Inactive Sirefef.b affecting Services.exe

F

Fr33m4s0n

Posts: 10   +0
I have FEP2010 installed, it detected SIREFEF.B has affected services.exe
While attempting to clean it using FEP2010, Windows advises it needs to shutdown.
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.10.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paul :: DAKESPC [administrator]
Protection: Enabled
10/07/2012 5:05:46 PM
mbam-log-2012-07-10 (17-05-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230098
Time elapsed: 2 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-10 17:17:42
Windows 6.1.7601 Service Pack 1
Running: qwepz61z.exe

---- Files - GMER 1.0.15 ----
File C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\LX2T87HE.txt 0 bytes
File C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Z3WQCDNM.txt 0 bytes
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paul at 17:19:49 on 2012-07-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8126.6238 [GMT 8:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.47\npchrome_frame.dll
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.empired.com/CACHE/stc/2/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C856C38-FB42-4CBE-B3FA-B9047A5E1FEF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79908AE1-04D7-472A-8067-C4371104BEF6} : DhcpNameServer = 198.142.0.51 61.88.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.47\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.47\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe [2008-6-27 605976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-4 427192]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-10 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-30 1262400]
.
=============== Created Last 30 ================
.
2012-07-10 09:03:40 328704 ----a-w- C:\Windows\System32\services.exe.A61724CFD5A8E355
2012-07-10 09:00:45 -------- d-----w- C:\Users\Paul\AppData\Roaming\Malwarebytes
2012-07-10 09:00:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-10 09:00:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-10 09:00:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 08:49:29 328704 ----a-w- C:\Windows\System32\services.exe.CB33D352F8801EE5
2012-07-10 08:46:36 328704 ----a-w- C:\Windows\System32\services.exe.499499393379264B
2012-07-10 08:33:40 328704 ----a-w- C:\Windows\System32\services.exe.60B726C27681222D
2012-07-10 08:20:17 328704 ----a-w- C:\Windows\System32\services.exe.4A5DFD09C35113B3
2012-07-10 08:17:00 328704 ----a-w- C:\Windows\System32\services.exe.29D21262F278C3DF
2012-07-10 08:16:29 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46EBE986-2AC4-4CE0-9BDD-62CDCFFE1CDF}\offreg.dll
2012-07-10 08:11:19 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{334B4517-DD82-4A01-8F1D-285EEF9CC44A}\gapaengine.dll
2012-07-10 08:11:15 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46EBE986-2AC4-4CE0-9BDD-62CDCFFE1CDF}\mpengine.dll
2012-07-10 08:08:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-10 08:08:32 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-10 07:24:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-10 07:24:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-10 05:33:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-02 11:13:19 -------- d-----w- C:\Users\Paul\AppData\Local\SIX_Projects
2012-06-30 15:40:03 -------- d-----r- C:\Program Files (x86)\Skype
2012-06-30 12:22:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-06-30 12:22:00 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-06-30 12:22:00 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-06-30 12:22:00 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-06-30 12:22:00 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-06-30 12:22:00 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-06-30 12:22:00 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-06-30 12:22:00 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-06-30 12:22:00 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-06-30 12:22:00 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-06-30 12:21:59 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-06-30 12:21:59 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-06-30 12:21:15 -------- d-----w- C:\NVIDIA
2012-06-30 11:56:47 -------- d-----w- C:\Program Files (x86)\EVGA Precision
2012-06-30 04:59:42 -------- d-----w- C:\Users\Paul\AppData\Roaming\six-updater
2012-06-30 04:59:41 -------- d-----w- C:\Users\Paul\AppData\Roaming\six-zsync
2012-06-30 04:59:05 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-06-30 04:58:42 -------- d-----w- C:\Users\Paul\AppData\Local\Downloaded Installations
2012-06-30 04:45:24 -------- d-----w- C:\Users\Paul\AppData\Local\ArmA 2 OA
2012-06-30 04:41:50 -------- d-----w- C:\Users\Paul\AppData\Local\ArmA 2
2012-06-30 04:40:59 506728 ----a-w- C:\Windows\System32\d3dx10_34.dll
2012-06-27 13:51:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-21 13:17:51 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 13:17:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 13:17:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 13:17:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 07:04:23 -------- d-----w- C:\Users\Paul\AppData\Roaming\Woeb
.
==================== Find3M ====================
.
2012-05-25 00:06:22 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-25 00:06:22 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-25 00:06:22 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-15 10:48:00 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48:00 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-15 10:48:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 10:48:00 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-05-15 10:48:00 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-05-15 10:48:00 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-05-15 10:48:00 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-15 10:48:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-14 18:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 17:20:24.52 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/01/2006 1:15:21 AM
System Uptime: 10/07/2012 5:05:00 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DP965LT
Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz | J1PR | 1862/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 36.223 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 23.44 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_514D8086&REV_02\3&2B8E0B4B&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_514D8086&REV_02\3&2B8E0B4B&0&18
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP97: 4/07/2012 11:28:13 AM - Windows Update
RP98: 4/07/2012 6:27:21 PM - Windows Update
RP99: 8/07/2012 11:51:34 AM - Windows Update
RP100: 10/07/2012 2:14:56 PM - Installed Microsoft Fix it 50123
RP101: 10/07/2012 2:16:01 PM - Restore Operation
RP102: 10/07/2012 2:33:27 PM - Removed Windows Mobile 5.0 SDK R2 for Pocket PC
RP103: 10/07/2012 2:33:58 PM - Removed Windows Mobile 5.0 SDK R2 for Smartphone
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.0
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
µTorrent
Avidemux 2.5
BattlEye for OA Uninstall
BattlEye Uninstall
Cisco AnyConnect VPN Client
Cisco Packet Tracer 5.3
Cool MP3 Splitter 2.02
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EASEUS Data Recovery Wizard Professional 4.3.6
EPSON Scan
EVGA Precision 2.0.1
Flash Movie Player 1.5
Google Chrome Frame
Google Earth Plug-in
Google Update Helper
HandBrake 0.9.6
Heroes of Newerth
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
Java Auto Updater
Java(TM) 6 Update 30
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Maxtor MaxBlast
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Team System 2008 Development Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
NavDesk 7.30
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PDF Settings CS5
QuickTime
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Six Updater
Skype™ 5.10
Spybot - Search & Destroy
Steam
Subtitle Edit 3.2.7
TreeSize Free V2.7
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
VC Runtimes MSI
Visual CertExam Suite 1.9
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
9/07/2012 8:15:18 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
7/07/2012 1:33:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/07/2012 7:16:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/07/2012 5:05:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/07/2012 5:05:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/07/2012 5:05:17 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/07/2012 5:05:15 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
10/07/2012 4:07:49 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
10/07/2012 4:07:28 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/07/2012 4:07:27 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/07/2012 2:18:11 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/07/2012 2:18:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/07/2012 12:24:01 PM, Error: Schannel [36888] - The following fatal alert was generated: 48. The internal error state is 552.
10/07/2012 12:24:01 PM, Error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
10/07/2012 1:10:04 PM, Error: Service Control Manager [7031] - The Microsoft Network Inspection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Download Farbar Recovery Scan Tool and save it to a flash drive.0

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
Additional Scan Using FRST

Please also search...

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

FRST2.gif


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
Ran by SYSTEM at 10-07-2012 20:24:51
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-29] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey [5164120 2012-05-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0
relog_ap
==================== Services (Whitelisted) ======
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-24] (LogMeIn, Inc.)
4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-24] (LogMeIn, Inc.)
4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-15] (LogMeIn, Inc.)
2 MaxSch2Svc; "C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe" [605976 2008-06-27] (Maxtor)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2010-11-10] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29293408 2010-12-10] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-06] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [282616 2010-11-10] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
========================== Drivers (Whitelisted) =============
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-15] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-15] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-15] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-03] (Malwarebytes Corporation)
3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [446304 2010-04-06] (Ralink Technology, Corp.)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2012-03-19] (Acronis)
0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2012-03-19] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2012-03-19] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2012-03-19] (Acronis)
3 VSPerfDrv90; \??\C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [71024 2007-09-04] (Microsoft Corporation)
4 LMIRfsClientNP; [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-10 04:19 - 2012-07-10 20:24 - 00000000 ____D C:\FRST
2012-07-10 04:17 - 2012-07-10 04:17 - 01434401 ____A (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2012-07-10 01:17 - 2012-07-10 01:17 - 00000370 ____A C:\Users\Paul\Desktop\gmer.log
2012-07-10 01:10 - 2012-07-10 01:10 - 00302592 ____A C:\Users\Paul\Downloads\qwepz61z.exe
2012-07-10 01:03 - 2012-07-10 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A61724CFD5A8E355
2012-07-10 01:00 - 2012-07-10 01:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-10 01:00 - 2012-07-10 01:00 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes
2012-07-10 01:00 - 2012-07-10 01:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-10 01:00 - 2012-07-10 01:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 01:00 - 2012-04-03 23:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-10 00:59 - 2012-07-10 01:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-10 00:49 - 2012-07-10 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB33D352F8801EE5
2012-07-10 00:46 - 2012-07-10 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.499499393379264B
2012-07-10 00:33 - 2012-07-10 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60B726C27681222D
2012-07-10 00:20 - 2012-07-10 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5DFD09C35113B3
2012-07-10 00:17 - 2012-07-10 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D21262F278C3DF
2012-07-10 00:08 - 2012-07-10 00:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-10 00:08 - 2012-07-10 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-09 23:28 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120710-152822.backup
2012-07-09 23:25 - 2012-07-09 23:25 - 00001262 ____A C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
2012-07-09 23:24 - 2012-07-09 23:59 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-09 23:24 - 2012-07-09 23:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-09 22:33 - 2012-07-09 22:33 - 00008201 ____A C:\Users\Paul\Documents\Uninstall STAR WARS The Old Republic.log
2012-07-09 22:26 - 2012-07-10 02:08 - 00007640 ____A C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2012-07-09 22:20 - 2012-07-09 22:20 - 00000036 ____A C:\Users\Paul\AppData\Local\housecall.guid.cache
2012-07-09 21:33 - 2012-07-09 21:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-05 23:22 - 2012-07-05 23:22 - 00563099 ____A C:\Users\Paul\Desktop\MCP Monthly Service Delivery Report June 2012 server .docm
2012-07-02 03:13 - 2012-07-02 03:13 - 00000000 ____D C:\Users\Paul\AppData\Local\SIX_Projects
2012-06-30 07:40 - 2012-07-09 22:19 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2012-06-30 07:40 - 2012-07-09 22:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-30 07:40 - 2012-06-30 07:40 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-30 07:39 - 2012-07-09 03:11 - 00000000 ____D C:\Users\All Users\Skype
2012-06-30 04:22 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-30 04:22 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-06-30 04:22 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-06-30 04:21 - 2012-06-30 04:21 - 00000000 ____D C:\NVIDIA
2012-06-30 04:21 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-30 04:21 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-06-30 04:15 - 2012-07-10 01:05 - 00000840 ____A C:\Windows\setupact.log
2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____A C:\Windows\setuperr.log
2012-06-30 03:56 - 2012-06-30 04:02 - 00000000 ____D C:\Program Files (x86)\EVGA Precision
2012-06-30 03:56 - 2012-06-30 03:56 - 00001078 ____A C:\Users\Paul\Desktop\EVGA Precision.lnk
2012-06-29 20:59 - 2012-07-09 03:11 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-06-29 20:59 - 2012-07-09 03:11 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-06-29 20:59 - 2012-07-02 03:13 - 00000000 ____D C:\Users\Paul\AppData\Roaming\six-updater
2012-06-29 20:59 - 2012-06-29 20:59 - 00000000 ____D C:\Users\Paul\AppData\Roaming\six-zsync
2012-06-29 20:59 - 2012-06-29 20:59 - 00000000 ____D C:\Program Files (x86)\SIX Projects
2012-06-29 20:58 - 2012-07-09 22:17 - 00000000 ____D C:\Users\Paul\AppData\Local\Downloaded Installations
2012-06-29 20:45 - 2012-07-10 01:33 - 00000000 ____D C:\Users\Paul\AppData\Local\ArmA 2 OA
2012-06-29 20:43 - 2010-02-03 18:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-06-29 20:43 - 2010-02-03 18:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-06-29 20:43 - 2009-09-04 01:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-06-29 20:43 - 2009-09-04 01:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2012-06-29 20:43 - 2009-09-04 01:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-06-29 20:43 - 2009-09-04 01:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-06-29 20:43 - 2009-09-04 01:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-06-29 20:43 - 2009-09-04 01:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-06-29 20:43 - 2009-09-04 01:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-06-29 20:43 - 2008-10-26 18:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-06-29 20:43 - 2008-07-30 18:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-06-29 20:43 - 2008-07-30 18:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-06-29 20:43 - 2008-07-30 18:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-06-29 20:43 - 2008-07-30 18:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-06-29 20:43 - 2008-07-30 18:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-06-29 20:43 - 2008-07-30 18:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-06-29 20:41 - 2012-07-09 22:17 - 00000000 ____D C:\Users\Paul\Documents\ArmA 2
2012-06-29 20:41 - 2012-06-29 20:42 - 00000000 ____D C:\Users\Paul\AppData\Local\ArmA 2
2012-06-29 20:41 - 2009-03-15 22:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-06-29 20:41 - 2009-03-15 22:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-06-29 20:41 - 2009-03-15 22:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-06-29 20:41 - 2009-03-15 22:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-06-29 20:41 - 2009-03-15 22:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-06-29 20:41 - 2009-03-15 22:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-06-29 20:41 - 2009-03-08 23:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-06-29 20:41 - 2009-03-08 23:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-06-29 20:41 - 2009-03-08 23:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-06-29 20:41 - 2009-03-08 23:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-06-29 20:41 - 2008-10-14 14:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-06-29 20:41 - 2008-10-14 14:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-06-29 20:41 - 2008-10-14 14:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-06-29 20:41 - 2008-10-14 14:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-06-29 20:41 - 2008-10-14 14:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-06-29 20:41 - 2008-10-14 14:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-06-29 20:41 - 2008-07-09 19:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-06-29 20:41 - 2008-07-09 19:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-06-29 20:41 - 2008-07-09 19:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-06-29 20:41 - 2008-07-09 19:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-06-29 20:41 - 2008-07-09 19:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-06-29 20:41 - 2008-07-09 19:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-06-29 20:41 - 2008-05-29 22:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-06-29 20:41 - 2008-05-29 22:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-06-29 20:41 - 2008-05-29 22:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-06-29 20:41 - 2008-05-29 22:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-06-29 20:41 - 2008-05-29 22:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-06-29 20:41 - 2008-05-29 22:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-06-29 20:41 - 2008-05-29 22:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-06-29 20:41 - 2008-05-29 22:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-06-29 20:41 - 2008-05-29 22:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-06-29 20:41 - 2008-05-29 22:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-06-29 20:41 - 2008-05-29 22:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-06-29 20:41 - 2008-05-29 22:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-06-29 20:41 - 2008-03-05 00:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-06-29 20:41 - 2008-03-05 00:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-06-29 20:41 - 2008-03-05 00:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-06-29 20:41 - 2008-03-05 00:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-06-29 20:41 - 2008-03-05 00:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-06-29 20:41 - 2008-03-05 00:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-06-29 20:41 - 2008-03-04 23:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-06-29 20:41 - 2008-03-04 23:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-06-29 20:41 - 2008-03-04 23:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-06-29 20:41 - 2008-03-04 23:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-06-29 20:41 - 2008-02-05 07:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-06-29 20:41 - 2008-02-05 07:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-06-29 20:41 - 2007-10-21 11:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-06-29 20:41 - 2007-10-21 11:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-06-29 20:41 - 2007-10-11 23:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-06-29 20:41 - 2007-10-11 23:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-06-29 20:41 - 2007-10-11 23:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-06-29 20:41 - 2007-10-11 23:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-06-29 20:41 - 2007-10-01 17:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-06-29 20:41 - 2007-10-01 17:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-06-29 20:41 - 2007-07-19 08:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-06-29 20:41 - 2007-07-19 08:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-06-29 20:41 - 2007-07-19 02:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-06-29 20:41 - 2007-07-19 02:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-06-29 20:41 - 2007-07-19 02:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-06-29 20:41 - 2007-07-19 02:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-06-29 20:41 - 2007-07-19 02:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-06-29 20:41 - 2007-07-19 02:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-06-29 20:40 - 2012-06-29 20:43 - 00027446 ____A C:\Windows\DirectX.log
2012-06-29 20:40 - 2007-10-21 11:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-06-29 20:40 - 2007-10-21 11:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-06-29 20:40 - 2007-06-20 04:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-06-29 20:40 - 2007-06-20 04:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-06-29 20:40 - 2007-05-16 00:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-06-29 20:40 - 2007-05-16 00:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-06-29 20:40 - 2007-05-16 00:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-06-29 20:40 - 2007-05-16 00:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-06-29 20:40 - 2007-05-16 00:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-06-29 20:40 - 2007-05-16 00:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-06-29 20:40 - 2007-04-04 02:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-06-29 20:40 - 2007-04-04 02:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-06-29 20:40 - 2007-04-04 02:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-06-29 20:40 - 2007-03-15 00:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-06-29 20:40 - 2007-03-15 00:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-06-29 20:40 - 2007-03-12 00:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-06-29 20:40 - 2007-03-12 00:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-06-29 20:40 - 2007-03-12 00:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-06-29 20:40 - 2007-03-12 00:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-06-29 20:40 - 2007-03-04 20:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-06-29 20:40 - 2007-03-04 20:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-06-29 20:40 - 2007-01-23 23:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-06-29 20:40 - 2007-01-23 23:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-06-29 20:40 - 2006-12-07 20:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-06-29 20:40 - 2006-12-07 20:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-06-29 20:40 - 2006-11-28 21:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-06-29 20:40 - 2006-11-28 21:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-06-29 20:40 - 2006-11-28 21:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-06-29 20:40 - 2006-11-28 21:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-06-29 20:40 - 2006-09-28 00:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-06-29 20:40 - 2006-09-28 00:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-06-29 20:40 - 2006-09-28 00:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-06-29 20:40 - 2006-09-28 00:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-06-29 20:40 - 2006-07-27 17:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-06-29 20:40 - 2006-07-27 17:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-06-29 20:40 - 2006-07-27 17:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-06-29 20:40 - 2006-07-27 17:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-06-29 20:40 - 2006-05-30 15:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-06-29 20:40 - 2006-05-30 15:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-06-29 20:40 - 2006-03-30 20:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-06-29 20:40 - 2006-03-30 20:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-06-29 20:40 - 2006-03-30 20:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-06-29 20:40 - 2006-03-30 20:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-06-29 20:40 - 2006-03-30 20:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-06-29 20:40 - 2006-03-30 20:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-06-29 20:40 - 2006-02-02 16:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-06-29 20:40 - 2006-02-02 16:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-06-29 20:40 - 2006-02-02 16:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-06-29 20:40 - 2006-02-02 16:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-06-29 20:40 - 2006-02-02 16:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-06-29 20:40 - 2006-02-02 16:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-06-29 20:40 - 2005-12-05 02:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-06-29 20:40 - 2005-12-05 02:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-06-29 20:40 - 2005-07-22 03:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-06-29 20:40 - 2005-07-22 03:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-06-29 20:40 - 2005-05-25 23:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-06-29 20:40 - 2005-05-25 23:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-06-29 20:40 - 2005-03-18 01:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-06-29 20:40 - 2005-03-18 01:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-06-29 20:40 - 2005-02-05 03:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-06-29 20:40 - 2005-02-05 03:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2.url
2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2 Operation Arrowhead.url
2012-06-27 05:51 - 2012-06-27 05:51 - 00000137 ____A C:\Users\Paul\Desktop\blah.txt
2012-06-27 05:51 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 05:51 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 05:51 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-27 05:51 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 05:51 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 05:51 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-27 05:51 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 05:51 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 05:51 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-27 05:51 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-27 05:51 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 05:51 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 05:51 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 05:51 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 05:51 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 05:51 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 05:51 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-27 05:51 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 05:51 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-27 05:51 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 05:51 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 05:51 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 05:51 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-27 05:51 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-27 05:51 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 05:51 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 05:51 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-27 05:51 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 05:50 - 2012-06-27 05:50 - 00000038 ____A C:\Users\Paul\Desktop\game.txt
2012-06-25 17:10 - 2012-06-25 17:10 - 00284672 ____A C:\Users\Paul\Downloads\5_Rue_Sesame_(Assorted_Episodes).exe
2012-06-25 07:51 - 2012-06-25 07:51 - 00306300 ____A C:\Users\Paul\Desktop\ZoomHack.zip
2012-06-21 05:17 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 05:17 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 05:17 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 05:17 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 05:17 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 05:17 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 05:17 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 05:17 - 2012-06-01 23:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 05:17 - 2012-06-01 23:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 03:19 - 2012-06-18 03:20 - 00000000 ____D C:\Users\Paul\Desktop\Round 7 Diet
2012-06-17 22:35 - 2012-06-17 22:35 - 00000000 ___SD C:\32788R22FWJFW
2012-06-17 22:33 - 2012-06-17 22:33 - 00000000 ____D C:\Windows\erdnt
2012-06-17 22:33 - 2012-06-17 22:33 - 00000000 ____D C:\Qoobox
2012-06-17 22:05 - 2010-12-01 01:11 - 00000000 ____D C:\Users\Paul\Desktop\client
2012-06-17 06:00 - 2012-06-17 06:36 - 00002214 ____A C:\Users\Paul\Desktop\subtitles.txt
2012-06-13 23:04 - 2012-06-16 02:05 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Woeb
2012-06-13 13:52 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 13:52 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 13:52 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 13:52 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 13:52 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 13:52 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 13:52 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 13:52 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 13:52 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 13:52 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 13:52 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 13:52 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 13:52 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 13:52 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 13:52 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 13:52 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 13:52 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-10 04:43 - 2007-10-31 17:21 - 13320739 ____A C:\Users\Paul\Desktop\ccent16.wmv
2012-06-10 04:43 - 2007-10-31 17:21 - 09666447 ____A C:\Users\Paul\Desktop\ccent15.wmv
2012-06-10 04:43 - 2007-10-31 17:21 - 05713979 ____A C:\Users\Paul\Desktop\ccent14.wmv
============ 3 Months Modified Files ========================
2012-07-10 04:22 - 2005-12-31 09:17 - 01888471 ____A C:\Windows\WindowsUpdate.log
2012-07-10 04:20 - 2009-07-13 21:13 - 00801024 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-10 04:17 - 2012-07-10 04:17 - 01434401 ____A (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2012-07-10 03:53 - 2012-01-20 06:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-10 02:08 - 2012-07-09 22:26 - 00007640 ____A C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2012-07-10 01:17 - 2012-07-10 01:17 - 00000370 ____A C:\Users\Paul\Desktop\gmer.log
2012-07-10 01:12 - 2009-07-13 20:45 - 00022432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-10 01:12 - 2009-07-13 20:45 - 00022432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-10 01:10 - 2012-07-10 01:10 - 00302592 ____A C:\Users\Paul\Downloads\qwepz61z.exe
2012-07-10 01:05 - 2012-06-30 04:15 - 00000840 ____A C:\Windows\setupact.log
2012-07-10 01:05 - 2012-01-20 06:32 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-10 01:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-10 01:03 - 2012-07-10 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A61724CFD5A8E355
2012-07-10 01:00 - 2012-07-10 01:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-10 01:00 - 2012-07-10 00:59 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-10 00:49 - 2012-07-10 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB33D352F8801EE5
2012-07-10 00:46 - 2012-07-10 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.499499393379264B
2012-07-10 00:33 - 2012-07-10 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60B726C27681222D
2012-07-10 00:20 - 2012-07-10 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5DFD09C35113B3
2012-07-10 00:17 - 2012-07-10 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D21262F278C3DF
2012-07-10 00:08 - 2005-12-31 09:24 - 00806426 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-10 00:08 - 2005-12-31 09:24 - 00109280 ____A C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-10 00:08 - 2005-12-31 09:24 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-10 00:07 - 2010-11-20 19:47 - 00015044 ____A C:\Windows\PFRO.log
2012-07-10 00:07 - 2009-07-13 20:45 - 04969944 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-09 23:25 - 2012-07-09 23:25 - 00001262 ____A C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
2012-07-09 22:33 - 2012-07-09 22:33 - 00008201 ____A C:\Users\Paul\Documents\Uninstall STAR WARS The Old Republic.log
2012-07-09 22:20 - 2012-07-09 22:20 - 00000036 ____A C:\Users\Paul\AppData\Local\housecall.guid.cache
2012-07-09 21:43 - 2012-01-10 02:58 - 00002004 ___AH C:\Users\Paul\Documents\Default.rdp
2012-07-09 03:11 - 2012-06-29 20:59 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-07-09 03:11 - 2012-06-29 20:59 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-07-05 23:22 - 2012-07-05 23:22 - 00563099 ____A C:\Users\Paul\Desktop\MCP Monthly Service Delivery Report June 2012 server .docm
2012-06-30 07:40 - 2012-06-30 07:40 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____A C:\Windows\setuperr.log
2012-06-30 03:56 - 2012-06-30 03:56 - 00001078 ____A C:\Users\Paul\Desktop\EVGA Precision.lnk
2012-06-29 20:43 - 2012-06-29 20:40 - 00027446 ____A C:\Windows\DirectX.log
2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2.url
2012-06-29 11:53 - 2012-06-29 11:53 - 00000221 ____A C:\Users\Paul\Desktop\ARMA 2 Operation Arrowhead.url
2012-06-27 05:54 - 2012-01-06 00:12 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-27 05:51 - 2012-06-27 05:51 - 00000137 ____A C:\Users\Paul\Desktop\blah.txt
2012-06-27 05:50 - 2012-06-27 05:50 - 00000038 ____A C:\Users\Paul\Desktop\game.txt
2012-06-25 17:10 - 2012-06-25 17:10 - 00284672 ____A C:\Users\Paul\Downloads\5_Rue_Sesame_(Assorted_Episodes).exe
2012-06-25 07:51 - 2012-06-25 07:51 - 00306300 ____A C:\Users\Paul\Desktop\ZoomHack.zip
2012-06-25 07:51 - 2012-05-11 04:41 - 00305692 ____A C:\Users\Paul\Desktop\ZoomHack.rar
2012-06-17 06:36 - 2012-06-17 06:00 - 00002214 ____A C:\Users\Paul\Desktop\subtitles.txt
2012-06-08 16:02 - 2012-06-08 16:02 - 00001050 ____A C:\Users\UpdatusUser\Desktop\Flash Movie Player.lnk
2012-06-08 16:02 - 2012-06-08 16:02 - 00001050 ____A C:\Users\Paul\Desktop\Flash Movie Player.lnk
2012-06-02 14:19 - 2012-06-21 05:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 05:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 05:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 05:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 05:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 05:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 05:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 00:23 - 2012-06-02 00:19 - 134102710 ____A C:\Users\Paul\Downloads\Parachute Youth - Cant Get Better Than This (Official Video) [www.Keep-Tube.com].mp4
2012-06-02 00:18 - 2012-06-02 00:16 - 68378758 ____A C:\Users\Paul\Downloads\Hans Zimmer~Time [www.Keep-Tube.com].mp4
2012-06-02 00:15 - 2012-06-02 00:15 - 07394333 ____A C:\Users\Paul\Downloads\♫ [Hip Hop] eMC - Winds of Change [www.Keep-Tube.com].mp4
2012-06-02 00:14 - 2012-06-02 00:14 - 07629134 ____A C:\Users\Paul\Downloads\New Navy - Zimbabwe (Flume Remix) [www.Keep-Tube.com].mp4
2012-06-01 23:19 - 2012-06-21 05:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:15 - 2012-06-21 05:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 23:10 - 2012-06-01 23:10 - 13374478 ____A C:\Users\Paul\Downloads\just friends - avalanche (nicolas jaar) [www.Keep-Tube.com].mp4
 
cont....

2012-06-01 22:02 - 2012-06-01 22:00 - 38810011 ____A C:\Users\Paul\Downloads\Major Lazer - Get Free ft. Amber (What So Not Remix) [www.Keep-Tube.com].mp4
2012-06-01 01:53 - 2012-06-01 01:53 - 00187612 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-30 01:48 - 2012-05-26 04:39 - 00000891 ____A C:\Users\Public\Desktop\Avidemux 2.5.lnk
2012-05-29 01:44 - 2012-05-29 01:44 - 09776889 ____A C:\Users\Paul\Downloads\The Wiggles, Big Red Car - Toot Toot... [www.Keep-Tube.com].mp4
2012-05-29 01:44 - 2012-05-29 01:39 - 100610325 ____A C:\Users\Paul\Downloads\Nicki Minaj - Starships (Explicit) [www.Keep-Tube.com].mp4
2012-05-29 01:44 - 2012-05-29 01:38 - 51569585 ____A C:\Users\Paul\Downloads\Flo Rida - Whistle [Audio] [www.Keep-Tube.com].mp4
2012-05-29 01:39 - 2012-05-29 01:38 - 24031548 ____A C:\Users\Paul\Downloads\The Black Eyed Peas - I Gotta Feeling [www.Keep-Tube.com].mp4
2012-05-29 01:33 - 2012-05-29 01:33 - 00000992 ____A C:\Users\UpdatusUser\Desktop\Cool MP3 Splitter.lnk
2012-05-27 02:40 - 2012-05-27 02:38 - 13496027 ____A C:\Users\Paul\Downloads\Cisco.Lead2pass.640-822.v2012-04-06.by.Daniel.339q.vce
2012-05-26 04:11 - 2012-05-26 04:11 - 00001233 ____A C:\Users\Paul\Desktop\Cisco Packet Tracer.lnk
2012-05-26 04:11 - 2012-05-26 04:11 - 00000178 ____A C:\Users\Paul\.packettracer
2012-05-24 16:06 - 2012-01-18 14:44 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-24 16:06 - 2012-01-18 14:44 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-24 16:06 - 2012-01-18 14:44 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-24 03:17 - 2012-05-24 03:14 - 39567773 ____A C:\Users\Paul\Downloads\SKRILLEX - Bangarang [Official Music Video] [www.Keep-Tube.com].mp4
2012-05-20 04:27 - 2012-05-20 04:27 - 00021408 ____A C:\Users\Paul\Downloads\564306.zip
2012-05-20 02:46 - 2012-05-20 02:46 - 00002087 ____A C:\Users\Paul\Desktop\Subtitle Edit.lnk
2012-05-20 02:43 - 2012-05-20 02:43 - 00033278 ____A C:\Users\Paul\Downloads\192379.rar
2012-05-17 18:47 - 2012-06-27 05:51 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-27 05:51 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-27 05:51 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-27 05:51 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-27 05:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-27 05:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-27 05:51 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-27 05:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-27 05:51 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-27 05:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-27 05:51 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-27 05:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-27 05:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-27 05:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-27 05:51 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-27 05:51 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-27 05:51 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-27 05:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-27 05:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-27 05:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-27 05:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-27 05:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-27 05:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-27 05:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-27 05:51 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-27 05:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-27 05:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-27 05:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-06-30 04:22 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-06-30 04:22 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-30 04:21 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-06-30 04:21 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-01-06 00:41 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-05-20 14:01 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2011-05-20 14:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2009-07-13 13:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 01:29 - 2012-01-06 00:07 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-01-06 00:07 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-01-06 00:07 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-01-06 00:07 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2012-01-06 00:07 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 17:32 - 2012-06-13 13:52 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 10:21 - 2012-05-14 10:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-06 21:33 - 2012-05-04 21:01 - 00000868 ____A C:\Users\Paul\Desktop\Handbrake.lnk
2012-05-05 23:35 - 2012-01-06 07:04 - 00001929 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
2012-05-05 23:34 - 2012-05-05 22:39 - 1007124176 ____A C:\Users\Paul\Downloads\HoNClient-2.5.19.1.exe
2012-05-05 22:32 - 2012-04-23 07:33 - 00000028 ____A C:\Windows\ODBC.INI
2012-05-05 02:02 - 2012-05-05 02:02 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 21:01 - 2012-05-04 21:01 - 00000824 ____A C:\Users\UpdatusUser\Desktop\Handbrake.lnk
2012-05-04 06:36 - 2012-05-04 06:36 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-04 03:06 - 2012-06-13 13:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 13:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 13:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 13:52 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 23:50 - 2012-04-28 23:49 - 00015863 ____A C:\Users\Paul\Documents\Install STAR WARS The Old Republic.log
2012-04-27 19:55 - 2012-06-13 13:52 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 07:50 - 2012-04-26 07:50 - 00011389 ____A C:\Users\Paul\Downloads\mobileprovision.mobileprovision
2012-04-26 07:50 - 2012-04-26 07:50 - 00001637 ____A C:\Users\Paul\Downloads\p12.p12
2012-04-26 07:12 - 2012-04-26 07:12 - 00010765 ____A C:\Users\Paul\Downloads\fake certificate.zip
2012-04-26 06:26 - 2012-04-26 06:25 - 14901814 ____A C:\Users\Paul\Downloads\redsn0w_win_0.9.10b6.zip
2012-04-26 03:20 - 2012-01-18 14:44 - 00001024 ____A C:\.rnd
2012-04-25 21:41 - 2012-06-13 13:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 13:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 13:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 13:52 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 13:52 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 13:52 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 13:52 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 13:52 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 13:52 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 06:52 - 2012-04-23 06:41 - 187695368 ____A (Ideaworks3D Ltd ) C:\Users\Paul\Downloads\marmalade-sdk-5.2.4-309740-windows.exe
2012-04-14 01:18 - 2012-04-14 01:18 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
ZeroAccess:
C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}
C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}\@
C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}\L
C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 9%
Total physical RAM: 8125.57 MB
Available physical RAM: 7314.14 MB
Total Pagefile: 8123.77 MB
Available Pagefile: 7304.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:111.79 GB) (Free:35.09 GB) NTFS
3 Drive f: (A) (Removable) (Total:7.45 GB) (Free:0.67 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Library) (Fixed) (Total:931.51 GB) (Free:23.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 111 GB 0 B
Disk 2 Online 7643 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Library NTFS Partition 931 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 31 KB
==================================================================================
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F A FAT32 Removable 7643 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-07 19:49
======================= End Of Log ==========================[/Audio]
 
Farbar Recovery Scan Tool Version: 09-07-2012
Ran by Paul at 2012-07-10 20:40:52
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 07:19] - [2009-07-14 09:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-14 07:19] - [2009-07-14 09:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Good job! Let's continue with the fixes now...

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-07-10 00:49 - 2012-07-10 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB33D352F8801EE5
2012-07-10 00:46 - 2012-07-10 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.499499393379264B
2012-07-10 00:33 - 2012-07-10 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60B726C27681222D
2012-07-10 00:20 - 2012-07-10 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5DFD09C35113B3
2012-07-10 00:17 - 2012-07-10 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D21262F278C3DF
C:\Users\Paul\AppData\Local\{0c2c89b2-bf85-16d1-cd1b-65e60a08fdcb}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

CKScanner

Please download CKScanner by askey127 from here

Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012
Ran by SYSTEM at 2012-07-11 17:21:32 Run:1
Running from F:\
==============================================
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
==== End of Fixlog ====
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
Apologies DMJ,

Work had taken a toll on my available hours to troubleshoot this. I will provide an updated log in reply tommorow evening.

Thanks !
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

D
Windows 11 23H2 update is affecting gaming performance, but Microsoft says there's a workaround
2
Replies
31
Views
1K
scavengerspc
scavengerspc
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
D
Microsoft confirms Windows 10 and 11 activation issues, says it is investigating
Replies
18
Views
675
captaincranky
captaincranky

Latest posts

Back