Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AB and Sirefef.P help needed


  • This topic is locked This topic is locked
16 replies to this topic

#1 Kn1ghtHavvk

Kn1ghtHavvk

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 11 July 2012 - 05:25 PM

Hello. I've been reading up on the forums of a lot of cases of this sirefef virus floating about and of course I happened to get it. I'm running Windows 7 64 bit. I read the initial instructions and ran the Farbar Recovery Scan tool and have gotten my initial FRST.txt file and was hoping someone could take a look and help me get a fix txt to get rid of it. Thanks!

Scan result of Farbar Recovery Scan Tool Version: 10-07-01
Ran by SYSTEM at 10-07-01 1:00:
Running from F:\
Windows 7 Professional Service Pack 1 (X6) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [171168 01-0-6] (Microsoft Corporation)
HKLM-x\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [5696 01-01-18] (Sun Microsystems, Inc.)
HKLM-x\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [871 01-01-0] (Adobe Systems Incorporated)
HKLM-x\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [6166 01-0-05] (Advanced Micro Devices, Inc.)
HKLM-x\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [1075 01-0-0] ()
HKLM-x\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [590 01-0-0] (Apple Inc.)
HKLM-x\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [1888 01-0-18] (Apple Inc.)
HKLM-x\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [16796 011-0-] (Applian Technologies, Inc.)
HKLM-x\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [775 011-1-09] (Nullsoft, Inc.)
HKU\Boob\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [18 01-0-1] (Valve Corporation)
HKU\Boob\...\Run: [PlayNC Launcher] [x]
HKU\Boob\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [175591 01-05-0] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

==================== Services (Whitelisted) ======

mi-raysat_dsmax01_6; "C:\Program Files\Autodesk\ds Max 01\mentalimages\satellite\raysat_dsmax01_6server.exe" [86016 011-0-] ()
MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [1600 01-0-6] (Microsoft Corporation)
NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [91696 01-0-6] (Microsoft Corporation)
PnkBstrA; C:\Windows\SysWow6\PnkBstrA.exe [76888 01-07-06] ()

========================== Drivers (Whitelisted) =============

19ohci; C:\Windows\System\Drivers\19ohci.sys [9888 010-11-0] (Microsoft Corporation)
0 ACPI; C:\Windows\System\Drivers\ACPI.sys [08 010-11-0] (Microsoft Corporation)
AcpiPmi; C:\Windows\System\Drivers\AcpiPmi.sys [1800 010-11-0] (Microsoft Corporation)
adp9xx; C:\Windows\System\Drivers\adp9xx.sys [91088 009-07-1] (Adaptec, Inc.)
adpahci; C:\Windows\System\Drivers\adpahci.sys [956 009-07-1] (Adaptec, Inc.)
adpu0; C:\Windows\System\Drivers\adpu0.sys [1886 009-07-1] (Adaptec, Inc.)
1 AFD; C:\Windows\System\Drivers\AFD.sys [98688 011-1-7] (Microsoft Corporation)
agp0; C:\Windows\System\Drivers\agp0.sys [61008 009-07-1] (Microsoft Corporation)
amdide; C:\Windows\System\Drivers\amdide.sys [150 009-07-1] (Microsoft Corporation)
AmdK8; C:\Windows\System\Drivers\AmdK8.sys [651 009-07-1] (Microsoft Corporation)
amdkmdag; C:\Windows\System\DRIVERS\atikmdag.sys [111700 01-0-05] (Advanced Micro Devices, Inc.)
amdkmdap; C:\Windows\System\DRIVERS\atikmpag.sys [00 01-0-05] (Advanced Micro Devices, Inc.)
AmdPPM; C:\Windows\System\Drivers\AmdPPM.sys [6098 009-07-1] (Microsoft Corporation)
amdsata; C:\Windows\System\Drivers\amdsata.sys [10790 011-0-10] (Advanced Micro Devices)
0 amdxata; C:\Windows\System\Drivers\amdxata.sys [7008 011-0-10] (Advanced Micro Devices)
AppID; C:\Windows\System\Drivers\AppID.sys [610 010-11-0] (Microsoft Corporation)
arc; C:\Windows\System\Drivers\arc.sys [876 009-07-1] (Adaptec, Inc.)
arcsas; C:\Windows\System\Drivers\arcsas.sys [97856 009-07-1] (Adaptec, Inc.)
AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [00 009-07-1] (Microsoft Corporation)
0 atapi; C:\Windows\System\Drivers\atapi.sys [18 009-07-1] (Microsoft Corporation)
AtiHDAudioService; C:\Windows\System\drivers\AtihdW76.sys [95760 01-0-] (Advanced Micro Devices)
b06bdrv; C:\Windows\system\drivers\bxvbda.sys [6880 009-06-10] (Broadcom Corporation)
b57nd60a; C:\Windows\System\Drivers\b57nd60a.sys [7088 009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System\Drivers\Beep.sys [6656 009-07-1] (Microsoft Corporation)
1 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5056 009-07-1] (Microsoft Corporation)
bowser; C:\Windows\System\Drivers\bowser.sys [906 011-0-] (Microsoft Corporation)
BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 009-06-10] (Brother Industries, Ltd.)
BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 009-06-10] (Brother Industries, Ltd.)
Brserid; C:\Windows\System\Drivers\Brserid.sys [8670 009-07-1] (Brother Industries Ltd.)
BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 009-06-10] (Brother Industries Ltd.)
BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 009-06-10] (Brother Industries Ltd.)
BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 009-06-10] (Brother Industries Ltd.)
BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [719 009-07-1] (Microsoft Corporation)
cdfs; C:\Windows\System\Drivers\cdfs.sys [9160 009-07-1] (Microsoft Corporation)
1 cdrom; C:\Windows\System\Drivers\cdrom.sys [1756 010-11-0] (Microsoft Corporation)
circlass; C:\Windows\System\Drivers\circlass.sys [5568 009-07-1] (Microsoft Corporation)
CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1766 009-07-1] (Microsoft Corporation)
0 CNG; C:\Windows\System\Drivers\CNG.sys [59 011-11-16] (Microsoft Corporation)
Compbatt; C:\Windows\System\Drivers\Compbatt.sys [158 009-07-1] (Microsoft Corporation)
CompositeBus; C:\Windows\System\Drivers\CompositeBus.sys [891 010-11-0] (Microsoft Corporation)
crcdisk; C:\Windows\System\Drivers\crcdisk.sys [1 009-07-1] (Microsoft Corporation)
1 CSC; C:\Windows\System\Drivers\CSC.sys [51560 010-11-0] (Microsoft Corporation)
1 DfsC; C:\Windows\System\Drivers\DfsC.sys [1000 010-11-0] (Microsoft Corporation)
1 discache; C:\Windows\System\Drivers\discache.sys [08 009-07-1] (Microsoft Corporation)
0 Disk; C:\Windows\System\Drivers\Disk.sys [780 009-07-1] (Microsoft Corporation)
dmvsc; C:\Windows\System\Drivers\dmvsc.sys [71168 010-11-0] (Microsoft Corporation)
drmkaud; C:\Windows\System\Drivers\drmkaud.sys [56 009-07-1] (Microsoft Corporation)
DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [9891 010-11-0] (Microsoft Corporation)
ebdrv; C:\Windows\system\drivers\evbda.sys [86016 009-06-10] (Broadcom Corporation)
ErrDev; C:\Windows\System\Drivers\ErrDev.sys [978 009-07-1] (Microsoft Corporation)
exfat; C:\Windows\System\Drivers\exfat.sys [19507 009-07-1] (Microsoft Corporation)
fastfat; C:\Windows\System\Drivers\fastfat.sys [0800 009-07-1] (Microsoft Corporation)
fdc; C:\Windows\System\Drivers\fdc.sys [9696 009-07-1] (Microsoft Corporation)
0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [70 009-07-1] (Microsoft Corporation)
Filetrace; C:\Windows\System\Drivers\Filetrace.sys [0 009-07-1] (Microsoft Corporation)
flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 009-07-1] (Microsoft Corporation)
0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [8966 010-11-0] (Microsoft Corporation)
FsDepends; C:\Windows\System\Drivers\FsDepends.sys [5576 009-07-1] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [08 01-0-9] (Microsoft Corporation)
0 fvevol; C:\Windows\System\Drivers\fvevol.sys [8 010-11-0] (Microsoft Corporation)
gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [65088 009-07-1] (Microsoft Corporation)
HdAudAddService; C:\Windows\System\drivers\HdAudio.sys [5008 010-11-0] (Microsoft Corporation)
HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [168 010-11-0] (Microsoft Corporation)
HidBatt; C:\Windows\System\Drivers\HidBatt.sys [66 009-07-1] (Microsoft Corporation)
HidBth; C:\Windows\System\Drivers\HidBth.sys [10086 009-07-1] (Microsoft Corporation)
HidIr; C:\Windows\System\Drivers\HidIr.sys [659 009-07-1] (Microsoft Corporation)
hidkmdf; C:\Windows\System\Drivers\hidkmdf.sys [1688 01-0-9] (Windows ® Win 7 DDK provider)
HidUsb; C:\Windows\System\Drivers\HidUsb.sys [008 010-11-0] (Microsoft Corporation)
HpSAMD; C:\Windows\System\Drivers\HpSAMD.sys [7870 010-11-0] (Hewlett-Packard Company)
HTTP; C:\Windows\System\Drivers\HTTP.sys [7566 010-11-0] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System\Drivers\hwpolicy.sys [170 010-11-0] (Microsoft Corporation)
i80prt; C:\Windows\System\Drivers\i80prt.sys [1057 009-07-1] (Microsoft Corporation)
iaStorV; C:\Windows\System\Drivers\iaStorV.sys [1096 011-0-10] (Intel Corporation)
iirsp; C:\Windows\System\Drivers\iirsp.sys [11 009-07-1] (Intel Corp./ICP vortex GmbH)
intelide; C:\Windows\System\Drivers\intelide.sys [16960 009-07-1] (Microsoft Corporation)
intelppm; C:\Windows\System\Drivers\intelppm.sys [66 009-07-1] (Microsoft Corporation)
IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [89 010-11-0] (Microsoft Corporation)
IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7888 010-11-0] (Microsoft Corporation)
IPNAT; C:\Windows\System\Drivers\IPNAT.sys [116 009-07-1] (Microsoft Corporation)
IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1790 009-07-1] (Microsoft Corporation)
isapnp; C:\Windows\System\Drivers\isapnp.sys [05 009-07-1] (Microsoft Corporation)
iScsiPrt; C:\Windows\system\drivers\msiscsi.sys [779 010-11-0] (Microsoft Corporation)
kbdclass; C:\Windows\System\Drivers\kbdclass.sys [50768 009-07-1] (Microsoft Corporation)
kbdhid; C:\Windows\System\Drivers\kbdhid.sys [80 010-11-0] (Microsoft Corporation)
0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [95600 011-11-16] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System\Drivers\KSecPkg.sys [15 011-11-16] (Microsoft Corporation)
ksthunk; C:\Windows\System\Drivers\ksthunk.sys [099 009-07-1] (Microsoft Corporation)
lltdio; C:\Windows\System\Drivers\lltdio.sys [6098 009-07-1] (Microsoft Corporation)
LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1175 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [106560 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [65600 009-07-1] (LSI Corporation)
LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [115776 009-07-1] (LSI Corporation)
luafv; C:\Windows\System\Drivers\luafv.sys [1115 009-07-1] (Microsoft Corporation)
megasas; C:\Windows\System\Drivers\megasas.sys [59 009-07-1] (LSI Corporation)
MegaSR; C:\Windows\System\Drivers\MegaSR.sys [876 009-07-1] (LSI Corporation, Inc.)
Modem; C:\Windows\System\Drivers\Modem.sys [08 009-07-1] (Microsoft Corporation)
monitor; C:\Windows\System\Drivers\monitor.sys [008 009-07-1] (Microsoft Corporation)
mouclass; C:\Windows\System\Drivers\mouclass.sys [916 009-07-1] (Microsoft Corporation)
mouhid; C:\Windows\System\Drivers\mouhid.sys [1 009-07-1] (Microsoft Corporation)
0 mountmgr; C:\Windows\System\Drivers\mountmgr.sys [959 010-11-0] (Microsoft Corporation)
0 MpFilter; C:\Windows\System\Drivers\MpFilter.sys [0888 01-0-0] (Microsoft Corporation)
mpio; C:\Windows\System\Drivers\mpio.sys [155008 010-11-0] (Microsoft Corporation)
mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [771 009-07-1] (Microsoft Corporation)
1 mqddbsjz; C:\Windows\System\Drivers\mqddbsjz.sys [509 01-07-10] (Microsoft Corporation)
MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [10800 010-11-0] (Microsoft Corporation)
mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15808 011-0-6] (Microsoft Corporation)
mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [88768 011-07-08] (Microsoft Corporation)
mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [18000 011-0-6] (Microsoft Corporation)
0 msahci; C:\Windows\System\Drivers\msahci.sys [110 010-11-0] (Microsoft Corporation)
msdsm; C:\Windows\System\Drivers\msdsm.sys [1067 010-11-0] (Microsoft Corporation)
1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 009-07-1] (Microsoft Corporation)
mshidkmdf; C:\Windows\System\Drivers\mshidkmdf.sys [819 009-07-1] (Microsoft Corporation)
0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [15 009-07-1] (Microsoft Corporation)
MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [1116 009-07-1] (Microsoft Corporation)
MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [7168 009-07-1] (Microsoft Corporation)
MSPQM; C:\Windows\System\Drivers\MSPQM.sys [678 009-07-1] (Microsoft Corporation)
MsRPC; C:\Windows\System\Drivers\MsRPC.sys [66976 010-11-0] (Microsoft Corporation)
1 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [0 009-07-1] (Microsoft Corporation)
MSTEE; C:\Windows\System\Drivers\MSTEE.sys [806 009-07-1] (Microsoft Corporation)
MTConfig; C:\Windows\System\Drivers\MTConfig.sys [1560 009-07-1] (Microsoft Corporation)
0 Mup; C:\Windows\System\Drivers\Mup.sys [6096 009-07-1] (Microsoft Corporation)
NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [18976 009-07-1] (Microsoft Corporation)
0 NDIS; C:\Windows\System\Drivers\NDIS.sys [951680 010-11-0] (Microsoft Corporation)
NdisCap; C:\Windows\System\Drivers\NdisCap.sys [58 009-07-1] (Microsoft Corporation)
NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 009-07-1] (Microsoft Corporation)
Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [568 010-11-0] (Microsoft Corporation)
NdisWan; C:\Windows\System\Drivers\NdisWan.sys [165 010-11-0] (Microsoft Corporation)
NDProxy; C:\Windows\System\Drivers\NDProxy.sys [57856 010-11-0] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 009-07-1] (Microsoft Corporation)
1 NetBT; C:\Windows\System\Drivers\NetBT.sys [616 010-11-0] (Microsoft Corporation)
NisDrv; C:\Windows\System\DRIVERS\NisDrvWFP.sys [98688 01-0-0] (Microsoft Corporation)
1 Npfs; C:\Windows\System\Drivers\Npfs.sys [0 009-07-1] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [576 009-07-1] (Microsoft Corporation)
Ntfs; C:\Windows\System\Drivers\Ntfs.sys [1659776 011-0-10] (Microsoft Corporation)
1 Null; C:\Windows\System\Drivers\Null.sys [61 009-07-1] (Microsoft Corporation)
nvraid; C:\Windows\System\Drivers\nvraid.sys [185 011-0-10] (NVIDIA Corporation)
nvstor; C:\Windows\System\Drivers\nvstor.sys [1667 011-0-10] (NVIDIA Corporation)
nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1960 009-07-1] (Microsoft Corporation)
ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-07-1] (Microsoft Corporation)
Parport; C:\Windows\System\Drivers\Parport.sys [9780 009-07-1] (Microsoft Corporation)
0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7510 01-0-16] (Microsoft Corporation)
0 pci; C:\Windows\System\Drivers\pci.sys [1870 010-11-0] (Microsoft Corporation)
0 pciide; C:\Windows\System\Drivers\pciide.sys [15 009-07-1] (Microsoft Corporation)
pcmcia; C:\Windows\System\Drivers\pcmcia.sys [075 009-07-1] (Microsoft Corporation)
0 pcw; C:\Windows\System\Drivers\pcw.sys [50768 009-07-1] (Microsoft Corporation)
PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [6516 009-07-1] (Microsoft Corporation)
PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [11110 010-11-0] (Microsoft Corporation)
Processor; C:\Windows\system\drivers\processr.sys [6016 009-07-1] (Microsoft Corporation)
1 Psched; C:\Windows\System\DRIVERS\pacer.sys [1158 010-11-0] (Microsoft Corporation)
QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 009-07-1] (Microsoft Corporation)
RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 009-07-1] (Microsoft Corporation)
RasAgileVpn; C:\Windows\System\DRIVERS\AgileVpn.sys [6016 009-07-1] (Microsoft Corporation)
Rasltp; C:\Windows\System\Drivers\Rasltp.sys [1956 010-11-0] (Microsoft Corporation)
RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [967 009-07-1] (Microsoft Corporation)
RasSstp; C:\Windows\System\Drivers\RasSstp.sys [8968 009-07-1] (Microsoft Corporation)
1 rdbss; C:\Windows\System\Drivers\rdbss.sys [098 010-11-0] (Microsoft Corporation)
rdpbus; C:\Windows\System\Drivers\rdpbus.sys [06 009-07-1] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7680 009-07-1] (Microsoft Corporation)
RDPDR; C:\Windows\System\Drivers\RDPDR.sys [165888 010-11-0] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System\Drivers\RDPREFMP.sys [819 009-07-1] (Microsoft Corporation)
RDPWD; C:\Windows\System\Drivers\RDPWD.sys [109 01-0-7] (Microsoft Corporation)
0 rdyboost; C:\Windows\System\Drivers\rdyboost.sys [1888 010-11-0] (Microsoft Corporation)
rspndr; C:\Windows\System\Drivers\rspndr.sys [76800 009-07-1] (Microsoft Corporation)
RTL8167; C:\Windows\System\DRIVERS\Rt6win7.sys [1879 009-06-10] (Realtek Corporation )
scap; C:\Windows\system\drivers\vmscap.sys [6656 010-11-0] (Microsoft Corporation)
sbpport; C:\Windows\System\Drivers\sbpport.sys [10808 010-11-0] (Microsoft Corporation)
scfilter; C:\Windows\System\Drivers\scfilter.sys [9696 010-11-0] (Microsoft Corporation)
Serenum; C:\Windows\System\Drivers\Serenum.sys [55 009-07-1] (Microsoft Corporation)
Serial; C:\Windows\System\Drivers\Serial.sys [908 009-07-1] (Microsoft Corporation)
sermouse; C:\Windows\System\Drivers\sermouse.sys [66 009-07-1] (Microsoft Corporation)
sffdisk; C:\Windows\System\Drivers\sffdisk.sys [16 009-07-1] (Microsoft Corporation)
sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [18 009-07-1] (Microsoft Corporation)
sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [16 010-11-0] (Microsoft Corporation)
sfloppy; C:\Windows\System\Drivers\sfloppy.sys [16896 009-07-1] (Microsoft Corporation)
Smb; C:\Windows\System\Drivers\Smb.sys [918 009-07-1] (Microsoft Corporation)
0 spldr; C:\Windows\System\Drivers\spldr.sys [19008 009-07-1] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [6756 011-0-8] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [1011 011-0-8] (Microsoft Corporation)
srvnet; C:\Windows\System\Drivers\srvnet.sys [1688 011-0-8] (Microsoft Corporation)
0 storflt; C:\Windows\System\drivers\vmstorfl.sys [66 010-11-0] (Microsoft Corporation)
storvsc; C:\Windows\System\Drivers\storvsc.sys [688 010-11-0] (Microsoft Corporation)
swenum; C:\Windows\System\Drivers\swenum.sys [196 009-07-1] (Microsoft Corporation)
0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [19180 01-0-0] (Microsoft Corporation)
TCPIP6; C:\Windows\System\DRIVERS\tcpip.sys [19180 01-0-0] (Microsoft Corporation)
tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [5056 010-11-0] (Microsoft Corporation)
TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [1587 009-07-1] (Microsoft Corporation)
TDTCP; C:\Windows\System\Drivers\TDTCP.sys [55 01-0-16] (Microsoft Corporation)
1 tdx; C:\Windows\System\Drivers\tdx.sys [11996 010-11-0] (Microsoft Corporation)
1 TermDD; C:\Windows\System\Drivers\TermDD.sys [660 010-11-0] (Microsoft Corporation)
tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [9 010-11-0] (Microsoft Corporation)
TsUsbFlt; C:\Windows\System\Drivers\TsUsbFlt.sys [599 010-11-0] (Microsoft Corporation)
TsUsbGD; C:\Windows\System\Drivers\TsUsbGD.sys [1 010-11-0] (Microsoft Corporation)
tunnel; C:\Windows\System\Drivers\tunnel.sys [150 010-11-0] (Microsoft Corporation)
uagp5; C:\Windows\System\Drivers\uagp5.sys [6080 009-07-1] (Microsoft Corporation)
udfs; C:\Windows\System\Drivers\udfs.sys [819 010-11-0] (Microsoft Corporation)
uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [659 009-07-1] (Microsoft Corporation)
umbus; C:\Windows\System\Drivers\umbus.sys [860 010-11-0] (Microsoft Corporation)
UmPass; C:\Windows\System\Drivers\UmPass.sys [978 009-07-1] (Microsoft Corporation)
usbccgp; C:\Windows\System\Drivers\usbccgp.sys [98816 011-0-] (Microsoft Corporation)
usbcir; C:\Windows\System\Drivers\usbcir.sys [1005 009-07-1] (Microsoft Corporation)
usbehci; C:\Windows\System\Drivers\usbehci.sys [576 011-0-] (Microsoft Corporation)
usbhub; C:\Windows\System\Drivers\usbhub.sys [00 011-0-] (Microsoft Corporation)
usbohci; C:\Windows\System\Drivers\usbohci.sys [5600 011-0-] (Microsoft Corporation)
usbprint; C:\Windows\System\Drivers\usbprint.sys [5088 009-07-1] (Microsoft Corporation)
usbscan; C:\Windows\System\Drivers\usbscan.sys [198 009-07-1] (Microsoft Corporation)
USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [9168 011-0-10] (Microsoft Corporation)
usbuhci; C:\Windows\System\Drivers\usbuhci.sys [070 011-0-] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System\Drivers\vdrvroot.sys [6 009-07-1] (Microsoft Corporation)
vga; C:\Windows\System\Drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
1 VgaSave; C:\Windows\System\drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
vhdmp; C:\Windows\System\Drivers\vhdmp.sys [1596 010-11-0] (Microsoft Corporation)
vmbus; C:\Windows\System\Drivers\vmbus.sys [19955 010-11-0] (Microsoft Corporation)
VMBusHID; C:\Windows\System\Drivers\VMBusHID.sys [1760 010-11-0] (Microsoft Corporation)
0 volmgr; C:\Windows\System\Drivers\volmgr.sys [7155 010-11-0] (Microsoft Corporation)
0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [69 010-11-0] (Microsoft Corporation)
vwifibus; C:\Windows\System\Drivers\vwifibus.sys [576 009-07-1] (Microsoft Corporation)
1 vyzjmmjt; C:\Windows\System\Drivers\vyzjmmjt.sys [509 01-07-10] (Microsoft Corporation)
WacomPen; C:\Windows\System\Drivers\WacomPen.sys [7776 009-07-1] (Microsoft Corporation)
WANARP; C:\Windows\System\Drivers\WANARP.sys [88576 010-11-0] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [88576 010-11-0] (Microsoft Corporation)
Wd; C:\Windows\System\Drivers\Wd.sys [1056 009-07-1] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [6598 009-07-1] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System\Drivers\WfpLwf.sys [1800 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\System\Drivers\WIMMount.sys [096 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\SysWow6\Drivers\WIMMount.sys [19008 009-07-1] (Microsoft Corporation)
wsifsl; C:\Windows\System\Drivers\wsifsl.sys [150 009-07-1] (Microsoft Corporation)
WudfPf; C:\Windows\System\Drivers\WudfPf.sys [1118 010-11-0] (Microsoft Corporation)
WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [175 010-11-0] (Microsoft Corporation)
X6va005; \??\C:\Users\Boob\AppData\Local\Temp\005F9F1.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

01-07-10 16:9 - 01-07-10 16:9 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.BC19F0BECB6E
01-07-10 16:9 - 01-07-10 16:9 - 000509 ____A (Microsoft Corporation) C:\Windows\System\Drivers\pofijkgd.sys
01-07-10 16:7 - 01-07-10 16:7 - 000509 ____A (Microsoft Corporation) C:\Windows\System\Drivers\vyzjmmjt.sys
01-07-10 16:7 - 01-07-10 16:7 - 000509 ____A (Microsoft Corporation) C:\Windows\System\Drivers\mqddbsjz.sys
01-07-10 16:5 - 01-07-10 16:5 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.0CFFF96D61A7
01-07-10 16:1 - 01-07-10 16:1 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.57CABA00CBB0CC1
01-07-10 16:8 - 01-07-10 16:8 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.C7AC810D8E91B
01-07-10 16:5 - 01-07-10 16:5 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.DF85CE9019E
01-07-10 16:1 - 01-07-10 16:1 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.F5A90EDCDCB9EC
01-07-10 16:5 - 01-07-10 16:5 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.96D86CFEB6C75
01-07-10 16:1 - 01-07-10 16:1 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.FA8501E7BE69E19B
01-07-10 16:16 - 01-07-10 16:16 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.E11516FB8ACB
01-07-10 16:10 - 01-07-10 16:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
01-07-10 16:10 - 01-07-10 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
01-07-10 1:5 - 01-07-10 1:5 - 00000000 ____D C:\Users\Boob\AppData\Roaming\Malwarebytes
01-07-10 1:5 - 01-07-10 1:5 - 00000000 ____D C:\Users\All Users\Malwarebytes
01-07-10 1:5 - 01-07-10 1:5 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
01-07-10 1:5 - 01-0-0 11:56 - 00090 ____A (Malwarebytes Corporation) C:\Windows\System\Drivers\mbam.sys
01-07-10 1: - 01-07-10 1: - 1006000 ____A (Malwarebytes Corporation ) C:\Users\Boob\Desktop\mbam-setup-1.61.0.100.exe
01-07-10 1: - 01-07-10 16:10 - 0000195 ____A C:\Windows\epplauncher.mif
01-07-10 1:5 - 01-07-10 1:5 - 00000000 ____D C:\c010c56c7d0cc8807d7591
01-07-10 1:5 - 01-07-10 1:5 - 00000000 ____D C:\9abba06b568e8a88db9c
01-07-10 1:5 - 01-07-10 1:5 - 00000000 ____D C:\1759dc6fdbb67f7f8e797d9e5
01-07-10 1: - 01-07-10 1: - 00000000 ____D C:\c575a97af9c01965e956db5
01-07-10 1: - 01-07-10 1: - 161696 ____A (Microsoft Corporation) C:\Users\Boob\Desktop\mseinstall.exe
01-07-08 1: - 01-07-08 1: - 00000000 __SHD C:\Windows\SysWOW6\%APPDATA%
01-07-08 07:08 - 01-07-08 07:08 - 00000000 ____D C:\Users\Boob\AppData\Local\Macromedia
01-07-07 :58 - 01-07-08 00:0 - 1076809 ____A C:\Users\Boob\Downloads\CryENGINE_PC_v__0_696_freeSDK.zip
01-07-07 :51 - 01-07-07 :51 - 0981575 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerInstaller.exe
01-07-07 :18 - 01-07-10 1:51 - 0000080 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
01-07-07 :18 - 01-07-07 :51 - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
01-07-07 17:56 - 01-07-07 17:56 - 00000000 ____D C:\Users\Boob\AppData\Roaming\WinRAR
01-07-07 17:55 - 01-07-07 17:56 - 00000000 ____D C:\Program Files\WinRAR
01-07-07 17:55 - 01-07-07 17:55 - 0165659 ____A C:\Users\Boob\Downloads\winrar-x6-0.exe
01-07-07 17:5 - 01-07-07 17:5 - 0005117 ____A C:\Users\Boob\Downloads\regular_female_obj.rar
01-07-06 15:6 - 01-07-06 15:6 - 00000000 ____D C:\Users\Boob\Documents\Wizards of the Coast
01-07-06 1:1 - 01-07-06 1: - 0098016 ____A C:\Windows\SysWOW6\PnkBstrB.xtr
01-07-06 1:1 - 01-07-06 1:1 - 00000000 ____D C:\Users\Boob\AppData\Local\PunkBuster
01-07-06 1:0 - 01-07-06 1: - 0098016 ____A C:\Windows\SysWOW6\PnkBstrB.exe
01-07-06 1:0 - 01-07-06 1:1 - 0098016 ____A C:\Windows\SysWOW6\PnkBstrB.ex0
01-07-06 1:0 - 01-07-06 1:1 - 00076888 ____A C:\Windows\SysWOW6\PnkBstrA.exe
01-07-06 1:0 - 01-07-06 1:7 - 0100 ____A C:\Windows\SysWOW6\pbsvc_blr.exe
01-07-0 18:58 - 01-07-0 18:58 - 000155 ____A C:\Users\Boob\AppData\Local\recently-used.xbel
01-06-7 0:16 - 01-06-7 0:16 - 00000000 ____D C:\Users\Boob\.thumbnails
01-06-7 19:8 - 01-06-7 19:8 - 00000000 ____D C:\Users\Boob\Desktop\New folder
01-06-7 19:7 - 01-06-7 19:7 - 011805 ____A C:\Users\Boob\Downloads\fwfwdlogos.zip
01-06-6 10:9 - 01-06-6 10:9 - 0000761 ____A C:\Users\Public\Desktop\Sculptris Alpha 6.exe.lnk
01-06-6 10:9 - 01-06-6 10:9 - 00000000 ____D C:\Users\Public\Pixologic
01-06-6 10:9 - 01-06-6 10:9 - 00000000 ____D C:\Users\Boob\AppData\Local\Downloaded Installations
01-06-6 10:9 - 01-06-6 10:9 - 00000000 ____D C:\Program Files (x86)\Pixologic
01-06-6 10:8 - 01-06-6 10:8 - 016897 ____A C:\Users\Boob\Downloads\Sculptris-Alpha6-Windows.zip
01-06-6 09:56 - 01-07-0 18:6 - 00000000 ____D C:\Users\Boob\Desktop\ARENA POSTER
01-06-6 09:56 - 01-06-6 09:56 - 011050 ____A C:\Users\Boob\Downloads\fwtexacocountryshowdown.zip
01-06- 1: - 01-06- 1: - 055178 ____A C:\Users\Boob\Downloads\Glee_Faithfully_767.zip
01-06- 1:1 - 01-06- 1:1 - 00000000 ____D C:\Users\Boob\AppData\Roaming\LolClient
01-06- 1:1 - 01-06- 1:1 - 000017 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
01-06- 1:1 - 008-07-1 0:18 - 085178 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DDX9_9.dll
01-06- 1:1 - 008-07-1 0:18 - 01958 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DDCompiler_9.dll
01-06- 1:1 - 008-07-1 0:18 - 006798 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ddx10_9.dll
01-06- 1:6 - 01-06- 1:6 - 00000000 ____D C:\Program Files (x86)\League of Legends
01-06- 1:5 - 01-06- 1:5 - 0551 ____A C:\Users\Boob\Downloads\LeagueofLegends.exe
01-06- 1:6 - 01-06- 1:6 - 0178877 ____A C:\Users\Boob\Downloads\HealBot_...0.zip
01-06- 1:6 - 01-06- 1:6 - 00719607 ____A C:\Users\Boob\Downloads\XPerl-..1.zip
01-06- 1: - 01-06- 1: - 01110 ____A C:\Users\Boob\Downloads\DBM-.10.1-r756-Core-and-Cataclysm-Mods.zip
01-06- 1: - 01-06- 1: - 007880 ____A C:\Users\Boob\Downloads\Recount-v..0d_release.zip
01-06- 1: - 01-06- 1: - 001516 ____A C:\Users\Boob\Downloads\Bagnon_..5.zip
01-06-1 11:56 - 01-06- 1:59 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
01-06-1 11:56 - 01-06- 1:5 - 00001066 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
01-06-1 11:55 - 01-06-1 11:56 - 16016 ____A C:\Users\Boob\Downloads\WoW-.0.0-WOW-enUS-Installer.exe
01-06-1 08: - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-1 08: - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-1 08: - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-1 08: - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-1 08: - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-1 08: - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-1 08: - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-1 08: - 01-06-0 11:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-1 08: - 01-06-0 11:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-06-19 : - 01-06-0 19:5 - 00000000 ____D C:\Users\Boob\AppData\Roaming\Audacity
01-06-19 : - 01-06-19 : - 0786971 ____A (Audacity Team ) C:\Users\Boob\Downloads\audacity-win-.0.exe
01-06-19 : - 01-06-19 : - 00000000 ____D C:\Program Files (x86)\Audacity
01-06-19 19:8 - 01-06-19 19:8 - 00000000 ___HD C:\Windows\msdownld.tmp
01-06-19 19:8 - 01-06-19 19:8 - 00000000 ____D C:\Windows\SysWOW6\directx
01-06-19 19:8 - 01-06-19 19:8 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
01-06-19 1: - 01-06-19 1: - 10859 ____A (Microsoft Corporation) C:\Users\Boob\Downloads\Silverlight_x6(1).exe
01-06-19 1: - 01-07-0 18:58 - 00000000 ____D C:\Users\Boob\.gimp-.8
01-06-19 1: - 01-06-19 1: - 00000000 ____D C:\Users\Boob\AppData\Local\gegl-0.
01-06-19 1: - 01-06-19 1: - 00000000 ____D C:\Program Files\GIMP
01-06-19 1:06 - 01-06-19 1:9 - 76556 ____A (The GIMP Team ) C:\Users\Boob\Downloads\gimp-.8.0-setup.exe
01-06-18 1: - 01-06-18 1: - 00007606 ____A C:\Users\Boob\AppData\Local\Resmon.ResmonCfg
01-06-17 1:8 - 01-06-17 1:8 - 10018 ____A C:\Users\Boob\Downloads\autodesk_mudbox_01_sp_efgj_win_bit.msp
01-06-17 1: - 01-06-17 1:5 - 19875 ____A C:\Users\Boob\Downloads\autodesk_mudbox_01_sp_efgj_win_6bit.msp
01-06-1 16: - 01-07-10 1:8 - 00000000 ____D C:\Users\Boob\Desktop\ARENANET PROJECT
01-06-1 16:06 - 01-06-1 16:06 - 00000000 ____D C:\Users\Boob\AppData\Local\Autodesk
01-06-1 1:6 - 01-06-1 1:55 - 00000000 ____D C:\Users\Boob\Desktop\TUTORIALS
01-06-1 1:0 - 01-06-16 1:6 - 00000000 ____D C:\Users\Boob\AppData\Roaming\vlc
01-06-1 1:0 - 01-06-1 1:0 - 00000000 ____D C:\Program Files (x86)\VideoLAN
01-06-1 1: - 01-06-1 1:0 - 5958 ____A C:\Users\Boob\Downloads\vlc-.0.1-win.exe
01-06-1 1: - 01-06-1 1:9 - 710900 ____A C:\Users\Boob\Downloads\116_tid_0_Sculpting_the_General_Anatomy.zip
01-06-1 1: - 01-06-1 1:7 - 50057658 ____A C:\Users\Boob\Downloads\116_tid_05_Retopologising_the_Model.zip
01-06-1 1: - 01-06-1 1:8 - 715059 ____A C:\Users\Boob\Downloads\116_tid_0_Creating_a_Base_Model.zip
01-06-1 1:0 - 01-06-1 1: - 176576966 ____A C:\Users\Boob\Downloads\116_tid_0_Basic_ds_Max_Techniques.zip
01-06-1 :00 - 01-05-17 18:7 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-06-1 :00 - 01-05-17 18:16 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-06-1 :00 - 01-05-17 18:06 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-06-1 :00 - 01-05-17 17:59 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-06-1 :00 - 01-05-17 17:59 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-06-1 :00 - 01-05-17 17:58 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-06-1 :00 - 01-05-17 17:58 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-06-1 :00 - 01-05-17 17:56 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-06-1 :00 - 01-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-06-1 :00 - 01-05-17 17:55 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-06-1 :00 - 01-05-17 17:5 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-06-1 :00 - 01-05-17 17:51 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-06-1 :00 - 01-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-06-1 :00 - 01-05-17 17:7 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-06-1 :00 - 01-05-17 15:11 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-06-1 :00 - 01-05-17 1:8 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-06-1 :00 - 01-05-17 1:5 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-06-1 :00 - 01-05-17 1:6 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-06-1 :00 - 01-05-17 1:5 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-06-1 :00 - 01-05-17 1:5 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-06-1 :00 - 01-05-17 1: - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-06-1 :00 - 01-05-17 1:1 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-06-1 :00 - 01-05-17 1:9 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-06-1 :00 - 01-05-17 1:9 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-06-1 :00 - 01-05-17 1:7 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-06-1 :00 - 01-05-17 1:5 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-06-1 :00 - 01-05-17 1: - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-06-1 :00 - 01-05-17 1:0 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-06-1 15:7 - 01-05-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-06-1 15:7 - 01-05-0 0:06 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-06-1 15:7 - 01-05-0 0:0 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-06-1 15:7 - 01-05-0 0:0 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-06-1 15:7 - 01-0-0 1:0 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-06-1 15:7 - 01-0-5 1:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-06-1 15:7 - 01-0-5 1:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-06-1 15:7 - 01-0-5 1: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-06-1 15:7 - 01-0- 1:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-06-1 15:7 - 01-0- 1:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-06-1 15:7 - 01-0- 1:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-06-1 15:7 - 01-0- 0:6 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-06-1 15:7 - 01-0- 0:6 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-06-1 15:7 - 01-0- 0:6 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-06-1 15:6 - 01-0-7 19:55 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-06-1 15:6 - 01-0-07 0:1 - 0168 ____A (Microsoft Corporation) C:\Windows\System\msi.dll
01-06-1 15:6 - 01-0-07 0:6 - 000 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msi.dll


============ Months Modified Files ========================

01-07-10 16:9 - 01-07-10 16:9 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.BC19F0BECB6E
01-07-10 16:9 - 01-07-10 16:9 - 000509 ____A (Microsoft Corporation) C:\Windows\System\Drivers\pofijkgd.sys
01-07-10 16:7 - 01-07-10 16:7 - 000509 ____A (Microsoft Corporation) C:\Windows\System\Drivers\vyzjmmjt.sys
01-07-10 16:7 - 01-07-10 16:7 - 000509 ____A (Microsoft Corporation) C:\Windows\System\Drivers\mqddbsjz.sys
01-07-10 16:7 - 009-07-1 1:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
01-07-10 16:7 - 009-07-1 0:51 - 0000816 ____A C:\Windows\setupact.log
01-07-10 16:5 - 01-07-10 16:5 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.0CFFF96D61A7
01-07-10 16:1 - 01-07-10 16:1 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.57CABA00CBB0CC1
01-07-10 16:8 - 01-07-10 16:8 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.C7AC810D8E91B
01-07-10 16:5 - 01-07-10 16:5 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.DF85CE9019E
01-07-10 16:1 - 01-07-10 16:1 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.F5A90EDCDCB9EC
01-07-10 16:5 - 01-07-10 16:5 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.96D86CFEB6C75
01-07-10 16:1 - 01-07-10 16:1 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.FA8501E7BE69E19B
01-07-10 16:1 - 01-0-1 1:9 - 01781 ____A C:\Windows\WindowsUpdate.log
01-07-10 16:16 - 01-07-10 16:16 - 00870 ____A (Microsoft Corporation) C:\Windows\System\services.exe.E11516FB8ACB
01-07-10 16:15 - 009-07-1 1:1 - 007870 ____A C:\Windows\System\PerfStringBackup.INI
01-07-10 16:15 - 009-07-1 0:5 - 00011 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-1.C7856-A89-9d-8115-6016D005A0
01-07-10 16:15 - 009-07-1 0:5 - 00011 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-0.C7856-A89-9d-8115-6016D005A0
01-07-10 16:10 - 01-07-10 1: - 0000195 ____A C:\Windows\epplauncher.mif
01-07-10 16:10 - 01-05-0 1:50 - 0079598 ____A C:\Windows\SysWOW6\PerfStringBackup.INI
01-07-10 16:07 - 010-11-0 19:7 - 00198 ____A C:\Windows\PFRO.log
01-07-10 1: - 01-07-10 1: - 1006000 ____A (Malwarebytes Corporation ) C:\Users\Boob\Desktop\mbam-setup-1.61.0.100.exe
01-07-10 1: - 01-07-10 1: - 161696 ____A (Microsoft Corporation) C:\Users\Boob\Desktop\mseinstall.exe
01-07-10 1:51 - 01-07-07 :18 - 0000080 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
01-07-08 00:0 - 01-07-07 :58 - 1076809 ____A C:\Users\Boob\Downloads\CryENGINE_PC_v__0_696_freeSDK.zip
01-07-07 :51 - 01-07-07 :51 - 0981575 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerInstaller.exe
01-07-07 :51 - 01-07-07 :18 - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
01-07-07 :51 - 01-0-1 19: - 00070 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerCPLApp.cpl
01-07-07 17:55 - 01-07-07 17:55 - 0165659 ____A C:\Users\Boob\Downloads\winrar-x6-0.exe
01-07-07 17:5 - 01-07-07 17:5 - 0005117 ____A C:\Users\Boob\Downloads\regular_female_obj.rar
01-07-06 15:6 - 01-0-16 1:8 - 00767 ____A C:\Windows\DirectX.log
01-07-06 1: - 01-07-06 1:1 - 0098016 ____A C:\Windows\SysWOW6\PnkBstrB.xtr
01-07-06 1: - 01-07-06 1:0 - 0098016 ____A C:\Windows\SysWOW6\PnkBstrB.exe
01-07-06 1:1 - 01-07-06 1:0 - 0098016 ____A C:\Windows\SysWOW6\PnkBstrB.ex0
01-07-06 1:1 - 01-07-06 1:0 - 00076888 ____A C:\Windows\SysWOW6\PnkBstrA.exe
01-07-06 1:7 - 01-07-06 1:0 - 0100 ____A C:\Windows\SysWOW6\pbsvc_blr.exe
01-07-0 18:58 - 01-07-0 18:58 - 000155 ____A C:\Users\Boob\AppData\Local\recently-used.xbel
01-06-9 1:18 - 01-0- 0: - 0000000 ____A C:\Windows\System\HRUPPROG.TXT
01-06-7 19:7 - 01-06-7 19:7 - 011805 ____A C:\Users\Boob\Downloads\fwfwdlogos.zip
01-06-6 10:9 - 01-06-6 10:9 - 0000761 ____A C:\Users\Public\Desktop\Sculptris Alpha 6.exe.lnk
01-06-6 10:8 - 01-06-6 10:8 - 016897 ____A C:\Users\Boob\Downloads\Sculptris-Alpha6-Windows.zip
01-06-6 09:56 - 01-06-6 09:56 - 011050 ____A C:\Users\Boob\Downloads\fwtexacocountryshowdown.zip
01-06- 1: - 01-06- 1: - 055178 ____A C:\Users\Boob\Downloads\Glee_Faithfully_767.zip
01-06- 1:1 - 01-06- 1:1 - 000017 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
01-06- 1:5 - 01-06- 1:5 - 0551 ____A C:\Users\Boob\Downloads\LeagueofLegends.exe
01-06- 1:5 - 01-06-1 11:56 - 00001066 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
01-06- 1:6 - 01-06- 1:6 - 0178877 ____A C:\Users\Boob\Downloads\HealBot_...0.zip
01-06- 1:6 - 01-06- 1:6 - 00719607 ____A C:\Users\Boob\Downloads\XPerl-..1.zip
01-06- 1: - 01-06- 1: - 01110 ____A C:\Users\Boob\Downloads\DBM-.10.1-r756-Core-and-Cataclysm-Mods.zip
01-06- 1: - 01-06- 1: - 007880 ____A C:\Users\Boob\Downloads\Recount-v..0d_release.zip
01-06- 1: - 01-06- 1: - 001516 ____A C:\Users\Boob\Downloads\Bagnon_..5.zip
01-06-1 11:56 - 01-06-1 11:55 - 16016 ____A C:\Users\Boob\Downloads\WoW-.0.0-WOW-enUS-Installer.exe
01-06-19 : - 01-06-19 : - 0786971 ____A (Audacity Team ) C:\Users\Boob\Downloads\audacity-win-.0.exe
01-06-19 1: - 01-06-19 1: - 10859 ____A (Microsoft Corporation) C:\Users\Boob\Downloads\Silverlight_x6(1).exe
01-06-19 1:9 - 01-06-19 1:06 - 76556 ____A (The GIMP Team ) C:\Users\Boob\Downloads\gimp-.8.0-setup.exe
01-06-18 1: - 01-06-18 1: - 00007606 ____A C:\Users\Boob\AppData\Local\Resmon.ResmonCfg
01-06-17 1:8 - 01-06-17 1:8 - 10018 ____A C:\Users\Boob\Downloads\autodesk_mudbox_01_sp_efgj_win_bit.msp
01-06-17 1:6 - 01-05-0 1:55 - 000017 ____A C:\Users\Public\Desktop\Autodesk Mudbox 01 6-bit.lnk
01-06-17 1:5 - 01-06-17 1: - 19875 ____A C:\Users\Boob\Downloads\autodesk_mudbox_01_sp_efgj_win_6bit.msp
01-06-1 1:9 - 01-06-1 1: - 710900 ____A C:\Users\Boob\Downloads\116_tid_0_Sculpting_the_General_Anatomy.zip
01-06-1 1:8 - 01-06-1 1: - 715059 ____A C:\Users\Boob\Downloads\116_tid_0_Creating_a_Base_Model.zip
01-06-1 1:7 - 01-06-1 1: - 50057658 ____A C:\Users\Boob\Downloads\116_tid_05_Retopologising_the_Model.zip
01-06-1 1:0 - 01-06-1 1: - 5958 ____A C:\Users\Boob\Downloads\vlc-.0.1-win.exe
01-06-1 1: - 01-06-1 1:0 - 176576966 ____A C:\Users\Boob\Downloads\116_tid_0_Basic_ds_Max_Techniques.zip
01-06-1 : - 009-07-1 0:5 - 0070 ____A C:\Windows\System\FNTCACHE.DAT
01-06-05 : - 01-06-05 : - 1700 ____A (Nullsoft, Inc.) C:\Users\Boob\Downloads\winamp56_full_emusic-7plus_en-us.exe
01-06-05 : - 01-06-05 : - 00587 ____A C:\Users\Boob\Downloads\Chronotron_v1.exe
01-06-0 1:59 - 01-06-0 1:59 - 0710610 ____A (Applian Technologies Inc.) C:\Users\Boob\Downloads\FCTBSetup.exe
01-06-0 17:5 - 01-06-0 17:5 - 000000 ____A C:\Users\Boob\Desktop\dansnumber.txt
01-06-0 1:19 - 01-06-1 08: - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-0 1:19 - 01-06-1 08: - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-0 1:19 - 01-06-1 08: - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-0 1:19 - 01-06-1 08: - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:19 - 01-06-1 08: - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:15 - 01-06-1 08: - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-0 1:15 - 01-06-1 08: - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-0 11:19 - 01-06-1 08: - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-0 11:15 - 01-06-1 08: - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-05-6 15:1 - 01-05-6 1:5 - 00001095 ____A C:\Users\Public\Desktop\StarCraft II.lnk
01-05-6 11:5 - 01-05-6 11:5 - 0167 ____A (Blizzard Entertainment) C:\Users\Boob\Downloads\StarCraft__NA_en-US(1).exe
01-05-5 1:8 - 01-05-5 1:7 - 9856 ____A (Apple Inc.) C:\Users\Boob\Downloads\QuickTimeInstaller.exe
01-05-17 18:7 - 01-06-1 :00 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-05-17 18:16 - 01-06-1 :00 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-05-17 18:06 - 01-06-1 :00 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-05-17 17:59 - 01-06-1 :00 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-05-17 17:59 - 01-06-1 :00 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-05-17 17:58 - 01-06-1 :00 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-05-17 17:58 - 01-06-1 :00 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-05-17 17:56 - 01-06-1 :00 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-05-17 17:55 - 01-06-1 :00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-05-17 17:55 - 01-06-1 :00 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-05-17 17:5 - 01-06-1 :00 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-05-17 17:51 - 01-06-1 :00 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-05-17 17:51 - 01-06-1 :00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-05-17 17:7 - 01-06-1 :00 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-05-17 15:11 - 01-06-1 :00 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-05-17 1:8 - 01-06-1 :00 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-05-17 1:5 - 01-06-1 :00 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-05-17 1:6 - 01-06-1 :00 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-05-17 1:5 - 01-06-1 :00 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-05-17 1:5 - 01-06-1 :00 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-05-17 1: - 01-06-1 :00 - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-05-17 1:1 - 01-06-1 :00 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-05-17 1:9 - 01-06-1 :00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-05-17 1:9 - 01-06-1 :00 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-05-17 1:7 - 01-06-1 :00 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-05-17 1:5 - 01-06-1 :00 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-05-17 1: - 01-06-1 :00 - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-05-17 1:0 - 01-06-1 :00 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-05-1 :51 - 01-05-1 :51 - 00000915 ____A C:\Users\Boob\Desktop\Ventrilo.lnk
01-05-1 :51 - 01-05-1 :51 - 000006 ____A C:\Windows\{EEBF6BB-18D-CE5-989F-8191FCBFB578}_WiseFW.ini
01-05-1 :50 - 01-05-1 :50 - 015696 ____A C:\Users\Boob\Downloads\ventrilo-.0.8-Windows-x6.exe
01-05-1 18:9 - 01-05-1 18: - 00001191 ____A C:\Users\Public\Desktop\Diablo III.lnk
01-05-1 18:1 - 01-05-1 18:1 - 88896 ____A (Blizzard Entertainment) C:\Users\Boob\Downloads\Diablo-III-Setup-enUS.exe
01-05-1 17: - 01-06-1 15:7 - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-05-1 1:56 - 01-05-1 1:55 - 0000161 ____A C:\Users\Public\Desktop\Diablo III Beta.lnk
01-05-1 11:1 - 01-05-1 11:1 - 0000515 ____A C:\Users\Public\Desktop\Skype.lnk
01-05-1 11:0 - 01-05-1 11:0 - 0096 ____A (Skype Technologies S.A.) C:\Users\Boob\Downloads\SkypeSetup.exe
01-05-10 1:10 - 01-05-10 1:10 - 006656 ____A (Creative Labs) C:\Windows\System\wrap_oal.dll
01-05-10 1:10 - 01-05-10 1:10 - 0095 ____A (Creative Labs) C:\Windows\SysWOW6\wrap_oal.dll
01-05-10 1:10 - 01-05-10 1:10 - 00190 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System\OpenAL.dll
01-05-10 1:10 - 01-05-10 1:10 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW6\OpenAL.dll
01-05-10 1:10 - 01-05-10 1:10 - 00001051 ____A C:\Users\Boob\Desktop\Marmoset Toolbag.lnk
01-05-10 1:07 - 01-05-10 1:06 - 619808 ____A C:\Users\Boob\Downloads\marmoset_toolbag_install_105.exe
01-05-08 :16 - 01-05-08 :16 - 0078561 ____A C:\Users\Boob\Downloads\Minecraft.exe
01-05-08 11:56 - 01-05-08 11:56 - 175 ____A (AOL Inc.) C:\Users\Boob\Downloads\AIM_Install.exe
01-05-08 11:56 - 01-05-08 11:56 - 00001070 ____A C:\Users\Boob\Desktop\AIM.lnk
01-05-05 10:0 - 01-05-05 10:0 - 00000000 ___AH C:\Windows\System\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
01-05-05 09:7 - 01-05-05 09:7 - 1011 ____A C:\Users\Boob\Downloads\WacomTablet_6..1w.exe
01-05-0 15: - 01-05-0 15: - 007970 ____A (AMD) C:\Users\Boob\Downloads\amddriverdownloader.exe
01-05-0 1:5 - 01-05-0 1: - 958559 ____A C:\Users\Boob\Downloads\autodesk_maya01_hotfix_win_6bit.msp
01-05-0 1:56 - 01-05-0 1:56 - 00001950 ____A C:\Users\Public\Desktop\SketchBook Designer 01.lnk
01-05-0 1:5 - 01-05-0 1:5 - 00001976 ____A C:\Users\Public\Desktop\Autodesk ds Max 01 6-bit - English.lnk
01-05-0 1:5 - 009-07-1 18: - 00017598 ____A C:\Windows\System\Drivers\etc\services
01-05-0 1:8 - 01-05-0 1:8 - 0000109 ____A C:\Users\Public\Desktop\Autodesk Maya 01 6-bit.lnk
01-05-0 0:06 - 01-06-1 15:7 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-05-0 0:0 - 01-06-1 15:7 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-05-0 0:0 - 01-06-1 15:7 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-0-0 1:0 - 01-06-1 15:7 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-0-0 1:8 - 01-0-0 1:8 - 0000166 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
01-0-0 1:8 - 01-0-0 1:7 - 96888 ____A (En Masse Entertainment) C:\Users\Boob\Downloads\TERA-Setup.exe
01-0-7 19:55 - 01-06-1 15:6 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-0-5 1:1 - 01-06-1 15:7 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-0-5 1:1 - 01-06-1 15:7 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-0-5 1: - 01-06-1 15:7 - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-0- 1:7 - 01-06-1 15:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-0- 1:7 - 01-06-1 15:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-0- 1:7 - 01-06-1 15:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-0- 0:6 - 01-06-1 15:7 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-0- 0:6 - 01-06-1 15:7 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-0- 0:6 - 01-06-1 15:7 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-0- 1:6 - 01-0- 1:6 - 61090 ____A (Blizzard Entertainment) C:\Users\Boob\Downloads\Diablo-III-Beta-enUS-Setup.exe
01-0-0 08: - 01-0-0 08: - 0000159 ____A C:\Users\Public\Desktop\World of Warcraft Beta.lnk
01-0-0 08: - 01-0-0 08: - 17670 ____A (Blizzard Entertainment) C:\Users\Boob\Downloads\World of Warcraft Beta Setup.exe
01-0-19 10:55 - 01-0-19 10:5 - 00016 ____A C:\Users\Boob\Documents\Install STAR WARS The Old Republic.log
01-0-19 10:5 - 01-0-19 10:5 - 987080 ____A C:\Users\Boob\Downloads\SWTOR_setup.exe
01-0-18 16:56 - 01-0-18 16:56 - 000908 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTimeVR.qtx
01-0-18 16:56 - 01-0-18 16:56 - 000696 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTime.qts
01-0-18 05:7 - 01-05-05 09:8 - 0180776 ____A (Wacom Technology, Corp.) C:\Windows\System\Wintab.dll
01-0-18 05:7 - 01-05-05 09:8 - 018160 ____A (Wacom Technology, Corp.) C:\Windows\System\WacomMT.dll
01-0-18 05:7 - 01-05-05 09:8 - 017650 ____A (Wacom Technology, Corp.) C:\Windows\System\Wacom_Tablet.dll
01-0-18 05:7 - 01-05-05 09:8 - 0175858 ____A (Wacom Technology, Corp.) C:\Windows\System\Wacom_Touch_Tablet.dll
01-0-18 05:7 - 01-05-05 09:8 - 019695 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW6\Wintab.dll
01-0-18 05:7 - 01-05-05 09:8 - 01815 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW6\WacomMT.dll
01-0-18 05:7 - 01-05-05 09:8 - 015087 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW6\Wacom_Tablet.dll
01-0-18 05:7 - 01-05-05 09:8 - 0116 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW6\Wacom_Touch_Tablet.dll
01-0-1 16:1 - 01-0-1 16:1 - 000010 ____A C:\Users\Boob\Desktop\Aion.lnk
01-0-1 15:00 - 01-0-1 15:00 - 000000 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
01-0-1 1:55 - 01-0-1 1:55 - 00655 ____A (NCsoft) C:\Users\Boob\Downloads\aion.exe

ZeroAccess:
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\@
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\L
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\U
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\L\0000000.@
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\L\1afbd56
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\L\01ddde
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}\U\00000008.@

ZeroAccess:
C:\Users\Boob\AppData\Local\{c65eb8-6da6-9156-6c8-89ec088778d}
C:\Users\Boob\AppData\Local\{c65eb8-6da6-9156-6c8-89ec088778d}\@
C:\Users\Boob\AppData\Local\{c65eb8-6da6-9156-6c8-89ec088778d}\L
C:\Users\Boob\AppData\Local\{c65eb8-6da6-9156-6c8-89ec088778d}\U

ZeroAccess:
C:\Windows\assembly\GAC_\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_6\Desktop.ini

========================= Known DLLs (Whitelisted) ============

[009-07-1 16:00] - [009-07-1 17:0] - 06077 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
[009-07-1 15:] - [009-07-1 17:15] - 050 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
[010-11-0 19:] - [010-11-0 19:] - 08691 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
[010-11-0 19:] - [010-11-0 19:] - 111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
[009-07-1 16:1] - [009-07-1 17:0] - 0877056 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
[010-11-0 19:] - [010-11-0 19:] - 06051 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
[010-11-0 19:] - [010-11-0 19:] - 059 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
[010-11-0 19:] - [010-11-0 19:] - 085888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
[010-11-0 19:] - [010-11-0 19:] - 00968 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
[010-11-0 19:] - [010-11-0 19:] - 01196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
[01-06-1 :00] - [01-05-17 17:5] - 1768 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
[01-06-1 :00] - [01-05-17 1:7] - 1790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
[01-0-11 :00] - [01-0-9 :] - 008108 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
[01-0-11 :00] - [01-0-9 1:] - 0159 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
[009-07-1 15:8] - [009-07-1 17:1] - 0167 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
[010-11-0 19:] - [010-11-0 19:] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
[01-0-15 1:0] - [011-07-15 1:7] - 11675 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
[01-0-15 1:0] - [011-07-15 0:] - 11111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
[009-07-1 15:8] - [009-07-1 17:1] - 00198 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
[009-07-1 15:5] - [009-07-1 17:11] - 005600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
[009-07-1 15:0] - [009-07-1 17:1] - 1067008 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
[009-07-1 15:8] - [009-07-1 17:15] - 08898 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
[01-0-15 1:0] - [011-1-16 00:6] - 06880 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
[01-0-15 1:0] - [011-1-15 :5] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000560 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
[009-07-1 15:15] - [009-07-1 17:09] - 00008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
[009-07-1 15:1] - [009-07-1 17:1] - 0018 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
[009-07-1 15:1] - [009-07-1 17:16] - 000870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
[01-0-15 1:0] - [011-08-6 1:7] - 0861696 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
[01-0-15 1:0] - [011-08-6 0:6] - 057190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000916 ____A (Microsoft Corporation) C:\Windows\System\PSAPI.dll
[009-07-1 15:15] - [009-07-1 17:16] - 00061 ____A (Microsoft Corporation) C:\Windows\SysWOW6\PSAPI.dll
[010-11-0 19:] - [010-11-0 19:] - 11958 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
[010-11-0 19:] - [010-11-0 19:] - 06600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
[009-07-1 15:0] - [009-07-1 17:1] - 01166 ____A (Microsoft Corporation) C:\Windows\System\sechost.dll
[009-07-1 15:11] - [009-07-1 17:16] - 009160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\sechost.dll
[010-11-0 19:] - [010-11-0 19:] - 19005 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
[010-11-0 19:] - [010-11-0 19:] - 166758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
[01-0-15 1:1] - [01-01-0 0:] - 11767 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
[01-0-15 1:1] - [01-01-0 00:59] - 18770 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
[010-11-0 19:] - [010-11-0 19:] - 0851 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
[010-11-0 19:] - [010-11-0 19:] - 05008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
[01-06-1 :00] - [01-05-17 17:59] - 1608 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
[01-06-1 :00] - [01-05-17 1:6] - 11087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
[010-11-0 19:] - [010-11-0 19:] - 100818 ____A (Microsoft Corporation) C:\Windows\System\user.dll
[010-11-0 19:] - [010-11-0 19:] - 080 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
[010-11-0 19:] - [010-11-0 19:] - 080056 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
[010-11-0 19:] - [010-11-0 19:] - 066176 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
[01-06-1 :00] - [01-05-17 17:59] - 1918 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
[01-06-1 :00] - [01-05-17 1:5] - 1197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
[010-11-0 19:] - [010-11-0 19:] - 018 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
[010-11-0 19:] - [010-11-0 19:] - 0698 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
[010-11-0 19:] - [010-11-0 19:] - 09798 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
[010-11-0 19:] - [010-11-0 19:] - 00688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
[009-07-1 15:7] - [009-07-1 17:0] - 0500 ____A (Microsoft Corporation) C:\Windows\System\DifxApi.dll
[009-07-1 15:16] - [009-07-1 17:15] - 01590 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DifxApi.dll

========================= Bamital & volsnap Check ============

C:\Windows\System\winlogon.exe => MD5 is legit
C:\Windows\System\wininit.exe => MD5 is legit
C:\Windows\SysWOW6\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW6\explorer.exe => MD5 is legit
C:\Windows\System\svchost.exe => MD5 is legit
C:\Windows\SysWOW6\svchost.exe => MD5 is legit
C:\Windows\System\services.exe 01A9CB951E7C010761DF76BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System\User.dll => MD5 is legit
C:\Windows\SysWOW6\User.dll => MD5 is legit
C:\Windows\System\userinit.exe => MD5 is legit
C:\Windows\SysWOW6\userinit.exe => MD5 is legit
C:\Windows\System\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 12278.99 MB
Available physical RAM: 11146.21 MB
Total Pagefile: 12277.19 MB
Available Pagefile: 11135.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:687.72 GB) (Free:305.19 GB) NTFS
3 Drive f: (HACK STICK) (Removable) (Total:7.45 GB) (Free:6.78 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7640 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 687 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 687 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7639 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HACK STICK FAT32 Removable 7639 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 00:21

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 11 July 2012 - 07:20 PM

If any needs anymore info to help me out on this please let me know. I am completely stuck until I get any kind of feedback.

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:53 PM

Posted 11 July 2012 - 08:05 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d}
C:\Users\Boob\AppData\Local\{c65eb8-6da6-9156-6c8-89ec088778d}
C:\Windows\assembly\GAC_\Desktop.ini
C:\Windows\assembly\GAC_6\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.


Reboot normally and post both logs

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 12 July 2012 - 01:57 AM

Alright first off thank you for the help! Here are the two logs i got back from workin in FRST

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 2012-07-12 02:51:18 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\Installer\{c65eb8-6da6-9156-6c8-89ec088778d} C:\Users\Boob\AppData\Local\{c65eb8-6da6-9156-6c8-89ec088778d} C:\Windows\assembly\GAC_\Desktop.ini C:\Windows\assembly\GAC_6\Desktop.ini not found.

==== End of Fixlog ====

and the Search.txt:

Farbar Recovery Scan Tool Version: 10-07-2012
Ran by SYSTEM at 2012-07-12 02:51:44
Running from F:\

================== Search: "services.exe" ===================

C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old.000\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#5 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 12 July 2012 - 01:58 AM

I should probably also mention this is the version of the virus that shuts my computer off every minute so i've had to do most of the copy and paste and making the files and posting from a seperate computer because i don't have enough time to actually do anything on the pc that is infected.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:53 PM

Posted 12 July 2012 - 09:17 AM

Hi,

Yes, this next script should help with that issue

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 12 July 2012 - 10:22 PM

alright first off is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 2012-07-12 22:44:25 Run:2
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

and the log that combo fix created:

ComboFix 12-07-12.02 - Boob 07/12/2012 22:52:30.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10473 [GMT -4:00]
Running from: c:\users\Boob\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files (x86)\Complitly\FireFoxUninstaller.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\System.Data.SQLite.dll
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\users\Boob\AppData\Local\assembly\tmp
c:\windows\Installer\{3c465eb8-6da6-9156-6c82-89ec0887738d}\@
c:\windows\Installer\{3c465eb8-6da6-9156-6c82-89ec0887738d}\L\00000004.@
c:\windows\Installer\{3c465eb8-6da6-9156-6c82-89ec0887738d}\L\1afb2d56
c:\windows\Installer\{3c465eb8-6da6-9156-6c82-89ec0887738d}\L\201d3dde
c:\windows\Installer\{3c465eb8-6da6-9156-6c82-89ec0887738d}\U\00000008.@
I:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 02:58 . 2012-07-13 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 08:15 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABF4D692-C193-49CD-AB70-7BC2A4434BDB}\mpengine.dll
2012-07-11 05:00 . 2012-07-11 05:00 -------- d-----w- C:\FRST
2012-07-11 00:49 . 2012-07-11 00:49 328704 ----a-w- c:\windows\system32\services.exe.BC219F0BE442CB6E
2012-07-11 00:45 . 2012-07-11 00:45 328704 ----a-w- c:\windows\system32\services.exe.30CFF4F963D261A7
2012-07-11 00:41 . 2012-07-11 00:41 328704 ----a-w- c:\windows\system32\services.exe.574CABA00CBB0CC1
2012-07-11 00:38 . 2012-07-11 00:38 328704 ----a-w- c:\windows\system32\services.exe.C7AC8130D8E4912B
2012-07-11 00:35 . 2012-07-11 00:35 328704 ----a-w- c:\windows\system32\services.exe.24DF85CE9021292E
2012-07-11 00:31 . 2012-07-11 00:31 328704 ----a-w- c:\windows\system32\services.exe.F5A4903EDCDCB9EC
2012-07-11 00:25 . 2012-07-11 00:25 328704 ----a-w- c:\windows\system32\services.exe.9642D286CFEB6C75
2012-07-11 00:21 . 2012-07-11 00:21 328704 ----a-w- c:\windows\system32\services.exe.FA8501E7BE69E19B
2012-07-11 00:16 . 2012-07-11 00:16 328704 ----a-w- c:\windows\system32\services.exe.3E1125316FB8A4CB
2012-07-11 00:11 . 2012-07-11 00:11 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FF9D58E-60A8-4ED2-A914-1FB94095B390}\gapaengine.dll
2012-07-11 00:11 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 00:10 . 2012-07-11 00:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-11 00:10 . 2012-07-11 00:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-10 22:45 . 2012-07-10 22:45 -------- d-----w- c:\users\Boob\AppData\Roaming\Malwarebytes
2012-07-10 22:45 . 2012-07-10 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-07-10 22:45 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 22:45 . 2012-07-10 22:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-10 22:35 . 2012-07-10 22:35 -------- d-----w- C:\94ab4ba026b5682e8a8834db9c
2012-07-10 22:35 . 2012-07-10 22:35 -------- d-----w- C:\173359d2c363fd2b3b67f7f8e797d9e5
2012-07-10 22:35 . 2012-07-10 22:35 -------- d-----w- C:\c3010c56c47d0cc8807d7591
2012-07-10 22:34 . 2012-07-10 22:34 -------- d-----w- C:\c5275a97af9c0193654e9536db45
2012-07-08 20:34 . 2012-07-08 20:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-08 15:08 . 2012-07-08 15:08 -------- d-----w- c:\users\Boob\AppData\Local\Macromedia
2012-07-08 06:18 . 2012-07-12 20:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 22:31 . 2012-07-06 22:43 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-06 22:31 . 2012-07-06 22:31 -------- d-----w- c:\users\Boob\AppData\Local\PunkBuster
2012-07-06 22:30 . 2012-07-06 22:43 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-06 22:30 . 2012-07-06 22:31 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-06 22:30 . 2012-07-06 22:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-06 22:30 . 2012-07-06 22:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-06 18:47 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB8D85D0-8941-4B9B-895A-8638F569F45E}\mpengine.dll
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\users\Boob\.thumbnails
2012-06-26 18:39 . 2012-06-26 18:39 -------- d-----w- c:\users\Public\Pixologic
2012-06-26 18:39 . 2012-06-26 18:39 -------- d-----w- c:\program files (x86)\Pixologic
2012-06-26 18:39 . 2012-06-26 18:39 -------- d-----w- c:\users\Boob\AppData\Local\Downloaded Installations
2012-06-23 22:31 . 2012-06-23 22:31 -------- d-----w- c:\users\Boob\AppData\Roaming\LolClient
2012-06-23 22:21 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-06-23 22:21 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-06-23 22:21 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-06-23 21:46 . 2012-06-23 21:46 -------- d-----w- c:\program files (x86)\League of Legends
2012-06-23 02:32 . 2012-06-23 02:32 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 02:32 . 2012-06-23 02:32 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 19:56 . 2012-06-22 20:59 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-06-21 16:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:42 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:42 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 06:22 . 2012-06-21 03:52 -------- d-----w- c:\users\Boob\AppData\Roaming\Audacity
2012-06-20 06:22 . 2012-06-20 06:22 -------- d-----w- c:\program files (x86)\Audacity
2012-06-20 03:38 . 2012-06-20 03:38 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-20 03:38 . 2012-06-20 03:38 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\users\Boob\AppData\Local\fontconfig
2012-06-19 20:32 . 2012-07-03 02:58 -------- d-----w- c:\users\Boob\.gimp-2.8
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\users\Boob\AppData\Local\gegl-0.2
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\program files\GIMP 2
2012-06-15 00:06 . 2012-06-15 00:06 -------- d-----w- c:\users\Boob\AppData\Local\Autodesk
2012-06-14 20:30 . 2012-06-16 21:46 -------- d-----w- c:\users\Boob\AppData\Roaming\vlc
2012-06-14 20:30 . 2012-06-14 20:30 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-13 23:27 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 23:26 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 23:26 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 23:26 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 20:51 . 2012-02-15 03:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 03:02 . 2012-05-22 03:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-22 03:02 . 2012-05-22 03:02 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-22 03:02 . 2012-05-22 03:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-22 03:01 . 2012-05-22 03:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-10 22:10 . 2012-05-10 22:10 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-10 22:10 . 2012-05-10 22:10 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-10 22:10 . 2012-05-10 22:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-10 22:10 . 2012-05-10 22:10 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-18 13:47 . 2012-05-05 17:48 1758584 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2012-04-18 13:47 . 2012-05-05 17:48 1444216 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll
2012-04-18 13:47 . 2012-05-05 17:48 1830776 ----a-w- c:\windows\system32\Wintab32.dll
2012-04-18 13:47 . 2012-05-05 17:48 1816440 ----a-w- c:\windows\system32\WacomMT.dll
2012-04-18 13:47 . 2012-05-05 17:48 1765240 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2012-04-18 13:47 . 2012-05-05 17:48 1496952 ----a-w- c:\windows\SysWow64\Wintab32.dll
2012-04-18 13:47 . 2012-05-05 17:48 1484152 ----a-w- c:\windows\SysWow64\WacomMT.dll
2012-04-18 13:47 . 2012-05-05 17:48 1450872 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-02-14 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-04 1431888]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
R3 X6va005;X6va005;c:\users\Boob\AppData\Local\Temp\005F9F1.tmp [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 20:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Boob\AppData\Roaming\Mozilla\Firefox\Profiles\mwqhv8k7.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Boob\AppData\Local\Temp\005F9F1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-12 23:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 03:04
.
Pre-Run: 325,416,374,272 bytes free
Post-Run: 327,982,100,480 bytes free
.
- - End Of File - - DFA632A04C7D88A1CF941ACB15B95EFE

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:53 PM

Posted 13 July 2012 - 09:42 AM

Hi,

Looking better, just a couple more scans to make sure we get any leftovers

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 13 July 2012 - 06:18 PM

Well it looks like i may not be out of the clear yet. Here is the malware bytes report:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Boob :: BOOB-PC [administrator]

7/13/2012 4:52:47 PM
mbam-log-2012-07-13 (16-52-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209012
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

But it looks like the ESET found a few things :( here is that report:

C:\Qoobox\Quarantine\C\Windows\Installer\{3c465eb8-6da6-9156-6c82-89ec0887738d}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Users\Boob\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm HTML/Iframe.B.Gen virus
C:\Windows.old.000\Documents and Settings\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Windows.old.000\Users\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe Win32/OpenCandy application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:53 PM

Posted 13 July 2012 - 07:21 PM

nothing too bad there,just temporary internet files, a file already in quarantine and installers that are probably bundled with adware, please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Boob\Downloads\winamp5623_full_emusic-7plus_en-us.exe 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm 
C:\Windows.old.000\Documents and Settings\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe 
C:\Windows.old.000\Users\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe 

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Press the WinKey + R to open a run box, then copy/paste the bolded text below > press Enter. A text file will pop up, please post the contents of that file.


"C:\Qoobox\Add-Remove Programs.txt" > uninstall.txt& start uninstall.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 13 July 2012 - 09:07 PM

Here is the combofix log:

ComboFix 12-07-13.03 - Boob 07/13/2012 21:51:40.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10283 [GMT -4:00]
Running from: c:\users\Boob\Desktop\ComboFix.exe
Command switches used :: c:\users\Boob\Desktop\CFSCript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Boob\Downloads\winamp5623_full_emusic-7plus_en-us.exe"
"c:\windows.old.000\Documents and Settings\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe"
"c:\windows.old.000\Users\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Boob\Downloads\winamp5623_full_emusic-7plus_en-us.exe
c:\windows.old.000\Users\Boob\Downloads\winamp5622_full_emusic-7plus_en-us.exe
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\forextransformer_com[2].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 01:57 . 2012-07-14 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 21:26 . 2012-07-13 21:26 -------- d-----w- c:\program files (x86)\ESET
2012-07-13 11:30 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51C317D7-236A-4865-990F-609BB8C11EF0}\mpengine.dll
2012-07-13 07:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 08:15 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 05:00 . 2012-07-11 05:00 -------- d-----w- C:\FRST
2012-07-11 00:49 . 2012-07-11 00:49 328704 ----a-w- c:\windows\system32\services.exe.BC219F0BE442CB6E
2012-07-11 00:45 . 2012-07-11 00:45 328704 ----a-w- c:\windows\system32\services.exe.30CFF4F963D261A7
2012-07-11 00:41 . 2012-07-11 00:41 328704 ----a-w- c:\windows\system32\services.exe.574CABA00CBB0CC1
2012-07-11 00:38 . 2012-07-11 00:38 328704 ----a-w- c:\windows\system32\services.exe.C7AC8130D8E4912B
2012-07-11 00:35 . 2012-07-11 00:35 328704 ----a-w- c:\windows\system32\services.exe.24DF85CE9021292E
2012-07-11 00:31 . 2012-07-11 00:31 328704 ----a-w- c:\windows\system32\services.exe.F5A4903EDCDCB9EC
2012-07-11 00:25 . 2012-07-11 00:25 328704 ----a-w- c:\windows\system32\services.exe.9642D286CFEB6C75
2012-07-11 00:21 . 2012-07-11 00:21 328704 ----a-w- c:\windows\system32\services.exe.FA8501E7BE69E19B
2012-07-11 00:16 . 2012-07-11 00:16 328704 ----a-w- c:\windows\system32\services.exe.3E1125316FB8A4CB
2012-07-11 00:11 . 2012-07-11 00:11 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FF9D58E-60A8-4ED2-A914-1FB94095B390}\gapaengine.dll
2012-07-11 00:10 . 2012-07-11 00:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-11 00:10 . 2012-07-11 00:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-10 22:45 . 2012-07-10 22:45 -------- d-----w- c:\users\Boob\AppData\Roaming\Malwarebytes
2012-07-10 22:45 . 2012-07-10 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-07-10 22:45 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 22:45 . 2012-07-13 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-10 22:35 . 2012-07-10 22:35 -------- d-----w- C:\94ab4ba026b5682e8a8834db9c
2012-07-10 22:35 . 2012-07-10 22:35 -------- d-----w- C:\173359d2c363fd2b3b67f7f8e797d9e5
2012-07-10 22:35 . 2012-07-10 22:35 -------- d-----w- C:\c3010c56c47d0cc8807d7591
2012-07-10 22:34 . 2012-07-10 22:34 -------- d-----w- C:\c5275a97af9c0193654e9536db45
2012-07-08 20:34 . 2012-07-08 20:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-08 15:08 . 2012-07-08 15:08 -------- d-----w- c:\users\Boob\AppData\Local\Macromedia
2012-07-08 06:18 . 2012-07-12 20:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 22:31 . 2012-07-06 22:43 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-06 22:31 . 2012-07-06 22:31 -------- d-----w- c:\users\Boob\AppData\Local\PunkBuster
2012-07-06 22:30 . 2012-07-06 22:43 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-06 22:30 . 2012-07-06 22:31 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-06 22:30 . 2012-07-06 22:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-06 22:30 . 2012-07-06 22:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-06 18:47 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB8D85D0-8941-4B9B-895A-8638F569F45E}\mpengine.dll
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\users\Boob\.thumbnails
2012-06-26 18:39 . 2012-06-26 18:39 -------- d-----w- c:\users\Public\Pixologic
2012-06-26 18:39 . 2012-06-26 18:39 -------- d-----w- c:\program files (x86)\Pixologic
2012-06-26 18:39 . 2012-06-26 18:39 -------- d-----w- c:\users\Boob\AppData\Local\Downloaded Installations
2012-06-23 22:31 . 2012-06-23 22:31 -------- d-----w- c:\users\Boob\AppData\Roaming\LolClient
2012-06-23 22:21 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-06-23 22:21 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-06-23 22:21 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-06-23 21:46 . 2012-06-23 21:46 -------- d-----w- c:\program files (x86)\League of Legends
2012-06-23 02:32 . 2012-06-23 02:32 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 02:32 . 2012-06-23 02:32 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 19:56 . 2012-06-22 20:59 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-06-21 16:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:42 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:42 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 06:22 . 2012-06-21 03:52 -------- d-----w- c:\users\Boob\AppData\Roaming\Audacity
2012-06-20 06:22 . 2012-06-20 06:22 -------- d-----w- c:\program files (x86)\Audacity
2012-06-20 03:38 . 2012-06-20 03:38 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-20 03:38 . 2012-06-20 03:38 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\users\Boob\AppData\Local\fontconfig
2012-06-19 20:32 . 2012-07-03 02:58 -------- d-----w- c:\users\Boob\.gimp-2.8
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\users\Boob\AppData\Local\gegl-0.2
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\program files\GIMP 2
2012-06-15 00:06 . 2012-06-15 00:06 -------- d-----w- c:\users\Boob\AppData\Local\Autodesk
2012-06-14 20:30 . 2012-06-16 21:46 -------- d-----w- c:\users\Boob\AppData\Roaming\vlc
2012-06-14 20:30 . 2012-06-14 20:30 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 20:51 . 2012-02-15 03:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 03:02 . 2012-05-22 03:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-22 03:02 . 2012-05-22 03:02 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-22 03:02 . 2012-05-22 03:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-22 03:01 . 2012-05-22 03:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-10 22:10 . 2012-05-10 22:10 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-10 22:10 . 2012-05-10 22:10 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-10 22:10 . 2012-05-10 22:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-10 22:10 . 2012-05-10 22:10 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-04 11:06 . 2012-06-13 23:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 23:27 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 23:27 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 23:27 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 23:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 23:27 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 23:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 23:27 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 23:27 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 23:27 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 23:27 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 23:27 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 23:27 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 23:27 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-18 13:47 . 2012-05-05 17:48 1758584 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2012-04-18 13:47 . 2012-05-05 17:48 1444216 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll
2012-04-18 13:47 . 2012-05-05 17:48 1830776 ----a-w- c:\windows\system32\Wintab32.dll
2012-04-18 13:47 . 2012-05-05 17:48 1816440 ----a-w- c:\windows\system32\WacomMT.dll
2012-04-18 13:47 . 2012-05-05 17:48 1765240 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2012-04-18 13:47 . 2012-05-05 17:48 1496952 ----a-w- c:\windows\SysWow64\Wintab32.dll
2012-04-18 13:47 . 2012-05-05 17:48 1484152 ----a-w- c:\windows\SysWow64\WacomMT.dll
2012-04-18 13:47 . 2012-05-05 17:48 1450872 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_03.00.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 08:10 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
- 2012-02-16 05:21 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
- 2012-02-16 05:21 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-12 08:10 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
- 2012-06-14 07:00 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-07-13 07:00 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-14 07:00 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-13 07:00 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-13 07:00 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-14 07:00 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2010-11-21 03:09 . 2012-07-13 03:21 18324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-14 01:48 30442 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-07-13 07:00 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-06-14 07:00 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
+ 2012-07-13 07:00 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-06-14 07:00 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-06-14 07:00 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
+ 2012-07-13 07:00 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2012-07-12 08:10 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
- 2012-02-16 05:21 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-05-08 03:08 . 2012-07-14 01:59 54089 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2012-05-08 03:08 . 2012-07-13 02:59 54089 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2012-02-14 19:41 . 2012-07-12 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-14 19:41 . 2012-07-13 20:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-14 19:41 . 2012-07-13 20:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-14 19:41 . 2012-07-12 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 20:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-12 08:10 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-02-14 20:04 . 2012-07-14 01:48 6280 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2498571534-311397650-1904579641-1000_UserData.bin
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
+ 2012-07-12 08:10 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
+ 2012-07-14 01:59 . 2012-07-14 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 02:59 . 2012-07-13 02:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 02:59 . 2012-07-13 02:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-14 01:59 . 2012-07-14 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-14 07:00 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-13 07:00 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-12 08:10 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
+ 2012-07-12 08:10 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-13 07:00 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
- 2012-06-14 07:00 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
- 2012-06-14 07:00 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-13 07:00 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-13 07:00 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2012-06-14 07:00 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-07-12 08:10 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 805376 c:\windows\SysWOW64\cdosys.dll
- 2012-06-14 07:00 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
+ 2012-07-13 07:00 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-07-12 08:10 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
- 2012-02-16 05:21 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
+ 2009-07-14 02:36 . 2012-07-14 01:53 662196 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 02:52 662196 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 02:52 122024 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-14 01:53 122024 c:\windows\system32\perfc009.dat
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-12 08:10 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-13 07:00 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
- 2012-06-14 07:00 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
+ 2012-07-13 07:00 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
- 2012-06-14 07:00 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-13 07:00 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
- 2012-06-14 07:00 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-07-13 11:19 274320 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-06-14 07:22 274320 c:\windows\system32\FNTCACHE.DAT
+ 2012-07-12 08:10 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-12 08:10 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
+ 2009-07-14 04:46 . 2012-07-14 01:54 106016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-08 01:51 . 2012-07-14 01:58 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-08 01:51 . 2012-07-13 02:58 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-07-14 01:58 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-13 02:58 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-14 07:00 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-13 07:00 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-13 07:00 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-06-14 07:00 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 1390080 c:\windows\SysWOW64\msxml6.dll
+ 2012-07-12 08:10 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-12 08:10 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-13 07:00 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-14 07:00 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-07-13 07:00 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-06-14 07:00 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-13 07:00 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-06-14 07:00 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-07-13 07:00 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
- 2012-06-14 07:00 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-07-13 07:00 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
- 2012-06-14 07:00 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 2004480 c:\windows\system32\msxml6.dll
+ 2012-07-12 08:10 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll
+ 2012-07-12 08:10 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll
+ 2012-07-13 07:00 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
- 2012-06-14 07:00 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
- 2012-06-14 07:00 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
+ 2012-07-13 07:00 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 1133568 c:\windows\system32\cdosys.dll
+ 2012-07-12 08:10 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
- 2009-07-14 04:45 . 2012-07-06 01:29 7410993 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-13 11:21 7410993 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-07-12 08:10 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
+ 2012-07-13 07:00 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
- 2012-06-14 07:00 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-07-13 11:18 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-12 08:10 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll
- 2012-02-16 05:21 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
- 2012-06-14 07:00 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2012-07-13 07:00 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
- 2012-06-14 07:00 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2012-07-13 07:00 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
- 2012-02-14 19:55 . 2012-07-13 02:58 44198744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2498571534-311397650-1904579641-1000-8192.dat
+ 2012-02-14 19:55 . 2012-07-14 01:58 44198744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2498571534-311397650-1904579641-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-02-14 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-04 1431888]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
R3 X6va005;X6va005;c:\users\Boob\AppData\Local\Temp\005F9F1.tmp [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 20:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Boob\AppData\Roaming\Mozilla\Firefox\Profiles\mwqhv8k7.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Boob\AppData\Local\Temp\005F9F1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-13 22:02:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 02:02
ComboFix2.txt 2012-07-13 03:04
.
Pre-Run: 327,090,499,584 bytes free
Post-Run: 326,813,786,112 bytes free
.
- - End Of File - - 84BE9880D8AB6909412DAE405CBE5A30


and here is the log from the add remove text:

Adobe Flash Media Live Encoder 3.1
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
AIM for Windows
Aion
Apple Application Support
Apple Software Update
Audacity 2.0
Autodesk Backburner 2012.0.0
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Bastion
Blacklight: Retribution
Brawl Busters
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronotron Plug-in for Winamp/WMP 9 (remove only)
Complitly
Diablo III
Diablo III Beta
Dota 2
ESET Online Scanner v3
Freecorder 5
Freecorder Toolbar
Gotham City Impostors
Guild Wars
Hi-Rez Studios Authenticate and Update Service
Java Auto Updater
Java™ 6 Update 31
League of Legends
Magic: The Gathering - Duels of the Planeswalkers 2013
Malwarebytes Anti-Malware version 1.62.0.1300
Marmoset Toolbag
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
NCsoft Launcher
NVIDIA PhysX
OpenAL
Pando Media Booster
PunkBuster Services
QuickTime
Sculptris Alpha 6
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Skype™ 5.9
Star Wars: The Old Republic
StarCraft II
Steam
Super Meat Boy
Team Fortress 2
TERA
Tribes Ascend Closed Beta
Tribes: Ascend
Trine
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 2.0.1
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
World of Warcraft
World of Warcraft Beta
XSplit

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:53 PM

Posted 13 July 2012 - 09:19 PM

It looks good, how is the computer running now? Are there any outstanding issues>

Please do the following:


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 13 July 2012 - 09:43 PM

Computer is running just like it was pre virus! Thanks a ton! Got java updated and now i can resume day to day activity haha. I think i got that virus from a random imgur page. Hopefully it won't happen again, I'm actually very cautious of what i do on this pc most of the time, so when i get a virus it always happens to be random like that haha. Again thanks I'll post back incase anything goes wrong again.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:53 PM

Posted 14 July 2012 - 09:18 AM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the FRST logs and program from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Kn1ghtHavvk

Kn1ghtHavvk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 14 July 2012 - 01:14 PM

Thanks for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users