Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC suddenly slowed down drastically, BSOD etc


  • This topic is locked This topic is locked
39 replies to this topic

#1 sergei91

sergei91

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 12 August 2013 - 12:06 PM

Everything on my machine was seemingly great, no new hardware has been installed.  Drivers seem to all be current, but in the last few days the computer is horribly slow, and crashed with various BSOD's

Ive run multiple virus, malware scans, chkdsk, memtests, nothing is really showing up...help!

 

Here's my Hijack This logfile from this morning.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:04:32 AM, on 8/12/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Users\Scott Dworkin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Users\Scott Dworkin\Downloads\HijackThis.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')

O4 - Startup: Dropbox.lnk = Scott Dworkin\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12472 bytes

 

 



BC AdBot (Login to Remove)

 


#2 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 12 August 2013 - 02:44 PM

One thing I see myself is a bunch of Creative stuff.  I dont have a creative soundcard anymore but there seem to be leftover drivers and reg entries in the hijack log.  Not sure how to remove these???



#3 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 12 August 2013 - 07:36 PM

Oh, and DDS will not complete the scan, it just sits there



#4 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 14 August 2013 - 07:15 PM

UPDATE as of 8/14 I got DDS to do a complete scan!  The logfile is below

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Scott Dworkin at 16:36:06 on 2013-08-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16375.13083 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Scott Dworkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\SCOTTD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Scott Dworkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\SCOTTD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{E4BF6849-FFDC-4E88-95E3-D03AD0E7CDC0} : DHCPNameServer = 192.168.1.1 68.238.64.12
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-21 07:26; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - ExtSQL: 2013-07-05 09:40; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - ExtSQL: 2013-08-10 16:12; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-08-10 16:12; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-08-10 16:13; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-08-10 16:14; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-08-10 16:14; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2012-2-22 27440]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-6-9 56336]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-8-11 31136]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-2 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-5-2 178448]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-3-2 221184]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-3-2 65536]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-5-2 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-5-2 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-12 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-12-24 20480]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 646248]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-8-11 21712]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-08-14 09:12:17    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 09:12:17    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 09:12:16    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 09:12:16    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 09:12:16    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 09:12:16    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 09:12:15    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-14 09:12:15    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-14 09:09:55    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-14 09:09:55    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-14 01:30:00    --------    d-----w-    C:\Windows\ERUNT
2013-08-13 00:56:17    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-13 00:56:17    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 22:49:49    --------    d-----w-    C:\Program Files\Fresco Logic
2013-08-11 22:40:10    --------    d-----w-    C:\Windows\Hewlett-Packard
2013-08-11 22:20:00    --------    d-----w-    C:\Users\Scott Dworkin\AppData\Local\Innovative Solutions
2013-08-11 21:01:18    21712    ----a-w-    C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2013-08-11 21:01:18    --------    d-----w-    C:\Users\Scott Dworkin\AppData\Local\eSupport.com
2013-08-11 20:56:55    31136    ----a-w-    C:\Windows\System32\drivers\HWiNFO64A.SYS
2013-08-11 20:56:41    --------    d-----w-    C:\Program Files\HWiNFO64
2013-08-11 20:44:22    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-08-11 20:44:22    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-08-11 20:44:22    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-08-11 20:44:21    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-08-11 20:44:21    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-08-11 20:44:21    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-08-11 20:43:38    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-08-11 20:43:38    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-08-11 20:42:55    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2013-08-11 20:42:34    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2013-08-11 20:39:43    --------    d-----w-    C:\NVIDIA
2013-08-11 19:19:57    --------    d-----w-    C:\Program Files (x86)\Windows Kits
2013-08-11 00:23:14    --------    d-----w-    C:\Users\Scott Dworkin\AppData\Local\Dropbox_Folder_Sync
2013-08-11 00:22:58    --------    d-----w-    C:\Users\Scott Dworkin\AppData\Roaming\Dropbox Folder Sync
2013-08-10 23:16:08    64856    ----a-w-    C:\Windows\System32\klfphc.dll
2013-08-10 23:12:49    --------    d-----w-    C:\Windows\ELAMBKUP
2013-08-10 23:11:33    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-08-10 23:05:16    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-08-10 23:05:15    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-08-10 22:26:47    27256    ----a-w-    C:\Windows\System32\drivers\FixZeroAccess.sys
2013-08-10 21:45:37    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20491CE5-FCD1-4832-8E26-BF0506071C49}\mpengine.dll
2013-08-10 21:32:06    --------    d-----w-    C:\Windows\pss
2013-07-29 18:09:18    --------    d-----w-    C:\Windows\System32\MRT
2013-07-29 18:00:45    --------    d-----w-    C:\Users\Scott Dworkin\AppData\Local\CrashDumps
2013-07-29 17:57:13    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-29 17:46:07    --------    d-----w-    C:\Users\Scott Dworkin\AppData\Local\NPE
2013-07-29 17:46:07    --------    d-----w-    C:\ProgramData\Norton
.
==================== Find3M  ====================
.
2013-08-10 23:40:04    54368    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2013-07-29 17:57:04    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-29 17:57:04    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-23 15:08:42    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-23 15:08:42    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-09 19:16:13    25640    ----a-w-    C:\Windows\gdrv.sys
2013-06-09 05:28:28    466520    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-06-09 05:28:27    445016    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-06-09 05:28:27    123480    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-06-09 05:28:26    109144    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-06-09 00:41:56    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 16:55:34.04 ===============
 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 16 August 2013 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#6 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 16 August 2013 - 08:47 PM

Nasdaq,

Thank you for assisiting me with this problem!

Here are the logfiles you requested...

 

 

 

RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scott Dworkin [Admin rights]
Mode : Scan -- Date : 08/16/2013 16:50:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] f40db69dc1e278218fa55e052b307bb0
[BSP] ea2338af447576dd1e890fe4d7266dbe : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 5a0496589c73a8e14bd104d63a3c2b2a
[BSP] 81bf559e9287a3a6828ac624f6c13192 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 09f4600c0a7a793b4e95936f0b852107
[BSP] 1e670de85ecdb3917cb3f1a891199572 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907628 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 212b715a50511795381b1a471d446945
[BSP] e64c22634c3cf17b1803ef81d18df7bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08162013_165035.txt >>




RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scott Dworkin [Admin rights]
Mode : Remove -- Date : 08/16/2013 16:50:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] f40db69dc1e278218fa55e052b307bb0
[BSP] ea2338af447576dd1e890fe4d7266dbe : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 5a0496589c73a8e14bd104d63a3c2b2a
[BSP] 81bf559e9287a3a6828ac624f6c13192 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 09f4600c0a7a793b4e95936f0b852107
[BSP] 1e670de85ecdb3917cb3f1a891199572 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907628 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 212b715a50511795381b1a471d446945
[BSP] e64c22634c3cf17b1803ef81d18df7bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_08162013_165044.txt >>
RKreport[0]_S_08162013_165035.txt


 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Scott Dworkin on Fri 08/16/2013 at 17:02:29.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Scott Dworkin\AppData\Roaming\mozilla\firefox\profiles\25b0hrln.default\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/16/2013 at 17:58:55.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

# AdwCleaner v2.306 - Logfile created 08/16/2013 at 16:52:39
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Scott Dworkin - SCOTTDWORKIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Scott Dworkin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1205 octets] - [10/08/2013 15:43:39]
AdwCleaner[R2].txt - [948 octets] - [13/08/2013 18:23:27]
AdwCleaner[S1].txt - [1279 octets] - [10/08/2013 15:47:25]
AdwCleaner[S2].txt - [880 octets] - [16/08/2013 16:52:39]

########## EOF - C:\AdwCleaner[S2].txt - [939 octets] ##########
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 17 August 2013 - 07:32 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.

Let me know what problem persists.

#8 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 17 August 2013 - 11:01 AM

Tried to run Combofix twice. Both times during the operation it crashed to a blue screen!!!

Both times the BSOD indicated "A device driver is attempting to corrupt the system......"
The driver it listed is procexp113.sys


Very frustrating!

I won't do anything else until I hear back from you

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 17 August 2013 - 12:43 PM

Open your Task Manager and stop that process.

DO NOT RESTART THE COMPUTER, Run ComboFix.

#10 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 17 August 2013 - 12:47 PM

It isn't in processes?

#11 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 17 August 2013 - 12:48 PM

I searched the whole task manager tree and it's not listed, nor is that anywhere on my PC when I did a search

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 17 August 2013 - 01:03 PM

I do not see it you your logs.

Try this tool.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#13 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 17 August 2013 - 01:16 PM

OK here you go....
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by Scott Dworkin (administrator) on 17-08-2013 11:09:22
Running from C:\Users\Scott Dworkin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Scott Dworkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
MountPoints2: J - J:\SISetup.exe
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FLxHCIm64] - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-03-02] (Windows ® Win 7 DDK provider)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Startup: C:\Users\Scott Dworkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Scott Dworkin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Scott Dworkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12

FireFox:
========
FF ProfilePath: C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default
FF Homepage: yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: No Name - C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\Extensions\foxmarks@kei.com
FF Extension: Garmin Communicator - C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Evernote Web Clipper - C:\Users\Scott Dworkin\AppData\Roaming\Mozilla\Firefox\Profiles\25b0hrln.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-02] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-06-09] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-06-09] (Windows ® Server 2003 DDK provider)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-11] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-05-02] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-05-02] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-10] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-02] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 ctac32k; system32\drivers\ctac32k.sys [x]
S3 ctaud2k; system32\drivers\ctaud2k.sys [x]
S3 ctprxy2k; system32\drivers\ctprxy2k.sys [x]
S3 ctsfm2k; system32\drivers\ctsfm2k.sys [x]
S3 ossrv; system32\drivers\ctoss2k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 11:08 - 2013-08-17 11:08 - 01575580 _____ (Farbar) C:\Users\Scott Dworkin\Desktop\FRST64.exe
2013-08-17 08:58 - 2013-08-17 08:58 - 00270416 _____ C:\Windows\Minidump\081713-30170-01.dmp
2013-08-17 08:51 - 2013-08-17 08:51 - 00270416 _____ C:\Windows\Minidump\081713-30357-01.dmp
2013-08-17 08:48 - 2013-08-17 08:48 - 00000000 ____D C:\Qoobox
2013-08-17 08:47 - 2013-08-17 08:56 - 00000000 ___SD C:\32788R22FWJFW
2013-08-17 08:47 - 2013-08-17 08:47 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:45 - 2013-08-17 08:45 - 00891115 _____ C:\Users\Scott Dworkin\Desktop\SecurityCheck.exe
2013-08-17 08:43 - 2013-08-17 08:44 - 05105390 ____R (Swearware) C:\Users\Scott Dworkin\Desktop\ComboFix.exe
2013-08-17 07:31 - 2013-08-17 07:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 17:59 - 2013-08-16 17:58 - 00000781 _____ C:\Users\Scott Dworkin\Desktop\JRT.txt
2013-08-16 16:59 - 2013-08-16 16:59 - 00001007 _____ C:\Users\Scott Dworkin\Desktop\AdwCleaner[S2].txt
2013-08-16 16:52 - 2013-08-16 16:55 - 00001007 _____ C:\AdwCleaner[S2].txt
2013-08-16 16:50 - 2013-08-16 16:50 - 00003071 _____ C:\Users\Scott Dworkin\Desktop\RKreport[0]_D_08162013_165044.txt
2013-08-16 16:50 - 2013-08-16 16:50 - 00003066 _____ C:\Users\Scott Dworkin\Desktop\RKreport[0]_S_08162013_165035.txt
2013-08-16 16:31 - 2013-08-16 16:51 - 00000000 ____D C:\Users\Scott Dworkin\Desktop\RK_Quarantine
2013-08-16 16:27 - 2013-08-16 16:27 - 03800064 _____ C:\Users\Scott Dworkin\Downloads\RogueKillerX64.exe
2013-08-16 16:27 - 2013-08-16 16:27 - 01159319 _____ (Thisisu) C:\Users\Scott Dworkin\Downloads\JRT(1).exe
2013-08-14 03:32 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:32 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:32 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:32 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:32 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:32 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:32 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:32 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:32 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:32 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:32 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:32 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:32 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:32 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 02:12 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 02:12 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 02:12 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 02:12 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 02:12 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 02:12 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 02:12 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 02:12 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 02:09 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 02:09 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 02:08 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 02:08 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 02:08 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 02:08 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 02:08 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 02:08 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 02:08 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 02:08 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 02:08 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 02:08 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 02:08 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 02:08 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 02:08 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 02:08 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 02:08 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 02:08 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 02:08 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 18:23 - 2013-08-13 18:28 - 00000948 _____ C:\AdwCleaner[R2].txt
2013-08-13 09:00 - 2013-08-13 09:00 - 00000520 _____ C:\Windows\PFRO.log
2013-08-12 17:56 - 2013-08-12 17:56 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-12 17:56 - 2013-08-12 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 17:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-12 17:53 - 2013-08-12 17:54 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Scott Dworkin\Downloads\mbam-setup.exe
2013-08-12 17:51 - 2013-08-12 17:51 - 00602112 _____ (OldTimer Tools) C:\Users\Scott Dworkin\Downloads\OTL(1).exe
2013-08-12 17:37 - 2013-08-12 17:37 - 00281896 _____ (Mozilla) C:\Users\Scott Dworkin\Downloads\Firefox Setup Stub 23.0.exe
2013-08-12 16:52 - 2013-08-12 16:52 - 00688992 ____R (Swearware) C:\Users\Scott Dworkin\Downloads\dds.com
2013-08-12 15:49 - 2013-08-12 15:49 - 00000000 ____D C:\Program Files\Fresco Logic
2013-08-12 14:03 - 2013-08-17 09:03 - 00001271 _____ C:\Windows\setupact.log
2013-08-12 14:03 - 2013-08-17 08:57 - 1869105407 _____ C:\Windows\MEMORY.DMP
2013-08-12 14:03 - 2013-08-12 14:03 - 00303848 _____ C:\Windows\Minidump\081213-62400-01.dmp
2013-08-12 14:03 - 2013-08-12 14:03 - 00000000 _____ C:\Windows\setuperr.log
2013-08-12 09:48 - 2013-08-12 09:48 - 15785348 _____ C:\Users\Scott Dworkin\Downloads\CP-4PTU(2).zip
2013-08-11 17:35 - 2013-08-11 17:35 - 00448512 _____ (OldTimer Tools) C:\Users\Scott Dworkin\Downloads\TFC.exe
2013-08-11 16:35 - 2013-08-11 16:35 - 26946040 _____ (SUPERAntiSpyware) C:\Users\Scott Dworkin\Downloads\SUPERAntiSpyware.exe
2013-08-11 16:26 - 2013-08-11 16:26 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\Scott Dworkin\Downloads\rkill64.com
2013-08-11 16:25 - 2013-08-11 16:26 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Scott Dworkin\Downloads\rkill.com
2013-08-11 16:06 - 2013-08-11 16:09 - 38733864 _____ (CrashPlan) C:\Users\Scott Dworkin\Downloads\CrashPlan-x64_3.5.3_Win.exe
2013-08-11 15:40 - 2013-08-11 15:40 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-08-11 15:22 - 2013-08-11 15:22 - 00347424 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\MicrosoftFixit.Devices.Run(1).exe
2013-08-11 15:20 - 2013-08-11 15:20 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\Innovative Solutions
2013-08-11 15:12 - 2013-08-12 10:04 - 00012474 _____ C:\Users\Scott Dworkin\Downloads\hijackthis.log
2013-08-11 14:52 - 2013-08-11 14:52 - 00041472 _____ C:\Users\Scott Dworkin\Downloads\launcher64.dll
2013-08-11 14:36 - 2013-08-11 14:36 - 00629320 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Scott Dworkin\Downloads\driveragent-874.exe
2013-08-11 14:01 - 2013-08-11 14:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2013-08-11 14:01 - 2013-08-11 14:01 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\eSupport.com
2013-08-11 14:00 - 2013-08-11 14:01 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Scott Dworkin\Downloads\biosagentplus_875.exe
2013-08-11 13:56 - 2013-08-11 13:56 - 00031136 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2013-08-11 13:56 - 2013-08-11 13:56 - 00000000 ____D C:\Program Files\HWiNFO64
2013-08-11 13:44 - 2013-06-21 03:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-08-11 13:44 - 2013-06-21 03:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-08-11 13:44 - 2013-06-21 03:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-08-11 13:44 - 2013-06-21 03:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-08-11 13:44 - 2013-06-21 03:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-08-11 13:44 - 2013-06-19 21:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-08-11 13:43 - 2013-06-21 05:06 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-08-11 13:43 - 2013-06-21 05:06 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-08-11 13:42 - 2013-08-11 13:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-11 13:42 - 2013-08-11 13:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-11 13:41 - 2013-06-21 05:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-08-11 13:41 - 2013-06-21 05:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-08-11 13:41 - 2013-06-21 05:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-08-11 13:41 - 2013-02-24 22:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-08-11 13:41 - 2013-02-24 22:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-08-11 13:41 - 2013-01-29 01:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-08-11 13:39 - 2013-08-11 13:39 - 00000000 ____D C:\NVIDIA
2013-08-11 13:37 - 2013-08-11 13:38 - 185568600 _____ (NVIDIA Corporation) C:\Users\Scott Dworkin\Downloads\320.49-desktop-win8-win7-winvista-64bit-english-whql(2).exe
2013-08-11 13:35 - 2013-08-11 13:50 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-11 13:31 - 2013-08-11 13:31 - 00000248 _____ C:\Users\Scott Dworkin\Downloads\Settings.xml
2013-08-11 13:31 - 2013-08-11 13:31 - 00000000 _____ C:\Users\Scott Dworkin\Downloads\Languages.xml
2013-08-11 13:30 - 2009-11-26 16:52 - 12936704 _____ (Phyxion.net) C:\Users\Scott Dworkin\Downloads\Driver Sweeper.exe
2013-08-11 13:25 - 2013-08-11 13:25 - 05455805 _____ C:\Users\Scott Dworkin\Downloads\DriverSweeper_2.1.0-[Guru3D.com].zip
2013-08-11 13:23 - 2013-08-11 13:24 - 02922832 _____ (Martin Malík - REALiX                                       ) C:\Users\Scott Dworkin\Downloads\hw64_422.exe
2013-08-11 12:39 - 2013-08-11 12:39 - 92315920 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\msert(1).exe
2013-08-11 12:22 - 2013-08-11 12:23 - 00000000 ____D C:\Users\Scott Dworkin\Documents\WPA Files
2013-08-11 12:19 - 2013-08-11 12:19 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2013-08-11 12:17 - 2013-08-11 12:17 - 00991536 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\sdksetup.exe
2013-08-11 12:11 - 2013-08-11 12:11 - 00003198 _____ C:\Windows\System32\Tasks\{6FFEE0F4-185E-4553-BC39-3766B6B05371}
2013-08-11 12:01 - 2013-08-11 12:02 - 00509264 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\winsdk_web.exe
2013-08-11 11:42 - 2013-08-11 11:41 - 00377856 _____ C:\Users\Scott Dworkin\Downloads\2tnyv88v.exe
2013-08-11 09:30 - 2013-08-11 09:30 - 02049128 _____ (Trend Micro Inc.) C:\Users\Scott Dworkin\Downloads\HousecallLauncher.exe
2013-08-10 17:23 - 2013-08-10 17:23 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\Dropbox_Folder_Sync
2013-08-10 17:22 - 2013-08-12 15:42 - 00000000 ____D C:\Users\Scott Dworkin\AppData\Roaming\Dropbox Folder Sync
2013-08-10 17:22 - 2013-08-10 17:22 - 00874050 _____ (Sowrabh & Satyadeep                                         ) C:\Users\Scott Dworkin\Downloads\DropboxFolderSync-2.7-Setup.exe
2013-08-10 16:17 - 2013-08-10 16:16 - 00001159 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-08-10 16:16 - 2013-05-02 02:24 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-08-10 16:12 - 2013-08-10 16:12 - 00000000 ____D C:\Windows\ELAMBKUP
2013-08-10 16:11 - 2013-05-02 02:24 - 00620128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-08-10 16:11 - 2013-05-02 02:24 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-08-10 16:08 - 2013-08-10 16:08 - 192558520 _____ (Kaspersky Lab ZAO) C:\Users\Scott Dworkin\Downloads\kis2013_13.0.1.4190abcdefgEN_4525.exe
2013-08-10 16:05 - 2013-08-17 11:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-10 16:05 - 2013-08-10 16:31 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-08-10 15:55 - 2013-08-10 15:55 - 00005706 _____ C:\Users\Scott Dworkin\Downloads\kl_uninstall.txt
2013-08-10 15:54 - 2013-08-10 15:59 - 14549462 _____ C:\Users\Scott Dworkin\Downloads\kavremvr 2013-08-10 15-54-10 (pid 4376).log
2013-08-10 15:47 - 2013-08-10 15:50 - 00001279 _____ C:\AdwCleaner[S1].txt
2013-08-10 15:43 - 2013-08-10 15:46 - 00001205 _____ C:\AdwCleaner[R1].txt
2013-08-10 15:43 - 2013-08-10 15:43 - 00666633 _____ C:\Users\Scott Dworkin\Downloads\adwcleaner.exe
2013-08-10 15:26 - 2013-08-10 15:26 - 01805736 _____ (Symantec Corporation) C:\Users\Scott Dworkin\Downloads\FixZeroAccess.exe
2013-08-10 15:26 - 2013-08-10 15:26 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-08-10 14:32 - 2013-08-11 15:48 - 00000000 ____D C:\Windows\pss
2013-08-10 11:03 - 2013-08-10 11:03 - 00000036 _____ C:\Users\SCOTTD~1\AppData\Local\housecall.guid.cache
2013-08-06 09:30 - 2013-08-06 09:30 - 00347424 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\MicrosoftFixit.Performance.FISC.147299237393623280.1.2.Run.exe
2013-08-06 09:30 - 2013-08-06 09:30 - 00347424 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\MicrosoftFixit.maintenance.FISC.147299237393623280.1.1.Run.exe
2013-08-04 10:25 - 2013-08-17 10:35 - 00626971 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:33 - 2013-07-29 11:35 - 15750997 _____ C:\Users\Scott Dworkin\Downloads\CP-4PTU(1).zip
2013-07-29 11:23 - 2013-07-29 11:23 - 04915944 _____ C:\Users\Scott Dworkin\Downloads\set_up_outlookset(2).exe
2013-07-29 11:11 - 2013-07-29 11:11 - 37163168 _____ (Acronis) C:\Users\Scott Dworkin\Downloads\ATIO_en-US.exe
2013-07-29 11:09 - 2013-08-14 03:12 - 00000000 ____D C:\Windows\system32\MRT
2013-07-29 11:00 - 2013-08-10 16:50 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\CrashDumps
2013-07-29 11:00 - 2013-07-29 11:00 - 00231390 _____ C:\Users\Scott Dworkin\Downloads\RootkitRevealer(1).zip
2013-07-29 10:57 - 2013-07-29 10:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-29 10:57 - 2013-07-29 10:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-29 10:57 - 2013-07-29 10:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-29 10:57 - 2013-07-29 10:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-29 10:55 - 2013-07-29 10:55 - 00903080 _____ (Oracle Corporation) C:\Users\Scott Dworkin\Downloads\jxpiinstall(1).exe
2013-07-29 10:46 - 2013-07-29 10:51 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\NPE
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 ____D C:\ProgramData\Norton
2013-07-29 10:45 - 2013-07-29 10:46 - 02986440 _____ (Symantec Corporation) C:\Users\Scott Dworkin\Downloads\NPE(1).exe
2013-07-29 10:45 - 2013-07-29 10:45 - 00180000 _____ (Kaspersky Lab) C:\Users\Scott Dworkin\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe

==================== One Month Modified Files and Folders =======

2013-08-17 11:09 - 2013-08-17 11:09 - 00000000 ____D C:\FRST
2013-08-17 11:08 - 2013-08-17 11:08 - 01575580 _____ (Farbar) C:\Users\Scott Dworkin\Desktop\FRST64.exe
2013-08-17 11:07 - 2013-06-08 23:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 11:04 - 2013-08-10 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-17 11:04 - 2013-06-08 21:16 - 00000000 ____D C:\Users\Scott Dworkin\AppData\Roaming\Dropbox
2013-08-17 10:57 - 2013-06-09 10:26 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\6659E7A2-CB8F-4944-8C03-74071A06A4B8.aplzod
2013-08-17 10:35 - 2013-08-04 10:25 - 00626971 _____ C:\Windows\WindowsUpdate.log
2013-08-17 10:02 - 2013-06-08 21:19 - 00000000 ___RD C:\Users\Scott Dworkin\Dropbox
2013-08-17 09:12 - 2009-07-13 21:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 09:12 - 2009-07-13 21:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 09:03 - 2013-08-12 14:03 - 00001271 _____ C:\Windows\setupact.log
2013-08-17 09:03 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 08:58 - 2013-08-17 08:58 - 00270416 _____ C:\Windows\Minidump\081713-30170-01.dmp
2013-08-17 08:58 - 2013-07-13 16:16 - 00000000 ____D C:\Windows\Minidump
2013-08-17 08:57 - 2013-08-12 14:03 - 1869105407 _____ C:\Windows\MEMORY.DMP
2013-08-17 08:56 - 2013-08-17 08:47 - 00000000 ___SD C:\32788R22FWJFW
2013-08-17 08:51 - 2013-08-17 08:51 - 00270416 _____ C:\Windows\Minidump\081713-30357-01.dmp
2013-08-17 08:50 - 2013-06-08 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 08:48 - 2013-08-17 08:48 - 00000000 ____D C:\Qoobox
2013-08-17 08:47 - 2013-08-17 08:47 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:45 - 2013-08-17 08:45 - 00891115 _____ C:\Users\Scott Dworkin\Desktop\SecurityCheck.exe
2013-08-17 08:44 - 2013-08-17 08:43 - 05105390 ____R (Swearware) C:\Users\Scott Dworkin\Desktop\ComboFix.exe
2013-08-17 07:32 - 2013-08-17 07:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 02:00 - 2013-06-09 13:25 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\Adobe
2013-08-16 17:58 - 2013-08-16 17:59 - 00000781 _____ C:\Users\Scott Dworkin\Desktop\JRT.txt
2013-08-16 16:59 - 2013-08-16 16:59 - 00001007 _____ C:\Users\Scott Dworkin\Desktop\AdwCleaner[S2].txt
2013-08-16 16:55 - 2013-08-16 16:52 - 00001007 _____ C:\AdwCleaner[S2].txt
2013-08-16 16:51 - 2013-08-16 16:31 - 00000000 ____D C:\Users\Scott Dworkin\Desktop\RK_Quarantine
2013-08-16 16:50 - 2013-08-16 16:50 - 00003071 _____ C:\Users\Scott Dworkin\Desktop\RKreport[0]_D_08162013_165044.txt
2013-08-16 16:50 - 2013-08-16 16:50 - 00003066 _____ C:\Users\Scott Dworkin\Desktop\RKreport[0]_S_08162013_165035.txt
2013-08-16 16:27 - 2013-08-16 16:27 - 03800064 _____ C:\Users\Scott Dworkin\Downloads\RogueKillerX64.exe
2013-08-16 16:27 - 2013-08-16 16:27 - 01159319 _____ (Thisisu) C:\Users\Scott Dworkin\Downloads\JRT(1).exe
2013-08-16 14:51 - 2013-06-09 11:18 - 00000000 ____D C:\ProgramData\LawyersAgent
2013-08-16 14:51 - 2013-06-09 11:18 - 00000000 ____D C:\Program Files (x86)\LawyersAgent
2013-08-15 07:06 - 2013-06-12 11:02 - 00000000 ____D C:\Users\Scott Dworkin\Desktop\Scanned Docs
2013-08-14 15:59 - 2013-06-10 17:29 - 00000000 ____D C:\Users\Scott Dworkin\ZipForm
2013-08-14 05:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 03:59 - 2013-06-08 17:29 - 00000000 ____D C:\Windows\Panther
2013-08-14 03:31 - 2013-06-08 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 03:20 - 2009-07-13 22:13 - 00797372 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 03:12 - 2013-07-29 11:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:07 - 2013-06-08 19:17 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-13 18:28 - 2013-08-13 18:23 - 00000948 _____ C:\AdwCleaner[R2].txt
2013-08-13 09:00 - 2013-08-13 09:00 - 00000520 _____ C:\Windows\PFRO.log
2013-08-12 17:56 - 2013-08-12 17:56 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-12 17:56 - 2013-08-12 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 17:54 - 2013-08-12 17:53 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Scott Dworkin\Downloads\mbam-setup.exe
2013-08-12 17:51 - 2013-08-12 17:51 - 00602112 _____ (OldTimer Tools) C:\Users\Scott Dworkin\Downloads\OTL(1).exe
2013-08-12 17:39 - 2013-06-08 18:09 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-12 17:37 - 2013-08-12 17:37 - 00281896 _____ (Mozilla) C:\Users\Scott Dworkin\Downloads\Firefox Setup Stub 23.0.exe
2013-08-12 16:52 - 2013-08-12 16:52 - 00688992 ____R (Swearware) C:\Users\Scott Dworkin\Downloads\dds.com
2013-08-12 15:49 - 2013-08-12 15:49 - 00000000 ____D C:\Program Files\Fresco Logic
2013-08-12 15:42 - 2013-08-10 17:22 - 00000000 ____D C:\Users\Scott Dworkin\AppData\Roaming\Dropbox Folder Sync
2013-08-12 14:03 - 2013-08-12 14:03 - 00303848 _____ C:\Windows\Minidump\081213-62400-01.dmp
2013-08-12 14:03 - 2013-08-12 14:03 - 00000000 _____ C:\Windows\setuperr.log
2013-08-12 10:04 - 2013-08-11 15:12 - 00012474 _____ C:\Users\Scott Dworkin\Downloads\hijackthis.log
2013-08-12 09:49 - 2013-06-23 08:51 - 00000000 ____D C:\Users\Scott Dworkin\Downloads\CP-4PTU
2013-08-12 09:48 - 2013-08-12 09:48 - 15785348 _____ C:\Users\Scott Dworkin\Downloads\CP-4PTU(2).zip
2013-08-12 09:26 - 2013-06-08 18:59 - 00000000 ____D C:\Users\Scott Dworkin\AppData\Roaming\CrashPlan
2013-08-11 17:45 - 2013-06-09 13:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-11 17:35 - 2013-08-11 17:35 - 00448512 _____ (OldTimer Tools) C:\Users\Scott Dworkin\Downloads\TFC.exe
2013-08-11 16:35 - 2013-08-11 16:35 - 26946040 _____ (SUPERAntiSpyware) C:\Users\Scott Dworkin\Downloads\SUPERAntiSpyware.exe
2013-08-11 16:26 - 2013-08-11 16:26 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\Scott Dworkin\Downloads\rkill64.com
2013-08-11 16:26 - 2013-08-11 16:25 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Scott Dworkin\Downloads\rkill.com
2013-08-11 16:09 - 2013-08-11 16:06 - 38733864 _____ (CrashPlan) C:\Users\Scott Dworkin\Downloads\CrashPlan-x64_3.5.3_Win.exe
2013-08-11 15:48 - 2013-08-10 14:32 - 00000000 ____D C:\Windows\pss
2013-08-11 15:48 - 2013-06-08 17:11 - 00000000 ___RD C:\Users\Scott Dworkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-11 15:42 - 2013-06-08 21:50 - 00000000 ____D C:\Users\Scott Dworkin\AppData\Roaming\HpUpdate
2013-08-11 15:41 - 2013-06-08 21:50 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-11 15:40 - 2013-08-11 15:40 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-08-11 15:22 - 2013-08-11 15:22 - 00347424 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\MicrosoftFixit.Devices.Run(1).exe
2013-08-11 15:20 - 2013-08-11 15:20 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\Innovative Solutions
2013-08-11 14:52 - 2013-08-11 14:52 - 00041472 _____ C:\Users\Scott Dworkin\Downloads\launcher64.dll
2013-08-11 14:36 - 2013-08-11 14:36 - 00629320 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Scott Dworkin\Downloads\driveragent-874.exe
2013-08-11 14:01 - 2013-08-11 14:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2013-08-11 14:01 - 2013-08-11 14:01 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\eSupport.com
2013-08-11 14:01 - 2013-08-11 14:00 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Scott Dworkin\Downloads\biosagentplus_875.exe
2013-08-11 13:56 - 2013-08-11 13:56 - 00031136 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2013-08-11 13:56 - 2013-08-11 13:56 - 00000000 ____D C:\Program Files\HWiNFO64
2013-08-11 13:54 - 2013-06-08 23:13 - 00007597 _____ C:\Users\SCOTTD~1\AppData\Local\resmon.resmoncfg
2013-08-11 13:50 - 2013-08-11 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-11 13:44 - 2013-07-04 10:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-11 13:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2013-08-11 13:42 - 2013-08-11 13:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-11 13:42 - 2013-08-11 13:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-11 13:39 - 2013-08-11 13:39 - 00000000 ____D C:\NVIDIA
2013-08-11 13:38 - 2013-08-11 13:37 - 185568600 _____ (NVIDIA Corporation) C:\Users\Scott Dworkin\Downloads\320.49-desktop-win8-win7-winvista-64bit-english-whql(2).exe
2013-08-11 13:31 - 2013-08-11 13:31 - 00000248 _____ C:\Users\Scott Dworkin\Downloads\Settings.xml
2013-08-11 13:31 - 2013-08-11 13:31 - 00000000 _____ C:\Users\Scott Dworkin\Downloads\Languages.xml
2013-08-11 13:25 - 2013-08-11 13:25 - 05455805 _____ C:\Users\Scott Dworkin\Downloads\DriverSweeper_2.1.0-[Guru3D.com].zip
2013-08-11 13:24 - 2013-08-11 13:23 - 02922832 _____ (Martin Malík - REALiX                                       ) C:\Users\Scott Dworkin\Downloads\hw64_422.exe
2013-08-11 12:39 - 2013-08-11 12:39 - 92315920 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\msert(1).exe
2013-08-11 12:23 - 2013-08-11 12:22 - 00000000 ____D C:\Users\Scott Dworkin\Documents\WPA Files
2013-08-11 12:19 - 2013-08-11 12:19 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2013-08-11 12:19 - 2013-06-08 19:05 - 00000000 ____D C:\ProgramData\Package Cache
2013-08-11 12:17 - 2013-08-11 12:17 - 00991536 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\sdksetup.exe
2013-08-11 12:13 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-11 12:11 - 2013-08-11 12:11 - 00003198 _____ C:\Windows\System32\Tasks\{6FFEE0F4-185E-4553-BC39-3766B6B05371}
2013-08-11 12:02 - 2013-08-11 12:01 - 00509264 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\winsdk_web.exe
2013-08-11 11:41 - 2013-08-11 11:42 - 00377856 _____ C:\Users\Scott Dworkin\Downloads\2tnyv88v.exe
2013-08-11 09:30 - 2013-08-11 09:30 - 02049128 _____ (Trend Micro Inc.) C:\Users\Scott Dworkin\Downloads\HousecallLauncher.exe
2013-08-10 23:22 - 2009-07-13 22:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-10 17:23 - 2013-08-10 17:23 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\Dropbox_Folder_Sync
2013-08-10 17:22 - 2013-08-10 17:22 - 00874050 _____ (Sowrabh & Satyadeep                                         ) C:\Users\Scott Dworkin\Downloads\DropboxFolderSync-2.7-Setup.exe
2013-08-10 16:50 - 2013-07-29 11:00 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\CrashDumps
2013-08-10 16:40 - 2013-05-02 02:24 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-08-10 16:31 - 2013-08-10 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-08-10 16:16 - 2013-08-10 16:17 - 00001159 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-08-10 16:12 - 2013-08-10 16:12 - 00000000 ____D C:\Windows\ELAMBKUP
2013-08-10 16:08 - 2013-08-10 16:08 - 192558520 _____ (Kaspersky Lab ZAO) C:\Users\Scott Dworkin\Downloads\kis2013_13.0.1.4190abcdefgEN_4525.exe
2013-08-10 15:59 - 2013-08-10 15:54 - 14549462 _____ C:\Users\Scott Dworkin\Downloads\kavremvr 2013-08-10 15-54-10 (pid 4376).log
2013-08-10 15:55 - 2013-08-10 15:55 - 00005706 _____ C:\Users\Scott Dworkin\Downloads\kl_uninstall.txt
2013-08-10 15:50 - 2013-08-10 15:47 - 00001279 _____ C:\AdwCleaner[S1].txt
2013-08-10 15:46 - 2013-08-10 15:43 - 00001205 _____ C:\AdwCleaner[R1].txt
2013-08-10 15:43 - 2013-08-10 15:43 - 00666633 _____ C:\Users\Scott Dworkin\Downloads\adwcleaner.exe
2013-08-10 15:26 - 2013-08-10 15:26 - 01805736 _____ (Symantec Corporation) C:\Users\Scott Dworkin\Downloads\FixZeroAccess.exe
2013-08-10 15:26 - 2013-08-10 15:26 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-08-10 15:09 - 2013-07-08 20:10 - 00000000 ___RD C:\Users\Scott Dworkin\Sync
2013-08-10 15:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-08-10 15:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-10 14:14 - 2013-06-08 17:10 - 00000000 ____D C:\Users\Scott Dworkin
2013-08-10 11:03 - 2013-08-10 11:03 - 00000036 _____ C:\Users\SCOTTD~1\AppData\Local\housecall.guid.cache
2013-08-09 15:33 - 2013-06-10 10:44 - 00000000 ____D C:\ProgramData\PASettings
2013-08-06 09:30 - 2013-08-06 09:30 - 00347424 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\MicrosoftFixit.Performance.FISC.147299237393623280.1.2.Run.exe
2013-08-06 09:30 - 2013-08-06 09:30 - 00347424 _____ (Microsoft Corporation) C:\Users\Scott Dworkin\Downloads\MicrosoftFixit.maintenance.FISC.147299237393623280.1.1.Run.exe
2013-08-05 13:57 - 2013-06-08 21:47 - 00000764 _____ C:\Users\Scott Dworkin\Documents\outlookset.log
2013-08-05 13:57 - 2013-06-08 21:47 - 00000738 _____ C:\Users\Scott Dworkin\Documents\olset32.log
2013-07-29 17:02 - 2013-06-08 19:38 - 00000000 ____D C:\ProgramData\Creative
2013-07-29 11:35 - 2013-07-29 11:33 - 15750997 _____ C:\Users\Scott Dworkin\Downloads\CP-4PTU(1).zip
2013-07-29 11:23 - 2013-07-29 11:23 - 04915944 _____ C:\Users\Scott Dworkin\Downloads\set_up_outlookset(2).exe
2013-07-29 11:11 - 2013-07-29 11:11 - 37163168 _____ (Acronis) C:\Users\Scott Dworkin\Downloads\ATIO_en-US.exe
2013-07-29 11:00 - 2013-07-29 11:00 - 00231390 _____ C:\Users\Scott Dworkin\Downloads\RootkitRevealer(1).zip
2013-07-29 10:57 - 2013-07-29 10:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-29 10:57 - 2013-07-29 10:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-29 10:57 - 2013-07-29 10:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-29 10:57 - 2013-07-29 10:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-29 10:57 - 2013-06-09 11:45 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-29 10:57 - 2013-06-09 11:45 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-29 10:55 - 2013-07-29 10:55 - 00903080 _____ (Oracle Corporation) C:\Users\Scott Dworkin\Downloads\jxpiinstall(1).exe
2013-07-29 10:51 - 2013-07-29 10:46 - 00000000 ____D C:\Users\SCOTTD~1\AppData\Local\NPE
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 ____D C:\ProgramData\Norton
2013-07-29 10:46 - 2013-07-29 10:45 - 02986440 _____ (Symantec Corporation) C:\Users\Scott Dworkin\Downloads\NPE(1).exe
2013-07-29 10:45 - 2013-07-29 10:45 - 00180000 _____ (Kaspersky Lab) C:\Users\Scott Dworkin\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-07-25 22:13 - 2013-08-14 03:32 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 22:13 - 2013-08-14 03:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 22:13 - 2013-08-14 03:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-25 22:12 - 2013-08-14 03:32 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:12 - 2013-08-14 03:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 20:35 - 2013-08-14 03:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 20:13 - 2013-08-14 03:32 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 20:13 - 2013-08-14 03:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 20:12 - 2013-08-14 03:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 20:11 - 2013-08-14 03:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 20:11 - 2013-08-14 03:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 19:49 - 2013-08-14 03:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 19:39 - 2013-08-14 03:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 18:59 - 2013-08-14 03:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 02:25 - 2013-08-14 02:08 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 01:57 - 2013-08-14 02:08 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-18 18:58 - 2013-08-14 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-18 18:41 - 2013-08-14 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-13 02:17

==================== End Of Log ============================

Attached Files


Edited by sergei91, 17 August 2013 - 01:20 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:58 AM

Posted 17 August 2013 - 01:40 PM

ProxyServer: localhost:21320

The file is nowhere to be seen.

Lets check deeper.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    procexp113.sys

    :regfind
    procexp113.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt[/list]
    If nothing is found I suspect the Kaspersky is blocking this.
    ComboFix may be using it to check the registry.






#15 sergei91

sergei91
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 17 August 2013 - 01:56 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 11:46 on 17/08/2013 by Scott Dworkin
Administrator - Elevation successful

========== filefind ==========

Searching for "procexp113.sys"
No files found.

========== regfind ==========

Searching for "procexp113.sys"
No data found.

-= EOF =-

 

 

Nope didnt find it...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users