Inactive Sirefef trojans... ugh

Jesterical · Jul 20, 2012

Hello, I was wondering if you could possibly help me with detaching all parts of this virus from my computer. I've read your 5 step instruction guide as well as your T.O.S. so here goes. I've been infected originally with a Trojan injector going by the identification of ScrInject.B.Gen. I am running ESET Nod 32. Since then it has been hit or miss whether or not my computer could clean the oncoming horde of variations that this trojan created. I'm getting reports of

-Sirefef.AE
-Sirefef.AN
-Patched.B.Gen
-Agent.BA
-Sirefef.AD
-Sirefef.EZ
-Olmarik.TDL4
-Olmarik.AK
-Olmarik.AYL
-Olmarik.AH
-Olmarik.AK
-Olmarik.AFK

I didn't get any report from GMER so the following will be my mwb and dds logs.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514

Protection: Enabled

7/19/2012 11:30:15 PM
mbam-log-2012-07-19 (23-30-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229865
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

=================================================================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Morisoli at 9:19:02 on 2012-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2069 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&tbp=homepage
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [<NO NAME>]
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{1F177412-7B9A-468F-9D3D-D3D377EE0624} : DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{628E18C3-E348-4825-96E1-8B587D1A7135} : DhcpNameServer = 208.180.42.100 208.180.42.68
TCP: Interfaces\{628E18C3-E348-4825-96E1-8B587D1A7135}\D4F6279637F6C6960275962756C6563737 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7BB8E6F1-577D-4A0A-9FC8-DD2D33344520} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8E95BB16-2DB2-41F9-8927-C60DB3BDBB43} : DhcpNameServer = 208.180.42.100 208.180.42.68
TCP: Interfaces\{8E95BB16-2DB2-41F9-8927-C60DB3BDBB43}\C696E6B6379737 : DhcpNameServer = 208.180.42.100 208.180.42.68
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [(Default)]
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Morisoli\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Morisoli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 TsVp;TsVp;C:\Windows\system32\DRIVERS\tsvp.sys --> C:\Windows\system32\DRIVERS\tsvp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-22 2214504]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2011-11-21 377088]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2011-11-21 455424]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
S3 CV2K1;CommView Network Monitor;C:\Windows\system32\DRIVERS\cv2k1.sys --> C:\Windows\system32\DRIVERS\cv2k1.sys [?]
S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsVlb;TsVlb;C:\Windows\system32\DRIVERS\tsvlb.sys --> C:\Windows\system32\DRIVERS\tsvlb.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-20 04:29:22 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\Malwarebytes
2012-07-20 04:29:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-20 04:29:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-20 04:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-20 03:30:14 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-07-20 03:28:53 303616 ----a-w- C:\SetACL.exe
2012-07-20 03:02:30 290304 ----a-w- C:\subinacl.exe
2012-07-19 05:28:21 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-19 05:24:19 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-07-19 05:19:04 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-18 01:28:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 10:40:52 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5C40441-EFA1-48D5-89D1-55F861E48F86}\mpengine.dll
2012-07-12 01:30:14 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-07-12 01:29:25 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\uTorrent
2012-07-11 08:03:33 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-05 16:04:50 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-04 00:30:46 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-07-02 22:59:21 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\StepMania 5
2012-07-02 22:57:00 -------- d-----w- C:\Program Files (x86)\StepMania 5
2012-07-02 18:44:27 -------- d-----w- C:\Program Files\CoreFTP
2012-07-02 18:22:53 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\CoreFTP
2012-07-01 23:15:39 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
2012-06-30 16:29:29 -------- d-----w- C:\Users\Morisoli\AppData\Local\THQ
2012-06-30 02:35:31 -------- d-----w- C:\Users\Morisoli\AppData\Local\Macromedia
2012-06-30 02:13:03 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\TuneUp Software
2012-06-30 02:12:21 -------- d-----w- C:\ProgramData\TuneUp Software
2012-06-30 02:12:14 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-30 02:07:01 -------- d-----w- C:\Users\Morisoli\AppData\Local\Google
2012-06-29 01:03:07 -------- d-----w- C:\Users\Morisoli\AppData\Roaming\.minecraft
2012-06-26 02:50:53 -------- d-----w- C:\ProgramData\TamoSoft
2012-06-26 02:50:44 -------- d-----w- C:\Program Files (x86)\CommView
2012-06-26 02:46:31 -------- d-----w- C:\ProgramData\blekko toolbars
2012-06-26 02:46:22 -------- d-----w- C:\Users\Morisoli\AppData\Local\blekkotb_031
2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
==================== Find3M ====================
.
2012-07-18 01:30:14 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-12 17:56:02 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-12 17:56:02 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-12 16:34:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 16:34:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-02 01:39:34 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 18:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 18:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 18:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 18:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 18:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 18:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-06-01 15:20:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-16 01:25:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-16 01:25:11 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-16 01:25:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-16 01:25:11 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-29 03:26:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 9:19:29.96 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/22/2011 7:05:49 PM
System Uptime: 7/19/2012 11:34:46 PM (10 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 585.494 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
Service:
.
==== System Restore Points ===================
.
RP150: 7/11/2012 3:00:20 AM - Windows Update
RP151: 7/17/2012 5:40:05 AM - Windows Update
RP152: 7/17/2012 8:33:37 PM - Removed Fantapper Player
RP153: 7/17/2012 8:34:52 PM - Removed Fantapper Player
RP154: 7/17/2012 8:35:43 PM - Removed Fantapper Updater
RP155: 7/17/2012 8:37:21 PM - Removed EasySaver B9.1214.1
RP156: 7/19/2012 10:01:54 PM - Tweaking.com - Windows Repair
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
APB Reloaded
ASIO4ALL
Browser Configuration Utility
Business Contact Manager for Outlook 2007 SP2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CommView
Core FTP LE (x64)
Coupon Printer for Windows
Deckadance
Diablo III
DiRT 3
Dota 2
erLT
FL Studio 10
Google Talk Plugin
Heroes of Newerth
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
HydraVision
IL Download Manager
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 31
League of Legends
Left 4 Dead 2
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Mumble 1.2.3
NETGEAR WNDA4100
NETGEAR WNDA4100 Genie
NVIDIA PhysX
OpenAL
Pando Media Booster
PunkBuster Services
Quicken 2012
QuickTime
Rainmeter
Rapture3D 2.4.8 Game
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
Steam
StepMania v5.0 alpha 2 (remove only)
Team Fortress 2
TeamSpeak 3 Client
TERA
Total War: SHOGUN 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Warhammer 40,000 Space Marine
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
Warhammer® 40,000™: Dawn of War® II – Retribution™
World of Warcraft
XSplit
.
==== Event Viewer Messages From Past Week ========
.
7/19/2012 11:35:03 PM, Error: Service Control Manager [7000] -
7/17/2012 8:17:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff8000328a442). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-20077-01.
7/17/2012 8:13:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003300405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-19578-01.
.
==== End Of File ===========================

Jay Pfoutz · Jul 20, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Jesterical · Jul 20, 2012

undefinedScan result of Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 20-07-2012 11:36:42
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

==================== Services (Whitelisted) ======

2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

========================== Drivers (Whitelisted) =============

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
2012-07-09 01:56 - 2012-07-20 08:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
2012-07-09 01:56 - 2012-07-18 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe

Jay Pfoutz · Jul 20, 2012

There are parts missing from the log. Please try again. I will need a full log for best analysis.

Jesterical · Jul 20, 2012

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 20-07-2012 14:46:21
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
HKU\Morisoli\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-10-25] (AMD)
HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

==================== Services (Whitelisted) ======

2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

========================== Drivers (Whitelisted) =============

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
2012-07-09 01:56 - 2012-07-20 11:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
2012-07-09 01:56 - 2012-07-18 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
2012-07-08 12:39 - 2012-07-08 12:41 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Skype Voice Records
2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Clownfish Avatars
2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Users\All Users\ATI
2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-07-03 16:30 - 2012-07-20 07:04 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-03 16:30 - 2012-07-20 07:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2012-07-03 16:28 - 2012-07-03 16:30 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
2012-07-03 15:39 - 2012-07-13 07:39 - 00000000 ___RD C:\Users\Morisoli\Desktop\Games
2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\StepMania 5
2012-07-02 14:57 - 2012-07-02 15:10 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2012-07-02 14:53 - 2012-07-02 14:55 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
2012-07-02 10:44 - 2012-07-02 10:44 - 00000000 ____D C:\Program Files\CoreFTP
2012-07-02 10:43 - 2012-07-02 10:44 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
2012-07-02 10:22 - 2012-07-02 14:14 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\CoreFTP
2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
2012-07-01 15:17 - 2012-07-01 15:17 - 00000000 ____D C:\Users\Morisoli\Documents\Heroes of Newerth
2012-07-01 15:15 - 2012-07-01 15:52 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-07-01 11:51 - 2012-07-01 12:29 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
2012-06-30 08:29 - 2012-06-30 08:29 - 00000000 ____D C:\Users\Morisoli\AppData\Local\THQ
2012-06-29 18:35 - 2012-06-29 18:35 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Macromedia
2012-06-29 18:13 - 2012-06-29 18:13 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\TuneUp Software
2012-06-29 18:12 - 2012-06-29 18:13 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-06-29 18:12 - 2012-06-29 18:12 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-29 18:10 - 2012-06-29 18:12 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
2012-06-29 18:07 - 2012-07-09 01:56 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Google
2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
2012-06-28 17:03 - 2012-07-11 19:55 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\.minecraft
2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
2012-06-27 12:04 - 2012-06-27 12:04 - 00000000 ____D C:\Users\Morisoli\Documents\Wizards of the Coast
2012-06-25 18:50 - 2012-06-25 18:52 - 00000000 ____D C:\Program Files (x86)\CommView
2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\Morisoli\Documents\CommView
2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\All Users\TamoSoft
2012-06-25 18:46 - 2012-07-17 17:32 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-06-25 18:46 - 2012-06-25 18:46 - 00000000 ____D C:\Users\Morisoli\AppData\Local\blekkotb_031
2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

============ 3 Months Modified Files ========================

2012-07-20 11:44 - 2011-09-22 18:50 - 01147780 ____A C:\Windows\WindowsUpdate.log
2012-07-20 11:33 - 2012-04-12 14:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-20 11:06 - 2012-07-09 01:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
2012-07-20 08:45 - 2009-07-13 21:13 - 00796216 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-20 08:43 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-20 08:43 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-20 08:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-20 08:38 - 2009-07-13 20:51 - 00036732 ____A C:\Windows\setupact.log
2012-07-20 07:04 - 2012-07-03 16:30 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
2012-07-19 20:34 - 2011-10-24 17:36 - 00020136 ____A C:\Windows\PFRO.log
2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 19:44 - 2011-10-05 10:17 - 00147336 ____A C:\Users\Morisoli\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-19 19:39 - 2009-07-13 20:45 - 00504968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-19 19:38 - 2012-07-19 19:37 - 00000042 ____A C:\repairs_running.dat
2012-07-19 19:38 - 2012-07-18 21:28 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-07-19 19:30 - 2011-10-24 13:45 - 00796216 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
2012-07-18 21:19 - 2012-07-18 21:18 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
2012-07-18 21:02 - 2012-04-07 16:33 - 18932287 ____A C:\service.log
2012-07-18 18:06 - 2012-07-09 01:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
2012-07-17 17:30 - 2012-04-07 16:35 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-07-17 17:17 - 2012-07-17 17:16 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
2012-07-17 17:16 - 2012-07-17 17:13 - 416104481 ____A C:\Windows\MEMORY.DMP
2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
2012-07-12 09:56 - 2012-06-01 07:23 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-12 09:56 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-12 08:34 - 2012-04-12 14:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 08:34 - 2011-09-23 05:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 17:29 - 2012-07-11 17:28 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-11 00:01 - 2011-10-24 17:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
2012-07-08 12:41 - 2012-07-08 12:39 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
2012-07-03 16:30 - 2012-07-03 16:28 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
2012-07-03 10:46 - 2012-07-19 20:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 14:55 - 2012-07-02 14:53 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
2012-07-02 10:44 - 2012-07-02 10:43 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
2012-07-01 17:39 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
2012-07-01 12:29 - 2012-07-01 11:51 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
2012-06-30 08:29 - 2012-04-18 22:03 - 00348353 ____A C:\Windows\DirectX.log
2012-06-29 18:12 - 2012-06-29 18:10 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-11 19:08 - 2012-07-11 00:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-10-25 18:05 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-10-25 18:04 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2011-10-25 17:55 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-10-25 17:46 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2011-10-25 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:25 - 2011-10-25 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-10-25 17:20 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-08 21:43 - 2012-07-10 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 02:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 02:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 02:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-19 02:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-19 02:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 20:06 - 2012-06-01 20:06 - 00735889 ____A C:\Users\Morisoli\Downloads\pbsetup.zip
2012-06-01 07:20 - 2012-06-01 07:20 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-31 10:07 - 2012-05-31 10:07 - 03591333 ____A C:\Users\Morisoli\Downloads\BlueEye1-0.wmz
2012-05-31 10:02 - 2012-05-31 10:02 - 00907673 ____A C:\Users\Morisoli\Downloads\X-FHLWMP1-0.wmz
2012-05-31 09:25 - 2011-09-22 16:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-19 08:04 - 2012-05-19 08:04 - 03857920 ____A C:\Users\Morisoli\Downloads\hamachi.msi
2012-05-17 05:34 - 2012-05-17 05:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Morisoli\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-05-16 17:50 - 2012-05-16 17:48 - 32288896 ____A (Blizzard Entertainment) C:\Users\Morisoli\Downloads\Diablo-III-Setup-enUS.exe
2012-05-15 17:25 - 2012-05-15 17:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-15 17:25 - 2012-05-15 17:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-15 17:25 - 2012-05-15 17:25 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-15 17:25 - 2012-05-15 17:25 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-14 20:01 - 2012-06-12 12:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 12:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 12:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 12:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-13 18:40 - 2012-05-13 18:40 - 00001231 ____A C:\Users\Morisoli\Desktop\TeamSpeak 3 Client.lnk
2012-05-13 16:52 - 2012-05-13 16:46 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Morisoli\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
2012-05-11 16:01 - 2012-05-11 16:01 - 00002109 ____A C:\Users\Morisoli\Desktop\Deckadance.lnk
2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\UpdatusUser\Desktop\FL Studio 10.lnk
2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Cindy\Desktop\FL Studio 10.lnk
2012-05-11 14:29 - 2012-05-11 14:29 - 00428657 ____A C:\Users\Morisoli\Downloads\FruityLoops_download.exe
2012-05-09 18:25 - 2012-05-09 18:25 - 00000924 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-09 18:19 - 2012-05-09 18:19 - 01606656 ____A C:\Users\Morisoli\Downloads\SteamInstall.msi
2012-05-09 14:34 - 2012-05-09 14:31 - 00009950 ____A C:\Windows\System32\RaCoInst.log
2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2012-05-09 14:20 - 2012-05-09 14:19 - 01136022 ____A C:\Windows\SetPointII_000.log
2012-05-09 14:20 - 2012-05-09 14:19 - 00003762 ____A C:\Windows\LDPINST.LOG
2012-05-04 03:06 - 2012-06-12 12:56 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 12:56 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 12:56 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 12:56 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 19:01 - 2012-04-30 19:01 - 04135696 ____A C:\Users\Morisoli\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-04-30 19:01 - 2012-04-30 19:01 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-04-29 18:46 - 2012-04-29 18:41 - 00000369 ____A C:\Users\Morisoli\Documents\practice.html
2012-04-28 19:26 - 2012-04-28 19:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-28 19:26 - 2012-04-28 19:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-28 19:25 - 2012-04-28 19:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Morisoli\Downloads\jxpiinstall.exe
2012-04-28 16:18 - 2012-04-28 16:18 - 00002379 ____A C:\Users\Morisoli\Documents\MumbleAutomaticCertificateBackup.p12
2012-04-28 16:14 - 2012-04-28 16:14 - 17904640 ____A C:\Users\Morisoli\Downloads\mumble-1.2.3a.msi
2012-04-27 19:55 - 2012-06-12 12:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:48 - 2011-12-23 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-25 21:41 - 2012-06-12 12:56 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 12:56 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 12:56 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 12:56 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 12:56 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 12:56 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 12:56 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 12:56 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 12:56 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\@
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L\00000004.@
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\00000004.@
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\00000008.@
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\000000cb.@
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U\80000032.@

ZeroAccess:
C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\@
C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\L
C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4093.55 MB
Available physical RAM: 3451.82 MB
Total Pagefile: 4091.7 MB
Available Pagefile: 3441.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:585.27 GB) NTFS
2 Drive e: (SIMPLY_GUITAR_NTSCV2) (CDROM) (Total:3.71 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 488 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 01:31

======================= End Of Log ==========================

Jay Pfoutz · Jul 21, 2012

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

Jesterical · Jul 21, 2012

Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 2012-07-21 12:12:40
Running from F:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Jay Pfoutz · Jul 22, 2012

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Jesterical · Jul 22, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
Ran by SYSTEM at 2012-07-22 18:50:19 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{dfcfba36-bc21-8f41-a79f-03cac3b9377f} moved successfully.
C:\Users\Morisoli\AppData\Local\{dfcfba36-bc21-8f41-a79f-03cac3b9377f} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Jay Pfoutz · Jul 23, 2012

The computer should be able to boot normally. If not, let me know. Do not try the step below, if the computer reboots often...

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Jesterical · Jul 23, 2012

I am no longer receiving pop up messages for blocked sites on Malwarebytes as well as ESET was detecting a new strain of the Trojan every second. That has stopped. The computer started up fine but I do have to do constant restarts on this computer so I will take your advice and not do combo fix.

EDIT: I ran a scan on my ESET and within seconds it found 3 infiltrations, all of which are variants of the Sirefef.

Jay Pfoutz · Jul 23, 2012

Please post a new log from FRST and the addition scan to search for services.exe just in case.

Jesterical · Jul 25, 2012

FRST scan =

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 25-07-2012 11:44:37
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKU\Cindy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Cindy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Morisoli\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-09] (Valve Corporation)
HKU\Morisoli\...\Run: [Google Update] "C:\Users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
HKU\Morisoli\...\Run: [{E444EA44-901C-F84C-01BD-2680A0973F75}] C:\Users\Morisoli\AppData\Roaming\Imdeiq\heak.exe [x]
HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe ()
Startup: C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe ()
Startup: C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe ()

==================== Services (Whitelisted) ======

2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
2 RalinkRegistryWriter; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-21] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; "C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe" [455424 2011-11-21] (Ralink Technology, Corp.)

========================== Drivers (Whitelisted) =============

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-22] (Ralink Technology Corp.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 CV2K1; C:\Windows\System32\Drivers\CV2K1.sys [21608 2010-04-01] (TamoSoft)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-17] (Windows (R) Server 2003 DDK provider)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-18] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1675840 2012-01-13] (Ralink Technology Corp.)
3 TsVlb; C:\Windows\System32\Drivers\TsVlb.sys [22120 2010-04-21] (TamoSoft)
1 TsVp; C:\Windows\System32\Drivers\TsVp.sys [32872 2010-06-15] (TamoSoft)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-23 18:18 - 2012-07-23 18:41 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Vaxa
2012-07-23 15:07 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-23 10:39 - 2012-07-23 10:39 - 00002036 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2012-07-23 10:39 - 2012-07-23 10:39 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2012-07-23 10:39 - 2012-07-23 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2012-07-21 01:20 - 2012-07-21 01:20 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-20 08:21 - 2012-07-20 11:36 - 00000000 ____D C:\FRST
2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\Malwarebytes
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-19 20:29 - 2012-07-19 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 20:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 19:37 - 2012-07-19 19:38 - 00000042 ____A C:\repairs_running.dat
2012-07-19 19:28 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-07-19 19:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-07-18 21:28 - 2012-07-19 19:38 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
2012-07-18 21:19 - 2012-07-18 21:23 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-18 21:18 - 2012-07-18 21:19 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
2012-07-17 17:28 - 2012-07-18 21:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 17:16 - 2012-07-17 17:17 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
2012-07-17 17:13 - 2012-07-17 17:16 - 416104481 ____A C:\Windows\MEMORY.DMP
2012-07-17 17:13 - 2012-07-17 17:16 - 00000000 ____D C:\Windows\Minidump
2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
2012-07-11 17:30 - 2012-07-11 17:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-07-11 17:29 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\uTorrent
2012-07-11 17:28 - 2012-07-11 17:29 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 17:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:07 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:07 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 17:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
2012-07-09 01:56 - 2012-07-25 08:06 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
2012-07-09 01:56 - 2012-07-24 18:06 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
2012-07-08 12:39 - 2012-07-08 12:41 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Skype Voice Records
2012-07-07 11:40 - 2012-07-07 11:40 - 00000000 ____D C:\Users\Morisoli\Documents\Clownfish Avatars
2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Users\All Users\ATI
2012-07-05 08:04 - 2012-07-05 08:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-07-03 16:30 - 2012-07-20 14:01 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-03 16:30 - 2012-07-20 14:01 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2012-07-03 16:28 - 2012-07-03 16:30 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
2012-07-03 15:39 - 2012-07-13 07:39 - 00000000 ___RD C:\Users\Morisoli\Desktop\Games
2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\StepMania 5
2012-07-02 14:57 - 2012-07-02 15:10 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2012-07-02 14:53 - 2012-07-02 14:55 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
2012-07-02 10:44 - 2012-07-02 10:44 - 00000000 ____D C:\Program Files\CoreFTP
2012-07-02 10:43 - 2012-07-02 10:44 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
2012-07-02 10:22 - 2012-07-02 14:14 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\CoreFTP
2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
2012-07-01 15:17 - 2012-07-01 15:17 - 00000000 ____D C:\Users\Morisoli\Documents\Heroes of Newerth
2012-07-01 15:15 - 2012-07-01 15:52 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-07-01 11:51 - 2012-07-01 12:29 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
2012-06-30 08:29 - 2012-06-30 08:29 - 00000000 ____D C:\Users\Morisoli\AppData\Local\THQ
2012-06-29 18:35 - 2012-06-29 18:35 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Macromedia
2012-06-29 18:13 - 2012-06-29 18:13 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\TuneUp Software
2012-06-29 18:12 - 2012-06-29 18:13 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-06-29 18:12 - 2012-06-29 18:12 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-29 18:10 - 2012-06-29 18:12 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
2012-06-29 18:07 - 2012-07-09 01:56 - 00000000 ____D C:\Users\Morisoli\AppData\Local\Google
2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
2012-06-28 17:03 - 2012-07-11 19:55 - 00000000 ____D C:\Users\Morisoli\AppData\Roaming\.minecraft
2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
2012-06-27 12:04 - 2012-06-27 12:04 - 00000000 ____D C:\Users\Morisoli\Documents\Wizards of the Coast
2012-06-25 18:50 - 2012-06-25 18:52 - 00000000 ____D C:\Program Files (x86)\CommView
2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\Morisoli\Documents\CommView
2012-06-25 18:50 - 2012-06-25 18:50 - 00000000 ____D C:\Users\All Users\TamoSoft
2012-06-25 18:46 - 2012-07-17 17:32 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-06-25 18:46 - 2012-06-25 18:46 - 00000000 ____D C:\Users\Morisoli\AppData\Local\blekkotb_031
2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

============ 3 Months Modified Files ========================

2012-07-25 08:33 - 2012-04-12 14:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-25 08:06 - 2012-07-09 01:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
2012-07-24 18:06 - 2012-07-09 01:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
2012-07-24 16:49 - 2011-09-22 18:50 - 01205374 ____A C:\Windows\WindowsUpdate.log
2012-07-23 15:12 - 2009-07-13 21:13 - 00796042 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 15:11 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 15:11 - 2009-07-13 20:45 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 15:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 15:06 - 2009-07-13 20:51 - 00037442 ____A C:\Windows\setupact.log
2012-07-23 15:05 - 2011-10-24 17:36 - 00020470 ____A C:\Windows\PFRO.log
2012-07-23 10:39 - 2012-07-23 10:39 - 00002036 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2012-07-20 14:01 - 2012-07-03 16:30 - 00001075 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-07-20 06:18 - 2012-07-20 06:18 - 00607260 ____R (Swearware) C:\Users\Morisoli\Downloads\dds.scr
2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
2012-07-19 20:29 - 2012-07-19 20:29 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 20:28 - 2012-07-19 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Morisoli\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 19:44 - 2011-10-05 10:17 - 00147336 ____A C:\Users\Morisoli\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-19 19:39 - 2009-07-13 20:45 - 00504968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-19 19:38 - 2012-07-19 19:37 - 00000042 ____A C:\repairs_running.dat
2012-07-19 19:38 - 2012-07-18 21:28 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-07-19 19:30 - 2011-10-24 13:45 - 00796216 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-18 21:27 - 2012-07-18 21:27 - 04623766 ____A C:\Users\Morisoli\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-07-18 21:24 - 2012-07-18 21:24 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-18 21:23 - 2012-07-18 21:23 - 00000806 ____A C:\Windows\System32\.crusader
2012-07-18 21:19 - 2012-07-18 21:18 - 08834304 ____A (SurfRight B.V.) C:\Users\Morisoli\Downloads\HitmanPro36_x64.exe
2012-07-18 21:02 - 2012-04-07 16:33 - 18932287 ____A C:\service.log
2012-07-17 17:30 - 2012-04-07 16:35 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-07-17 17:17 - 2012-07-17 17:16 - 00317024 ____A C:\Windows\Minidump\071712-20077-01.dmp
2012-07-17 17:16 - 2012-07-17 17:13 - 416104481 ____A C:\Windows\MEMORY.DMP
2012-07-17 17:13 - 2012-07-17 17:13 - 00276272 ____A C:\Windows\Minidump\071712-19578-01.dmp
2012-07-12 09:56 - 2012-06-01 07:23 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-12 09:56 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-12 08:34 - 2012-04-12 14:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 08:34 - 2011-09-23 05:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 17:29 - 2012-07-11 17:28 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Morisoli\Downloads\uTorrent.exe
2012-07-11 00:03 - 2012-07-11 00:03 - 00265692 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 00:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-11 00:01 - 2011-10-24 17:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 12:50 - 2012-07-10 12:50 - 00452312 ____A C:\Users\Morisoli\Downloads\PolSystemInfo_us.zip
2012-07-09 01:55 - 2012-07-09 01:55 - 00739832 ____A (Google Inc.) C:\Users\Morisoli\Downloads\GoogleVoiceAndVideoSetup.exe
2012-07-08 12:41 - 2012-07-08 12:39 - 58366405 ____A C:\Users\Morisoli\Downloads\Slender_v0_9_1.zip
2012-07-07 11:39 - 2012-07-07 11:39 - 00632400 ____A (Shark Labs) C:\Users\Morisoli\Downloads\CFSetup281.exe
2012-07-03 16:30 - 2012-07-03 16:28 - 32160136 ____A C:\Users\Morisoli\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe
2012-07-03 10:46 - 2012-07-19 20:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 14:55 - 2012-07-02 14:53 - 47486851 ____A C:\Users\Morisoli\Downloads\StepMania_v5.0_alpha2.exe
2012-07-02 10:44 - 2012-07-02 10:43 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64(1).exe
2012-07-02 10:35 - 2012-07-02 10:35 - 00000914 ____A C:\Users\Morisoli\Downloads\Secure Ftp david@shoogadawoogada.elementfx.com.xml
2012-07-02 10:34 - 2012-07-02 10:34 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41(1).exe
2012-07-02 10:29 - 2012-07-02 10:29 - 01620836 ____A (FileZilla Project) C:\Users\Morisoli\Downloads\FileZilla_Server-0_9_41.exe
2012-07-02 10:21 - 2012-07-02 10:21 - 03415700 ____A C:\Users\Morisoli\Downloads\coreftplite64.exe
2012-07-01 17:39 - 2012-06-01 07:20 - 00281288 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\UpdatusUser\Desktop\Heroes of Newerth.lnk
2012-07-01 15:17 - 2012-07-01 15:17 - 00001936 ____A C:\Users\Cindy\Desktop\Heroes of Newerth.lnk
2012-07-01 12:29 - 2012-07-01 11:51 - 1052523552 ____A C:\Users\Morisoli\Downloads\HoNClient-2.6.4.exe
2012-06-30 08:29 - 2012-04-18 22:03 - 00348353 ____A C:\Windows\DirectX.log
2012-06-29 18:12 - 2012-06-29 18:10 - 38136768 ____A (TuneUp Software) C:\Users\Morisoli\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
2012-06-29 18:06 - 2012-06-29 18:06 - 00739856 ____A (Google Inc.) C:\Users\Morisoli\Downloads\ChromeSetup.exe
2012-06-28 16:58 - 2012-06-28 16:58 - 00278561 ____A C:\Users\Morisoli\Downloads\Minecraft.exe
2012-06-25 18:45 - 2012-06-25 18:45 - 00463080 ____A (CNET Download.com) C:\Users\Morisoli\Downloads\cnet2_cv6_zip.exe
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-11 19:08 - 2012-07-11 00:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-10-25 18:05 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-10-25 18:04 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2011-10-25 17:55 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-10-25 17:46 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2011-10-25 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:25 - 2011-10-25 17:21 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-10-25 17:20 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-08 21:43 - 2012-07-10 17:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 17:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 17:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 17:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 17:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 17:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 17:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 17:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 02:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 02:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 02:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 02:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-19 02:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-19 02:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 17:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 17:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 17:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 17:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 17:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 17:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 17:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 17:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 17:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 20:06 - 2012-06-01 20:06 - 00735889 ____A C:\Users\Morisoli\Downloads\pbsetup.zip
2012-06-01 07:20 - 2012-06-01 07:20 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-31 10:07 - 2012-05-31 10:07 - 03591333 ____A C:\Users\Morisoli\Downloads\BlueEye1-0.wmz
2012-05-31 10:02 - 2012-05-31 10:02 - 00907673 ____A C:\Users\Morisoli\Downloads\X-FHLWMP1-0.wmz
2012-05-31 09:25 - 2011-09-22 16:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-19 08:04 - 2012-05-19 08:04 - 03857920 ____A C:\Users\Morisoli\Downloads\hamachi.msi
2012-05-17 05:34 - 2012-05-17 05:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Morisoli\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-05-16 17:50 - 2012-05-16 17:48 - 32288896 ____A (Blizzard Entertainment) C:\Users\Morisoli\Downloads\Diablo-III-Setup-enUS.exe
2012-05-15 17:25 - 2012-05-15 17:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-15 17:25 - 2012-05-15 17:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-15 17:25 - 2012-05-15 17:25 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-15 17:25 - 2012-05-15 17:25 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-14 20:01 - 2012-06-12 12:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 12:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 12:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 12:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-13 18:40 - 2012-05-13 18:40 - 00001231 ____A C:\Users\Morisoli\Desktop\TeamSpeak 3 Client.lnk
2012-05-13 16:52 - 2012-05-13 16:46 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Morisoli\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
2012-05-11 16:01 - 2012-05-11 16:01 - 00002109 ____A C:\Users\Morisoli\Desktop\Deckadance.lnk
2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\UpdatusUser\Desktop\FL Studio 10.lnk
2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
2012-05-11 15:58 - 2012-05-11 15:58 - 00001157 ____A C:\Users\Cindy\Desktop\FL Studio 10.lnk
2012-05-11 14:29 - 2012-05-11 14:29 - 00428657 ____A C:\Users\Morisoli\Downloads\FruityLoops_download.exe
2012-05-09 18:25 - 2012-05-09 18:25 - 00000924 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-09 18:19 - 2012-05-09 18:19 - 01606656 ____A C:\Users\Morisoli\Downloads\SteamInstall.msi
2012-05-09 14:34 - 2012-05-09 14:31 - 00009950 ____A C:\Windows\System32\RaCoInst.log
2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2012-05-09 14:20 - 2012-05-09 14:20 - 00000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2012-05-09 14:20 - 2012-05-09 14:19 - 01136022 ____A C:\Windows\SetPointII_000.log
2012-05-09 14:20 - 2012-05-09 14:19 - 00003762 ____A C:\Windows\LDPINST.LOG
2012-05-04 03:06 - 2012-06-12 12:56 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 12:56 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 12:56 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 12:56 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 19:01 - 2012-04-30 19:01 - 04135696 ____A C:\Users\Morisoli\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-04-30 19:01 - 2012-04-30 19:01 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-04-29 18:46 - 2012-04-29 18:41 - 00000369 ____A C:\Users\Morisoli\Documents\practice.html
2012-04-28 19:26 - 2012-04-28 19:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-28 19:26 - 2012-04-28 19:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-28 19:26 - 2012-04-28 19:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-28 19:25 - 2012-04-28 19:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Morisoli\Downloads\jxpiinstall.exe
2012-04-28 16:18 - 2012-04-28 16:18 - 00002379 ____A C:\Users\Morisoli\Documents\MumbleAutomaticCertificateBackup.p12
2012-04-28 16:14 - 2012-04-28 16:14 - 17904640 ____A C:\Users\Morisoli\Downloads\mumble-1.2.3a.msi
2012-04-27 19:55 - 2012-06-12 12:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:48 - 2011-12-23 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4093.55 MB
Available physical RAM: 3448.63 MB
Total Pagefile: 4091.7 MB
Available Pagefile: 3437.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:582.45 GB) NTFS
2 Drive e: (LifeCam_3_5) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 488 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 01:31

======================= End Of Log ==========================

Search.txt =

Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 2012-07-25 11:45:46
Running from F:\

================== Search: "sevices.exe" ===================

====== End Of Search ======

Jay Pfoutz · Jul 26, 2012

Search: "sevices.exe"

Was supposed to be services.exe. But, no biggie.

Let's do this...

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
CMD: bootrec /FixMBR
HKU\Morisoli\...\Run: [{E444EA44-901C-F84C-01BD-2680A0973F75}] C:\Users\Morisoli\AppData\Roaming\Imdeiq\heak.exe [x]
Folder: C:\Users\Morisoli\AppData\Roaming\Imdeiq
Startup: C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe ()
Startup: C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe ()
Startup: C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe ()
2012-07-23 15:07 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-19 20:36 - 2012-07-19 20:36 - 00302592 ____A C:\Users\Morisoli\Downloads\9gpxx0yy.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Jesterical · Jul 27, 2012

Woops, missed the r...Q_Q.

Here's the fix log. I will run scans for traces in just a moment.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
Ran by SYSTEM at 2012-07-27 11:33:46 Run:2
Running from F:\

==============================================

========= bootrec /FixMBR =========

ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

HKEY_USERS\Morisoli\Software\Microsoft\Windows\CurrentVersion\Run\\{E444EA44-901C-F84C-01BD-2680A0973F75} Value deleted successfully.

========================= Folder: C:\Users\Morisoli\AppData\Roaming\Imdeiq ========================

====== End of Folder: ======
C:\Users\Cindy\Start Menu\Programs\Startup\waiq.exe moved successfully.
C:\Users\Default\Start Menu\Programs\Startup\veuwk.exe moved successfully.
C:\Users\Default User\Start Menu\Programs\Startup\veuwk.exe not found.
C:\Windows\svchost.exe moved successfully.
C:\Users\Morisoli\Downloads\9gpxx0yy.exe moved successfully.

==== End of Fixlog ====

Jesterical · Jul 27, 2012

I am already detecting a number of infections on my computer. Some were trojans which have been quarantined properly by ESET. It is now recognizing Microsoft Silverlight as a possible infection though.

Jay Pfoutz · Jul 28, 2012

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Jesterical · Jul 28, 2012

You mentioned renaming combofix before the download. I was not given an option to do that in the DL process.

Jesterical · Jul 28, 2012

I have run the combo fix in normal and safe mode as well as tried renaming it and doing the same thing. It continually gets to stage 6 and then my computer shuts itself off and no log is created.

Jay Pfoutz · Jul 29, 2012

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Jesterical · Jul 30, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Morisoli :: MORISOLI-PC [administrator]

Protection: Enabled

7/30/2012 1:34:12 PM
mbam-log-2012-07-30 (13-34-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233780
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3496 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Jay Pfoutz · Jul 30, 2012

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Jesterical · Jul 31, 2012

ComboFix 12-07-30.03 - Morisoli 07/31/2012 15:00:38.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2097 [GMT -5:00]
Running from: c:\users\Morisoli\Desktop\iexplorer.exe.exe
Command switches used :: c:\users\Morisoli\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 20:11 . 2012-07-31 20:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 20:11 . 2012-07-31 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 20:11 . 2012-07-31 20:11 -------- d-----w- c:\users\Cindy\AppData\Local\temp
2012-07-31 09:30 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ACD05F4-1094-455F-A987-8E11EDE2558D}\mpengine.dll
2012-07-30 19:43 . 2012-07-30 19:43 -------- d-----w- c:\programdata\Nexon
2012-07-26 20:08 . 2012-06-06 22:59 4328248 ----a-w- c:\windows\SysWow64\GameMon.des
2012-07-26 20:08 . 2005-01-05 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-07-26 20:08 . 2003-07-21 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-07-26 20:07 . 2012-07-26 20:07 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-07-26 18:56 . 2012-07-26 18:56 -------- d-----w- C:\SG Interactive
2012-07-24 02:18 . 2012-07-24 08:22 -------- d-----w- c:\users\Morisoli\AppData\Roaming\Imdeiq
2012-07-24 02:18 . 2012-07-24 02:41 -------- d-----w- c:\users\Morisoli\AppData\Roaming\Vaxa
2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files\Microsoft LifeCam
2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2012-07-21 09:20 . 2012-07-21 09:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-20 16:21 . 2012-07-20 19:36 -------- d-----w- C:\FRST
2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\users\Morisoli\AppData\Roaming\Malwarebytes
2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-20 04:29 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 03:30 . 2012-07-20 03:30 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-07-20 03:28 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-07-20 03:02 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-19 05:28 . 2012-07-20 03:38 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-07-19 05:24 . 2012-07-19 05:24 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-07-19 05:19 . 2012-07-19 05:23 -------- d-----w- c:\programdata\HitmanPro
2012-07-12 01:30 . 2012-07-12 01:30 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-12 01:29 . 2012-07-16 01:31 -------- d-----w- c:\users\Morisoli\AppData\Roaming\uTorrent
2012-07-11 08:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-05 16:04 . 2012-07-05 16:04 -------- d-----w- c:\programdata\ATI
2012-07-05 16:04 . 2012-07-05 16:04 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-04 00:30 . 2012-07-20 22:01 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-07-02 22:59 . 2012-07-02 22:59 -------- d-----w- c:\users\Morisoli\AppData\Roaming\StepMania 5
2012-07-02 22:57 . 2012-07-02 23:10 -------- d-----w- c:\program files (x86)\StepMania 5
2012-07-02 18:44 . 2012-07-02 18:44 -------- d-----w- c:\program files\CoreFTP
2012-07-02 18:22 . 2012-07-02 22:14 -------- d-----w- c:\users\Morisoli\AppData\Roaming\CoreFTP
2012-07-01 23:15 . 2012-07-01 23:52 -------- d-----w- c:\program files (x86)\Heroes of Newerth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 11:33 . 2012-04-12 22:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 11:33 . 2011-09-23 13:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 01:30 . 2012-04-08 00:35 25640 ----a-w- c:\windows\gdrv.sys
2012-07-12 17:56 . 2012-06-01 15:23 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-12 17:56 . 2012-06-01 15:20 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-11 08:01 . 2011-10-25 01:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 01:39 . 2012-06-01 15:20 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-10-26 02:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-10-26 02:04 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-10-26 01:55 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-10-26 01:46 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-10-26 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-10-26 01:21 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-10-26 01:20 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-02 22:19 . 2012-06-19 10:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 10:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 10:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 10:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 10:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 10:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 15:20 . 2012-06-01 15:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-31 17:25 . 2011-09-23 00:12 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-16 04:38 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-16 04:38 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-16 01:25 . 2012-05-16 01:25 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-16 01:25 . 2012-05-16 01:25 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-16 01:25 . 2012-05-16 01:25 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-16 01:25 . 2012-05-16 01:25 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-15 04:01 . 2012-06-12 20:57 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 20:56 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 20:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-12 20:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-10 1242448]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA4100 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE [2012-5-15 4980992]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-03-23 1101600]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-19 30496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 32872]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2011-11-21 455424]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-13 1675840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:33]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001Core.job
- c:\users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 09:56]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710809135-2123922341-1772546783-1001UA.job
- c:\users\Morisoli\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 09:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&tbp=homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Morisoli\AppData\Roaming\Mozilla\Firefox\Profiles\ty6nkdc1.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=C9237CE3B599F152BEDC414FE9227E14&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Skype\Phone\Skype.exe
.
**************************************************************************
.
Completion time: 2012-07-31 17:01:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 22:01
.
Pre-Run: 619,966,717,952 bytes free
Post-Run: 619,826,077,696 bytes free
.
- - End Of File - - 72325EBC3DE9744C411AAF6A36C110C8

Jay Pfoutz · Aug 1, 2012

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Jesterical · Aug 1, 2012

[Here is the report in two posts]

17:33:22.0001 7692 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:33:22.0504 7692 ============================================================
17:33:22.0504 7692 Current date / time: 2012/08/01 17:33:22.0504
17:33:22.0504 7692 SystemInfo:
17:33:22.0504 7692
17:33:22.0505 7692 OS Version: 6.1.7601 ServicePack: 1.0
17:33:22.0505 7692 Product type: Workstation
17:33:22.0505 7692 ComputerName: MORISOLI-PC
17:33:22.0505 7692 UserName: Morisoli
17:33:22.0505 7692 Windows directory: C:\Windows
17:33:22.0505 7692 System windows directory: C:\Windows
17:33:22.0505 7692 Running under WOW64
17:33:22.0505 7692 Processor architecture: Intel x64
17:33:22.0505 7692 Number of processors: 4
17:33:22.0505 7692 Page size: 0x1000
17:33:22.0506 7692 Boot type: Normal boot
17:33:22.0506 7692 ============================================================
17:33:23.0449 7692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:33:23.0465 7692 Drive \Device\Harddisk1\DR1 - Size: 0x1E900000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:33:23.0467 7692 ============================================================
17:33:23.0467 7692 \Device\Harddisk0\DR0:
17:33:23.0467 7692 MBR partitions:
17:33:23.0467 7692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:33:23.0467 7692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:33:23.0467 7692 \Device\Harddisk1\DR1:
17:33:23.0468 7692 MBR partitions:
17:33:23.0468 7692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF46E0
17:33:23.0468 7692 ============================================================
17:33:23.0490 7692 C: <-> \Device\Harddisk0\DR0\Partition1
17:33:23.0490 7692 ============================================================
17:33:23.0490 7692 Initialize success
17:33:23.0490 7692 ============================================================
17:33:27.0289 7984 ============================================================
17:33:27.0289 7984 Scan started
17:33:27.0289 7984 Mode: Manual; SigCheck; TDLFS;
17:33:27.0289 7984 ============================================================
17:33:29.0048 7984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:33:29.0381 7984 1394ohci - ok
17:33:29.0409 7984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:33:29.0427 7984 ACPI - ok
17:33:29.0459 7984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:33:29.0512 7984 AcpiPmi - ok
17:33:29.0596 7984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:29.0615 7984 AdobeARMservice - ok
17:33:29.0824 7984 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:29.0838 7984 AdobeFlashPlayerUpdateSvc - ok
17:33:29.0880 7984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:33:29.0905 7984 adp94xx - ok
17:33:29.0929 7984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:33:29.0946 7984 adpahci - ok
17:33:29.0961 7984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:33:29.0976 7984 adpu320 - ok
17:33:30.0045 7984 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys
17:33:30.0096 7984 AE1000 - ok
17:33:30.0126 7984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:33:30.0252 7984 AeLookupSvc - ok
17:33:30.0310 7984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:33:30.0384 7984 AFD - ok
17:33:30.0397 7984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:33:30.0410 7984 agp440 - ok
17:33:30.0428 7984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:33:30.0464 7984 ALG - ok
17:33:30.0477 7984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:33:30.0489 7984 aliide - ok
17:33:30.0540 7984 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
17:33:30.0641 7984 AMD External Events Utility - ok
17:33:30.0704 7984 AMD FUEL Service - ok
17:33:30.0724 7984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:33:30.0736 7984 amdide - ok
17:33:30.0758 7984 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:33:31.0360 7984 amdiox64 - ok
17:33:31.0465 7984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:33:31.0545 7984 AmdK8 - ok
17:33:31.0828 7984 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
17:33:32.0110 7984 amdkmdag - ok
17:33:32.0387 7984 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
17:33:32.0452 7984 amdkmdap - ok
17:33:32.0479 7984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:33:32.0517 7984 AmdPPM - ok
17:33:32.0546 7984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:33:32.0560 7984 amdsata - ok
17:33:32.0581 7984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:33:32.0592 7984 amdsbs - ok
17:33:32.0606 7984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:33:32.0614 7984 amdxata - ok
17:33:32.0676 7984 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:33:32.0703 7984 AODDriver4.01 - ok
17:33:32.0714 7984 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:33:32.0725 7984 AODDriver4.1 - ok
17:33:32.0766 7984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:33:32.0890 7984 AppID - ok
17:33:32.0915 7984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:33:32.0963 7984 AppIDSvc - ok
17:33:32.0993 7984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:33:33.0017 7984 Appinfo - ok
17:33:33.0038 7984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:33:33.0047 7984 arc - ok
17:33:33.0057 7984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:33:33.0066 7984 arcsas - ok
17:33:33.0069 7984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:33.0114 7984 AsyncMac - ok
17:33:33.0124 7984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:33:33.0131 7984 atapi - ok
17:33:33.0176 7984 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
17:33:33.0203 7984 AtiHDAudioService - ok
17:33:33.0252 7984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:33:33.0361 7984 AudioEndpointBuilder - ok
17:33:33.0368 7984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:33:33.0408 7984 AudioSrv - ok
17:33:33.0434 7984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:33:33.0551 7984 AxInstSV - ok
17:33:33.0607 7984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:33:33.0700 7984 b06bdrv - ok
17:33:33.0734 7984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:33:33.0791 7984 b57nd60a - ok
17:33:33.0924 7984 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:33:33.0951 7984 BcmSqlStartupSvc - ok
17:33:34.0024 7984 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
17:33:34.0058 7984 BCUService - ok
17:33:34.0091 7984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:33:34.0131 7984 BDESVC - ok
17:33:34.0148 7984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:33:34.0210 7984 Beep - ok
17:33:34.0253 7984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:33:34.0304 7984 BFE - ok
17:33:34.0318 7984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:33:34.0327 7984 blbdrive - ok
17:33:34.0404 7984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:33:34.0453 7984 Bonjour Service - ok
17:33:34.0494 7984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:33:34.0532 7984 bowser - ok
17:33:34.0540 7984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:33:34.0592 7984 BrFiltLo - ok
17:33:34.0595 7984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:33:34.0609 7984 BrFiltUp - ok
17:33:34.0614 7984 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:33:34.0666 7984 BridgeMP - ok
17:33:34.0693 7984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:33:34.0728 7984 Browser - ok
17:33:34.0739 7984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:33:34.0761 7984 Brserid - ok
17:33:34.0764 7984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:33:34.0774 7984 BrSerWdm - ok
17:33:34.0777 7984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:33:34.0787 7984 BrUsbMdm - ok
17:33:34.0789 7984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:33:34.0805 7984 BrUsbSer - ok
17:33:34.0819 7984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:33:34.0838 7984 BTHMODEM - ok
17:33:34.0856 7984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:33:34.0894 7984 bthserv - ok
17:33:34.0904 7984 catchme - ok
17:33:34.0914 7984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:33:34.0957 7984 cdfs - ok
17:33:34.0983 7984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:33:35.0014 7984 cdrom - ok
17:33:35.0064 7984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:33:35.0117 7984 CertPropSvc - ok
17:33:35.0134 7984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:33:35.0162 7984 circlass - ok
17:33:35.0190 7984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:33:35.0202 7984 CLFS - ok
17:33:35.0285 7984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:35.0326 7984 clr_optimization_v2.0.50727_32 - ok
17:33:35.0396 7984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:33:35.0431 7984 clr_optimization_v2.0.50727_64 - ok
17:33:35.0534 7984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:35.0582 7984 clr_optimization_v4.0.30319_32 - ok
17:33:35.0607 7984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:33:35.0619 7984 clr_optimization_v4.0.30319_64 - ok
17:33:35.0623 7984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:35.0651 7984 CmBatt - ok
17:33:35.0665 7984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:33:35.0676 7984 cmdide - ok
17:33:35.0723 7984 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:33:35.0755 7984 CNG - ok
17:33:35.0765 7984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:33:35.0777 7984 Compbatt - ok
17:33:35.0817 7984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:33:35.0847 7984 CompositeBus - ok
17:33:35.0850 7984 COMSysApp - ok
17:33:35.0868 7984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:33:35.0880 7984 crcdisk - ok
17:33:35.0927 7984 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:33:36.0004 7984 CryptSvc - ok
17:33:36.0044 7984 CV2K1 (2f0e9e92c30bdaeadcca577ff09743a8) C:\Windows\system32\DRIVERS\cv2k1.sys
17:33:36.0067 7984 CV2K1 - ok
17:33:36.0124 7984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:33:36.0203 7984 DcomLaunch - ok
17:33:36.0243 7984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:33:36.0282 7984 defragsvc - ok
17:33:36.0315 7984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:33:36.0366 7984 DfsC - ok
17:33:36.0438 7984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:33:36.0519 7984 Dhcp - ok
17:33:36.0529 7984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:33:36.0572 7984 discache - ok
17:33:36.0585 7984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:33:36.0594 7984 Disk - ok
17:33:36.0632 7984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:33:36.0659 7984 Dnscache - ok
17:33:36.0700 7984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:33:36.0756 7984 dot3svc - ok
17:33:36.0785 7984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:33:36.0815 7984 DPS - ok
17:33:36.0853 7984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:33:36.0872 7984 drmkaud - ok
17:33:36.0935 7984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:33:36.0965 7984 DXGKrnl - ok
17:33:36.0973 7984 EagleX64 - ok
17:33:37.0013 7984 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
17:33:37.0044 7984 eamonm - ok
17:33:37.0086 7984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:33:37.0148 7984 EapHost - ok
17:33:37.0257 7984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:33:37.0369 7984 ebdrv - ok
17:33:37.0568 7984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:33:37.0646 7984 EFS - ok
17:33:37.0713 7984 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
17:33:37.0742 7984 ehdrv - ok
17:33:37.0817 7984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:33:37.0896 7984 ehRecvr - ok
17:33:37.0936 7984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:33:37.0988 7984 ehSched - ok
17:33:38.0110 7984 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
17:33:38.0181 7984 ekrn - ok
17:33:38.0241 7984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:33:38.0264 7984 elxstor - ok
17:33:38.0298 7984 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
17:33:38.0326 7984 epfwwfpr - ok
17:33:38.0358 7984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:33:38.0379 7984 ErrDev - ok
17:33:38.0410 7984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:33:38.0459 7984 EventSystem - ok
17:33:38.0476 7984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:33:38.0502 7984 exfat - ok
17:33:38.0521 7984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:33:38.0547 7984 fastfat - ok
17:33:38.0596 7984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:33:38.0639 7984 Fax - ok
17:33:38.0642 7984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:33:38.0672 7984 fdc - ok
17:33:38.0691 7984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:33:38.0716 7984 fdPHost - ok
17:33:38.0728 7984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:33:38.0752 7984 FDResPub - ok
17:33:38.0770 7984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:33:38.0778 7984 FileInfo - ok
17:33:38.0789 7984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:33:38.0823 7984 Filetrace - ok
17:33:38.0826 7984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:38.0836 7984 flpydisk - ok
17:33:38.0873 7984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:33:38.0885 7984 FltMgr - ok
17:33:38.0980 7984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:33:39.0112 7984 FontCache - ok
17:33:39.0215 7984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:33:39.0233 7984 FontCache3.0.0.0 - ok
17:33:39.0239 7984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:33:39.0251 7984 FsDepends - ok
17:33:39.0276 7984 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:33:39.0288 7984 Fs_Rec - ok
17:33:39.0315 7984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:33:39.0333 7984 fvevol - ok
17:33:39.0348 7984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:33:39.0357 7984 gagp30kx - ok
17:33:39.0393 7984 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
17:33:39.0399 7984 gdrv - ok
17:33:39.0468 7984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:33:39.0573 7984 gpsvc - ok
17:33:39.0612 7984 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:33:39.0623 7984 hamachi - ok
17:33:39.0638 7984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:33:39.0688 7984 hcw85cir - ok
17:33:39.0736 7984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:33:39.0755 7984 HdAudAddService - ok
17:33:39.0775 7984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:39.0801 7984 HDAudBus - ok
17:33:39.0804 7984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:33:39.0813 7984 HidBatt - ok
17:33:39.0818 7984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:33:39.0838 7984 HidBth - ok
17:33:39.0852 7984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:33:39.0874 7984 HidIr - ok
17:33:39.0903 7984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:33:39.0928 7984 hidserv - ok
17:33:39.0947 7984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:33:39.0955 7984 HidUsb - ok
17:33:39.0995 7984 hitmanpro36 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
17:33:40.0003 7984 hitmanpro36 - ok
17:33:40.0029 7984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:33:40.0053 7984 hkmsvc - ok
17:33:40.0089 7984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:33:40.0154 7984 HomeGroupListener - ok
17:33:40.0174 7984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:33:40.0189 7984 HomeGroupProvider - ok
17:33:40.0208 7984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:33:40.0221 7984 HpSAMD - ok
17:33:40.0293 7984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:33:40.0345 7984 HTTP - ok
17:33:40.0374 7984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:33:40.0381 7984 hwpolicy - ok
17:33:40.0427 7984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:33:40.0436 7984 i8042prt - ok
17:33:40.0473 7984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:33:40.0487 7984 iaStorV - ok
17:33:40.0621 7984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:40.0656 7984 idsvc - ok
17:33:40.0666 7984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:33:40.0678 7984 iirsp - ok
17:33:40.0739 7984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:33:40.0798 7984 IKEEXT - ok
17:33:40.0912 7984 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
17:33:40.0974 7984 IntcAzAudAddService - ok
17:33:41.0088 7984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:33:41.0117 7984 intelide - ok
17:33:41.0144 7984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:33:41.0161 7984 intelppm - ok
17:33:41.0196 7984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:33:41.0239 7984 IPBusEnum - ok
17:33:41.0264 7984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:41.0298 7984 IpFilterDriver - ok
17:33:41.0349 7984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:33:41.0387 7984 iphlpsvc - ok
17:33:41.0401 7984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:33:41.0420 7984 IPMIDRV - ok
17:33:41.0438 7984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:33:41.0470 7984 IPNAT - ok
17:33:41.0482 7984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:33:41.0546 7984 IRENUM - ok
17:33:41.0562 7984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:33:41.0573 7984 isapnp - ok
17:33:41.0595 7984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:33:41.0611 7984 iScsiPrt - ok
17:33:41.0633 7984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:41.0646 7984 kbdclass - ok
17:33:41.0657 7984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:33:41.0683 7984 kbdhid - ok
17:33:41.0693 7984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:41.0704 7984 KeyIso - ok
17:33:41.0727 7984 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:33:41.0740 7984 KSecDD - ok
17:33:41.0766 7984 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:33:41.0780 7984 KSecPkg - ok
17:33:41.0793 7984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:33:41.0834 7984 ksthunk - ok
17:33:41.0881 7984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:33:41.0938 7984 KtmRm - ok
17:33:41.0964 7984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:33:42.0002 7984 LanmanServer - ok
17:33:42.0041 7984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:33:42.0092 7984 LanmanWorkstation - ok
17:33:42.0154 7984 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:33:42.0181 7984 LHidFilt - ok
17:33:42.0191 7984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:33:42.0232 7984 lltdio - ok
17:33:42.0273 7984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:33:42.0322 7984 lltdsvc - ok
17:33:42.0346 7984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:33:42.0370 7984 lmhosts - ok
17:33:42.0381 7984 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:33:42.0388 7984 LMouFilt - ok
17:33:42.0405 7984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:33:42.0415 7984 LSI_FC - ok
17:33:42.0427 7984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:33:42.0436 7984 LSI_SAS - ok
17:33:42.0445 7984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:33:42.0454 7984 LSI_SAS2 - ok
17:33:42.0472 7984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:33:42.0481 7984 LSI_SCSI - ok
17:33:42.0496 7984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:33:42.0529 7984 luafv - ok
17:33:42.0581 7984 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
17:33:42.0611 7984 MBAMProtector - ok
17:33:42.0704 7984 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:42.0759 7984 MBAMService - ok
17:33:42.0800 7984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:33:42.0832 7984 Mcx2Svc - ok
17:33:42.0876 7984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:33:42.0909 7984 megasas - ok
17:33:42.0951 7984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:33:43.0002 7984 MegaSR - ok
17:33:43.0035 7984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:33:43.0080 7984 MMCSS - ok
17:33:43.0104 7984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:33:43.0148 7984 Modem - ok
17:33:43.0161 7984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:33:43.0183 7984 monitor - ok
17:33:43.0245 7984 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
17:33:43.0276 7984 MotoHelper - ok
17:33:43.0311 7984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:33:43.0323 7984 mouclass - ok
17:33:43.0344 7984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:33:43.0356 7984 mouhid - ok
17:33:43.0383 7984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:33:43.0395 7984 mountmgr - ok
17:33:43.0462 7984 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:33:43.0495 7984 MozillaMaintenance - ok
17:33:43.0535 7984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:33:43.0570 7984 mpio - ok
17:33:43.0593 7984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:33:43.0629 7984 mpsdrv - ok
17:33:43.0701 7984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:33:43.0782 7984 MpsSvc - ok
17:33:43.0812 7984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:33:43.0844 7984 MRxDAV - ok
17:33:43.0872 7984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:43.0928 7984 mrxsmb - ok
17:33:43.0954 7984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:43.0981 7984 mrxsmb10 - ok
17:33:44.0012 7984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:44.0025 7984 mrxsmb20 - ok
17:33:44.0036 7984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:33:44.0047 7984 msahci - ok
17:33:44.0120 7984 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
17:33:44.0151 7984 MSCamSvc - ok
17:33:44.0186 7984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:33:44.0214 7984 msdsm - ok
17:33:44.0231 7984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:33:44.0245 7984 MSDTC - ok
17:33:44.0265 7984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:33:44.0299 7984 Msfs - ok
17:33:44.0316 7984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:33:44.0340 7984 mshidkmdf - ok
17:33:44.0373 7984 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
17:33:44.0380 7984 MSHUSBVideo - ok
17:33:44.0390 7984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:33:44.0398 7984 msisadrv - ok
17:33:44.0433 7984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:33:44.0459 7984 MSiSCSI - ok
17:33:44.0461 7984 msiserver - ok
17:33:44.0482 7984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:33:44.0514 7984 MSKSSRV - ok
17:33:44.0531 7984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:44.0571 7984 MSPCLOCK - ok
17:33:44.0585 7984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:33:44.0616 7984 MSPQM - ok
17:33:44.0658 7984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:33:44.0671 7984 MsRPC - ok
17:33:44.0679 7984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:33:44.0687 7984 mssmbios - ok
17:33:44.0768 7984 MSSQL$MSSMLBIZ - ok
17:33:44.0826 7984 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:33:44.0845 7984 MSSQLServerADHelper - ok
17:33:44.0849 7984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:33:44.0891 7984 MSTEE - ok
17:33:44.0904 7984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:33:44.0917 7984 MTConfig - ok
17:33:44.0937 7984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:33:44.0945 7984 Mup - ok
17:33:44.0987 7984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:33:45.0034 7984 napagent - ok
17:33:45.0066 7984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:33:45.0086 7984 NativeWifiP - ok
17:33:45.0128 7984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:33:45.0148 7984 NDIS - ok
17:33:45.0161 7984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:33:45.0185 7984 NdisCap - ok
17:33:45.0209 7984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:45.0233 7984 NdisTapi - ok
17:33:45.0264 7984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:45.0287 7984 Ndisuio - ok
17:33:45.0319 7984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:45.0375 7984 NdisWan - ok
17:33:45.0401 7984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:33:45.0425 7984 NDProxy - ok
17:33:45.0441 7984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:33:45.0465 7984 NetBIOS - ok
17:33:45.0506 7984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:33:45.0574 7984 NetBT - ok
17:33:45.0594 7984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:45.0605 7984 Netlogon - ok
17:33:45.0654 7984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:33:45.0699 7984 Netman - ok
17:33:45.0727 7984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:33:45.0773 7984 netprofm - ok
17:33:45.0899 7984 netr28ux (b330ce846d1c672f640d3b3647cef86d) C:\Windows\system32\DRIVERS\netr28ux.sys
17:33:45.0966 7984 netr28ux - ok
17:33:46.0102 7984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

Inactive Sirefef trojans... ugh

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Posts: 4,279 +49

Posts: 21 +0

Similar threads