Jump to content

ach

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Quick, patient, and extremely helpful! Incredibly thankful for your assistance!

  2. Here's the log Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Austin Hofeman :: HOFEMAN [administrator] 7/18/2012 12:49:12 PM mbam-log-2012-07-18 (12-49-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236563 Time elapsed: 4 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Everything's running fine - not encountering any of the problems I was before. Thanks so much for all your help!
  3. ComboFix 12-07-18.04 - Austin Hofeman 07/18/2012 12:24:23.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5920 [GMT -4:00] Running from: c:\users\Austin Hofeman\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll c:\programdata\Roaming c:\users\Austin Hofeman\AppData\Roaming\meaps.dll c:\users\Austin Hofeman\AppData\Roaming\ncobr.dll c:\windows\SysWow64\lsprst7.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 ))))))))))))))))))))))))))))))) . . 2012-07-18 18:26 . 2012-07-18 18:26 -------- d-----w- C:\FRST 2012-07-18 15:38 . 2012-07-18 15:38 -------- d-----w- c:\users\Austin Hofeman\AppData\Roaming\Malwarebytes 2012-07-18 15:37 . 2012-07-18 15:37 -------- d-----w- c:\programdata\Malwarebytes 2012-07-18 15:37 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 15:37 . 2012-07-18 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-18 13:17 . 2012-07-18 13:17 -------- d-----w- c:\users\Austin Hofeman\AppData\Roaming\Roxio Burn 2012-07-17 17:56 . 2012-07-17 17:56 -------- d-----w- c:\users\Austin Hofeman\AppData\Local\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-15 05:12 . 2012-07-15 05:12 -------- d-----w- c:\program files (x86)\OpenAL 2012-07-15 05:12 . 2012-07-15 05:12 -------- d--h--w- c:\windows\msdownld.tmp 2012-07-15 03:17 . 2012-07-15 05:12 -------- d-----w- c:\users\Austin Hofeman\AppData\Local\Bit.Trip Beat 2012-07-14 04:36 . 2012-07-14 04:36 -------- d-----w- c:\users\Austin Hofeman\AppData\Local\Two Tribes 2012-07-14 04:32 . 2012-07-14 04:32 -------- d-----w- c:\users\Austin Hofeman\AppData\Roaming\LoneSurvivor 2012-07-14 03:26 . 2012-07-14 03:26 -------- d-----w- c:\users\Austin Hofeman\AppData\Roaming\System 2012-07-14 03:26 . 2012-07-14 03:26 -------- d-----w- c:\users\Austin Hofeman\AppData\Local\Universe Sandbox 2012-07-14 03:26 . 2012-07-14 03:34 -------- d-sh--w- c:\users\Austin Hofeman\AppData\Roaming\wyUpdate AU 2012-07-12 06:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 23:05 . 2012-07-04 23:05 -------- d-----w- c:\windows\SysWow64\URTTEMP 2012-07-04 22:59 . 2012-07-04 22:59 -------- d-----w- c:\program files (x86)\SEGA 2012-07-04 22:57 . 2012-07-04 22:57 -------- d-----w- c:\users\Austin Hofeman\AppData\Roaming\InstallShield 2012-07-04 21:57 . 2012-07-05 01:18 -------- d-----w- c:\users\Austin Hofeman\AppData\Roaming\The Creative Assembly 2012-07-04 21:34 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-07-04 21:34 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-07-04 21:34 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-07-04 21:34 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-07-04 21:34 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-07-04 21:34 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-07-04 21:34 . 2012-07-04 21:34 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-07-04 21:34 . 2012-07-04 21:34 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-07-04 19:26 . 2012-07-04 19:26 -------- d-----w- c:\program files (x86)\The Creative Assembly 2012-07-04 19:26 . 2005-04-04 03:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2012-07-04 19:26 . 2005-04-04 03:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2012-07-04 19:26 . 2005-04-04 03:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2012-07-04 19:26 . 2005-04-04 03:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2012-07-04 19:26 . 2005-04-04 03:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2012-07-04 19:26 . 2005-04-04 02:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2012-07-04 19:26 . 2012-07-04 19:26 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2012-07-04 19:26 . 2012-07-04 19:26 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2012-07-04 16:52 . 2010-02-04 14:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2012-07-04 16:52 . 2010-02-04 14:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll 2012-07-04 16:52 . 2010-02-04 14:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll 2012-07-04 16:52 . 2010-02-04 14:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll 2012-07-04 16:52 . 2010-02-04 14:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll 2012-07-04 16:52 . 2010-02-04 14:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll 2012-07-04 16:52 . 2010-02-04 14:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2012-07-04 16:52 . 2010-02-04 14:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll 2012-07-04 14:36 . 2012-07-04 14:36 -------- d-----w- c:\users\Austin Hofeman\AppData\Local\My Games 2012-06-24 00:28 . 2012-06-24 00:28 -------- d-----w- c:\users\Austin Hofeman\StarWarsII_RiffTrax 2012-06-23 13:55 . 2012-06-23 13:55 -------- d-----w- c:\program files (x86)\Dell Digital Delivery 2012-06-23 03:19 . 2012-06-23 03:19 -------- d-----w- c:\users\Austin Hofeman\AppData\Local\Macromedia 2012-06-19 14:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 14:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 14:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 14:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 14:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 14:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 14:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 14:11 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 14:11 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-15 05:12 . 2012-04-16 21:38 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-07-15 05:12 . 2012-04-16 21:38 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-07-15 05:12 . 2012-04-16 21:38 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-07-15 05:12 . 2012-04-16 21:38 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-07-12 16:20 . 2012-04-16 21:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 16:20 . 2012-04-16 21:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 11:06 . 2012-06-13 13:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 13:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 13:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 13:08 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 13:08 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 13:08 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 13:08 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 13:08 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 13:08 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 13:08 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 13:08 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 13:08 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 13:08 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 13:08 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 02:28 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-07-04 1242448] "Start Killer"="c:\program files\StartKiller\StartKiller.exe" [2011-06-24 95096] "Spotify Web Helper"="c:\users\Austin Hofeman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-21 932528] "Snarl"="c:\program files (x86)\full phat\Snarl\snarl.exe" [2012-01-25 1339392] "Amazon Cloud Drive"="c:\users\Austin Hofeman\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-05-24 424848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-12-17 75048] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/16 17:03;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-12-16 248304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-04-16 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-16 79360] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-10-16 291648] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-04-16 79360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-25 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-04 28992] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2011-11-04 249152] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-04 2253120] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-03 381248] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_9EC60124 *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 16:20] . 2012-07-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-07-17 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-08-29 4146848] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Austin Hofeman\AppData\Roaming\Mozilla\Firefox\Profiles\39q2h1a8.default\ FF - prefs.js: browser.startup.homepage - reader.google.com FF - user.js: extentions.y2layers.installId - 09cb9dd9-a86f-4320-90c7-c59a906eefe4 FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ncobr - c:\users\Austin Hofeman\AppData\Roaming\ncobr.dll Wow6432Node-HKCU-Run-meaps - c:\users\Austin Hofeman\AppData\Roaming\meaps.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\02\18\0338h" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-18 12:38:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-18 16:38 . Pre-Run: 670,216,478,720 bytes free Post-Run: 670,245,306,368 bytes free . - - End Of File - - ECD0B143CAB96F7139BA23852BFE716D
  4. Here's the fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02 Ran by SYSTEM at 2012-07-18 12:13:37 Run:1 Running from E:\ ============================================== C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f} moved successfully. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L\00000004.@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L\201d3dde not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\00000004.@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\00000008.@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\000000cb.@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000000.@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000032.@ not found. C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000064.@ not found. C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f} moved successfully. C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\@ not found. C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\L not found. C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\U not found. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  5. Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 2012-07-18 11:45:46 Running from E:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  6. Thanks for the quick reply. Here's the FRST log Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 18-07-2012 11:24:55 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-25] (Synaptics Incorporated) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7284328 2011-08-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation) HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [540992 2011-11-04] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel® Corporation) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] () HKLM\...\Run: [CTMasterOnOffMonitor] Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch [x] HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] () HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] () HKU\Austin Hofeman\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-07-04] (Valve Corporation) HKU\Austin Hofeman\...\Run: [start Killer] C:\Program Files\StartKiller\StartKiller.exe [95096 2011-06-23] (Tordex) HKU\Austin Hofeman\...\Run: [spotify Web Helper] "C:\Users\Austin Hofeman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-21] () HKU\Austin Hofeman\...\Run: [snarl] "C:\Program Files (x86)\full phat\Snarl\snarl.exe" [1339392 2012-01-25] (full phat products) HKU\Austin Hofeman\...\Run: [ncobr] rundll32.exe "C:\Users\Austin Hofeman\AppData\Roaming\ncobr.dll",BrowseForFolder [133120 2012-07-17] (DT Soft Ltd) HKU\Austin Hofeman\...\Run: [meaps] "C:\Windows\System32\rundll32.exe" "C:\Users\Austin Hofeman\AppData\Roaming\meaps.dll",LoadVolumeFromVolume [385024 2012-07-17] (C-Media Electronics Inc.) HKU\Austin Hofeman\...\Run: [Amazon Cloud Drive] C:\Users\Austin Hofeman\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [424848 2012-05-24] () Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) ====== 2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation) 2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135440 2011-10-20] (Intel® Corporation) 2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-06-19] (Dell Products, LP.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.) 4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] () 2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions) 3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation) 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ========================== Drivers (Whitelisted) ============= 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) 3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-10-11] (Intel Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation) 3 mfeavfk01; [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-18 10:26 - 2012-07-18 10:26 - 00000000 ____D C:\FRST 2012-07-18 07:00 - 2012-07-18 07:00 - 00034202 ____A C:\Users\Austin Hofeman\Desktop\DDS.txt 2012-07-18 07:00 - 2012-07-18 07:00 - 00010083 ____A C:\Users\Austin Hofeman\Desktop\Attach.txt 2012-07-18 06:55 - 2012-07-18 06:55 - 04582182 ____A (Swearware) C:\Users\Austin Hofeman\Desktop\ComboFix.exe 2012-07-18 05:26 - 2012-07-18 05:54 - 00000000 ____D C:\Windows\pss 2012-07-18 05:17 - 2012-07-18 05:17 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\Roxio Burn 2012-07-18 05:17 - 2012-07-18 05:17 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\Roxio Burn 2012-07-17 19:59 - 2012-07-17 20:04 - 40543809 ____A C:\Users\Austin Hofeman\Desktop\The Gaslight Anthem - Handwritten.rar 2012-07-17 13:25 - 2012-07-18 05:53 - 00004134 ____A C:\Users\Austin Hofeman\Downloads\SuperDAT.log 2012-07-17 13:21 - 2012-07-17 07:38 - 104633320 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Downloads\6775xdat.exe 2012-07-17 13:21 - 2009-08-03 21:40 - 02199393 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Downloads\5400eng.exe 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\Application Data\meaps.dll 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\AppData\Roaming\meaps.dll 2012-07-17 09:56 - 2012-07-17 09:56 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-17 09:56 - 2012-07-17 09:56 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-17 09:56 - 2012-07-17 09:56 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\Application Data\ncobr.dll 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\AppData\Roaming\ncobr.dll 2012-07-14 21:41 - 2012-07-14 21:44 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\Anomaly Warzone Earth 2012-07-14 21:41 - 2012-07-14 21:44 - 00000000 ____D C:\Users\Austin Hofeman\Documents\Anomaly Warzone Earth 2012-07-14 21:12 - 2012-07-14 21:12 - 00000000 ___HD C:\Windows\msdownld.tmp 2012-07-14 21:12 - 2012-07-14 21:12 - 00000000 ____D C:\Windows\SysWOW64\directx 2012-07-14 21:12 - 2012-07-14 21:12 - 00000000 ____D C:\Program Files (x86)\OpenAL 2012-07-14 19:17 - 2012-07-14 21:12 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Bit.Trip Beat 2012-07-14 19:17 - 2012-07-14 21:12 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Bit.Trip Beat 2012-07-14 19:17 - 2012-07-14 21:12 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Bit.Trip Beat 2012-07-14 18:34 - 2012-07-14 21:39 - 00277241 ____A C:\Users\Austin Hofeman\Desktop\July2012.xlsx 2012-07-13 20:36 - 2012-07-13 20:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Two Tribes 2012-07-13 20:36 - 2012-07-13 20:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Two Tribes 2012-07-13 20:36 - 2012-07-13 20:36 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Two Tribes 2012-07-13 20:32 - 2012-07-13 20:32 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\LoneSurvivor 2012-07-13 20:32 - 2012-07-13 20:32 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\LoneSurvivor 2012-07-13 19:26 - 2012-07-13 20:16 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 20:16 - 00000000 ____D C:\Users\Austin Hofeman\Documents\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 19:34 - 00000000 __SHD C:\Users\Austin Hofeman\Application Data\wyUpdate AU 2012-07-13 19:26 - 2012-07-13 19:34 - 00000000 __SHD C:\Users\Austin Hofeman\AppData\Roaming\wyUpdate AU 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\System 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\System 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Universe Sandbox 2012-07-12 14:43 - 2012-07-12 14:43 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\Hothead Games 2012-07-12 14:43 - 2012-07-12 14:43 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\Hothead Games 2012-07-12 14:43 - 2010-06-02 00:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2012-07-11 22:47 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-10 18:48 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 18:48 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 18:48 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 18:48 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 18:48 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 18:48 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 18:48 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 18:48 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 18:48 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 18:48 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 18:48 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 18:48 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 18:48 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 18:48 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 18:48 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 18:48 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 18:48 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 18:48 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 18:48 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-04 15:11 - 2012-07-04 16:41 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Napoleon- Total War Imperial Edition 2012-07-04 15:11 - 2012-07-04 15:11 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Napoleon_Total_War_Imperial_Edition_Downloader.exe 2012-07-04 14:59 - 2012-07-04 14:59 - 00000000 ____D C:\Program Files (x86)\SEGA 2012-07-04 14:57 - 2012-07-04 14:57 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\InstallShield 2012-07-04 14:57 - 2012-07-04 14:57 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\InstallShield 2012-07-04 13:38 - 2012-07-04 14:56 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Medieval II- Total War - Gold Edition 2012-07-04 13:38 - 2012-07-04 13:38 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Medieval_II_Total_War_Gold_Edition_Downloader.exe 2012-07-04 13:36 - 2012-07-04 13:36 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Total War- SHOGUN 2 DLC - Rise of The Samurai Campaign 2012-07-04 13:35 - 2012-07-04 13:35 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_SHOGUN_2_DLC_Rise_of_The_Samurai_Campaign_Online_Game_Code_Downloader.exe 2012-07-04 13:30 - 2012-07-04 13:34 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Rome- Total War - Alexander (Expansion) 2012-07-04 13:30 - 2012-07-04 13:30 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Alexander_Expansion_Downloader.exe 2012-07-04 11:55 - 2012-07-04 13:04 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Empire- Total War 2012-07-04 11:55 - 2012-07-04 11:55 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Empire_Total_War_Downloader.exe 2012-07-04 11:01 - 2012-07-04 11:25 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Rome- Total War - Gold Edition 2012-07-04 11:01 - 2012-07-04 11:01 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Gold_Edition_Downloader.exe 2012-07-04 08:52 - 2010-02-04 06:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2012-07-04 07:19 - 2012-07-04 08:49 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Total War- Shogun 2 2012-07-04 07:19 - 2012-07-04 07:19 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_Shogun_2_Downloader.exe 2012-07-04 07:05 - 2012-07-04 07:05 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Sid Meier's Civilization V- Gods and Kings 2012-07-04 07:04 - 2012-07-04 07:04 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Gods_and_Kings_Downloader.exe 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\Documents\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\My Games 2012-07-04 06:25 - 2012-07-18 07:21 - 00000000 ____D C:\Program Files (x86)\Steam 2012-07-04 06:25 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll 2012-07-04 06:25 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2012-07-04 06:25 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll 2012-07-04 06:25 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2012-07-04 06:25 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll 2012-07-04 06:25 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2012-07-04 06:25 - 2008-07-10 07:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll 2012-07-04 06:25 - 2008-05-30 10:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll 2012-07-04 06:25 - 2008-05-30 10:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2012-07-04 06:25 - 2008-05-30 10:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2012-07-04 06:25 - 2008-05-30 10:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll 2012-07-04 06:25 - 2008-05-30 10:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll 2012-07-04 06:25 - 2008-05-30 10:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2012-07-04 06:25 - 2008-05-30 10:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2012-07-04 06:25 - 2008-05-30 10:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2012-07-04 06:25 - 2008-03-05 12:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll 2012-07-04 06:25 - 2008-03-05 12:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2012-07-04 06:25 - 2008-03-05 12:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2012-07-04 06:25 - 2008-03-05 12:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll 2012-07-04 06:25 - 2008-03-05 12:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll 2012-07-04 06:25 - 2008-03-05 12:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2012-07-04 06:25 - 2008-02-05 19:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll 2012-07-04 06:25 - 2008-02-05 19:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2012-07-04 06:00 - 2012-07-04 06:22 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Sid Meier's Civilization V- Game of the Year Edition 2012-07-04 06:00 - 2012-07-04 06:00 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Game_of_the_Year_Edition_Downloader.exe 2012-06-27 12:12 - 2012-06-29 20:01 - 00020655 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics Ratings.xlsx 2012-06-27 12:12 - 2012-06-29 20:01 - 00020655 ____A C:\Users\Austin Hofeman\Documents\2012 Comics Ratings.xlsx 2012-06-25 10:39 - 2012-06-28 08:55 - 00017797 ____A C:\Users\Austin Hofeman\My Documents\Catalog.xlsx 2012-06-25 10:39 - 2012-06-28 08:55 - 00017797 ____A C:\Users\Austin Hofeman\Documents\Catalog.xlsx 2012-06-24 12:32 - 2012-07-14 16:12 - 00033219 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics.sav 2012-06-24 12:32 - 2012-07-14 16:12 - 00033219 ____A C:\Users\Austin Hofeman\Documents\2012 Comics.sav 2012-06-23 16:28 - 2012-06-23 16:28 - 00000000 ____D C:\Users\Austin Hofeman\StarWarsII_RiffTrax 2012-06-23 05:55 - 2012-06-23 05:55 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2012-06-22 19:19 - 2012-06-22 19:19 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Macromedia 2012-06-22 19:19 - 2012-06-22 19:19 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Macromedia 2012-06-22 19:19 - 2012-06-22 19:19 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Macromedia 2012-06-19 06:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-19 06:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-19 06:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-19 06:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-19 06:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-19 06:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-19 06:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-19 06:11 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-19 06:11 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-18 05:13 - 2012-07-04 17:53 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\residents_renewal.asp_files 2012-06-18 05:13 - 2012-07-04 17:53 - 00000000 ____D C:\Users\Austin Hofeman\Documents\residents_renewal.asp_files ============ 3 Months Modified Files ======================== 2012-07-18 07:21 - 2012-04-24 18:38 - 00035841 ____A C:\Users\Austin Hofeman\Application Data\wlanmonitor.log 2012-07-18 07:21 - 2012-04-24 18:38 - 00035841 ____A C:\Users\Austin Hofeman\AppData\Roaming\wlanmonitor.log 2012-07-18 07:21 - 2012-04-24 18:37 - 00247191 ____A C:\Users\Austin Hofeman\Application Data\ez_style_engine.log 2012-07-18 07:21 - 2012-04-24 18:37 - 00247191 ____A C:\Users\Austin Hofeman\AppData\Roaming\ez_style_engine.log 2012-07-18 07:21 - 2012-04-24 18:37 - 00160814 ____A C:\Users\Austin Hofeman\Application Data\Clock+.log 2012-07-18 07:21 - 2012-04-24 18:37 - 00160814 ____A C:\Users\Austin Hofeman\AppData\Roaming\Clock+.log 2012-07-18 07:21 - 2012-04-24 18:37 - 00065308 ____A C:\Users\Austin Hofeman\Application Data\TMinus.log 2012-07-18 07:21 - 2012-04-24 18:37 - 00065308 ____A C:\Users\Austin Hofeman\AppData\Roaming\TMinus.log 2012-07-18 07:20 - 2012-04-16 15:01 - 01567060 ____A C:\Windows\WindowsUpdate.log 2012-07-18 07:20 - 2012-04-16 13:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-18 07:20 - 2010-11-20 19:47 - 00048218 ____A C:\Windows\PFRO.log 2012-07-18 07:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-18 07:20 - 2009-07-13 20:51 - 00054114 ____A C:\Windows\setupact.log 2012-07-18 07:00 - 2012-07-18 07:00 - 00034202 ____A C:\Users\Austin Hofeman\Desktop\DDS.txt 2012-07-18 07:00 - 2012-07-18 07:00 - 00010083 ____A C:\Users\Austin Hofeman\Desktop\Attach.txt 2012-07-18 06:56 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-18 06:56 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-18 06:55 - 2012-07-18 06:55 - 04582182 ____A (Swearware) C:\Users\Austin Hofeman\Desktop\ComboFix.exe 2012-07-18 06:22 - 2009-07-13 21:13 - 00792546 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-18 05:53 - 2012-07-17 13:25 - 00004134 ____A C:\Users\Austin Hofeman\Downloads\SuperDAT.log 2012-07-17 20:04 - 2012-07-17 19:59 - 40543809 ____A C:\Users\Austin Hofeman\Desktop\The Gaslight Anthem - Handwritten.rar 2012-07-17 13:14 - 2012-04-29 08:03 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\Application Data\meaps.dll 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\AppData\Roaming\meaps.dll 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\Application Data\ncobr.dll 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\AppData\Roaming\ncobr.dll 2012-07-17 07:38 - 2012-07-17 13:21 - 104633320 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Downloads\6775xdat.exe 2012-07-14 21:39 - 2012-07-14 18:34 - 00277241 ____A C:\Users\Austin Hofeman\Desktop\July2012.xlsx 2012-07-14 21:12 - 2012-04-16 13:38 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2012-07-14 21:12 - 2012-04-16 13:38 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2012-07-14 21:12 - 2012-04-16 13:38 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2012-07-14 21:12 - 2012-04-16 13:38 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2012-07-14 16:12 - 2012-06-24 12:32 - 00033219 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics.sav 2012-07-14 16:12 - 2012-06-24 12:32 - 00033219 ____A C:\Users\Austin Hofeman\Documents\2012 Comics.sav 2012-07-13 20:35 - 2012-04-16 13:57 - 00431082 ____A C:\Windows\DirectX.log 2012-07-12 09:49 - 2012-06-06 18:45 - 00031071 ____A C:\Users\Austin Hofeman\My Documents\Topps 2012 Baseball Cards.xlsx 2012-07-12 09:49 - 2012-06-06 18:45 - 00031071 ____A C:\Users\Austin Hofeman\Documents\Topps 2012 Baseball Cards.xlsx 2012-07-12 08:20 - 2012-04-16 13:09 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-12 08:20 - 2012-04-16 13:09 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-12 07:34 - 2009-07-13 20:45 - 00461416 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-06 08:54 - 2012-04-29 08:03 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-04 15:11 - 2012-07-04 15:11 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Napoleon_Total_War_Imperial_Edition_Downloader.exe 2012-07-04 15:05 - 2011-02-10 08:10 - 00808990 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-04 13:38 - 2012-07-04 13:38 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Medieval_II_Total_War_Gold_Edition_Downloader.exe 2012-07-04 13:35 - 2012-07-04 13:35 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_SHOGUN_2_DLC_Rise_of_The_Samurai_Campaign_Online_Game_Code_Downloader.exe 2012-07-04 13:30 - 2012-07-04 13:30 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Alexander_Expansion_Downloader.exe 2012-07-04 11:55 - 2012-07-04 11:55 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Empire_Total_War_Downloader.exe 2012-07-04 11:01 - 2012-07-04 11:01 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Gold_Edition_Downloader.exe 2012-07-04 07:19 - 2012-07-04 07:19 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_Shogun_2_Downloader.exe 2012-07-04 07:04 - 2012-07-04 07:04 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Gods_and_Kings_Downloader.exe 2012-07-04 06:00 - 2012-07-04 06:00 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Game_of_the_Year_Edition_Downloader.exe 2012-06-29 20:01 - 2012-06-27 12:12 - 00020655 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics Ratings.xlsx 2012-06-29 20:01 - 2012-06-27 12:12 - 00020655 ____A C:\Users\Austin Hofeman\Documents\2012 Comics Ratings.xlsx 2012-06-28 08:55 - 2012-06-25 10:39 - 00017797 ____A C:\Users\Austin Hofeman\My Documents\Catalog.xlsx 2012-06-28 08:55 - 2012-06-25 10:39 - 00017797 ____A C:\Users\Austin Hofeman\Documents\Catalog.xlsx 2012-06-15 07:54 - 2012-06-04 20:45 - 00009079 ____A C:\Users\Austin Hofeman\My Documents\Podcasts.xlsx 2012-06-15 07:54 - 2012-06-04 20:45 - 00009079 ____A C:\Users\Austin Hofeman\Documents\Podcasts.xlsx 2012-06-11 19:08 - 2012-07-11 22:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-10 18:48 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 18:48 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-07 09:31 - 2012-06-05 10:25 - 00013272 ____A C:\Users\Austin Hofeman\My Documents\2012 Albums.xlsx 2012-06-07 09:31 - 2012-06-05 10:25 - 00013272 ____A C:\Users\Austin Hofeman\Documents\2012 Albums.xlsx 2012-06-05 22:06 - 2012-07-10 18:48 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 18:48 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 18:48 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 18:48 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 18:48 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 18:48 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 04:24 - 2012-04-28 10:52 - 00013407 ____A C:\Users\Austin Hofeman\My Documents\Star Wars Galaxy Series 7.xlsx 2012-06-05 04:24 - 2012-04-28 10:52 - 00013407 ____A C:\Users\Austin Hofeman\Documents\Star Wars Galaxy Series 7.xlsx 2012-06-02 14:19 - 2012-06-19 06:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-19 06:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-19 06:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-19 06:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-19 06:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-19 06:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-19 06:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-19 06:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-19 06:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:50 - 2012-07-10 18:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 18:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 18:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 18:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 18:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 18:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 18:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 18:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 18:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-17 20:51 - 2012-05-17 20:51 - 635849571 ____A C:\Windows\MEMORY.DMP 2012-05-17 20:51 - 2012-05-17 20:51 - 00666592 ____A C:\Windows\Minidump\051812-14118-01.dmp 2012-05-11 21:31 - 2012-05-11 21:32 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-05-11 21:31 - 2012-05-11 21:32 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-05-04 03:06 - 2012-06-13 05:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-13 05:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-13 05:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-04-30 21:40 - 2012-06-13 05:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-30 04:28 - 2012-04-30 04:27 - 1436820284 ____A C:\Users\Austin Hofeman\Downloads\This.Is.Not.A.Film.2011.SWESUB.DVDRip.XviD-Robblowe.avi 2012-04-28 15:05 - 2012-04-23 18:27 - 00126384 ____A C:\Users\Austin Hofeman\Local Settings\GDIPFONTCACHEV1.DAT 2012-04-28 15:05 - 2012-04-23 18:27 - 00126384 ____A C:\Users\Austin Hofeman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-04-28 15:05 - 2012-04-23 18:27 - 00126384 ____A C:\Users\Austin Hofeman\AppData\Local\GDIPFONTCACHEV1.DAT 2012-04-27 19:55 - 2012-06-13 05:08 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 18:45 - 2012-04-26 18:45 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz 2012-04-26 18:45 - 2012-04-26 18:45 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll 2012-04-26 18:45 - 2012-04-26 18:45 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz 2012-04-26 18:45 - 2012-04-26 18:45 - 00000205 ____A C:\Windows\SysWOW64\lsprst7.dll 2012-04-26 18:45 - 2012-04-26 18:45 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm 2012-04-25 21:41 - 2012-06-13 05:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-13 05:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-13 05:08 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-25 04:26 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini 2012-04-25 04:24 - 2012-04-25 04:23 - 00296386 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-04-25 04:23 - 2012-04-25 04:23 - 00294924 ____A C:\Windows\msxml4-KB954430-enu.LOG 2012-04-24 12:45 - 2012-04-24 12:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-04-23 21:37 - 2012-06-13 05:08 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-06-13 05:08 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-06-13 05:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-06-13 05:08 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-06-13 05:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-06-13 05:08 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-23 18:44 - 2012-04-23 18:44 - 22259528 ____A C:\Users\Austin Hofeman\Downloads\vlc-2.0.1-win32.exe 2012-04-23 18:33 - 2012-04-16 13:43 - 38006698 ____A C:\Windows\RPSETUP.EXE.LOG 2012-04-23 18:27 - 2012-04-23 18:27 - 00000020 ___SH C:\Users\Austin Hofeman\ntuser.ini ZeroAccess: C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f} C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L\00000004.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L\201d3dde C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\00000004.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\00000008.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\000000cb.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000000.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000032.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000064.@ ZeroAccess: C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f} C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\@ C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\L C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 8086.17 MB Available physical RAM: 7252.5 MB Total Pagefile: 8084.37 MB Available Pagefile: 7247.18 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:911.88 GB) (Free:621.86 GB) NTFS 2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF 3 Drive e: (TRAVELDRIVE) (Removable) (Total:1.86 GB) (Free:1.23 GB) FAT 4 Drive f: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 2048 KB Disk 1 Online 1910 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 101 MB 31 KB Partition 2 Primary 19 GB 104 MB Partition 3 Primary 911 GB 19 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 101 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 F RECOVERY NTFS Partition 19 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 911 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1906 MB 4032 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E TRAVELDRIVE FAT Removable 1906 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-09 21:54 ======================= End Of Log ==========================
  7. Hello, Having the same problem as this thread: http://forums.malwar...howtopic=112607 Attach.txt DDS.txt
  8. FRST log Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 18-07-2012 10:26:55 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-25] (Synaptics Incorporated) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7284328 2011-08-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation) HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [540992 2011-11-04] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel® Corporation) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] () HKLM\...\Run: [CTMasterOnOffMonitor] Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch [x] HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] () HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] () HKU\Austin Hofeman\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-07-04] (Valve Corporation) HKU\Austin Hofeman\...\Run: [start Killer] C:\Program Files\StartKiller\StartKiller.exe [95096 2011-06-23] (Tordex) HKU\Austin Hofeman\...\Run: [spotify Web Helper] "C:\Users\Austin Hofeman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-21] () HKU\Austin Hofeman\...\Run: [snarl] "C:\Program Files (x86)\full phat\Snarl\snarl.exe" [1339392 2012-01-25] (full phat products) HKU\Austin Hofeman\...\Run: [ncobr] rundll32.exe "C:\Users\Austin Hofeman\AppData\Roaming\ncobr.dll",BrowseForFolder [133120 2012-07-17] (DT Soft Ltd) HKU\Austin Hofeman\...\Run: [meaps] "C:\Windows\System32\rundll32.exe" "C:\Users\Austin Hofeman\AppData\Roaming\meaps.dll",LoadVolumeFromVolume [385024 2012-07-17] (C-Media Electronics Inc.) HKU\Austin Hofeman\...\Run: [Amazon Cloud Drive] C:\Users\Austin Hofeman\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [424848 2012-05-24] () Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) ====== 2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation) 2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135440 2011-10-20] (Intel® Corporation) 2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-06-19] (Dell Products, LP.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.) 4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] () 2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions) 3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation) 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ========================== Drivers (Whitelisted) ============= 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) 3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-10-11] (Intel Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation) 3 mfeavfk01; [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-18 10:26 - 2012-07-18 10:26 - 00000000 ____D C:\FRST 2012-07-18 06:15 - 2012-07-18 06:15 - 00000237 ____A C:\Users\Austin Hofeman\Desktop\RootkitRemover20120718101507.txt 2012-07-18 06:14 - 2012-07-18 06:14 - 00475712 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Desktop\rootkitremover.exe 2012-07-18 05:26 - 2012-07-18 05:54 - 00000000 ____D C:\Windows\pss 2012-07-18 05:17 - 2012-07-18 05:17 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\Roxio Burn 2012-07-18 05:17 - 2012-07-18 05:17 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\Roxio Burn 2012-07-17 19:59 - 2012-07-17 20:04 - 40543809 ____A C:\Users\Austin Hofeman\Desktop\The Gaslight Anthem - Handwritten.rar 2012-07-17 13:25 - 2012-07-18 05:53 - 00004134 ____A C:\Users\Austin Hofeman\Downloads\SuperDAT.log 2012-07-17 13:21 - 2012-07-17 07:38 - 104633320 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Downloads\6775xdat.exe 2012-07-17 13:21 - 2009-08-03 21:40 - 02199393 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Downloads\5400eng.exe 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\Application Data\meaps.dll 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\AppData\Roaming\meaps.dll 2012-07-17 09:56 - 2012-07-17 09:56 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-17 09:56 - 2012-07-17 09:56 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-17 09:56 - 2012-07-17 09:56 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\{B1B6A30C-D038-11E1-8270-B8AC6F996F26} 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\Application Data\ncobr.dll 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\AppData\Roaming\ncobr.dll 2012-07-14 21:41 - 2012-07-14 21:44 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\Anomaly Warzone Earth 2012-07-14 21:41 - 2012-07-14 21:44 - 00000000 ____D C:\Users\Austin Hofeman\Documents\Anomaly Warzone Earth 2012-07-14 21:12 - 2012-07-14 21:12 - 00000000 ___HD C:\Windows\msdownld.tmp 2012-07-14 21:12 - 2012-07-14 21:12 - 00000000 ____D C:\Windows\SysWOW64\directx 2012-07-14 21:12 - 2012-07-14 21:12 - 00000000 ____D C:\Program Files (x86)\OpenAL 2012-07-14 19:17 - 2012-07-14 21:12 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Bit.Trip Beat 2012-07-14 19:17 - 2012-07-14 21:12 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Bit.Trip Beat 2012-07-14 19:17 - 2012-07-14 21:12 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Bit.Trip Beat 2012-07-14 18:34 - 2012-07-14 21:39 - 00277241 ____A C:\Users\Austin Hofeman\Desktop\July2012.xlsx 2012-07-13 20:36 - 2012-07-13 20:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Two Tribes 2012-07-13 20:36 - 2012-07-13 20:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Two Tribes 2012-07-13 20:36 - 2012-07-13 20:36 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Two Tribes 2012-07-13 20:32 - 2012-07-13 20:32 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\LoneSurvivor 2012-07-13 20:32 - 2012-07-13 20:32 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\LoneSurvivor 2012-07-13 19:26 - 2012-07-13 20:16 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 20:16 - 00000000 ____D C:\Users\Austin Hofeman\Documents\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 19:34 - 00000000 __SHD C:\Users\Austin Hofeman\Application Data\wyUpdate AU 2012-07-13 19:26 - 2012-07-13 19:34 - 00000000 __SHD C:\Users\Austin Hofeman\AppData\Roaming\wyUpdate AU 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Universe Sandbox 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\System 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\System 2012-07-13 19:26 - 2012-07-13 19:26 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Universe Sandbox 2012-07-12 14:43 - 2012-07-12 14:43 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\Hothead Games 2012-07-12 14:43 - 2012-07-12 14:43 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\Hothead Games 2012-07-12 14:43 - 2010-06-02 00:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll 2012-07-12 14:43 - 2010-06-02 00:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll 2012-07-12 14:43 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2012-07-11 22:47 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-10 18:48 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 18:48 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 18:48 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 18:48 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 18:48 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 18:48 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 18:48 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 18:48 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 18:48 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 18:48 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 18:48 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 18:48 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 18:48 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 18:48 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 18:48 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 18:48 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 18:48 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 18:48 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 18:48 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-04 15:11 - 2012-07-04 16:41 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Napoleon- Total War Imperial Edition 2012-07-04 15:11 - 2012-07-04 15:11 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Napoleon_Total_War_Imperial_Edition_Downloader.exe 2012-07-04 14:59 - 2012-07-04 14:59 - 00000000 ____D C:\Program Files (x86)\SEGA 2012-07-04 14:57 - 2012-07-04 14:57 - 00000000 ____D C:\Users\Austin Hofeman\Application Data\InstallShield 2012-07-04 14:57 - 2012-07-04 14:57 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Roaming\InstallShield 2012-07-04 13:38 - 2012-07-04 14:56 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Medieval II- Total War - Gold Edition 2012-07-04 13:38 - 2012-07-04 13:38 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Medieval_II_Total_War_Gold_Edition_Downloader.exe 2012-07-04 13:36 - 2012-07-04 13:36 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Total War- SHOGUN 2 DLC - Rise of The Samurai Campaign 2012-07-04 13:35 - 2012-07-04 13:35 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_SHOGUN_2_DLC_Rise_of_The_Samurai_Campaign_Online_Game_Code_Downloader.exe 2012-07-04 13:30 - 2012-07-04 13:34 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Rome- Total War - Alexander (Expansion) 2012-07-04 13:30 - 2012-07-04 13:30 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Alexander_Expansion_Downloader.exe 2012-07-04 11:55 - 2012-07-04 13:04 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Empire- Total War 2012-07-04 11:55 - 2012-07-04 11:55 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Empire_Total_War_Downloader.exe 2012-07-04 11:01 - 2012-07-04 11:25 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Rome- Total War - Gold Edition 2012-07-04 11:01 - 2012-07-04 11:01 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Gold_Edition_Downloader.exe 2012-07-04 08:52 - 2010-02-04 06:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll 2012-07-04 08:52 - 2010-02-04 06:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2012-07-04 07:19 - 2012-07-04 08:49 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Total War- Shogun 2 2012-07-04 07:19 - 2012-07-04 07:19 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_Shogun_2_Downloader.exe 2012-07-04 07:05 - 2012-07-04 07:05 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Sid Meier's Civilization V- Gods and Kings 2012-07-04 07:04 - 2012-07-04 07:04 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Gods_and_Kings_Downloader.exe 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\Documents\My Games 2012-07-04 06:36 - 2012-07-04 06:36 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\My Games 2012-07-04 06:25 - 2012-07-18 05:55 - 00000000 ____D C:\Program Files (x86)\Steam 2012-07-04 06:25 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll 2012-07-04 06:25 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2012-07-04 06:25 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll 2012-07-04 06:25 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll 2012-07-04 06:25 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll 2012-07-04 06:25 - 2009-03-16 10:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll 2012-07-04 06:25 - 2009-03-09 11:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll 2012-07-04 06:25 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll 2012-07-04 06:25 - 2008-10-15 02:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll 2012-07-04 06:25 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2012-07-04 06:25 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll 2012-07-04 06:25 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2012-07-04 06:25 - 2008-07-10 07:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2012-07-04 06:25 - 2008-07-10 07:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll 2012-07-04 06:25 - 2008-05-30 10:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll 2012-07-04 06:25 - 2008-05-30 10:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2012-07-04 06:25 - 2008-05-30 10:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2012-07-04 06:25 - 2008-05-30 10:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll 2012-07-04 06:25 - 2008-05-30 10:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll 2012-07-04 06:25 - 2008-05-30 10:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2012-07-04 06:25 - 2008-05-30 10:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2012-07-04 06:25 - 2008-05-30 10:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll 2012-07-04 06:25 - 2008-05-30 10:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2012-07-04 06:25 - 2008-03-05 12:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll 2012-07-04 06:25 - 2008-03-05 12:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2012-07-04 06:25 - 2008-03-05 12:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2012-07-04 06:25 - 2008-03-05 12:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll 2012-07-04 06:25 - 2008-03-05 12:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll 2012-07-04 06:25 - 2008-03-05 12:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll 2012-07-04 06:25 - 2008-03-05 11:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2012-07-04 06:25 - 2008-02-05 19:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll 2012-07-04 06:25 - 2008-02-05 19:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2012-07-04 06:00 - 2012-07-04 06:22 - 00000000 ____D C:\Users\Austin Hofeman\Desktop\Sid Meier's Civilization V- Game of the Year Edition 2012-07-04 06:00 - 2012-07-04 06:00 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Game_of_the_Year_Edition_Downloader.exe 2012-06-27 12:12 - 2012-06-29 20:01 - 00020655 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics Ratings.xlsx 2012-06-27 12:12 - 2012-06-29 20:01 - 00020655 ____A C:\Users\Austin Hofeman\Documents\2012 Comics Ratings.xlsx 2012-06-25 10:39 - 2012-06-28 08:55 - 00017797 ____A C:\Users\Austin Hofeman\My Documents\Catalog.xlsx 2012-06-25 10:39 - 2012-06-28 08:55 - 00017797 ____A C:\Users\Austin Hofeman\Documents\Catalog.xlsx 2012-06-24 12:32 - 2012-07-14 16:12 - 00033219 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics.sav 2012-06-24 12:32 - 2012-07-14 16:12 - 00033219 ____A C:\Users\Austin Hofeman\Documents\2012 Comics.sav 2012-06-23 16:28 - 2012-06-23 16:28 - 00000000 ____D C:\Users\Austin Hofeman\StarWarsII_RiffTrax 2012-06-23 05:55 - 2012-06-23 05:55 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2012-06-22 19:19 - 2012-06-22 19:19 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Macromedia 2012-06-22 19:19 - 2012-06-22 19:19 - 00000000 ____D C:\Users\Austin Hofeman\Local Settings\Application Data\Macromedia 2012-06-22 19:19 - 2012-06-22 19:19 - 00000000 ____D C:\Users\Austin Hofeman\AppData\Local\Macromedia 2012-06-19 06:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-19 06:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-19 06:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-19 06:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-19 06:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-19 06:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-19 06:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-19 06:11 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-19 06:11 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-18 05:13 - 2012-07-04 17:53 - 00000000 ____D C:\Users\Austin Hofeman\My Documents\residents_renewal.asp_files 2012-06-18 05:13 - 2012-07-04 17:53 - 00000000 ____D C:\Users\Austin Hofeman\Documents\residents_renewal.asp_files ============ 3 Months Modified Files ======================== 2012-07-18 06:23 - 2012-04-24 18:38 - 00034457 ____A C:\Users\Austin Hofeman\Application Data\wlanmonitor.log 2012-07-18 06:23 - 2012-04-24 18:38 - 00034457 ____A C:\Users\Austin Hofeman\AppData\Roaming\wlanmonitor.log 2012-07-18 06:23 - 2012-04-16 15:01 - 01558218 ____A C:\Windows\WindowsUpdate.log 2012-07-18 06:22 - 2009-07-13 21:13 - 00792546 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-18 06:20 - 2012-04-16 13:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-18 06:15 - 2012-07-18 06:15 - 00000237 ____A C:\Users\Austin Hofeman\Desktop\RootkitRemover20120718101507.txt 2012-07-18 06:14 - 2012-07-18 06:14 - 00475712 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Desktop\rootkitremover.exe 2012-07-18 06:02 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-18 06:02 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-18 06:00 - 2012-04-24 18:37 - 00158615 ____A C:\Users\Austin Hofeman\Application Data\Clock+.log 2012-07-18 06:00 - 2012-04-24 18:37 - 00158615 ____A C:\Users\Austin Hofeman\AppData\Roaming\Clock+.log 2012-07-18 05:56 - 2012-04-24 18:37 - 00237804 ____A C:\Users\Austin Hofeman\Application Data\ez_style_engine.log 2012-07-18 05:56 - 2012-04-24 18:37 - 00237804 ____A C:\Users\Austin Hofeman\AppData\Roaming\ez_style_engine.log 2012-07-18 05:56 - 2012-04-24 18:37 - 00062890 ____A C:\Users\Austin Hofeman\Application Data\TMinus.log 2012-07-18 05:56 - 2012-04-24 18:37 - 00062890 ____A C:\Users\Austin Hofeman\AppData\Roaming\TMinus.log 2012-07-18 05:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-18 05:55 - 2009-07-13 20:51 - 00053946 ____A C:\Windows\setupact.log 2012-07-18 05:53 - 2012-07-17 13:25 - 00004134 ____A C:\Users\Austin Hofeman\Downloads\SuperDAT.log 2012-07-18 05:00 - 2010-11-20 19:47 - 00047894 ____A C:\Windows\PFRO.log 2012-07-17 20:04 - 2012-07-17 19:59 - 40543809 ____A C:\Users\Austin Hofeman\Desktop\The Gaslight Anthem - Handwritten.rar 2012-07-17 13:14 - 2012-04-29 08:03 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\Application Data\meaps.dll 2012-07-17 09:56 - 2012-07-17 09:56 - 00385024 ____A (C-Media Electronics Inc.) C:\Users\Austin Hofeman\AppData\Roaming\meaps.dll 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\Application Data\ncobr.dll 2012-07-17 09:55 - 2012-07-17 09:55 - 00133120 ____A (DT Soft Ltd) C:\Users\Austin Hofeman\AppData\Roaming\ncobr.dll 2012-07-17 07:38 - 2012-07-17 13:21 - 104633320 ____A (McAfee, Inc.) C:\Users\Austin Hofeman\Downloads\6775xdat.exe 2012-07-14 21:39 - 2012-07-14 18:34 - 00277241 ____A C:\Users\Austin Hofeman\Desktop\July2012.xlsx 2012-07-14 21:12 - 2012-04-16 13:38 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2012-07-14 21:12 - 2012-04-16 13:38 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2012-07-14 21:12 - 2012-04-16 13:38 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2012-07-14 21:12 - 2012-04-16 13:38 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2012-07-14 16:12 - 2012-06-24 12:32 - 00033219 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics.sav 2012-07-14 16:12 - 2012-06-24 12:32 - 00033219 ____A C:\Users\Austin Hofeman\Documents\2012 Comics.sav 2012-07-13 20:35 - 2012-04-16 13:57 - 00431082 ____A C:\Windows\DirectX.log 2012-07-12 09:49 - 2012-06-06 18:45 - 00031071 ____A C:\Users\Austin Hofeman\My Documents\Topps 2012 Baseball Cards.xlsx 2012-07-12 09:49 - 2012-06-06 18:45 - 00031071 ____A C:\Users\Austin Hofeman\Documents\Topps 2012 Baseball Cards.xlsx 2012-07-12 08:20 - 2012-04-16 13:09 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-12 08:20 - 2012-04-16 13:09 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-12 07:34 - 2009-07-13 20:45 - 00461416 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-06 08:54 - 2012-04-29 08:03 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-04 15:11 - 2012-07-04 15:11 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Napoleon_Total_War_Imperial_Edition_Downloader.exe 2012-07-04 15:05 - 2011-02-10 08:10 - 00808990 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-04 13:38 - 2012-07-04 13:38 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Medieval_II_Total_War_Gold_Edition_Downloader.exe 2012-07-04 13:35 - 2012-07-04 13:35 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_SHOGUN_2_DLC_Rise_of_The_Samurai_Campaign_Online_Game_Code_Downloader.exe 2012-07-04 13:30 - 2012-07-04 13:30 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Alexander_Expansion_Downloader.exe 2012-07-04 11:55 - 2012-07-04 11:55 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Empire_Total_War_Downloader.exe 2012-07-04 11:01 - 2012-07-04 11:01 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Rome_Total_War_Gold_Edition_Downloader.exe 2012-07-04 07:19 - 2012-07-04 07:19 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Total_War_Shogun_2_Downloader.exe 2012-07-04 07:04 - 2012-07-04 07:04 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Gods_and_Kings_Downloader.exe 2012-07-04 06:00 - 2012-07-04 06:00 - 00849056 ____A (Amazon Services LLC) C:\Users\Austin Hofeman\Downloads\Sid_Meier_s_Civilization_V_Game_of_the_Year_Edition_Downloader.exe 2012-06-29 20:01 - 2012-06-27 12:12 - 00020655 ____A C:\Users\Austin Hofeman\My Documents\2012 Comics Ratings.xlsx 2012-06-29 20:01 - 2012-06-27 12:12 - 00020655 ____A C:\Users\Austin Hofeman\Documents\2012 Comics Ratings.xlsx 2012-06-28 08:55 - 2012-06-25 10:39 - 00017797 ____A C:\Users\Austin Hofeman\My Documents\Catalog.xlsx 2012-06-28 08:55 - 2012-06-25 10:39 - 00017797 ____A C:\Users\Austin Hofeman\Documents\Catalog.xlsx 2012-06-15 07:54 - 2012-06-04 20:45 - 00009079 ____A C:\Users\Austin Hofeman\My Documents\Podcasts.xlsx 2012-06-15 07:54 - 2012-06-04 20:45 - 00009079 ____A C:\Users\Austin Hofeman\Documents\Podcasts.xlsx 2012-06-11 19:08 - 2012-07-11 22:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-10 18:48 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 18:48 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-07 09:31 - 2012-06-05 10:25 - 00013272 ____A C:\Users\Austin Hofeman\My Documents\2012 Albums.xlsx 2012-06-07 09:31 - 2012-06-05 10:25 - 00013272 ____A C:\Users\Austin Hofeman\Documents\2012 Albums.xlsx 2012-06-05 22:06 - 2012-07-10 18:48 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 18:48 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 18:48 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 18:48 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 18:48 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 18:48 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 04:24 - 2012-04-28 10:52 - 00013407 ____A C:\Users\Austin Hofeman\My Documents\Star Wars Galaxy Series 7.xlsx 2012-06-05 04:24 - 2012-04-28 10:52 - 00013407 ____A C:\Users\Austin Hofeman\Documents\Star Wars Galaxy Series 7.xlsx 2012-06-02 14:19 - 2012-06-19 06:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-19 06:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-19 06:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-19 06:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-19 06:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-19 06:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-19 06:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-19 06:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-19 06:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:50 - 2012-07-10 18:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 18:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 18:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 18:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 18:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 18:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 18:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 18:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 18:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-17 20:51 - 2012-05-17 20:51 - 635849571 ____A C:\Windows\MEMORY.DMP 2012-05-17 20:51 - 2012-05-17 20:51 - 00666592 ____A C:\Windows\Minidump\051812-14118-01.dmp 2012-05-11 21:31 - 2012-05-11 21:32 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-05-11 21:31 - 2012-05-11 21:32 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-05-04 03:06 - 2012-06-13 05:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-13 05:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-13 05:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-04-30 21:40 - 2012-06-13 05:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-30 04:28 - 2012-04-30 04:27 - 1436820284 ____A C:\Users\Austin Hofeman\Downloads\This.Is.Not.A.Film.2011.SWESUB.DVDRip.XviD-Robblowe.avi 2012-04-28 15:05 - 2012-04-23 18:27 - 00126384 ____A C:\Users\Austin Hofeman\Local Settings\GDIPFONTCACHEV1.DAT 2012-04-28 15:05 - 2012-04-23 18:27 - 00126384 ____A C:\Users\Austin Hofeman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-04-28 15:05 - 2012-04-23 18:27 - 00126384 ____A C:\Users\Austin Hofeman\AppData\Local\GDIPFONTCACHEV1.DAT 2012-04-27 19:55 - 2012-06-13 05:08 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 18:45 - 2012-04-26 18:45 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz 2012-04-26 18:45 - 2012-04-26 18:45 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll 2012-04-26 18:45 - 2012-04-26 18:45 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz 2012-04-26 18:45 - 2012-04-26 18:45 - 00000205 ____A C:\Windows\SysWOW64\lsprst7.dll 2012-04-26 18:45 - 2012-04-26 18:45 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm 2012-04-25 21:41 - 2012-06-13 05:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-13 05:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-13 05:08 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-25 04:26 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini 2012-04-25 04:24 - 2012-04-25 04:23 - 00296386 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-04-25 04:23 - 2012-04-25 04:23 - 00294924 ____A C:\Windows\msxml4-KB954430-enu.LOG 2012-04-24 12:45 - 2012-04-24 12:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-04-23 21:37 - 2012-06-13 05:08 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-06-13 05:08 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-06-13 05:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-06-13 05:08 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-06-13 05:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-06-13 05:08 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-23 18:44 - 2012-04-23 18:44 - 22259528 ____A C:\Users\Austin Hofeman\Downloads\vlc-2.0.1-win32.exe 2012-04-23 18:33 - 2012-04-16 13:43 - 38006698 ____A C:\Windows\RPSETUP.EXE.LOG 2012-04-23 18:27 - 2012-04-23 18:27 - 00000020 ___SH C:\Users\Austin Hofeman\ntuser.ini ZeroAccess: C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f} C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L\00000004.@ C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\L\201d3dde C:\Windows\Installer\{36467880-379d-aeec-437e-94fff1a1a69f}\U\80000064.@ ZeroAccess: C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f} C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\@ C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\L C:\Users\Austin Hofeman\AppData\Local\{36467880-379d-aeec-437e-94fff1a1a69f}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 8086.17 MB Available physical RAM: 7252.79 MB Total Pagefile: 8084.37 MB Available Pagefile: 7247.86 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:911.88 GB) (Free:622.02 GB) NTFS 2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF 3 Drive e: (TRAVELDRIVE) (Removable) (Total:1.86 GB) (Free:1.23 GB) FAT 4 Drive f: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 2048 KB Disk 1 Online 1910 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 101 MB 31 KB Partition 2 Primary 19 GB 104 MB Partition 3 Primary 911 GB 19 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 101 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 F RECOVERY NTFS Partition 19 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 911 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1906 MB 4032 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E TRAVELDRIVE FAT Removable 1906 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-09 21:54 ======================= End Of Log ==========================
  9. Hello, Having the same problem as this thread: http://forums.malwarebytes.org/index.php?showtopic=112607
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.