Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My No.1 PC has a virus infection: "Win32/Small.CA virus"


  • This topic is locked This topic is locked
27 replies to this topic

#1 rexrzer727

rexrzer727

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 24 October 2013 - 03:19 AM

Topic Description: Cannot find location of Win32/Small.CA virus; Do not know how to remove it!

Three or four days ago my No.1 PC in my office complex of 4 (four) OEM PC's that I built in 2009-2011 began to have serious anomalies occur. At idle the PC would blue screen with various messages; during stressful work applications of the computer (Folding at Home 100% CPU and GPU throttle simultaneously, for example) which I have successfully used this PC for since 2009 for Team EVGA Folding (along with its three OEM office PC mates)) there would be an unexplainable intervention, crashing the work unit of FAHome, and hence losing valuable time and Points Per Day for Team EVGA Folding; icons would disappear off my desktop randomly, no pattern to it, just apps would lose their alias's and I'd have to generate a new one; my normally 100% stable Chrome 30.xxx.x.,x..x..xx browser would randomly crash, loaded with windows or not, no pattern there either; when in BIOS post crash or BSOD, I would attempt to see if settings had changed or if something in my overclocking went out of whack, the computer would get stuck in an endless loop of starts, restarts, over and over again with this message on BIOS Screen No.1 "There is no keyboard present, please hit F1 to continue", while the keyboard would be unresponsive and fail to be used to remedy anything; Phantom events began to occur such as entire applications vanishing (Adobe Reader X, Amazon Cloud Player, all types and kinds of programs in the computer) and upon re-installing said apps I'd be greeted with this message: "Program is already installed, do you wish to overwrite?"; my RAID systems would become unresponsive and communication with the RAID Controller, an Areca 1680-IX-8 Hardware Bus Master, would cease, crashing the computer.

In short, a normally 100% solid Intel Core i7 970 6-Core CPU powered PC, the mainstay of my operations in my home office and FAHome gallery began to act as if its personality had become schizophrenic or worse, unpredictable and unresponsive the second a problem would occur of any kind, and no normal remedies helped. I steadfastly checking and re-checked all my hardware, from CPU to dual EVGA 560 Ti SC GPU cards, to the EVGA E770 GT Classified3 Motherboard, the Areca RAID controller and its subsystems were tested, tested again, and re-tested under stress and without any at all, and everything checked out 100% aok fine as individual pieces of the PC. In addition start-up and shut down times became dramatically slower, to the point that it would take 2-4 MINUTES to shut down the PC, where it would normally act in less than 20 seconds to do the same. Start-ups would become 2-5 minute exercises where in peak form this PC boots, all RAIDs and RAM and dual BD-RE optical drives, all of the hardware would mount and be ready with a full desktop loaded in between 35-60 seconds maximum time.

Remarkably it would not matter if the machine was overclocked or at OEM base default settings, the problems persisted and became worse by the hours of use I was devoting to the PC to try and fix it!

All the while Action Center kept giving me this message: "Remove the Win32/Small.CA virus", so I began reading about the anomaly and its gifts to the computing world of chaos, unrelenting massive system failures of various sorts, it seemed to be a force to be reckoned with and difficult to rid a system of, period!

Eventually many Google searches led me to this group of forums, and finally when I had gone at my wits ends for that 3-4 day period just ended last night with me posting a desperate plea for help with my problem with the Win32/Small.CA virus. I was answered by "boopme" who very kindly posted a series of steps to take to try and isolate and perhaps rid my system of the virus using various tools, JRT, AdaWare Cleaner, TDSSKiller, and finally late last night I ran a 2.5 hour scan by ESETS, which found dozens and dozens of anomalies, system and program errors listed in its damning report were incredibly complex and intertwined it seemed, at which time "boopme" advised to do steps 6, 7, 8 here and post this topic in the Removal Logs area of this forum complex, which I am doing right now.

What follows is the DDS.txt Report I was asked to generate, while the file attachment of "attach.txt" is appended to this post, hopefully with success and no issues with this computer hanging, BSOD'ing, or worse. I need this computer working and working 100%, as it is the key to all my media, music, film ventures, writing (I am a published author and former working press Journalist), art, web page constructions etc etc, not to mention it being the bastion of my FAHome production for Team EVGA Folding at more than 80K PPD average output.

I have never experienced anything like this in 40+ years of computing and writing and media ventures, and I'd like some help from the guru's and experts here at this incredible forum, as I have no idea where to go, or what to do if I indeed found the source of the damned thing!

******************************** *********************** ********************** *****************


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
Run by poweruser at 23:37:25 on 2013-10-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24567.20426 [GMT -7:00]
.
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\AirPrint\Airprint.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\splwow64.exe
C:\Windows\Explorer.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Service.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Glary Utilities\memdefrag.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe
C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\prevhost.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Glary Memory Optimizer] "C:\Program Files (x86)\Glary Utilities\memdefrag.exe" /autostart
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHOA.EXE /EPT "EPLTarget\P0000000000000001" /M "Artisan 837" /EF "HKCU"
uRun: [Amazon Cloud Player] C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [AmazonMP3DownloaderHelper] C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [Google Update] :"C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [74E132D9EFD53FD074E15FF7329D05A32A4F6B98._service_run] "C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [APSDaemon] :"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-556 revA\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2C4FC8C8-3195-4F8B-917F-9BCF2C5047C6} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{709C4A3C-C7A6-47E1-B3B9-E96F972B6D8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7288523A-69E9-4788-B059-1D6D03FC9D7D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E554AC4A-DF99-4141-8832-F3CA5390257B} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
SSODL: WebCheck - <orphaned>
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\
FF - prefs.js: browser.startup.homepage - hxxp://sites.google.com/a/rexrzer.org/makeusimages-inc-/
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2010-8-21 49744]
R0 arcm_a64;arcm_a64;C:\Windows\System32\drivers\arcm_a64.sys [2009-6-12 40984]
R0 CLBStor;CLBStor;C:\Windows\System32\drivers\CLBStor.sys [2009-10-14 24824]
R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2010-8-21 52304]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2009-6-5 37392]
R0 mounthlp;Mounter helper driver for HFS volumes;C:\Windows\System32\drivers\mounthlp.sys [2010-8-21 37968]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-3-17 302632]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2010-11-25 26624]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/05 18:13:05];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-9-22 146928]
R2 AirPrint;AirPrint;C:\AirPrint\Airprint.exe -s --> C:\AirPrint\Airprint.exe -s [?]
R2 ArcHttpProxyServer;ArcHttpProxyServer;C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe [2009-6-12 356352]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-6-22 43912]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2009-10-14 369912]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2010-12-21 21992]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-3-29 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-3-29 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2010-8-21 14416]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-12-12 386344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 cmudaxp;ASUS Xonar Essence ST Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-3-10 2725376]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-20 314400]
S1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-7-17 102992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2010-11-25 27296]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-28 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-7-29 103448]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-5-19 21712]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-5-29 12744]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2013-9-15 137488]
S3 GPU-Z;GPU-Z;C:\Users\POWERU~1\AppData\Local\Temp\GPU-Z.sys [2013-10-14 27008]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2010-8-21 189520]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [2010-11-25 954368]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2010-11-13 63696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-20 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-7-29 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-20 57856]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-6 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\RealTemp_360\WinRing0x64.sys [2008-7-26 14544]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2013-10-24 00:32:03 2084072 ----a-w- C:\Windows\System32\bdnc.dll
2013-10-24 00:32:02 96160 ----a-w- C:\Windows\System32\bdpredir.dll
2013-10-24 00:32:02 209984 ----a-w- C:\Windows\System32\BdFirewallSDK.dll
2013-10-24 00:32:02 195016 ----a-w- C:\Windows\System32\httproxy.dll
2013-10-24 00:32:02 156936 ----a-w- C:\Windows\System32\bdfwcore.dll
2013-10-24 00:32:02 155912 ----a-w- C:\Windows\System32\bdpop3p.dll
2013-10-24 00:32:02 122928 ----a-w- C:\Windows\System32\OEMbdpredir.dll
2013-10-24 00:32:02 1061776 ----a-w- C:\Windows\System32\bdsmtpp.dll
2013-10-24 00:14:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-10-23 23:59:23 -------- d-----w- C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet
2013-10-23 23:33:33 -------- d-----w- C:\Users\poweruser\AppData\Local\adawarebp
2013-10-23 07:50:27 -------- d-----w- C:\Program Files (x86)\ESET
2013-10-23 07:31:37 -------- d-----w- C:\Windows\ERUNT
2013-10-23 06:49:03 -------- d-----w- C:\AdwCleaner
2013-10-23 01:00:06 -------- d-----w- C:\Users\poweruser\TDSSKiller.app
2013-10-20 06:52:55 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42C97369-2F2C-4E9F-B5D8-DF4E1353CC1A}\mpengine.dll
2013-10-19 20:14:57 -------- d-----w- C:\Users\poweruser\AppData\Roaming\RealNetworks
2013-10-19 20:14:39 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-10-19 20:14:38 -------- d-----w- C:\ProgramData\RealNetworks
2013-10-19 20:14:34 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-10-19 20:14:28 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2013-10-15 10:05:20 -------- d-----w- C:\ProgramData\BitDefender
2013-10-15 02:51:59 -------- d-----w- C:\Users\poweruser\AppData\Roaming\LavasoftStatistics
2013-10-15 02:33:31 -------- d-----w- C:\Program Files\Lavasoft
2013-10-15 02:32:36 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-10-15 02:32:31 -------- d-----w- C:\Users\poweruser\AppData\Roaming\SecureSearch
2013-10-15 02:32:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-10-15 01:01:38 -------- d-----w- C:\Users\poweruser\AppData\Roaming\Malwarebytes
2013-10-15 01:01:23 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-15 00:47:57 -------- d-----w- C:\ProgramData\HitmanPro
2013-10-13 08:14:17 -------- d-----w- C:\Windows\System32\MRT
2013-10-13 08:05:04 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-13 08:00:43 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-08 02:08:16 -------- d-----w- C:\Users\poweruser\AppData\Local\Program Files
2013-09-30 00:37:55 -------- d-----w- C:\ProgramData\PCPitstop
2013-09-30 00:37:39 -------- d-----w- C:\Program Files (x86)\PCPitstop
2013-09-27 07:45:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-09-27 07:45:35 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-09-27 07:45:27 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-09-27 07:45:20 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2013-10-19 20:14:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-10-19 20:14:24 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-17 22:01:03 2725376 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2013-09-17 22:01:00 524768 ----a-w- C:\Windows\DIFxAPI.dll
2013-09-17 22:01:00 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 08:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 21:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 23:37:56.83 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 29 October 2013 - 03:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/511714 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 October 2013 - 04:56 AM

Hello Robot and Malware Response Team, and anyone else reading this thread on the infection of my No.1 office home network PC, an OEM built (myself) high-end Core i7 970 6-Core powered device, with 24GB 1866Mhz Kingston Matched RAM; an Areca 1680IX-8 SAS/eSATA Hardware RAID Bus Master/Controller which controls ALL I/O activity, external and internal, of the array of HD's in the system (there is NOTHING on the system busses except my twin BluRay readers/writers and USB 3.0 and 2.0 applications; an audio card to beat them all, an Asus Xonar Essence ST PCI 192Khz-capable card with built in 55 RMS-Watt Headphone Amplifier, all optically cabled systems for audio; and assorted other treats that enables it to be the music, movies, films, ie all art and music plus photography and films genres for the whole network of 3 other OEM PC builds, a MacBook Pro (wife's), an Asus G75 3D notebook; and various iPads, iPhones, Samsung Note Smartphones, that we use for business and pleasure on our home office network.

I have previously posted a litany of maladies that my PC has been experiencing since July 2013, it turns out after a thorough examination of my System Logs the past 2 days. Shutdowns, restarts in the middle of Folding@Home Work Unit production, programs vanishing out of both program file locations, corruption of my iTunes Library, unable to Save any MS Word or Office 2007 documents, with the caveat of "Modules are not registered" from the Save function; display and screen corruption, corruption of my video card nVidia drivers, in short a complete disaster of untold proportions has lit upon my No.1 PC and infected it to the MAXX. The Action Center has been telling me for a couple weeks to "Remove the Win32/Small.CA Virus" which Windows has finally discovered.

There may be other maladies that I don't know about, but that virus is definitely active and ruining my No.1 PC's production abilities for our business MakeUsImages, Inc., a Southern California photography, art, design, and professional automobile racing (NHRA, NASCAR sponsored events are favored, but we also do SCORE races and local Sprint Car action at Ventura Speedway) co-operative business that I've owned for more than 12 years and counting. The PC is unstable, cannot be counted on to finish a FAHome Work Unit at OEM stock settings, or overclocked to its normal 4.2Ghz speed (for 2+ years it's been running flawlessly overclocked with overclocked RAM, video cards (twin EVGA 560 Ti SuperClocked video boards), while it is also very capable as an OEM-clocked production machine commanding our film, movies, music and art and photography archives totaling more than 8TB of data in various HD systems that the PC administers.

Well that has been over with for almost two solid weeks now, going on three weeks of anomalies taking over my System of Windows 7 Ultimate 64-bit SP 1-run PC programs, from Photoshop CS3 to CS6, Sony's VEGAS movie system,Pinnacle Studio's audio playground for movies and film, a raft of high-end media programs and players, browsers, devices of all sorts that PC No.1 uses on a daily basis, it's all kaput at this time, and I cannot trust the PC to do or complete anything so it's on 'hold' right now until this virus infection and whatever else is wrong with it is remedied.

I have used TDSSKiller,AdaWare Cleaner and AntiVirus Programs, Pro Security Firewall and AntiVirus systems, ESET's scan system, mbam's scan, Hitman Pro, and other programs to try and isolate and/or eliminate the virus, but alas nothing has even FOUND it on the PC as yet! I've posted those logs in my previous threads and in this thread here also, the DDS and attached DDS files were uploaded and copy and pasted here in this thread itself. So I've not been inactive! I just don't know how to find this thing, the Win32/Small.CA virus, nor what to do once I did happen to find it to eliminate it from my system!

SoI am at my wit's end at this point, one ultra-modal PC server-No.1 computer in my office systems is disabled, and production has ground to a halt until something positive can happen in terms of eradicating this freaky virus that is causing all the anomalies, apparently.

Below is the DDS Scan I just did a few minutes ago, so it's more current than the one I posted earlier in another thread and this one also. I don't know whether the Robot wanted me to upload the "attach txt" portion of the DDS Scan, so I induded it also intoday's discussion, just to be sure I don't miss anything the experts here might be able to use.

Please help me rid this system of my infection, please, please please!! I am so sad and defeated by the Win32/Small.CA virus at this point that I don't know which end is up. I hope this second post demonstrates how desperate I am to fix this virus attack once and for all, which is apparently deep into my System according to "boopme" from the other forums here, so here you go, another disaster to try and repair and rid the PC of a virus infection of the worst order.

DDS Scan:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
Run by poweruser at 1:42:32 on 2013-10-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24567.18496 [GMT -7:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\AirPrint\Airprint.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\splwow64.exe
C:\Windows\Explorer.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Service.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Glary Utilities\memdefrag.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\prevhost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareDesktop.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\real\realplayer\update\realsched.exe
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Glary Memory Optimizer] "C:\Program Files (x86)\Glary Utilities\memdefrag.exe" /autostart
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHOA.EXE /EPT "EPLTarget\P0000000000000001" /M "Artisan 837" /EF "HKCU"
uRun: [Amazon Cloud Player] C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [AmazonMP3DownloaderHelper] C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [Google Update] :"C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [74E132D9EFD53FD074E15FF7329D05A32A4F6B98._service_run] "C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [APSDaemon] :"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-556 revA\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2C4FC8C8-3195-4F8B-917F-9BCF2C5047C6} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{709C4A3C-C7A6-47E1-B3B9-E96F972B6D8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7288523A-69E9-4788-B059-1D6D03FC9D7D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E554AC4A-DF99-4141-8832-F3CA5390257B} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
SSODL: WebCheck - <orphaned>
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\
FF - prefs.js: browser.startup.homepage - hxxp://sites.google.com/a/rexrzer.org/makeusimages-inc-/
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2010-8-21 49744]
R0 arcm_a64;arcm_a64;C:\Windows\System32\drivers\arcm_a64.sys [2009-6-12 40984]
R0 CLBStor;CLBStor;C:\Windows\System32\drivers\CLBStor.sys [2009-10-14 24824]
R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2010-8-21 52304]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2009-6-5 37392]
R0 mounthlp;Mounter helper driver for HFS volumes;C:\Windows\System32\drivers\mounthlp.sys [2010-8-21 37968]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-3-17 302632]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2010-11-25 26624]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/05 18:13:05];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-9-22 146928]
R2 AirPrint;AirPrint;C:\AirPrint\Airprint.exe -s --> C:\AirPrint\Airprint.exe -s [?]
R2 ArcHttpProxyServer;ArcHttpProxyServer;C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe [2009-6-12 356352]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-6-22 43912]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2009-10-14 369912]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2010-12-21 21992]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-3-29 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-3-29 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2010-8-21 14416]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-12-12 386344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 cmudaxp;ASUS Xonar Essence ST Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-3-10 2725376]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-20 314400]
S1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-7-17 102992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2010-11-25 27296]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-28 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-7-29 103448]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-5-19 21712]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-5-29 12744]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2013-9-15 137488]
S3 GPU-Z;GPU-Z;C:\Users\POWERU~1\AppData\Local\Temp\GPU-Z.sys [2013-10-14 27008]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2010-8-21 189520]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [2010-11-25 954368]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2010-11-13 63696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-20 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-7-29 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-20 57856]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-6 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\RealTemp_360\WinRing0x64.sys [2008-7-26 14544]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2013-10-24 00:32:03 2084072 ----a-w- C:\Windows\System32\bdnc.dll
2013-10-24 00:32:02 96160 ----a-w- C:\Windows\System32\bdpredir.dll
2013-10-24 00:32:02 209984 ----a-w- C:\Windows\System32\BdFirewallSDK.dll
2013-10-24 00:32:02 195016 ----a-w- C:\Windows\System32\httproxy.dll
2013-10-24 00:32:02 156936 ----a-w- C:\Windows\System32\bdfwcore.dll
2013-10-24 00:32:02 155912 ----a-w- C:\Windows\System32\bdpop3p.dll
2013-10-24 00:32:02 122928 ----a-w- C:\Windows\System32\OEMbdpredir.dll
2013-10-24 00:32:02 1061776 ----a-w- C:\Windows\System32\bdsmtpp.dll
2013-10-24 00:14:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-10-23 23:59:23 -------- d-----w- C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet
2013-10-23 23:33:33 -------- d-----w- C:\Users\poweruser\AppData\Local\adawarebp
2013-10-23 07:50:27 -------- d-----w- C:\Program Files (x86)\ESET
2013-10-23 07:31:37 -------- d-----w- C:\Windows\ERUNT
2013-10-23 06:49:03 -------- d-----w- C:\AdwCleaner
2013-10-23 01:00:06 -------- d-----w- C:\Users\poweruser\TDSSKiller.app
2013-10-20 06:52:55 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42C97369-2F2C-4E9F-B5D8-DF4E1353CC1A}\mpengine.dll
2013-10-19 20:14:57 -------- d-----w- C:\Users\poweruser\AppData\Roaming\RealNetworks
2013-10-19 20:14:39 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-10-19 20:14:38 -------- d-----w- C:\ProgramData\RealNetworks
2013-10-19 20:14:34 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-10-19 20:14:28 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2013-10-15 10:05:20 -------- d-----w- C:\ProgramData\BitDefender
2013-10-15 02:51:59 -------- d-----w- C:\Users\poweruser\AppData\Roaming\LavasoftStatistics
2013-10-15 02:33:31 -------- d-----w- C:\Program Files\Lavasoft
2013-10-15 02:32:36 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-10-15 02:32:31 -------- d-----w- C:\Users\poweruser\AppData\Roaming\SecureSearch
2013-10-15 02:32:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-10-15 01:01:38 -------- d-----w- C:\Users\poweruser\AppData\Roaming\Malwarebytes
2013-10-15 01:01:23 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-15 00:47:57 -------- d-----w- C:\ProgramData\HitmanPro
2013-10-13 08:14:17 -------- d-----w- C:\Windows\System32\MRT
2013-10-13 08:05:04 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-13 08:00:43 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-08 02:08:16 -------- d-----w- C:\Users\poweruser\AppData\Local\Program Files
2013-09-30 00:37:55 -------- d-----w- C:\ProgramData\PCPitstop
2013-09-30 00:37:39 -------- d-----w- C:\Program Files (x86)\PCPitstop
.
==================== Find3M ====================
.
2013-10-19 20:14:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-10-19 20:14:24 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-17 22:01:03 2725376 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2013-09-17 22:01:00 524768 ----a-w- C:\Windows\DIFxAPI.dll
2013-09-17 22:01:00 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 08:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 21:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 1:42:40.26 ===============

I DO have the original Windows 7 Ultimate 64-bit DVD's by the way, although this RAID System was created by cloning a version of the System from a previous HD system, then installed with Recovery Option 1 using Paragon's Hard Disk Manager 2011 system. I have successfully started up this PC using the Windoze DVD however, so it does work on this PC along with all my Paragon startup discs also.

Thanks so much for considering helping me rid my system of this near-fatal virus attach, still ongoing.

Attached Files



#4 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 October 2013 - 06:38 PM

One last "regards" pertaining to the MRT team helping me rid the PC of this virus and its corollary System damage, possible secondary cause/effect problems of which I am not aware of at this time: I am generally available after 8PM PST (Southern California) to work on this or any other issue with my PCs in my studio/network at my home office, not before that time as my two jobs keep me very busy from 6-7AM until I sign off on business for the day at 7PM PST, thereabbouts anyway. I have been known to stay up all night to accomplish something important or otherwise critically severe problem in my PC/Mac systems so do NOT be afraid to give me ready to order assignments in the evening hours, through until the early AM following morning!

I look forward to working with Team MRJ on this dire cirumsrtance going on right now, so fire away when you're ready to begin in earnest to solve this dilemma, as I am ready right now to begin the process of ridding my PC and network (if necessary) of this virus attack and any secondary associations related to it.

rexrzer727 - 10-29-2013 - last posting until we have something to work on/with a Win32/Small.CA virus infection in my office's No.1 PC desktop computer, or any of the other PCs or Macs that potentially could have the same issue, just not documented or discovered yet because of my lack of training/experiences with virus infections, malware attacks, et al up to now with my PC No.1's Systems, peripherals, and other PCs that use the FIOS 75/35Mbs fast, responsive and relatively error-free network. I am more than eager to figure out the depth and breadth of this infection, come Hell or High Water, and you have my commitment to work exclusively with BleepingPC.com on these issues...DRC, "rexrzer727", owner of MUI's MakeUsImages, Inc all these PCs, Macs, and printers, networking peripherals and connections here in my homeoffice production facility.

Thanks so much for your interest in helping me with this major league assault on my network and its peripherals, apparently, as I have not been yet asked to pursue any further documentation of this attack by the Win32/Small.CA Windows virus malware, which is still in its incubation period for my company, and personal projects, both. Thanking you in advance for any criticism, or other necessary postings in this topic's general area, wherever it takes all involved parties

#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 AM

Posted 02 November 2013 - 09:23 AM

Hello rexrzer727, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Best Regards,
oneof4.


#6 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 02 November 2013 - 06:19 PM

Thanks for starting this ball rolling on my virus attack, apparently, "oneof4".

I truly appreciate anything you and the Team can do to rid my System(s) of any virus/malware attack that is ongoing at this time. Here are the results of the scans you had me do today, as a preliminary look into the goings on of my various system components:

checkup-Notepad's scan:

Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Ad-Aware Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Wise Disk Cleaner 7.86
Wise Registry Cleaner 7.82
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (3.5.5) Firefox out of Date!
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4555.0\AdAwareService.exe
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4555.0\AdAwareTray.exe
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4555.0\AdAwareDesktop.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

*********************** ************************* ****************************

Farbar's scans are noted here:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by poweruser at 2013-11-02 16:07:59
Running from C:\Users\poweruser\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

3DMark Vantage (x32 Version: 1.0.2.1)
3DMark06 (x32 Version: 1.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (x32 Version: 1.6.65)
Ad-Aware Antivirus (Version: 11.0.4555.0)
AdAwareInstaller (Version: 11.0.4555.0)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe AIR (x32 Version: 1.5.2.8870)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0.1)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (x32 Version: 10.1.53.64)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Photoshop Lightroom 2.7 64-bit (Version: 2.7)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Setup (x32 Version: 1.0)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
AIDA64 Extreme Edition v1.20 (x32 Version: 1.20)
Amazon Cloud Player (HKCU Version: 1.5.0.341)
Amazon MP3 Downloader 1.0.18 (HKCU Version: 1.0.18)
Amazon MP3 Downloader 1.0.5 (x32)
AntimalwareEngine (Version: 2.6.0.0)
AntispamEngine (Version: 2.2.3.0)
AnyDVD (x32 Version: 7.2.1.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
archttp (x32 Version: 1.0.0.0)
ASUS Xonar Essence ST Audio Driver
Bonjour (Version: 3.0.0.10)
BurnInTest v7.0 Standard (Version: 7.0)
Canon DIGITAL CAMERA Solution Disk Software Guide (x32 Version: 1.4.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide (x32 Version: 1.0.0.1)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities MyCamera (x32 Version: 7.4.0.2)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
CCleaner (x32 Version: 2.32)
CDDRV_Installer (Version: 4.60)
Cinescore Studio 1.0 (x32 Version: 1.0.111)
Cisco Connect (x32 Version: 1.2.10104.2)
CloneDVD2 (x32 Version: 2.9.2.8)
Coby Media Manager (x32 Version: 1.0.3107)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CPUID CPU-Z 1.52.2
CPUID HWMonitor 1.17
CPUTorch (x32 Version: 0.5)
Creative Vado Central muvee Plugin (x32 Version: 1.00.000)
Creative Vado HD Codec (x32 Version: 1.0.0.3)
Creative Vado HD Codec (x32)
CrystalDiskInfo 3.9.3a (x32 Version: 3.9.3a)
CrystalDiskMark 3.0.0j (Version: 3.0.0j)
CyberLink Holiday Pack Vol. 3 (x32 Version: 2.0)
CyberLink PhotoNow (x32 Version: 1.1.0.6904)
CyberLink PowerBackup (x32 Version: 2.5.5529)
CyberLink PowerDirector (Version: 9.0.0.2330)
CyberLink PowerDirector (x32 Version: 9.0.0.2330)
CyberLink PowerDVD (x32 Version: 7.3.5711.0)
CyberLink PowerDVD 10 (x32 Version: 10.0.3322.54)
CyberLink WaveEditor (x32 Version: 1.0.1.2318)
DAK DePopper 3.x (x32)
DAK Wave MP3 Editor PRO v6.1b (x32 Version: 6.10.0000)
Disk Speed Test 1.2.47.23 (x32)
Driver Magician 3.9 (x32)
DWA-556 (x32 Version: )
EPSON Artisan 720 Series Printer Uninstall
EPSON Artisan 837 Series Printer Uninstall
Epson Connect (x32)
Epson Connect Printer Setup (x32 Version: 1.1.1)
Epson CreativeZone (x32)
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (x32 Version: 1.0.1)
Epson Easy Photo Print 2 (x32 Version: 2.1.0.0)
Epson Event Manager (x32 Version: 2.50.0000)
Epson FAX Utility (x32 Version: 1.20.00)
Epson PC-FAX Driver (x32)
Epson Print CD (x32 Version: 2.00.00)
EPSON Printer Software
EPSON Scan (x32)
EPSON WorkForce 310 Series Printer Uninstall
EpsonNet Config V3 (x32 Version: 3.7.0)
EpsonNet Print (x32 Version: 2.4j)
EpsonNet Setup (x32 Version: 3.1c)
EpsonNet Setup 3.3 (x32 Version: 3.3b)
eReg (x32 Version: 1.20.138.34)
erLT (x32 Version: 1.20.0137)
ESET Online Scanner v3 (x32)
EVGA E-LEET TUNING UTILITY 1.09.9
EVGA OC Scanner 1.7.1 (x32)
EVGA SLI Enhancement Patch (x32 Version: 1.0.2.5)
FirewallEngine (Version: 1.6.0.0)
Futuremark SystemInfo (x32 Version: 4.15.0)
Garmin Communicator Plugin (x32 Version: 4.0.1)
Garmin Communicator Plugin x64 (Version: 4.0.1)
Garmin Lifetime Updater (x32 Version: 2.1.7)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Garmin WebUpdater (x32 Version: 2.5.6)
Glary Registry Repair 3.3.0.852 (x32)
Glary Utilities 2.56.0.1822 (x32 Version: 2.56.0.1822)
Google Chrome (HKCU Version: 30.0.1599.101)
HandBrake 0.9.5 (x32 Version: 0.9.5)
HD Tune Pro 3.50 (x32)
HFM.NET 0.9.1.595 (x32 Version: 0.9.1.595)
iCloud (Version: 2.1.2.8)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iPhone Configuration Utility (x32 Version: 2.1.0.163)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8117.416)
KhalInstallWrapper (Version: 2.00.0000)
K-Lite Codec Pack 8.6.0 (Full) (x32 Version: 8.6.0)
LightScribe Optical Disc Kit (x32 Version: 1.8.13.1)
Logitech SetPoint (x32 Version: 4.80)
LTCM Client (x32)
marvell 91xx driver (x32 Version: 1.0.0.1036)
Media Go (x32 Version: 1.2.307)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox (3.5.5) (x32 Version: 3.5.5 (en-US))
MSI Afterburner 2.1.0 (x32 Version: 2.1.0)
MSVCRT (x32 Version: 14.0.1468.721)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
Need4 Audio Converter 6 (x32 Version: 6)
Need4 Audio Recorder 6 (x32 Version: 6)
Need4 DVD Burner 6 (x32 Version: 6)
Need4 Software Launcher 7.1 (x32 Version: 7.1)
Need4 Video Capture 6 (x32 Version: 6)
Need4 Video Converter 8 (x32 Version: 8)
Need4 Video Splitter 6 (x32 Version: 6)
Need4 YouTube Converter 6 (x32 Version: 6)
Need4 YouTube Download 6 (x32 Version: 6)
Need4 YouTube to iPod Converter 6 (x32 Version: 6)
Need4 YouTube to MP3 Converter 6 (x32 Version: 6)
NewBlue Cartoonr for Vegas (x32)
NewBlue VideoFX MSPP (x32)
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49)
NVIDIA 3D Vision Driver 327.23 (Version: 327.23)
NVIDIA Control Panel 327.23 (Version: 327.23)
NVIDIA Graphics Driver 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OCCT Perestroika 3.1.0 (x32)
OnlineThreatsEngine (Version: 2.2.2.0)
OpenAL (x32)
Paragon Hard Disk Manager 2010 Suite (Version: 90.00.0003)
Paragon HFS+ for Windows 8.0 (Version: 1.00)
Paragon Partition Manager 10.0 Personal (Version: 90.00.0003)
PDF Settings (x32 Version: 1.0)
PHOTOfunSTUDIO 6.0 (x32 Version: 6.00.135)
Presto! PageManager 8.15.01 SE (x32 Version: 8.15.01)
QuickTime (x32 Version: 7.73.80.64)
RAMDisk (x32 Version: 3.5.130)
Raptr (x32)
RealDownloader (x32 Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.3)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.12.1218.2009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Samsung Kies (x32 Version: 2.5.3.13043_14)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Skype Toolbars (x32 Version: 1.0.4051)
Skype 5.10 (x32 Version: 5.10.116)
SmartSound Quicktracks 5 (x32 Version: 5.1.7)
SmartSound Quicktracks Plugin (x32 Version: 3.0.3.0)
Sony DVD Architect Studio 4.5 (x32 Version: 4.5.107)
Sony Sound Forge Audio Studio 9.0 (x32 Version: 9.0.232)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Super LoiLoScope WebShortcut (x32 Version: 1.0.0)
The DJ - Blast Gray Skeleton (x32)
The DJ - No Text (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Vegas Movie Studio Platinum 9.0 (x32 Version: 9.0.92)
WeatherBug (x32 Version: 7.0.0.3)
WebEx (x32)
WebFilteringEngine (Version: 2.2.1.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Wise Disk Cleaner 7.86 (x32 Version: 7.86)
Wise PC Engineer 6.4.2 (x32)
Wise Registry Cleaner 7.82 (x32 Version: 7.82)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (x32)
Yahoo! Messenger (x32)

==================== Restore Points =========================

14-10-2013 22:41:33 Create by Wise Registry Cleaner
15-10-2013 02:26:55 AA11
15-10-2013 10:03:45 AA11
18-10-2013 21:38:25 AA11
19-10-2013 00:35:00 Windows Update
23-10-2013 01:37:22 Removed Java™ 6 Update 31
24-10-2013 00:08:46 AA11
24-10-2013 00:13:27 AA11
24-10-2013 00:30:13 AA11

==================== Hosts content: ==========================

2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A907119-8817-4935-B3C1-9A088258E14E} - System32\Tasks\{A0034ADE-FBFC-4FF9-AA5C-632DD6D5E7C3} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {1638D324-0F3C-410D-85D7-D2A3BEB9587E} - System32\Tasks\{EAC98F83-C9CE-446A-8BFE-AD294D5D8090} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01] (Yahoo! Inc.)
Task: {1B4B195D-3066-438E-8A9A-156C186A7036} - System32\Tasks\{BE7B4D33-5F16-4D79-BFF1-FB0A24D48C81} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01] (Yahoo! Inc.)
Task: {1E456A5B-40FF-4703-9104-3238BC4C17A3} - System32\Tasks\{96BA0F51-114C-4B6E-B7CF-2FFD1F6E3BB2} => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe [2011-03-08] (CyberLink Corp.)
Task: {2080A9E3-D559-404F-A79C-7DABE35D546F} - System32\Tasks\{B296A92D-E89B-48B4-92F1-C8DDAE55973A} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {2234249F-CA85-42E0-90E0-FB02CFD6049C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13] (Microsoft Corporation)
Task: {250B7440-D66D-4D15-8187-5831AB3DDD17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000UA => C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16] (Google Inc.)
Task: {287D447A-F148-466F-B1F3-1DAA125E88BD} - System32\Tasks\{DD576AFF-4936-467D-B499-8F64245E63FE} => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe [2011-03-08] (CyberLink Corp.)
Task: {2A101422-505A-459D-95EC-346E15324712} - System32\Tasks\{BE493664-03F1-4F38-9E18-4CBC5513CF18} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {2AEA8FD3-63D5-4B8E-A622-9DE49068BA29} - System32\Tasks\EVGA CD Installer => D:\autorun.exe
Task: {3146C9F0-F436-4733-8D85-33F751A88735} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {3308B4E2-E321-43E4-B46E-E65E5AF6C15D} - System32\Tasks\{86E8595E-16DF-47C0-AF2A-2D878C010FF1} => C:\Program Files (x86)\USB Electronic Scale\Scale.exe
Task: {351C6F5F-8FFB-4365-8064-08086A2ECAE1} - System32\Tasks\Paragon Archive name arc_061209035843580 => C:\Program Files (x86)\Paragon Software\Drive Backup 9 Personal\program\scripts.exe
Task: {356FE496-5754-49A8-BE9F-4F1108AF0F14} - System32\Tasks\{887B7F87-556C-4D90-B533-049E3998C313} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {357CC6FA-51B3-4E6A-9813-A8317F72A179} - System32\Tasks\{5FF1D728-9EA4-4199-AE61-6F5B89775954} => Chrome.exe
Task: {3883F825-B821-49AB-92D5-AC5FEAB28146} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {4824C70E-E9BF-4157-85FA-20B096DADF6B} - System32\Tasks\{0EAAF081-5DEC-4A4E-84CE-7C8A884F95AA} => C:\Program Files (x86)\Paragon Software\Hard Disk Manager 2010 Suite\program\launcher.exe [2010-01-29] (Paragon Software Group)
Task: {49D75FDA-6248-4289-AC34-6B9378C4AB89} - System32\Tasks\{1C8BA1D6-ABAF-4A9F-A7A3-E83C191B97A1} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {4A337668-EB21-46CB-9848-DE0CA0335B79} - System32\Tasks\{65685DA9-BB2A-4BAC-A4D2-F36D626C08FC} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {56F59203-A4B9-4312-8239-10E3CB1EEE9F} - System32\Tasks\{6DB269B7-C4C8-4FC6-9B47-2B786A0CBAA2} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {58CA4A3F-E659-4FA9-B650-7225670317C5} - System32\Tasks\{BC7E7D5E-9CA5-43A6-8262-CC6412CA253C} => C:\Program Files (x86)\CyberLink\Hi-Def Suite\PowerStarter.exe [2007-01-19] (CyberLink)
Task: {59D95F0B-9A61-4B18-BAF1-EC6E85C22C35} - System32\Tasks\{F1D6D017-AC24-4F39-9A20-2C02AAFFD884} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {61D9C0E1-A4C1-4F81-9C37-A40D6476B928} - System32\Tasks\{C49406F2-EAA9-464C-A079-3E080E6AE176} => C:\Program Files (x86)\Paragon Software\Hard Disk Manager 2010 Suite\program\launcher.exe [2010-01-29] (Paragon Software Group)
Task: {6D59B736-3611-4DF4-BB9D-6C33E38D59C4} - System32\Tasks\{E4804C49-9422-4EB3-9547-5DE4C0EF1E16} => Chrome.exe
Task: {714EE66B-F97C-4647-B742-8A4F7144FC8A} - System32\Tasks\{3A224C4A-A2E6-471C-A9DD-2C4132EE9105} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01] (Yahoo! Inc.)
Task: {71570416-59D6-435E-BD58-58FE52C93087} - System32\Tasks\{83A71450-8132-4E39-9C95-8F3E3F561D27} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {71E6E82C-8A01-4F83-A0F9-48AF8867812C} - System32\Tasks\Amazon Music Helper => C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-09-10] ()
Task: {72EB97AB-4838-458E-9655-F5D000DB319C} - System32\Tasks\{40A08FC9-0320-44B3-87FA-2B93BC1E97CE} => C:\Program Files (x86)\USB Electronic Scale\Scale.exe
Task: {756A0B0D-31C7-41ED-9610-A5F670383737} - System32\Tasks\{86D3DE2B-D165-41A0-A12A-5AA176683003} => C:\Program Files (x86)\USB Electronic Scale\Scale.exe
Task: {7621D7D4-C442-41B7-8972-3114A8FEEEC8} - System32\Tasks\Norton Security Scan for poweruser => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: {78A290BE-19BA-415D-B12E-809198AB2236} - System32\Tasks\{09A13C38-B894-45EF-9C41-C701779D56DC} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {89A63890-2BA1-4275-B054-C5EDDBB6014B} - System32\Tasks\{19F47212-DBF7-4E2D-B812-4B3684C2F847} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {A15DB36D-8BA8-49B6-B7B9-78F84443592E} - System32\Tasks\{AE3DAA70-88E9-4A25-8372-67C5FD2B3557} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01] (Yahoo! Inc.)
Task: {A3D0E1DD-3C3A-46DB-BC4D-5D634B6E9307} - System32\Tasks\Paragon Archive name arc_061209232030795 => C:\Program Files (x86)\Paragon Software\Drive Backup 9 Personal\program\scripts.exe
Task: {A73E8DD0-215E-4B7C-8293-4F1F776E91E5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {A74A617E-71B8-4D2E-92DA-B9ACAC9179BF} - System32\Tasks\{4528ECFD-3ABD-4EB9-848B-72347815321D} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {A8234B98-AC80-4F97-A9D4-2C042BBC916C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1348130409-711279873-4225038138-1000 => C:\Program Files (x86)\real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A9D4792D-DD7F-430A-B935-C6F7AF828710} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - poweruser => C:\Program Files\Windows Calendar\WinCal.exe
Task: {B207C455-22F2-415A-B70C-D5FAC3FC3599} - System32\Tasks\{FFC2172D-57C5-4E20-8C67-F159076EA48D} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {B5DCD6DB-8593-46A7-A8D0-B7C486757503} - System32\Tasks\{A0EA3226-3792-4AFA-B73D-0A01483EEC0F} => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe [2011-03-08] (CyberLink Corp.)
Task: {BEF738F9-7F69-47A3-8A1E-2D6E7F51F33F} - System32\Tasks\{4E0E9A6F-7FFC-4BEE-AD12-641C47A13CA8} => C:\Program Files (x86)\USB Electronic Scale\Scale.exe
Task: {C15F8E8F-C064-4FEB-AF1A-4C3ACC1A2649} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {C87C4616-E1F5-4EF5-BC43-60840068AC91} - System32\Tasks\{E8617951-6851-43B3-A378-A684EE6CC1D8} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {CCCB2363-A149-40B0-8B4C-4B3CE1C62C60} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {D7C8EE5F-F368-45E8-8636-D68EE91C2FA8} - System32\Tasks\{10DDCE76-5735-46D4-9BD5-AAE6C515CD6B} => C:\Program Files (x86)\CyberLink\Hi-Def Suite\PowerStarter.exe [2007-01-19] (CyberLink)
Task: {DE1B0F41-5C18-469F-ADC3-46004B61786A} - System32\Tasks\{EB4C7741-4775-4537-B940-F7F6ED10DB64} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01] (Yahoo! Inc.)
Task: {E10BA8F7-DCA7-4AEA-9FDE-7BA993528137} - System32\Tasks\{F396C82C-7ACD-4F45-A58B-D5E6F4FB850B} => C:\Program Files (x86)\USB Electronic Scale\Scale.exe
Task: {E3274991-77C8-4DF4-BBFA-4FDE30FD7627} - System32\Tasks\{DD369100-7476-4F17-8E34-A3CA7693EB49} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {E3A509DF-C70F-4FB5-A119-CD7DD2910EF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7346330-CA05-4719-A5E7-911E5CB75F42} - System32\Tasks\{99A3E02A-518D-446A-A3FC-53902B698136} => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe [2011-03-08] (CyberLink Corp.)
Task: {EB9118A8-9981-4FE0-9B50-7F3BC5C18F29} - System32\Tasks\{139C1E70-62E3-474F-AB2E-3918D541199F} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {EBDA5B87-702A-42C4-8609-B775BF4B083E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1348130409-711279873-4225038138-1000 => C:\Program Files (x86)\real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F1882718-CC6B-461C-9815-CB9825DA9254} - System32\Tasks\{A7B153DE-48B6-4DDE-85F7-6FFD919A3505} => C:\Users\poweruser\Desktop\RealTempBeta\RealTemp.exe
Task: {F4DBAB7F-70E3-4F8F-B0AE-E188D9EFA449} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe
Task: {F4E34227-831B-4545-A966-6A594A158765} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000Core => C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16] (Google Inc.)
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000Core.job => C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000UA.job => C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for poweruser.job => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_061209035843580.job => C:\Program Files (x86)\Paragon Software\Drive Backup 9 Personal\program\scripts.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_061209232030795.job => C:\Program Files (x86)\Paragon Software\Drive Backup 9 Personal\program\scripts.exe

==================== Loaded Modules (whitelisted) =============

2013-10-18 18:02 - 2013-10-18 18:02 - 00573296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareShellExtension.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 02747720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\RCF.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\pugixml.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00123264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_filesystem-vc100-mt-1_53.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00023928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_system-vc100-mt-1_53.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00055168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_date_time-vc100-mt-1_53.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00102264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_thread-vc100-mt-1_53.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00499576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_locale-vc100-mt-1_53.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00267616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\HtmlFramework.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00276816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Logger.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00064856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\DllStorage.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00643440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTrayDefaultSkin.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00140120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Localization.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\SQLite.dll
2012-03-14 20:48 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00784760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_regex-vc100-mt-1_53.dll
2013-10-18 18:02 - 2013-10-18 18:02 - 00450952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_program_options-vc100-mt-1_53.dll
2013-10-18 18:01 - 2013-10-18 18:01 - 07401848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareDesktopDefaultSkin.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00125440 _____ () C:\Program Files (x86)\HFM.NET\AutoMapper.dll
2012-06-10 01:14 - 2012-06-10 01:14 - 00159232 _____ () C:\Program Files (x86)\HFM.NET\protobuf-net.dll
2011-12-20 17:09 - 2010-09-20 13:52 - 00094208 ____N () C:\Program Files\EVGA\IccLibDll_x64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-27 13:17 - 2005-08-24 11:47 - 00045056 _____ () C:\Program Files (x86)\Belkin Bulldog Plus\HIDDelta.dll
2013-06-06 19:32 - 2009-05-11 18:01 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\VmixP8.dll
2011-05-31 15:45 - 2011-05-31 15:45 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-18 14:36 - 2013-10-08 17:01 - 00698832 _____ () C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 14:36 - 2013-10-08 17:01 - 00099792 _____ () C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 14:36 - 2013-10-08 17:02 - 04055504 _____ () C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 14:36 - 2013-10-08 17:02 - 00415184 _____ () C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 14:36 - 2013-10-08 17:01 - 01604560 _____ () C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-18 14:36 - 2013-10-08 17:02 - 13584336 _____ () C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2007-03-21 20:53 - 2007-03-21 20:53 - 00049152 _____ () C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\QuickTimeGlue.dll
2007-03-21 20:52 - 2007-03-21 20:52 - 00393216 _____ () C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\AdobeXMP.dll
2011-02-15 04:20 - 2011-02-15 04:20 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2011-02-15 04:19 - 2011-02-15 04:19 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2011-02-15 04:19 - 2011-02-15 04:19 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2011-02-15 04:19 - 2011-02-15 04:19 - 00147456 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2011-02-15 04:20 - 2011-02-15 04:20 - 00278528 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2010-07-26 21:37 - 2010-07-26 21:37 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2010-11-25 03:34 - 2010-11-11 01:00 - 00273528 _____ () C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida_icons7.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2013 02:07:17 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 30.0.1599.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 528

Start Time: 01ced0548e320bbb

Termination Time: 14

Application Path: C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: e1041573-4014-11e3-bc0e-001fbc0db420

Error: (10/27/2013 02:31:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: YahooMessenger.exe, version: 10.0.0.1270, time stamp: 0x4c053ffe
Faulting module name: YahooMessenger.exe, version: 10.0.0.1270, time stamp: 0x4c053ffe
Exception code: 0xc0000005
Fault offset: 0x000ecc36
Faulting process id: 0x14a8
Faulting application start time: 0xYahooMessenger.exe0
Faulting application path: YahooMessenger.exe1
Faulting module path: YahooMessenger.exe2
Report Id: YahooMessenger.exe3

Error: (10/23/2013 05:35:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 05:30:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1348130409-711279873-4225038138-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {d7afe813-6de1-431d-a9f6-4a18e10138d6}

Error: (10/23/2013 05:28:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 05:13:27 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1348130409-711279873-4225038138-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1e46f389-ea6f-442d-b4da-a192de0cfe98}

Error: (10/23/2013 05:13:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 05:08:46 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1348130409-711279873-4225038138-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a4fdf48a-4a97-4a69-8d20-dc7276986360}

Error: (10/23/2013 04:34:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 03:45:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/01/2013 02:40:55 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (11/01/2013 02:40:55 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/01/2013 02:40:54 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (11/01/2013 02:40:53 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (11/01/2013 02:40:52 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (11/01/2013 02:40:52 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (11/01/2013 02:40:22 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (10/23/2013 05:36:57 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service terminated with the following error:
%%-2147023728

Error: (10/23/2013 05:34:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bdfwfpf
UimBus
Uim_IM

Error: (10/23/2013 05:34:31 PM) (Source: Service Control Manager) (User: )
Description: The Creative Audio Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-18 17:48:11.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\srv2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:12:30.022
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:12:29.772
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:12:28.134
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\pacer.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:12:28.041
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\pacer.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:05:49.416
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:05:49.303
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:03:19.237
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:03:19.141
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:03:15.459
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\ntdll.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 24567.18 MB
Available physical RAM: 15451.33 MB
Total Pagefile: 25589.36 MB
Available Pagefile: 15373 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.64 GB) (Free:1308.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (3TB RAID 5) (Fixed) (Total:2793.84 GB) (Free:2285.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 8058B548)
Partition 1: (Active) - (Size=-199023951360) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================

********************** ********************** **********************

Farbar FRST cont...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by poweruser (administrator) on DCSPC on 02-11-2013 16:06:15
Running from C:\Users\poweruser\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\AirPrint\Airprint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe
(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Service.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities\memdefrag.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
() C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(LogMeIn, Inc.) C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareDesktop.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
() C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrvGUI.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\mspaint.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(harlam357) C:\Program Files (x86)\HFM.NET\HFM.exe
(EVGA) C:\Program Files\EVGA\ELeetTune.exe
(techPowerUp (www.techpowerup.com)) C:\Program Files (x86)\GPUZ-7.2 ROG\GPU-Z_ASUS_ROG_0.7.2 (2).exe
(techPowerUp (www.techpowerup.com)) C:\Program Files (x86)\GPUZ-7.2 ROG\GPU-Z_ASUS_ROG_0.7.2 (2).exe
() C:\Users\poweruser\FAH2\FAH6-2.exe
() C:\Users\poweruser\FAHGPU1\FAHGPU-1a.exe
() C:\Users\poweruser\FAHGPU2\FAHGPU-2a.exe
(uWebb Software) C:\Program Files\RealTemp_360\RealTempGT.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\update\realsched.exe
() C:\Users\poweruser\FAHGPU2\FahCore_15.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\poweruser\FAH2\FahCore_a3.exe
(Google Inc.) C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\poweruser\FAHGPU1\FahCore_15.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2493272 2013-10-18] ()
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKCU\...\Run: [Glary Memory Optimizer] - C:\Program Files (x86)\Glary Utilities\memdefrag.exe [109856 2013-05-27] (Glarysoft Ltd)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\poweruser\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [Google Update] - C:\Users\poweruser\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-16] (Google Inc.)
HKCU\...\Run: [74E132D9EFD53FD074E15FF7329D05A32A4F6B98._service_run] - C:\Users\poweruser\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.)
HKCU\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\real\realplayer\Update\realsched.exe [295512 2013-10-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ErrorTeck] - C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe [5365032 2012-05-08] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x692983763B7CCD01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default
FF Homepage: hxxp://sites.google.com/a/rexrzer.org/makeusimages-inc-/
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\poweruser\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: AutoPager - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\Extensions\autopager@mozilla.org
FF Extension: Xmarks - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\Extensions\foxmarks@kei.com
FF Extension: Java Console - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\Extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF Extension: Adblock Plus - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: FoxClocks - C:\Users\poweruser\AppData\Roaming\Mozilla\Firefox\Profiles\31atsksd.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome:
=======
CHR HomePage: https://sites.google.com/a/rexrzer.org/www/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://isearch.glarysoft.com/?src=gchome", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-14&ent=hp&u=C45B3D354479F9F449E4F9525CA94E2D"
CHR Plugin: (Shockwave Flash) - C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (RuneScape) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj\1.1_0
CHR Extension: (PriceBlink) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\4.0.2_0
CHR Extension: (Lucidchart: Diagrams Online) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\18_0
CHR Extension: (Google Drive) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Isle of Tune) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljldflafhmbedhjnlncilbhfcnfabgb\1_0
CHR Extension: (YouTube) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Adblock Plus) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Webpage Screenshot Capture) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.3_0
CHR Extension: (Google Search) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\1.9.0_0
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.7_0
CHR Extension: (Catch Notes) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fieajhimfieckbmgnfknmaippebhhcff\2.9_0
CHR Extension: (Zoho Show) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiicmodaknllfjlmeempmdcnoljgbpmi\1.3_0
CHR Extension: (Digital Clock) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0
CHR Extension: (Cool Clock) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\3.0.1.2_0
CHR Extension: (RealDownloader) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Sync SugarSync, Evernote, and Google Drive) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifanaabofjmgladnlbckonoiohpmchik\1.2.4.2_0
CHR Extension: (Forecastfox) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0
CHR Extension: (World Clocks) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\innfmeekncjandlanpgdmmogkcimekgo\0.5_0
CHR Extension: ( "name": "Office Apps") - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\2.1_0
CHR Extension: (Lord of Ultima) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0
CHR Extension: (Zoho Writer) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeidloagadfcohacebhbkkapgpiddj\1.3.1_0
CHR Extension: (Zoho Sheet) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj\1.2_0
CHR Extension: (Skyrama) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.3_0
CHR Extension: (Lady Popular) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnamdlacgipmoldlhfgjficjiclhgibm\1.0.13_0
CHR Extension: (Green Farm) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgdenhobifcbckaiohandoodkepleif\2.1.7.8_0
CHR Extension: (Evernote Web) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0
CHR Extension: (AutoPager Browser Button) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\linphiaenodcpmlbcehmekmeddiaijej\0.6.0.4_0
CHR Extension: (Sketchpad) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.4_0
CHR Extension: (Google Dictionary (by Google)) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0
CHR Extension: (Forecastfox Lite) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\miooijfbinpacpdpfpgpjigoajajelpo\22_0
CHR Extension: (AutoPager Chrome) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.8.0.4_0
CHR Extension: (Google Play Books) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0
CHR Extension: (Zoho Docs) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflhfcjfjkohgcgpldeffhlgeooejomn\1.2_0
CHR Extension: (Frontline Defense 2 HD) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim\1.0.1_0
CHR Extension: (\u67E5\u5929\u6C23) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmegebjlpdpefljmgpnbfijpnkleoaom\2.0.5_0
CHR Extension: (Google Wallet) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Wikipedia) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppoolodhhegplknmponojkkciobooel\1.0.1_0
CHR Extension: (iTunes Detection Fix) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiicnmbncoojcbagibfnpffcldmgkni\1.0.1_0
CHR Extension: (Lavasoft NewTab) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Evernote Web Clipper) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0
CHR Extension: (Gmail) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Huddle) - C:\Users\POWERU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldhdhcgnhglldbjpiommgaakggllfpf\1.0.2_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 AirPrint; C:\AirPrint\Airprint.exe [234784 2010-11-30] (Apple Inc.)
R2 ArcHttpProxyServer; C:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe [356352 2008-12-26] ()
R2 atashost; C:\Windows\SysWOW64\atashost.exe [43912 2010-06-22] (WebEx Communications, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [137488 2012-12-17] (Futuremark Corporation)
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [517344 2013-10-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 UPSentry_Smart; C:\Program Files (x86)\Belkin Bulldog Plus\UPS-Service.exe [286720 2006-11-15] ()
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [27296 2010-11-11] ()
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [49744 2010-08-20] (Paragon Software Group)
R0 arcm_a64; C:\Windows\System32\DRIVERS\arcm_a64.sys [40984 2008-08-19] (ARECA Technology Corporation)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [119888 2013-07-17] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [369912 2007-06-04] (CyberLink Corporation.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2013-09-17] (C-Media Inc)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\SysWow64\DRIVERS\ENTECH64.sys [12744 2007-09-07] (EnTech Taiwan)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [52304 2010-08-20] (Paragon Software Group)
R3 GPU-Z; C:\Users\POWERU~1\AppData\Local\Temp\GPU-Z.sys [27008 2013-11-01] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [189520 2010-08-20] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [14416 2010-08-20] (Paragon Software Group)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-01-29] (Paragon Software Group)
R1 JSWPSLWF; C:\Windows\SysWow64\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [37968 2010-08-20] (Paragon Software Group)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [63696 2010-11-13] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [48144 2010-01-29] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [158736 2010-01-29] (Paragon)
R3 WinRing0_1_2_0; C:\Program Files\RealTemp_360\WinRing0x64.sys [14544 2011-04-18] (OpenLibSys.org)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2011-09-22] (CyberLink Corp.)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-01] (CyberLink Corp.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-02 16:05 - 2013-11-02 16:05 - 01957098 _____ (Farbar) C:\Users\poweruser\Desktop\FRST64.exe
2013-11-02 16:05 - 2013-11-02 16:05 - 00000000 ____D C:\FRST
2013-11-02 15:59 - 2013-11-02 15:59 - 00891184 _____ C:\Users\poweruser\Desktop\SecurityCheck.exe
2013-11-01 02:38 - 2013-11-01 02:38 - 00001322 _____ C:\Users\poweruser\Desktop\RealTempGT - Shortcut.lnk
2013-10-29 16:52 - 2013-10-15 02:55 - 01724552 _____ C:\Users\Public\Documents\Adaware_Installer (2).exe
2013-10-29 16:51 - 2013-10-15 02:55 - 01724552 _____ C:\Users\Public\Documents\Adaware_Installer.exe
2013-10-29 02:48 - 2013-10-29 02:48 - 00004303 _____ C:\Users\poweruser\Desktop\attach.zip
2013-10-29 01:42 - 2013-10-29 01:42 - 00012801 _____ C:\Users\poweruser\Desktop\attach.txt
2013-10-24 00:43 - 2013-10-24 00:43 - 00004304 _____ C:\Users\poweruser\Desktop\attachzip.zip
2013-10-23 23:38 - 2013-10-29 01:42 - 00028074 _____ C:\Users\poweruser\Desktop\dds.txt
2013-10-23 23:38 - 2013-10-23 23:38 - 00012799 _____ C:\Users\poweruser\Desktop\attach.txt.txt
2013-10-23 23:29 - 2013-10-23 23:29 - 00688992 ____R (Swearware) C:\Users\poweruser\Desktop\dds.app.com
2013-10-23 17:50 - 2013-10-23 17:52 - 00000000 ____D C:\Users\poweruser\Desktop\lavasoft
2013-10-23 17:32 - 2013-08-21 15:32 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 00156936 _____ C:\Windows\system32\bdfwcore.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2013-10-23 17:32 - 2013-07-17 18:09 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Lavasoft
2013-10-23 17:15 - 2013-10-23 17:15 - 00001287 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-23 17:14 - 2013-10-23 17:14 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-23 16:59 - 2013-10-23 16:59 - 00000000 ____D C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet
2013-10-23 16:33 - 2013-10-23 16:33 - 00000000 ____D C:\Users\poweruser\AppData\Local\adawarebp
2013-10-23 14:02 - 2013-10-23 14:03 - 00000000 ____D C:\Users\poweruser\Desktop\ESET_SCAN
2013-10-23 00:50 - 2013-10-23 00:50 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-23 00:49 - 2013-10-23 00:49 - 02347384 _____ (ESET) C:\Users\poweruser\Desktop\esetsmartinstaller_enu.exe
2013-10-23 00:38 - 2013-10-23 00:38 - 01033335 _____ (Thisisu) C:\Users\poweruser\Desktop\JRT (1).exe
2013-10-23 00:35 - 2013-10-23 00:35 - 00002579 _____ C:\Users\poweruser\Desktop\JRT.txt
2013-10-23 00:31 - 2013-10-23 00:31 - 00000000 ____D C:\Windows\ERUNT
2013-10-23 00:30 - 2013-10-23 00:30 - 01033335 _____ (Thisisu) C:\Users\poweruser\Desktop\JRT.exe
2013-10-22 23:49 - 2013-10-22 23:56 - 00000000 ____D C:\AdwCleaner
2013-10-22 23:48 - 2013-10-22 23:48 - 01060070 _____ C:\Users\poweruser\Desktop\AdwCleaner.exe
2013-10-22 18:00 - 2013-10-22 18:00 - 00000000 ____D C:\Users\poweruser\TDSSKiller.app
2013-10-22 17:59 - 2013-10-22 17:59 - 04101145 _____ C:\Users\poweruser\Desktop\tdsskiller.zip
2013-10-22 17:27 - 2013-10-22 17:27 - 00033126 _____ C:\Users\poweruser\Desktop\Result.txt
2013-10-22 17:23 - 2013-10-22 17:23 - 00760937 _____ (Farbar) C:\Users\poweruser\Desktop\MiniToolBox.exe
2013-10-20 03:44 - 2013-10-20 03:44 - 00002992 _____ C:\Windows\System32\Tasks\{10DDCE76-5735-46D4-9BD5-AAE6C515CD6B}
2013-10-20 03:29 - 2013-10-20 03:29 - 00002992 _____ C:\Windows\System32\Tasks\{BC7E7D5E-9CA5-43A6-8262-CC6412CA253C}
2013-10-19 23:19 - 2013-10-19 23:19 - 00291160 _____ C:\Windows\Minidump\101913-23665-01.dmp
2013-10-19 19:13 - 2013-10-19 19:02 - 03145728 _____ C:\Users\poweruser\Desktop\msert.exe
2013-10-19 18:20 - 2013-10-19 18:20 - 00290800 _____ C:\Windows\Minidump\101913-27362-01.dmp
2013-10-19 18:15 - 2013-10-19 18:15 - 00291080 _____ C:\Windows\Minidump\101913-22682-01.dmp
2013-10-19 13:14 - 2013-10-30 17:35 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1348130409-711279873-4225038138-1000
2013-10-19 13:14 - 2013-10-30 17:35 - 00003216 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1348130409-711279873-4225038138-1000
2013-10-19 13:14 - 2013-10-19 13:14 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-19 13:14 - 2013-10-19 13:14 - 00001042 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\RealNetworks
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\Program Files (x86)\real
2013-10-19 05:40 - 2013-10-19 05:40 - 00526128 _____ C:\Windows\Minidump\101913-19687-01.dmp
2013-10-18 18:27 - 2013-10-18 18:27 - 00000000 _____ C:\Windows\Minidump\101813-23212-01.dmp
2013-10-18 17:46 - 2013-10-18 17:47 - 00291112 _____ C:\Windows\Minidump\101813-19624-01.dmp
2013-10-18 17:22 - 2013-10-18 00:04 - 00001292 _____ C:\Users\poweruser\Documents\talla stevens.contact
2013-10-15 05:38 - 2013-10-15 05:38 - 00291136 _____ C:\Windows\Minidump\101513-36956-01.dmp
2013-10-15 03:36 - 2013-10-15 03:36 - 00001930 _____ C:\Users\poweruser\Documents\HFM-10-15-2013-1AA.hfmx
2013-10-15 03:05 - 2013-10-15 03:05 - 00000000 ____D C:\ProgramData\BitDefender
2013-10-14 20:22 - 2013-10-14 17:30 - 01724552 _____ C:\Users\poweruser\Documents\Adaware_Installer.exe
2013-10-14 19:51 - 2013-10-29 15:00 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\LavasoftStatistics
2013-10-14 19:33 - 2013-10-14 19:33 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-14 19:32 - 2013-10-14 19:32 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\SecureSearch
2013-10-14 19:32 - 2013-10-14 19:32 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-10-14 19:32 - 2013-10-14 19:32 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-10-14 19:26 - 2013-10-14 19:26 - 00000000 ____D C:\ProgramData\Lavasoft
2013-10-14 18:01 - 2013-10-14 18:01 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Malwarebytes
2013-10-14 18:01 - 2013-10-14 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 17:55 - 2013-10-14 17:55 - 00024808 _____ C:\Users\poweruser\Desktop\HitmanPro_20131014_1754.log
2013-10-14 17:47 - 2013-10-14 17:55 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-14 17:29 - 2013-10-14 17:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\poweruser\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-14 17:27 - 2013-10-14 17:28 - 10201544 _____ (SurfRight B.V.) C:\Users\poweruser\Desktop\hitmanpro_x64.exe
2013-10-14 15:30 - 2013-10-14 15:30 - 00291176 _____ C:\Windows\Minidump\101413-20404-01.dmp
2013-10-13 17:44 - 2013-10-13 17:44 - 13813944 _____ (Microsoft Corporation) C:\Users\poweruser\Desktop\mseinstall.exe
2013-10-13 01:30 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-13 01:30 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-13 01:30 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-13 01:30 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-13 01:30 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-13 01:30 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-13 01:30 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-13 01:30 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-13 01:30 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-13 01:30 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-13 01:30 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-13 01:30 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-13 01:14 - 2013-10-13 01:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-13 01:05 - 2013-09-12 00:25 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-13 01:02 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-13 01:02 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-13 01:02 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-13 01:02 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-13 01:02 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-13 01:02 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-13 01:02 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-13 01:02 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-13 01:02 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-13 01:02 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-13 01:02 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-13 01:02 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-13 01:02 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-13 01:02 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-13 01:02 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-13 01:02 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-13 01:02 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-13 01:02 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-13 01:02 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-13 01:02 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-13 01:02 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-13 01:02 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-13 01:02 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-13 01:02 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-13 01:02 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-13 01:02 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-13 01:02 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-13 01:02 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-13 01:02 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-13 01:02 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-13 01:02 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-13 01:02 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-13 01:02 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-13 01:02 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-10-13 01:02 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-10-13 01:02 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-13 01:02 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-13 01:02 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-10-13 01:02 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-10-13 01:02 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-13 01:02 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-13 01:02 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-13 01:02 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-10-13 01:02 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-10-13 01:02 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-10-13 01:02 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-10-13 01:02 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-10-13 01:02 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-10-13 01:02 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-10-13 01:02 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-10-13 01:02 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-10-13 01:02 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-10-13 01:02 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-13 01:02 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-13 01:02 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-13 01:02 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-13 01:02 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-13 01:02 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-13 01:02 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-13 01:02 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-13 01:02 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-13 01:02 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-13 01:02 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-13 01:02 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-10-13 01:02 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-13 01:02 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-13 01:02 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-13 01:02 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-13 01:02 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-13 01:02 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-13 01:02 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-13 01:02 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-13 01:02 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-13 01:02 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-13 01:00 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-07 19:08 - 2013-10-07 19:08 - 00002505 _____ C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\poweruser\Documents\Amazon MP3
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-07 19:07 - 2013-10-07 19:07 - 02399472 _____ C:\Users\poweruser\Desktop\AmazonMP3DownloaderInstall._V383688046_.exe

==================== One Month Modified Files and Folders =======

2013-11-02 16:05 - 2013-11-02 16:05 - 01957098 _____ (Farbar) C:\Users\poweruser\Desktop\FRST64.exe
2013-11-02 16:05 - 2013-11-02 16:05 - 00000000 ____D C:\FRST
2013-11-02 15:59 - 2013-11-02 15:59 - 00891184 _____ C:\Users\poweruser\Desktop\SecurityCheck.exe
2013-11-02 15:45 - 2009-11-19 02:16 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{670F3809-EDDA-4584-A926-7739642C504F}
2013-11-02 15:34 - 2009-06-29 22:15 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000UA.job
2013-11-02 14:37 - 2010-12-20 04:09 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\HFM
2013-11-02 10:34 - 2009-06-29 22:15 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000Core.job
2013-11-02 03:25 - 2010-02-05 04:20 - 00000302 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2013-11-01 20:51 - 2010-05-09 00:30 - 00000506 ____H C:\Windows\Tasks\Norton Security Scan for poweruser.job
2013-11-01 17:55 - 2009-11-18 18:50 - 01985012 _____ C:\Windows\WindowsUpdate.log
2013-11-01 02:38 - 2013-11-01 02:38 - 00001322 _____ C:\Users\poweruser\Desktop\RealTempGT - Shortcut.lnk
2013-11-01 02:38 - 2011-04-18 06:08 - 00000000 ____D C:\Program Files\RealTemp_360
2013-11-01 02:37 - 2013-08-26 13:52 - 00000000 ____D C:\Users\poweruser\FAHGPU2
2013-11-01 02:37 - 2013-07-21 22:58 - 00000000 ____D C:\Users\poweruser\FAHGPU1
2013-11-01 02:36 - 2010-11-27 16:07 - 00000000 ____D C:\Users\poweruser\FAH2
2013-10-30 17:35 - 2013-10-19 13:14 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1348130409-711279873-4225038138-1000
2013-10-30 17:35 - 2013-10-19 13:14 - 00003216 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1348130409-711279873-4225038138-1000
2013-10-30 03:08 - 2012-03-27 02:51 - 00565248 ___SH C:\Users\poweruser\Desktop\Thumbs.db
2013-10-29 15:00 - 2013-10-14 19:51 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\LavasoftStatistics
2013-10-29 02:48 - 2013-10-29 02:48 - 00004303 _____ C:\Users\poweruser\Desktop\attach.zip
2013-10-29 01:42 - 2013-10-29 01:42 - 00012801 _____ C:\Users\poweruser\Desktop\attach.txt
2013-10-29 01:42 - 2013-10-23 23:38 - 00028074 _____ C:\Users\poweruser\Desktop\dds.txt
2013-10-24 00:43 - 2013-10-24 00:43 - 00004304 _____ C:\Users\poweruser\Desktop\attachzip.zip
2013-10-23 23:38 - 2013-10-23 23:38 - 00012799 _____ C:\Users\poweruser\Desktop\attach.txt.txt
2013-10-23 23:29 - 2013-10-23 23:29 - 00688992 ____R (Swearware) C:\Users\poweruser\Desktop\dds.app.com
2013-10-23 17:52 - 2013-10-23 17:50 - 00000000 ____D C:\Users\poweruser\Desktop\lavasoft
2013-10-23 17:42 - 2009-11-18 18:34 - 00010064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 17:42 - 2009-11-18 18:34 - 00010064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 17:39 - 2011-07-11 07:37 - 00404188 _____ C:\Windows\system32\prfh0404.dat
2013-10-23 17:39 - 2011-07-11 07:37 - 00387074 _____ C:\Windows\system32\prfh0804.dat
2013-10-23 17:39 - 2011-07-11 07:37 - 00120706 _____ C:\Windows\system32\prfc0804.dat
2013-10-23 17:39 - 2011-07-11 07:37 - 00116376 _____ C:\Windows\system32\prfc0404.dat
2013-10-23 17:39 - 2009-07-13 22:13 - 01799408 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 17:34 - 2013-06-10 22:19 - 00000332 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-10-23 17:34 - 2011-12-28 18:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-23 17:34 - 2010-08-06 21:10 - 34385279 _____ C:\Windows\setupact.log
2013-10-23 17:34 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Lavasoft
2013-10-23 17:15 - 2013-10-23 17:15 - 00001287 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-23 17:14 - 2013-10-23 17:14 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-23 16:59 - 2013-10-23 16:59 - 00000000 ____D C:\Users\poweruser\AppData\Local\LogMeIn Rescue Applet
2013-10-23 16:33 - 2013-10-23 16:33 - 00000000 ____D C:\Users\poweruser\AppData\Local\adawarebp
2013-10-23 14:03 - 2013-10-23 14:02 - 00000000 ____D C:\Users\poweruser\Desktop\ESET_SCAN
2013-10-23 00:50 - 2013-10-23 00:50 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-23 00:49 - 2013-10-23 00:49 - 02347384 _____ (ESET) C:\Users\poweruser\Desktop\esetsmartinstaller_enu.exe
2013-10-23 00:38 - 2013-10-23 00:38 - 01033335 _____ (Thisisu) C:\Users\poweruser\Desktop\JRT (1).exe
2013-10-23 00:35 - 2013-10-23 00:35 - 00002579 _____ C:\Users\poweruser\Desktop\JRT.txt
2013-10-23 00:31 - 2013-10-23 00:31 - 00000000 ____D C:\Windows\ERUNT
2013-10-23 00:30 - 2013-10-23 00:30 - 01033335 _____ (Thisisu) C:\Users\poweruser\Desktop\JRT.exe
2013-10-22 23:59 - 2009-07-13 21:45 - 02359648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 23:56 - 2013-10-22 23:49 - 00000000 ____D C:\AdwCleaner
2013-10-22 23:56 - 2009-05-24 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-22 23:48 - 2013-10-22 23:48 - 01060070 _____ C:\Users\poweruser\Desktop\AdwCleaner.exe
2013-10-22 18:00 - 2013-10-22 18:00 - 00000000 ____D C:\Users\poweruser\TDSSKiller.app
2013-10-22 17:59 - 2013-10-22 17:59 - 04101145 _____ C:\Users\poweruser\Desktop\tdsskiller.zip
2013-10-22 17:27 - 2013-10-22 17:27 - 00033126 _____ C:\Users\poweruser\Desktop\Result.txt
2013-10-22 17:23 - 2013-10-22 17:23 - 00760937 _____ (Farbar) C:\Users\poweruser\Desktop\MiniToolBox.exe
2013-10-22 03:11 - 2012-04-01 06:10 - 00038400 ___SH C:\Users\poweruser\Documents\Thumbs.db
2013-10-21 21:55 - 2009-11-18 21:06 - 00115600 _____ C:\Users\poweruser\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 15:17 - 2009-06-07 03:19 - 00000000 ____D C:\Users\poweruser\Desktop\Photoshop CS3 Current
2013-10-20 03:44 - 2013-10-20 03:44 - 00002992 _____ C:\Windows\System32\Tasks\{10DDCE76-5735-46D4-9BD5-AAE6C515CD6B}
2013-10-20 03:29 - 2013-10-20 03:29 - 00002992 _____ C:\Windows\System32\Tasks\{BC7E7D5E-9CA5-43A6-8262-CC6412CA253C}
2013-10-19 23:19 - 2013-10-19 23:19 - 00291160 _____ C:\Windows\Minidump\101913-23665-01.dmp
2013-10-19 23:19 - 2010-11-04 15:41 - 680339976 _____ C:\Windows\MEMORY.DMP
2013-10-19 23:19 - 2009-12-11 20:04 - 00000000 ____D C:\Windows\Minidump
2013-10-19 19:26 - 2009-11-18 18:54 - 00000000 __SHD C:\Recovery
2013-10-19 19:02 - 2013-10-19 19:13 - 03145728 _____ C:\Users\poweruser\Desktop\msert.exe
2013-10-19 18:20 - 2013-10-19 18:20 - 00290800 _____ C:\Windows\Minidump\101913-27362-01.dmp
2013-10-19 18:15 - 2013-10-19 18:15 - 00291080 _____ C:\Windows\Minidump\101913-22682-01.dmp
2013-10-19 17:50 - 2012-01-22 16:53 - 00302088 ____N C:\Windows\Minidump\101913-24351-01.dmp
2013-10-19 17:50 - 2010-08-08 15:07 - 00385440 _____ C:\Windows\PFRO.log
2013-10-19 13:15 - 2009-11-29 04:06 - 00000000 ____D C:\ProgramData\Real
2013-10-19 13:14 - 2013-10-19 13:14 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-19 13:14 - 2013-10-19 13:14 - 00001042 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\RealNetworks
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-19 13:14 - 2013-10-19 13:14 - 00000000 ____D C:\Program Files (x86)\real
2013-10-19 13:14 - 2009-11-29 04:06 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-19 13:14 - 2009-11-29 04:06 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-19 13:14 - 2009-11-29 04:06 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-19 13:14 - 2009-11-29 04:06 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Real
2013-10-19 13:14 - 2006-09-28 20:53 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-10-19 13:14 - 2006-09-28 20:53 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-10-19 05:40 - 2013-10-19 05:40 - 00526128 _____ C:\Windows\Minidump\101913-19687-01.dmp
2013-10-18 18:27 - 2013-10-18 18:27 - 00000000 _____ C:\Windows\Minidump\101813-23212-01.dmp
2013-10-18 17:50 - 2013-05-19 23:48 - 00000000 ____D C:\Users\UpdatusUser.DCsPC
2013-10-18 17:47 - 2013-10-18 17:46 - 00291112 _____ C:\Windows\Minidump\101813-19624-01.dmp
2013-10-18 14:49 - 2009-09-27 19:38 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Skype
2013-10-18 14:36 - 2009-06-16 01:43 - 00002381 _____ C:\Users\poweruser\Desktop\Google Chrome.lnk
2013-10-18 00:04 - 2013-10-18 17:22 - 00001292 _____ C:\Users\poweruser\Documents\talla stevens.contact
2013-10-15 14:02 - 2009-11-19 01:00 - 00000043 ___SH C:\ProgramData\.zreglib
2013-10-15 05:38 - 2013-10-15 05:38 - 00291136 _____ C:\Windows\Minidump\101513-36956-01.dmp
2013-10-15 03:36 - 2013-10-15 03:36 - 00001930 _____ C:\Users\poweruser\Documents\HFM-10-15-2013-1AA.hfmx
2013-10-15 03:05 - 2013-10-15 03:05 - 00000000 ____D C:\ProgramData\BitDefender
2013-10-15 02:55 - 2013-10-29 16:52 - 01724552 _____ C:\Users\Public\Documents\Adaware_Installer (2).exe
2013-10-15 02:55 - 2013-10-29 16:51 - 01724552 _____ C:\Users\Public\Documents\Adaware_Installer.exe
2013-10-14 20:27 - 2011-04-18 11:17 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-14 19:33 - 2013-10-14 19:33 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-14 19:32 - 2013-10-14 19:32 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\SecureSearch
2013-10-14 19:32 - 2013-10-14 19:32 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-10-14 19:32 - 2013-10-14 19:32 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-10-14 19:26 - 2013-10-14 19:26 - 00000000 ____D C:\ProgramData\Lavasoft
2013-10-14 18:01 - 2013-10-14 18:01 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Malwarebytes
2013-10-14 18:01 - 2013-10-14 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 17:55 - 2013-10-14 17:55 - 00024808 _____ C:\Users\poweruser\Desktop\HitmanPro_20131014_1754.log
2013-10-14 17:55 - 2013-10-14 17:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-14 17:30 - 2013-10-14 20:22 - 01724552 _____ C:\Users\poweruser\Documents\Adaware_Installer.exe
2013-10-14 17:29 - 2013-10-14 17:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\poweruser\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-14 17:28 - 2013-10-14 17:27 - 10201544 _____ (SurfRight B.V.) C:\Users\poweruser\Desktop\hitmanpro_x64.exe
2013-10-14 15:30 - 2013-10-14 15:30 - 00291176 _____ C:\Windows\Minidump\101413-20404-01.dmp
2013-10-14 00:01 - 2010-10-28 21:06 - 00000000 ____D C:\Users\poweruser\FAH
2013-10-13 20:57 - 2012-01-22 16:53 - 00302344 ____N C:\Windows\Minidump\101313-38657-01.dmp
2013-10-13 17:44 - 2013-10-13 17:44 - 13813944 _____ (Microsoft Corporation) C:\Users\poweruser\Desktop\mseinstall.exe
2013-10-13 04:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-13 01:58 - 2009-05-24 11:13 - 00000000 ___RD C:\Users\poweruser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-13 01:58 - 2009-05-24 11:13 - 00000000 ___RD C:\Users\poweruser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-13 01:41 - 2013-05-19 10:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 01:41 - 2013-05-19 10:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-13 01:37 - 2011-04-18 11:17 - 01811370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-13 01:31 - 2013-09-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 01:27 - 2013-09-09 17:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-10-13 01:18 - 2013-10-13 01:14 - 00000000 ____D C:\Windows\system32\MRT
2013-10-13 01:18 - 2006-11-02 05:34 - 00000240 _____ C:\Windows\win.ini
2013-10-13 01:05 - 2009-07-25 02:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-13 00:23 - 2012-01-22 16:53 - 00303624 ____N C:\Windows\Minidump\101313-39218-01.dmp
2013-10-11 10:29 - 2009-06-29 22:15 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000UA
2013-10-11 10:29 - 2009-06-29 22:15 - 00003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348130409-711279873-4225038138-1000Core
2013-10-10 17:37 - 2012-01-19 18:59 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Garmin
2013-10-10 17:37 - 2012-01-19 18:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-10-07 19:08 - 2013-10-07 19:08 - 00002505 _____ C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\poweruser\Documents\Amazon MP3
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\poweruser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-07 19:07 - 2013-10-07 19:07 - 02399472 _____ C:\Users\poweruser\Desktop\AmazonMP3DownloaderInstall._V383688046_.exe
2013-10-06 00:47 - 2012-01-22 16:53 - 00303624 ____N C:\Windows\Minidump\100613-23524-01.dmp
2013-10-03 15:06 - 2010-10-28 21:07 - 00000000 ____D C:\Users\poweruser\FAH3
2013-10-03 05:39 - 2012-01-22 16:53 - 00303624 ____N C:\Windows\Minidump\100313-26348-01.dmp

Some content of TEMP:
====================
C:\Users\poweruser\AppData\Local\Temp\19bfbc7e-2d31-4741-83b8-4f86b87a0edf.exe
C:\Users\poweruser\AppData\Local\Temp\48ff14ad-7654-4645-9bc8-2e16a8abbbd1.exe
C:\Users\poweruser\AppData\Local\Temp\4eb30a25-f065-4dc9-ae74-168cad090ea8.exe
C:\Users\poweruser\AppData\Local\Temp\6e8c884d-1fba-488f-98e3-fb52e79ae0a6.exe
C:\Users\poweruser\AppData\Local\Temp\7c9fd917-d8bf-46d4-a931-73925a7f657e.exe
C:\Users\poweruser\AppData\Local\Temp\a43beb76-7557-4b54-8698-4d1e8cd24aa0.exe
C:\Users\poweruser\AppData\Local\Temp\c5423106-9fec-4199-bab2-172dbd2b8b97.exe
C:\Users\poweruser\AppData\Local\Temp\f81f4c07-791b-42da-acee-1e97577218c9.exe
C:\Users\poweruser\AppData\Local\Temp\lowproc.exe
C:\Users\poweruser\AppData\Local\Temp\ose00000.exe
C:\Users\poweruser\AppData\Local\Temp\Quarantine.exe
C:\Users\poweruser\AppData\Local\Temp\stubhelper.dll
C:\Users\poweruser\AppData\Local\Temp\_is2010.exe
C:\Users\poweruser\AppData\Local\Temp\_is3CC4.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 00:28

==================== End Of Log ============================

There you go!

Thanks again for starting this thing off, and may God speed any future responses.

rexrzer727

#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 AM

Posted 03 November 2013 - 10:21 PM

Hello rexrzer, :)
 
Please perform the following:
 
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


Best Regards,
oneof4.


#8 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 04 November 2013 - 04:14 AM

Hi again, "oneof4"!

I successfully downloaded "FRST64.exe" and the helper file "fixlist.txt" without insidents, none whatsoever.

I hit "Fix" on the tool once, and waited approximately 25 seconds, and the lead-in to the file posted below appeared in Notepad format. BTW the tool did NOT ask for a restart, and I have running Folding@Home, and FAHGPU simultaneously (CPU folding and GPU folding at the same time, at 100$ CPU and GPU load), plus I have iTunes and other incidental programs open, but not ON at this time...the only active programs are Chrome 30.xx.xxx.x.x.xxxx. my monitoring tools for FAHome including TechPowerUP GPU-Z, v.0.7.2, AIDA 64, v. 1.20, MSI Afterburner (monitoring and overclocking tool for GPU's, (if you recall I have twin nVidia 560 Ti SuperClocked GPUs that run in OEM state, just a slight voltage adjustment but no overclocking on this particular PC), HFM.NET, v 0.9.1--which monitors actively all FAHome processes, allocates PPD and PPUnit, ETA, Core data & ID etc, tied directly to Extremeoverclocking.com's web site where the point totals for individuals and Teams are ranked, tallied, and achievement levels for users are kept, Real Temp v. 3.60., EVGA's latest iteration of ELEET Tuning/Monitoring program for CPU checks and overclocking also, Xonar Audio Center for the Essence PCI ST Audio Card, a digital sound mixer, tone generator, Sample Rates, Channels used, etc for the sound card's interface with a Logitech Z06 560W RMS computer 5-satellite+ 14" 200W Sub-Woofer Dolby 7.1 8-channel speaker system via optical Toslink connectors, plus PS3 Extended is open but not working a picture, Adobe Premiere sits idle in its SDHC Card...a normal desktop load for this PC basically at idle w/FAHome active and monitoring tools working.

Is this *wrong* to have all those functions operating, even if at idle mode, when doing these scans you are asking me to perform? If I need to close everything but the scan tools, and then, and only then scan the PC, I'll have to approach this differently than I have so far. But nobody has said a thing about open programs as yet, including yourself of course, so I've simply been running normal program loads even when doing scans with the various tools thus far. My thinking is that you want an active PC with candid scans to view rather than a non-active PC with just scan tools opened, am I correct? Please advise.

Here's the scan txt you asked me to copy and paste into my dialog with you thus far, as it seems to have done/run perfectly aok fine, but I could be wrong not knowing what, exactly we're heading toward with the various scans done thus far. Any advice on these and any other topics you see that I need to understand better are welcome and expected, so feedback at this point is something I'm expecting tho it hasn't happened yet.

Fixlog.txt follows below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by poweruser at 2013-11-04 00:25:31 Run:1
Running from C:\Users\poweruser\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
HKLM\...\Run: [] - [x]
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Plugin: (Shockwave Flash) - C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Update) - C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
C:\Users\poweruser\AppData\Local\Temp\19bfbc7e-2d31-4741-83b8-4f86b87a0edf.exe
C:\Users\poweruser\AppData\Local\Temp\48ff14ad-7654-4645-9bc8-2e16a8abbbd1.exe
C:\Users\poweruser\AppData\Local\Temp\4eb30a25-f065-4dc9-ae74-168cad090ea8.exe
C:\Users\poweruser\AppData\Local\Temp\6e8c884d-1fba-488f-98e3-fb52e79ae0a6.exe
C:\Users\poweruser\AppData\Local\Temp\7c9fd917-d8bf-46d4-a931-73925a7f657e.exe
C:\Users\poweruser\AppData\Local\Temp\a43beb76-7557-4b54-8698-4d1e8cd24aa0.exe
C:\Users\poweruser\AppData\Local\Temp\c5423106-9fec-4199-bab2-172dbd2b8b97.exe
C:\Users\poweruser\AppData\Local\Temp\f81f4c07-791b-42da-acee-1e97577218c9.exe
C:\Users\poweruser\AppData\Local\Temp\lowproc.exe
C:\Users\poweruser\AppData\Local\Temp\ose00000.exe
C:\Users\poweruser\AppData\Local\Temp\Quarantine.exe
C:\Users\poweruser\AppData\Local\Temp\stubhelper.dll
C:\Users\poweruser\AppData\Local\Temp\_is2010.exe
C:\Users\poweruser\AppData\Local\Temp\_is3CC4.exe

*****************

C:\ProgramData\CLDShowX.ini => ":Update.CL" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key deleted successfully.
HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\http\0x00000001 => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\http\oledb => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\https\0x00000001 => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\https\oledb => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\ipp\0x00000001 => Key not found.
HKCR\Wow6432Node\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\msdaipp\0x00000001 => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\msdaipp\oledb => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => Key deleted successfully.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\poweruser\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll not found.
C:\Users\poweruser\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll not found.
C:\Users\poweruser\AppData\Local\Temp\19bfbc7e-2d31-4741-83b8-4f86b87a0edf.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\48ff14ad-7654-4645-9bc8-2e16a8abbbd1.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\4eb30a25-f065-4dc9-ae74-168cad090ea8.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\6e8c884d-1fba-488f-98e3-fb52e79ae0a6.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\7c9fd917-d8bf-46d4-a931-73925a7f657e.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\a43beb76-7557-4b54-8698-4d1e8cd24aa0.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\c5423106-9fec-4199-bab2-172dbd2b8b97.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\f81f4c07-791b-42da-acee-1e97577218c9.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\_is2010.exe => Moved successfully.
C:\Users\poweruser\AppData\Local\Temp\_is3CC4.exe => Moved successfully.

==== End of Fixlog ====

Thanks for helping me rid this PC of the virus and anything else that you see a need to change/improve during the course of this discussion. I am open minded, able to assimilate vast quantities of info and data at the drop of a pin (formerly a news writer and editor in the legitimate Press for the and other media-related jobs). I do appreciate your efforts thus far, and hope that we can solve the mystery of the Win32/Small.CA" virus that inhabits my PC right now.

rexrzer727

Edited by rexrzer727, 04 November 2013 - 08:10 AM.


#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 AM

Posted 04 November 2013 - 07:58 PM

Please download and Run ComboFix. To do so, please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Best Regards,
oneof4.


#10 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 05 November 2013 - 08:19 AM

Please download and Run ComboFix. To do so, please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


MAJOR PROBLEMS! ComboFix will NOT install...each time I attempt to do the deed, including using pure Command Line as administrator, I get this message: "Not Admin" - and - "You need administrator privileges to use this program."

I AM the administrator on this PC, there is nobody else save for Update User, and some other quasi-users but nobody else uses this PC, I am the only and sole administrator on the PC, so I am stumped. I tried changing ownership and renaming the installer to no avail. I tried Command Line Administrator option, and it still says "Not Admin" - and - "You need administrator privileges to use this program."...over and over again. I tried jockeying around the permissions, including negating all Users except myself, nothing going down there either.

This reminds me of things this virus has the computer doing. Such as I cannot SAVE or SAVE AS any MS Office program, template, or note for that matter, as the response when attempting said saves goes something like this: "xxxx name is not registered", or "title not registered" and variations on that theme. Same for any file in Paint, Notepad, either run as User or Administrator or any combination of programs I can think of presently. This behavior all started post-virus attack, as the PC has never done any of this before the Win32/Small.CA virus was detected by Windows and nothing else caught it, all scans were negative and still are.

What to do? I wasted more than 3 hours tonight trying to figure out a way to get the installer to run as Administrator, to no avail. I've done everything but create a root user or equivalent, as that just seems crazy to even attempt with this PC. Please advise, as I am at my wits end over this issue presently.

Any help will be greatly appreciated.

rexrzer727

#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 AM

Posted 05 November 2013 - 07:48 PM

Okay, let's switch gears for a minute and take a look at some of the BSOD errors you've encountered:
 
 
BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply

Best Regards,
oneof4.


#12 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 06 November 2013 - 03:08 AM

Okay, let's switch gears for a minute and take a look at some of the BSOD errors you've encountered:
 
 
BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply

Here's the scan you wanted aka BSOD indicators and other anomalies.

I looked at the results myself, and many of those listed about May 19-20-2013 were apparently the result of a bad timing adjustment with overclocked RAM. Once I had discovered the fault, and correcred it to specs that worked aok fine, the RAM ran with a slight voltage adjustment and more VTT and IOH VCore just fine at 1936Mhz (1866Mhz Matched Kingstron HyperXX RAM that when I bought it with a special arrangement with the manufacturer--they normally do not match 24GB of 1866RAM for retail sales-the principals at Kingston guaranteed it would take a 200-225Mhz overclock without incidents, or so I was assured).

After that date, we had an unusually productive summer here at MUI, Inc., where the PC was overclocked to 4-4.2Ghz at all times, with FAHome 24/7 also going on, and virtually no Mhz or overclocked RAM-related BSODs occurred. I am a pretty fair statement at the EVGA Community Forums, where I have been known to not only overclock my own PCs and associates and friends' PC also with virtually 100% success for the years preceding this anomaly series with a virus attack, apparently, plus I've personally advised hundreds of EVGA enthusiasts about their own settings in 'clocking CPU's and GPU's both, with very nominal results. So please don't get off on me about overclocking, thanks! I do know what I am doing in that regard.

Specifically, I also noted during these virus shut downs that Windows would NOT note the events with any regularity in the BSOD Department of Action Center and its related CP's, but rather I would have black screen events, shutdowns in a second or less time, with no noting of a BSOD experience at all; in fact the only noting done was in the System Logs themselves, which I followed with religion when these anomalies began to disrupt my work and FAHome also significantly. There you may find some posts of interest if you'd care to check them out yourselves or give me a program highlighter that does the same to use on this PC and regurgitate the events for all to see, as there is some pretty strange goings on in the System Logs!

That is about all that I can tell you of my own observations at this time, although if not rushed and given to flights of fancy about virus attacks on this PC, I may be able to note more events of significance that you would find might just be related to this virus infestation, if I indeed have one, of course. Windows says the virus is active, in fact tells me to rid the computer of Win32/Small/CA virus at each opportunity it gets, over and over again. So I gotta think something is very wrong at City Hall...

rexrzer727

==================================================
Dump File : 101913-23665-01.dmp
Crash Time : 10/19/2013 9:28:47 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041284
Parameter 2 : 00000000`02b0f001
Parameter 3 : 00000000`00000841
Parameter 4 : fffff700`01080000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101913-23665-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,160
Dump File Time : 10/19/2013 10:19:31 PM
==================================================

==================================================
Dump File : 101913-27362-01.dmp
Crash Time : 10/19/2013 5:17:52 PM
Bug Check String : DRIVER_OVERRAN_STACK_BUFFER
Bug Check Code : 0x000000f7
Parameter 1 : 00000080`03732940
Parameter 2 : 0000f880`0b610ff5
Parameter 3 : ffff077f`f49ef00a
Parameter 4 : 00000000`00000000
Caused By Driver : spsys.sys
Caused By Address : spsys.sys+3abfe
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101913-27362-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 290,800
Dump File Time : 10/19/2013 5:20:26 PM
==================================================

==================================================
Dump File : 101913-22682-01.dmp
Crash Time : 10/19/2013 5:05:33 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : fffffa83`0acd65d8
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`04160825
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101913-22682-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,080
Dump File Time : 10/19/2013 5:15:15 PM
==================================================

==================================================
Dump File : 101913-24351-01.dmp
Crash Time : 10/19/2013 12:50:14 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff680`1005e280
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`0405f55b
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101913-24351-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 302,088
Dump File Time : 10/19/2013 4:50:11 PM
==================================================

==================================================
Dump File : 101913-19687-01.dmp
Crash Time : 10/19/2013 4:38:28 AM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0c0264e0
Parameter 2 : fffff880`068216b4
Parameter 3 : ffffffff`c00000b5
Parameter 4 : 00000000`0000000a
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d140
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101913-19687-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 526,128
Dump File Time : 10/19/2013 4:40:34 AM
==================================================

==================================================
Dump File : 101813-19624-01.dmp
Crash Time : 10/18/2013 4:39:22 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff880`06803cde
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+1becde
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101813-19624-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,112
Dump File Time : 10/18/2013 4:47:02 PM
==================================================

==================================================
Dump File : 101513-36956-01.dmp
Crash Time : 10/15/2013 4:15:35 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`04097c9e
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101513-36956-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,136
Dump File Time : 10/15/2013 4:38:24 AM
==================================================

==================================================
Dump File : 101413-20404-01.dmp
Crash Time : 10/14/2013 6:35:53 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff960`00242ada
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+202ada
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101413-20404-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,176
Dump File Time : 10/14/2013 2:30:12 PM
==================================================

==================================================
Dump File : 101313-38657-01.dmp
Crash Time : 10/13/2013 7:55:34 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff960`00118f0c
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+78f0c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101313-38657-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 302,344
Dump File Time : 10/13/2013 7:57:32 PM
==================================================

==================================================
Dump File : 101313-39218-01.dmp
Crash Time : 10/12/2013 11:22:07 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`04144a99
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101313-39218-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 303,624
Dump File Time : 10/12/2013 11:23:56 PM
==================================================

==================================================
Dump File : 100613-23524-01.dmp
Crash Time : 10/5/2013 11:45:20 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff880`014c99ef
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+ab9ef
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100613-23524-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 303,624
Dump File Time : 10/5/2013 11:47:12 PM
==================================================

==================================================
Dump File : 100313-26348-01.dmp
Crash Time : 10/3/2013 4:37:37 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`0412bc98
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100313-26348-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 303,624
Dump File Time : 10/3/2013 4:39:46 AM
==================================================

==================================================
Dump File : 091813-575175-01.dmp
Crash Time : 9/18/2013 2:50:58 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff960`0016ce9d
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+15ce9d
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091813-575175-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,136
Dump File Time : 9/18/2013 3:03:09 PM
==================================================

==================================================
Dump File : 091813-178480-01.dmp
Crash Time : 9/18/2013 12:31:06 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`03efb611
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091813-178480-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 303,568
Dump File Time : 9/18/2013 12:36:19 AM
==================================================

==================================================
Dump File : 062313-19468-01.dmp
Crash Time : 6/23/2013 8:07:49 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`03eae611
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\062313-19468-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,520
Dump File Time : 6/23/2013 9:27:14 PM
==================================================

==================================================
Dump File : 062013-54194-01.dmp
Crash Time : 6/20/2013 3:59:34 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`04201137
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\062013-54194-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,520
Dump File Time : 6/20/2013 4:01:19 PM
==================================================

==================================================
Dump File : 060413-29359-01.dmp
Crash Time : 6/4/2013 8:03:21 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`03e7dee9
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\060413-29359-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,032
Dump File Time : 6/4/2013 8:06:09 AM
==================================================

==================================================
Dump File : 060413-19874-01.dmp
Crash Time : 6/4/2013 4:00:07 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`0414d3e0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\060413-19874-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,408
Dump File Time : 6/4/2013 4:27:43 AM
==================================================

==================================================
Dump File : 052013-20670-01.dmp
Crash Time : 5/20/2013 10:37:40 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : fffffae0`0b127f70
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`03efb150
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052013-20670-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 302,344
Dump File Time : 5/20/2013 10:48:29 PM
==================================================

==================================================
Dump File : 052013-25287-01.dmp
Crash Time : 5/20/2013 6:55:17 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`03e80e18
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052013-25287-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 302,088
Dump File Time : 5/20/2013 7:07:55 PM
==================================================

==================================================
Dump File : 052013-25506-01.dmp
Crash Time : 5/20/2013 5:13:05 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff880`05984f14
Caused By Driver : dxgmms1.sys
Caused By Address : dxgmms1.sys+3af14
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052013-25506-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,832
Dump File Time : 5/20/2013 5:19:51 PM
==================================================

==================================================
Dump File : 052013-36551-01.dmp
Crash Time : 5/20/2013 3:30:06 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`03ecfe1b
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052013-36551-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,704
Dump File Time : 5/20/2013 3:31:46 PM
==================================================

==================================================
Dump File : 052013-28314-01.dmp
Crash Time : 5/20/2013 8:58:03 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff880`06771de4
Parameter 3 : fffff880`03985f08
Parameter 4 : fffff880`03985760
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+148de4
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052013-28314-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,576
Dump File Time : 5/20/2013 8:59:40 AM
==================================================

==================================================
Dump File : 052013-23836-01.dmp
Crash Time : 5/20/2013 8:09:10 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0000075f`fba86018
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`03f37d37
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+f731
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052013-23836-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,576
Dump File Time : 5/20/2013 8:15:08 AM
==================================================

==================================================
Dump File : 051913-22666-01.dmp
Crash Time : 5/19/2013 9:51:45 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000099
Parameter 2 : 00000000`001711a7
Parameter 3 : 00000000`00000002
Parameter 4 : 00000000`0015ade8
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051913-22666-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 302,600
Dump File Time : 5/19/2013 10:35:44 PM
==================================================

==================================================
Dump File : 051913-19999-01.dmp
Crash Time : 5/19/2013 7:09:45 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`003f190e
Parameter 3 : 00000000`10000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051913-19999-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 287,656
Dump File Time : 5/19/2013 7:11:48 PM
==================================================

==================================================
Dump File : 051913-20841-01.dmp
Crash Time : 5/19/2013 6:36:20 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`1be1bbc8
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`0416f507
Parameter 4 : 00000000`00000002
Caused By Driver : rdprefmp.sys
Caused By Address : rdprefmp.sys+17c75bc8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051913-20841-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,576
Dump File Time : 5/19/2013 6:38:13 PM
==================================================

==================================================
Dump File : 051913-35209-01.dmp
Crash Time : 5/19/2013 5:51:35 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff820`32c642d8
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`03ffca9b
Parameter 4 : 00000000`00000005
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+59d9f70
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051913-35209-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 301,576
Dump File Time : 5/19/2013 5:53:32 PM
==================================================

==================================================
Dump File : 051613-16879-01.dmp
Crash Time : 5/15/2013 11:05:06 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a0`1e15e650
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`03f675c3
Parameter 4 : 00000000`00000002
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+1daa48
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051613-16879-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,208
Dump File Time : 5/15/2013 11:08:41 PM
==================================================

#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 AM

Posted 06 November 2013 - 10:54 PM

Good job with the BSOD scan.  While I research the various errors, please try ComboFix again, following the instructions below:
 
 
Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.

  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running

Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Combofix log

Best Regards,
oneof4.


#14 rexrzer727

rexrzer727
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 November 2013 - 04:04 AM

Good job with the BSOD scan.  While I research the various errors, please try ComboFix again, following the instructions below:
 
 
Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.

  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

*********************** ******************************** ***************************

I am going to make this short, and sweet to the point: utter and abysmal failure at running ComboFix under any/all circumstances attributable to the "instructions" given last night. The virus is a nasty little bastard of a thing, and it increasingly has my System under its wing and is nurturing a fond likeness of the devil and his minions, as they strike, fumble, abuse, and generally cause chaos systemically in this blasted PC server/No.1 PC here in my studio.

Last night during attempts to follow the instructions I encountered another of the "loops of no start syndrome" where upon the PC, in BIOS, would go into loops of "there is no keyboard" attached, and to "Click on F1 to continue" etc, and variations on that theme. The occurrence lasted more than an hour of solid restarts. This, in turn, causes a massive cache build-up within the System, disruption and corruption of the driver sequence and drivers themselves, until finally I was left with a shamble of a machine, just wracked to near-death by the process just gone through and finally it gave up the ghost and quit booting at all....lovely scenario huh?

It was then that I had to bring out the BIG GUNS in my Paragon and rescue reservoirs of CD's with things like Paragon HD Manager 11 Professional written on them, as I braced and prepared for a complete gutting of my RAID boot HD setup, and a RESTORE to the 6/12/2012 587GB-sized backup image that I have reserved for such a thing as this that has happened. It is a virgin system and apps, most minimal arts, drivers, maintenance tools, apps and programs of all sorts of the licensed kind (PS3, Sony Vegas 5, all my curious collection of Adobe and Macromedia etc stuff that I actually use to make a living with when things are more to my liking, and the PC's also...non-viral times as you may guess.

The RAID backup volume had long since dropped off of recognition by the RAID bus master, the Areca 1680IX-8 that runs the show in this venue for all HD I/O herein, and I mean it was NOT in the house after about 1/2 an hour of restarts and the failure to boot sequences. However, the Paragon system is such that I *can* actually see through such a situation as this, find the archive file for backup and restore, and allow such a thing to take place. Sinally to cut this description short as I promised, the RAID bus master saw all HD's, all RAID volumes, both BluRay optical drives, and the hard tests the Areca 1680-IS-8 performs went down to perfect, finally, finally after something like 25 restarts, and I do not exaggerate.

Previous to that I had managed to do a chkdsk on "C" somehow using Command Line parameters of a script writer's best dreams, and the volume of 2TB size, RAID "0", my boot volume hosed as it seemed to be: the chkdsk came up CLEAN believe it or not, (Ripley was in the house), so I with great relief had *some hope* that I had not lost everything after all...some hope anyway!

Gritted my teeth, chose F8 and Safe Mode for the 1st restart, and lo and behold the damn thing booted up struggling like a MF over and over with the bus master groaning and trying its best to take command of the boot finally, and WHIP, BANG, BAM! After I kid not more than 3 minutes by my Stuhrling Original watch face's timing it booted into SAFE, and I was able to see a restart turn into a full boot, albeit crippled and hurt it was, with massive Registry holes and issues no doubt, loads of corrupted items, registry entries by the hundreds, but boot it did.

While in SAFE MODE I was attempted to do our exercise with the two software apps, RKill/ and then restarted amazingly once again, all guns blazing (!), and after a second long, long boot sequence this time almost 4.5 minutes in length, the system was flogged again and it booted in Windows Ultimate 64-bit, normal mode, but at least it booted, say Yaaaay!!

I did NOT restart between RKill and ComboFix, but as I keep reminding you with the utmost candor and disappointment, the ComboFix DID NOT HAPPEN, citing a lack of Administrative Privileges with myself, "poweruser" in my world of PC No.1, the sole and only User that exists there...I have NO IDEA why this keeps happening but it does, negating any and all attempts to run ComboFix 100% of the time.

I then noted that I could not save any Adobe Acrobat X or plain Acrobat document, the system citing "not registered modules" once again, as its ubiquitous response that again, I have no idea how/why this sequence happens. Another sad tale of despair happened then also: my iTunes 64-bit app had lost its "import CD" functionality (a check I do anytime I do maintenance work during this virus episode). I didn't have to open iTunes to find this out, as a particularly vexing "text box" dialog opened upon boot snd announced that sad fact. Interesting!

The system kept acting screwy, my video drivers were obviously damaged during all the chaos of starts/Restarts just done, so I was forced to use both Glary Registry tools, and Glary Utilities, which found an astonishing 1600+ registry errors, corrupted files in the Registry, and other issues to repair. My apologies for having to use that, but alas, the system would no doubt have not survived another boot attempt and I most likely would have been writing you about losing the whole deal, a total System crash-out and irreparable damage to various hard drive components, and that I was forced to abandon efforts here with you and your colleagues, because I simply cut and ran on the RAID systems, and indeed had to RESTORE via backup and lose all the past near 2 years of data and work. Thanks to God that has not happened yet, if at all it being a big possibility still.

I kept a Screen Shot of the anomaly of being informed that I didn't have Administer Privileges to run ComboFix, but did not attach it to this reply for fear of losing my sponsors (you, and your fellow virus killers perhaps), breaking protocol here all by myself...Hah! I can still attach it to a future reply if necessary, but what's to see that I haven't told you about...nothing!

I await further instructions, perhaps some magic trick to get ComboFix to run on this system, but who knows...I sure am running out of patience and more drive to get this fixed, and am leaning toward going ahead and losing all my work and simply flattening the RAID systems 100%, recovering my backup to the RAID boot volume that is so damaged right now that I wonder if it's not the proper thing to actually be doing about now.

I apologize for any attitude shift, apparent or otherwise enhanced by events here, but at least we're trying, yes?
rexrzer727

#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 AM

Posted 09 November 2013 - 10:32 PM

Wow!  From what I've seen so far, your best option at this stage is probably to try and back up whatever data files you can, and nuke-and-pave!  Whatever has transpired appears to have wreaked havoc on your system, and honestly, I don't think we can restore it to what it was short of a complete reformat/reinstall.  That's my advice to you at this point.


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users