\Dawson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 03:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Dawson\AppData\Roaming\Mozilla\Firefox\Profiles\85qhl9hu.default\
    FF - prefs.js: browser.startup.homepage - googl.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
    SafeBoot-MsMpSvc
    Toolbar-Locked - (no file)
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
    AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - c:\program files (x86)\Bohemia Interactive\ArmAExpansion\BattlEye\UnInstallBE.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-11 21:18:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-12 01:18
    .
    Pre-Run: 2,940,657,664 bytes free
    Post-Run: 4,723,331,072 bytes free
    .
    - - End Of File - - BF12437C2F79EFC4B699A88890BC1694
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    aswMBR

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  13. Norman56

    Norman56 TS Rookie Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-13 08:17:42
    -----------------------------
    08:17:42.335 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:17:42.335 Number of processors: 8 586 0x2A07
    08:17:42.335 ComputerName: DAWSON-PC UserName: Dawson
    08:17:43.135 Initialize success
    08:18:07.146 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    08:18:07.161 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    08:18:07.161 Disk 0 MBR read successfully
    08:18:07.161 Disk 0 MBR scan
    08:18:07.161 Disk 0 Windows 7 default MBR code
    08:18:07.177 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
    08:18:07.192 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
    08:18:07.192 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443140096
    08:18:07.239 Disk 0 scanning C:\Windows\system32\drivers
    08:18:13.037 Service scanning
    08:18:45.471 Modules scanning
    08:18:45.471 Disk 0 trace - called modules:
    08:18:45.486 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    08:18:45.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a805790]
    08:18:45.486 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800a230b20]
    08:18:45.502 5 ACPI.sys[fffff88000ec27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a26d050]
    08:18:45.502 Scan finished successfully
    08:19:30.486 Disk 0 MBR has been saved successfully to "C:\Users\Dawson\Desktop\MBR.dat"
    08:19:30.496 The log file has been saved successfully to "C:\Users\Dawson\Desktop\aswMBR.txt"
     
  14. Norman56

    Norman56 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.13.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dawson :: DAWSON-PC [administrator]

    7/13/2012 8:21:55 AM
    mbam-log-2012-07-13 (08-21-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231707
    Time elapsed: 1 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Dawson\Downloads\SoftonicDownloader_for_project64.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

    (end)
     
  15. Norman56

    Norman56 TS Rookie Topic Starter

    Also had some windows critical updates that auto-updated when I restarted it from mbam, no idea of it's relevance.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  17. Norman56

    Norman56 TS Rookie Topic Starter

    My MSE isn't running. It has that X with the red background on it and when I open it up it's telling me the real time protection is off, and that it's service has stopped. It doesn't allow me to click on anything other than the start now option, not even the other tabs. I'm hesitant to click on it just in case it is just another virus or something along those lines. And I'm not sure if I understood whether it being on or off was something of note but I have two svchost.exe's running according to my task manager.
     
  18. Norman56

    Norman56 TS Rookie Topic Starter

    When I go to my control panel and try and turn on MSE from there it gives me an error message reading "This service does not exist as an installed service"
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  20. Norman56

    Norman56 TS Rookie Topic Starter

    Upon reinstalling MSE and doing a quick scan, about 15 varying versions of sirefef were found and quarantined..
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    We need to show hidden files/folders
    • Right Click Start
    • Select Explore
    • Select Organize
    • Select Folder and Search Options
    • Select the View tab
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide extensions for known file types option.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click yes to confirm that you really want to do this.
    • Click Apply
    • Click OK

    Please find the latest log from Microsoft Security Essentials, and upload it here: C:\ProgramData\Microsoft\Microsoft Antimalware\Support

    Let me know if you have any trouble.
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...