RichAC

aww man once again i forgot to allow the script on this site which is why sometimes my posts are autowrapped...and i have no option to edit my post.

Actually just playing the videos in windows might be a problem. Winamp isn't safe and hasn't been for years,(but i use it to record some fm radio station streams) mpc apparenlty isn't safe either I'm finding out after running all these scans.... wmp isnt' safe even according to Microsoft. Maybe i should use vlc now? lol Its not as good as mpc when it comes to user friendliness and fullscreen features but I guess I have no choice. I mean Microsoft even admits now publicly that videos can be virused and install malware through the video players when you play them, which they are trying to fix while borking their media player at the same time. I mean I've suspected that for years, its been obvious at times, but I guess now its finally publicy confirmed. I would say the same is probably true for mp3 music files also. Which is in many peoples legal rights to download, One argument is for backup of what they already own.(which i do frequently when a cd is damaged or lost) I've bought a bunch of cds this year and have gone to a dozen movies so I don't see a problem especially with so many valid reasons to share information. Amd chipset drivers have something similar to Dsentry in them now to probe drives to protect from autoplay and autorun exploits and prevent even retail dvds from dialing out. But it seems like the internet is dying unless you go on facebook and twitter with your phone. Most of my friends are not too computer savvy, so they end up not using their pc anymore. It either gets too bogged down infested and slow, hijacked, or it just crashes. All it takes now is visiting a url. And I don't believe its because of the Gov't or RIAA. I think its just hackers being malicious for kicks, or trying to add to their botnets for w/e purposes. I would use Linux but it just doesn't have great surround sound support when watching videos or DvDs. Extended displays with non hdmi connections have horrible quality, And I use win 7 to play newer games like battlefield 3. (although steam announcing support for ubuntu sounds promising) Just some thoughts on my mind. Thanks for all your help man I really appreciate it. I was due for a good scanning. Rich.

I think maybe i won't install utorrent again. and just use vm in linux. I still can't totally give up windows though. Its still the best for multimedia, with more options and better quality video and sound drivers. and still needed for most games.

seems to be running good.

C:\Users\Rick\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined C:\Users\Rick\Downloads\uTorrent.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined C:\Users\Rick\Downloads\Utorrent Download\ubcd521.iso Win32/PSWTool.KonBoot.A application deleted - quarantined

found it in the c: directory. Didn't see that in the instructions but remembered from last time I came here for help about a year ago ComboFix 13-07-16.01 - Rick 07/17/2013 21:14:36.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4869 [GMT -4:00] Running from: c:\users\Rick\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Rick\AppData\Local\assembly\tmp c:\users\Rick\EULA.txt c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((((( Files Created from 2013-06-18 to 2013-07-18 ))))))))))))))))))))))))))))))) . . 2013-07-17 02:05 . 2013-07-17 02:05 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{103D5384-834B-4D24-AF38-E4BC36E9EC7A}\gapaengine.dll 2013-07-17 02:05 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20998BA6-ECA2-4259-BDFB-3EAAF391AAF2}\mpengine.dll 2013-07-15 02:09 . 2013-07-15 02:09 -------- d-----w- c:\users\EverydayCool 2013-07-13 08:14 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-10 16:58 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\SysWow64\explorer.exe 2013-07-09 22:14 . 2013-07-09 22:16 -------- d-----w- c:\windows\system32\MRT 2013-07-09 21:17 . 2013-06-11 23:43 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-07-09 21:17 . 2013-06-11 23:26 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-07-09 21:17 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17 . 2013-06-11 23:26 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-07-09 21:17 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-07-09 21:17 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-07-09 21:17 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-07-09 21:17 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-07-09 21:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-09 21:12 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-08 23:07 . 2013-07-08 23:07 -------- d-----w- C:\FRST 2013-06-30 15:01 . 2013-06-30 15:01 -------- d-----w- c:\program files (x86)\WinPcap 2013-06-30 14:59 . 2013-06-30 15:01 -------- d-----w- c:\program files\Wireshark 2013-06-27 18:43 . 2013-06-27 18:44 -------- d-----w- c:\program files (x86)\Windows Live 2013-06-23 00:11 . 2013-06-23 00:11 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator 2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-18 19:56 . 2013-06-18 19:56 -------- d-----w- c:\program files (x86)\EMET 4.0 2013-06-18 05:18 . 2013-06-18 05:18 -------- d-----w- c:\program files (x86)\LiveUSB Creator . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-17 02:39 . 2013-01-26 03:56 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-07-17 02:39 . 2013-01-26 01:41 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-07-17 02:39 . 2013-01-26 01:41 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-07-09 21:10 . 2013-01-25 01:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 21:10 . 2013-01-25 01:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-24 04:57 . 2013-01-25 05:12 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-21 08:45 . 2013-03-12 15:20 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-19 01:50 . 2012-08-31 03:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-14 20:19 . 2013-06-14 20:19 549536 ----a-w- c:\windows\apppatch\EMET.dll 2013-06-14 20:19 . 2013-06-14 20:19 149664 ----a-w- c:\windows\apppatch\AppPatch64\EMET64.dll 2013-06-04 22:38 . 2013-02-20 00:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-06-04 22:38 . 2013-02-20 00:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-05-13 05:51 . 2013-06-12 00:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 00:25 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 00:25 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 00:25 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 00:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 00:25 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 00:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 00:25 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 00:25 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 00:25 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-12 01:31 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-12 01:31 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-12 00:25 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 15:29 . 2013-01-25 01:24 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 05:51 . 2013-06-12 00:25 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-04-26 04:55 . 2013-06-12 00:25 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-25 01:03 . 2013-01-25 01:03 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "EMET Agent"="c:\program files (x86)\EMET 4.0\EMET_agent.exe" [2013-06-14 78496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 ALSysIO;ALSysIO;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys;SysWOW64\drivers\ArgusMonitor.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wfpcapture;wfpcapture;c:\windows\System32\Drivers\wfpcapture.sys;c:\windows\SYSNATIVE\Drivers\wfpcapture.sys [x] R3 WfpCaptureUM;WfpCaptureUM;c:\windows\system32\WfpCaptureUM.exe;c:\windows\SYSNATIVE\WfpCaptureUM.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x] R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x] S1 pefndis;Microsoft PEF NDIS ETW Provider Driver;c:\windows\system32\DRIVERS\pefndis.sys;c:\windows\SYSNATIVE\DRIVERS\pefndis.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 1131008] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: dell.com TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347}: NameServer = 68.237.161.12,71.250.0.12 FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone] "Name"="EnableAll" "Result"=dword:00000000 "Advised"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2013-07-17 21:26:20 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-18 01:26 . Pre-Run: 299,927,846,912 bytes free Post-Run: 299,567,235,072 bytes free . - - End Of File - - 60ACE05AF52AD17EDC1826C25EF6B3E3 89B5DB6675722B3F1FCF978126515316

ok so, I kept getting commandline Standard stream splitter stopped working messages dozens of times throughout the scan. What I did was just kept clicking "close program" button. When the scan finished, after all the stages, it didn't pop up with a log file on the screen? where does it save the log to check it created one?

Here is the other log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/24/2013 7:43:52 PM System Uptime: 7/13/2013 6:06:48 PM (2 hours ago) . Motherboard: Dell Inc. | | 0NWWY0 Processor: AMD Phenom II X4 820 Processor | CPU 1 | 1596/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 638 GiB total, 280.913 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0000 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: AODDriver4.2 Device ID: ROOT\LEGACY_AODDRIVER4.2\0000 Manufacturer: Name: AODDriver4.2 PNP Device ID: ROOT\LEGACY_AODDRIVER4.2\0000 Service: AODDriver4.2 . ==== System Restore Points =================== . RP138: 6/23/2013 6:22:20 AM - Windows Update RP139: 6/27/2013 5:13:49 AM - Windows Update RP140: 6/27/2013 2:34:43 PM - Windows Live Essentials RP141: 6/27/2013 2:34:52 PM - WLSetup RP142: 6/27/2013 2:42:44 PM - Windows Live Essentials RP143: 6/27/2013 2:43:40 PM - WLSetup RP144: 7/1/2013 1:06:02 AM - Windows Update RP145: 7/4/2013 2:00:32 PM - Windows Update RP146: 7/8/2013 4:13:51 AM - Windows Update RP147: 7/9/2013 5:13:50 PM - Windows Update RP148: 7/9/2013 6:11:23 PM - Windows Update RP149: 7/9/2013 6:14:09 PM - Windows Update RP150: 7/13/2013 4:13:36 AM - Windows Update . ==== Installed Programs ====================== . µTorrent 3DMark 11 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Age of Conan: Unchained - US version Aion AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD OverDrive Beta AMD VISION Engine Control Center ArgusMonitor Audacity 2.0.3 Auslogics BoostSpeed Battlefield 3™ Battlefield: Bad Company™ 2 Battlelog Web Plugins Broadcom NetXtreme-I Netlink Driver and Management Installer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Counter-Strike: Source D3DX10 Dell System Detect Dell System Detect Bootstrapper EMET 4.0 ESN Sonar FileHippo.com Update Checker foobar2000 v1.2.8 Fraps Futuremark SystemInfo Gpg4win (2.1.1) HD Tach version 3 HP Officejet Pro 8600 Basic Device Software IsoBuster 3.2 Junk Mail filter update LastPass(uninstall only) LatencyMon 4.02 LinuxLive USB Creator LiveUSB Creator (remove only) Malwarebytes Anti-Malware version 1.75.0.1300 MD5 Checker version 4.0.0 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Message Analyzer Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MPC-HC 1.6.7.7114 (9eb64ec) MPC-HC 1.6.8 (64-bit) MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB973688) Multimedia Card Reader NCsoft Launcher Nero 11 Collection 1 Nero 11 Kwik Themes 3 Nero 11 Kwik Themes 4 Nero 11 Mini Repack Nero 11 PiP Effects 1 Nero 11 v11.2.4.100 (x64) Nero 11 Video Transitions 1 Nero Backup Drivers Nexus Mod Manager NVIDIA PhysX Origin PeerBlock 1.1 (r518) PerformanceTest v8.0 Photo Common PunkBuster Services Quake Live Mozilla Plugin RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SoulSeek 157 NS 13e SpeedFan (remove only) Steam Team Fortress 2 TechPowerUp GPU-Z TERA THX TruStudio PC Trillian Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows7FirewallControl (x64) 5.1.7.69 WinPcap 4.1.3 WinRAR 4.20 (64-bit) Wireshark 1.10.0 (64-bit) World of Warcraft WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 7/7/2013 1:32:18 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 7/13/2013 6:07:56 PM, Error: Microsoft-Windows-Time-Service [4] - The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E) 7/13/2013 6:07:42 PM, Error: Service Control Manager [7000] - The AODDriver4.2 service failed to start due to the following error: The system cannot find the file specified. 7/10/2013 12:58:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/10/2013 12:57:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy pefndis Psched rdbss spldr tdx Wanarpv6 WfpLwf 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 Run by Rick at 20:30:33 on 2013-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3879 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\PeerBlock\peerblock.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\mmc.exe C:\Users\Rick\AppData\Local\Apps\2.0\1K7HLRXZ.MQ2\CQ98DNZ8.5PV\dell..tion_0f612f649c4a10af_0005.0000_a97905297feaae2c\DellSystemDetect.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe C:\Windows\system32\mmc.exe C:\Windows\System32\msdt.exe C:\Windows\System32\sdiagnhost.exe C:\Windows\system32\notepad.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 uRun: [DellSystemDetect] C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll Trusted Zone: dell.com TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347} : NameServer = 68.237.161.12,71.250.0.12 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920] R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136] S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736] S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024] S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480] S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648] S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584] S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376] . =============== Created Last 30 ================ . 2013-07-13 08:14:07 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll 2013-07-12 14:27:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-10 16:58:36 2871808 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-07-09 22:14:22 -------- d-----w- C:\Windows\System32\MRT 2013-07-09 21:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll 2013-07-09 21:17:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:57 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-09 21:17:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-09 21:12:46 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-09 21:12:46 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-08 23:07:29 -------- d-----w- C:\FRST 2013-07-07 04:27:00 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-07-07 04:27:00 867072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2013-07-07 04:27:00 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe 2013-07-07 04:27:00 20132248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll 2013-07-07 04:27:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2013-07-07 04:27:00 151960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll 2013-07-07 04:27:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll 2013-07-07 04:27:00 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll 2013-06-30 15:01:34 -------- d-----w- C:\Program Files (x86)\WinPcap 2013-06-30 14:59:52 -------- d-----w- C:\Program Files\Wireshark 2013-06-23 00:11:36 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator 2013-06-21 08:45:15 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll 2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-06-18 19:56:36 -------- d-----w- C:\Program Files (x86)\EMET 4.0 2013-06-18 05:18:29 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator 2013-06-14 13:47:37 -------- d-----w- C:\Program Files (x86)\MD5 Checker . ==================== Find3M ==================== . 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-07-13 22:33:33 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-07-09 21:10:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 21:10:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-06-14 20:19:42 549536 ----a-w- C:\Windows\apppatch\EMET.dll 2013-06-14 20:19:42 149664 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 22:38:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-04 22:38:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-20 20:01:55 0 ----a-w- C:\Windows\ativpsrm.bin 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-25 01:03:32 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 20:31:19.34 ===============

yes sorry let me repost.

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920] R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136] S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736] S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024] S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480] S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648] S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584] S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376] . =============== Created Last 30 ================ . 2013-07-13 08:14:07 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll 2013-07-12 14:27:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-10 16:58:36 2871808 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-07-09 22:14:22 -------- d-----w- C:\Windows\System32\MRT 2013-07-09 21:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll 2013-07-09 21:17:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:57 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-09 21:17:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-09 21:12:46 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-09 21:12:46 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-08 23:07:29 -------- d-----w- C:\FRST 2013-07-07 04:27:00 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-07-07 04:27:00 867072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2013-07-07 04:27:00 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe 2013-07-07 04:27:00 20132248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll 2013-07-07 04:27:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2013-07-07 04:27:00 151960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll 2013-07-07 04:27:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll 2013-07-07 04:27:00 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll 2013-06-30 15:01:34 -------- d-----w- C:\Program Files (x86)\WinPcap 2013-06-30 14:59:52 -------- d-----w- C:\Program Files\Wireshark 2013-06-23 00:11:36 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator 2013-06-21 08:45:15 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll 2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-06-18 19:56:36 -------- d-----w- C:\Program Files (x86)\EMET 4.0 2013-06-18 05:18:29 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator 2013-06-14 13:47:37 -------- d-----w- C:\Program Files (x86)\MD5 Checker . ==================== Find3M ==================== . 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-07-13 22:33:33 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-07-09 21:10:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 21:10:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-06-14 20:19:42 549536 ----a-w- C:\Windows\apppatch\EMET.dll 2013-06-14 20:19:42 149664 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 22:38:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-04 22:38:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-20 20:01:55 0 ----a-w- C:\Windows\ativpsrm.bin 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-25 01:03:32 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 20:31:19.34 ===============

Yep.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-07-2013 Ran by Rick at 2013-07-10 12:58:35 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key deleted successfully. HKCR\CLSID\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key deleted successfully. HKCR\CLSID\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key not found. C:\Users\Rick\Volumeid.exe => Moved successfully. Could not find C:\Windows\SysWOW64\explorer.exe. C:\Windows\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe ==== End of Fixlog ====

I moved the supposedly infected explorer.exe to a linux lvm partition. Should i move it back and re-scan? Here is the Search log as of now: Farbar Recovery Scan Tool (x64) Version: 08-07-2013 Ran by Rick at 2013-07-09 22:45:17 Running from E:\ Boot Mode: Safe Mode (minimal) ================== Search: "explorer.exe" =================== C:\Windows\explorer.exe [2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2013-01-25 00:44] - [2011-02-26 01:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2013-01-25 02:32] - [2010-11-20 08:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2013-01-25 00:44] - [2011-02-26 01:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2013-01-25 00:45] - [2009-10-31 02:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2013-01-25 00:46] - [2009-08-03 01:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2013-01-25 00:44] - [2011-02-26 01:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2013-01-25 00:45] - [2009-10-31 01:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2013-01-25 00:46] - [2009-08-03 01:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009-07-13 19:41] - [2009-07-13 21:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2013-01-25 00:44] - [2011-02-26 02:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2013-01-25 02:32] - [2010-11-20 09:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2013-01-25 00:44] - [2011-02-26 02:26] - 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2013-01-25 00:45] - [2009-10-31 02:38] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2013-01-25 00:46] - [2009-08-03 02:19] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2013-01-25 00:44] - [2011-02-26 02:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2013-01-25 00:45] - [2009-10-31 02:34] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2013-01-25 00:46] - [2009-08-03 02:17] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009-07-13 19:56] - [2009-07-13 21:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64 ====== End Of Search ====== Thanks again. Rick.

I notice it shows a warning for missing explorer.exe which is one of the files the vscan quarantined.

Thanks again Maniac, here is the logfile. Sorry it took so long. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-07-2013 Ran by Rick (administrator) on 08-07-2013 19:07:49 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1131008 2012-09-21] (Sphinx Software) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.) HKLM-x32\...\Winlogon: [shell] explorer.exe [x ] () HKCU\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.) MountPoints2: {ad58c0c5-669f-11e2-8abf-806e6f6e6963} - D:\autoRcd.exe MountPoints2: {bbfbb5a4-db75-11e2-b613-842b2b9a14b5} - I:\VZW_Software_upgrade_assistant.exe HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe" [78496 2013-06-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP74DHP&pc=UP74&dt=022613 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () Tcpip\..\Interfaces\{8F6B1E99-F293-421E-B29E-5875B326E12A}: [NameServer]141.155.0.68,207.172.11.72 FireFox: ======== FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\user.js FF Homepage: www.yahoo.com FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: LastPass - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\support@lastpass.com FF Extension: WOT - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi FF Extension: trafficlight - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\trafficlight@bitdefender.com.xpi FF Extension: No Name - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-09-20] () S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-01] () S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S3 WfpCaptureUM; C:\Windows\system32\WfpCaptureUM.exe [20480 2013-02-03] (Microsoft Corporation) S2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [764416 2012-09-21] (Sphinx Software) ==================== Drivers (Whitelisted) ==================== S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices) S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices) S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices) S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices) S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [71616 2013-01-25] (Argotronic UG (haftungsbeschraenkt)) S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [71616 2013-01-25] (Argotronic UG (haftungsbeschraenkt)) S3 CrystalSysInfo; C:\Users\Rick\Downloads\crystal cpuid\SysInfoX64.sys [18128 2007-09-25] () S3 CrystalSysInfo; C:\Users\Rick\Downloads\crystal cpuid\SysInfoX64.sys [18128 2007-09-25] () S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61032 2013-02-03] (Microsoft Corporation) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [24672 2012-07-22] (Resplendence Software Projects Sp.) S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60024 2013-02-03] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\Rick\AppData\Local\Temp\ALSysIO64.sys [x] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-08 19:07 - 2013-07-08 19:07 - 00000000 ____D C:\FRST 2013-07-07 00:26 - 2013-07-07 00:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-02 13:31 - 2013-07-02 13:31 - 01493872 ____A (Sysinternals - www.sysinternals.com) C:\Users\Rick\Desktop\procexp64.exe 2013-07-02 12:30 - 2013-07-02 12:30 - 01529856 ____A C:\Users\Rick\Downloads\SpinRite.iso 2013-07-01 14:41 - 2013-07-01 14:41 - 00000038 ____A C:\Users\Rick\Documents\VZnetworkHelp.txt 2013-07-01 00:21 - 2013-07-08 04:03 - 00000896 ____A C:\Windows\setupact.log 2013-07-01 00:21 - 2013-07-01 00:21 - 00000782 ____A C:\Windows\PFRO.log 2013-07-01 00:21 - 2013-07-01 00:21 - 00000000 ____A C:\Windows\setuperr.log 2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files (x86)\WinPcap 2013-06-30 10:59 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files\Wireshark 2013-06-30 10:59 - 2013-06-30 10:59 - 28087416 ____A (Wireshark development team) C:\Users\Rick\Downloads\Wireshark-win64-1.10.0.exe 2013-06-30 02:02 - 2013-06-30 02:02 - 04396440 ____A (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup403.exe 2013-06-29 22:05 - 2013-06-29 22:05 - 02770017 ____A C:\Users\Rick\Downloads\Snort_2_9_4_6_Installer.exe 2013-06-27 14:43 - 2013-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-06-26 13:58 - 2013-06-26 01:01 - 00001218 ____A C:\Users\Rick\Documents\fanctrl.sh 2013-06-22 20:11 - 2013-06-22 20:11 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator 2013-06-22 20:10 - 2013-06-22 20:11 - 04752558 ____A (LinuxLive USB Creator) C:\Users\Rick\Downloads\LinuxLive USB Creator 2.8.22.exe 2013-06-22 04:46 - 2013-06-30 03:01 - 07990240 ____A (MPC-HC Team ) C:\Users\Rick\Downloads\MPC-HC.1.6.8.x64.exe 2013-06-20 02:02 - 2013-06-20 02:02 - 22211088 ____A C:\Users\Rick\Downloads\trillian-v5.3.0.16.exe 2013-06-18 15:56 - 2013-06-18 15:56 - 00000000 ____D C:\Program Files (x86)\EMET 4.0 2013-06-18 15:55 - 2013-06-18 15:55 - 08558080 ____A C:\Users\Rick\Downloads\EMET Setup.msi 2013-06-18 01:18 - 2013-06-18 01:18 - 00000000 ____D C:\Program Files (x86)\LiveUSB Creator 2013-06-18 01:14 - 2013-06-18 01:14 - 00078848 ____A C:\Users\Rick\Downloads\MD5 & SHA Checksum Utility.exe 2013-06-18 01:04 - 2013-06-18 01:04 - 00000540 ____A C:\Users\Rick\Documents\MD5 Checker 010441_18062013.txt 2013-06-18 01:02 - 2013-06-18 01:02 - 13080412 ____A C:\Users\Rick\Downloads\liveusb-creator-3.11.8-setup.exe 2013-06-16 01:21 - 2013-06-16 01:21 - 03820480 ____A C:\Users\Rick\Downloads\battlelog-web-plugins_2.1.7_115.exe 2013-06-15 15:29 - 2013-06-15 15:30 - 03739480 ____A (foobar2000.org) C:\Users\Rick\Downloads\foobar2000_v1.2.8.exe 2013-06-14 09:47 - 2013-06-14 09:47 - 00785445 ____A C:\Users\Rick\Downloads\md5checker_setup.zip 2013-06-14 09:47 - 2013-06-14 09:47 - 00001047 ____A C:\Users\Public\Desktop\MD5 Checker.lnk 2013-06-14 09:47 - 2013-06-14 09:47 - 00000000 ____D C:\Program Files (x86)\MD5 Checker 2013-06-14 09:46 - 2013-06-14 09:46 - 00007966 ____A C:\Users\Rick\Downloads\md5checker_code.zip 2013-06-12 15:56 - 2013-06-12 15:56 - 00212992 ____A C:\Users\Rick\Desktop\FWpolicies.wfw 2013-06-11 21:31 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 21:31 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 20:27 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 20:27 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-11 20:27 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-11 20:27 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-11 20:27 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 20:27 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-11 20:27 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-11 20:27 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-11 20:27 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-11 20:27 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-11 20:27 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 20:27 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 20:26 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-11 20:26 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-11 20:26 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-11 20:26 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-11 20:26 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-11 20:26 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-11 20:26 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-11 20:26 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-11 20:26 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-11 20:26 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-11 20:26 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-11 20:26 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-11 20:25 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 20:25 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 20:25 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 20:25 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 20:25 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 20:25 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 20:25 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 20:25 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 20:25 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 20:25 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 20:25 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 20:25 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 20:25 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll ==================== One Month Modified Files and Folders ======= 2013-07-08 19:07 - 2013-07-08 19:07 - 00000000 ____D C:\FRST 2013-07-08 13:33 - 2013-03-19 17:30 - 01056715 ____A C:\Windows\WindowsUpdate.log 2013-07-08 13:33 - 2013-01-26 06:20 - 00000000 ____D C:\Program Files\PeerBlock 2013-07-08 13:20 - 2013-01-25 23:56 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-07-08 13:20 - 2013-01-25 21:41 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-07-08 13:18 - 2013-01-25 19:23 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-08 10:28 - 2013-01-25 22:33 - 00000000 ____D C:\Users\Rick\AppData\Roaming\uTorrent 2013-07-08 08:33 - 2013-01-25 22:36 - 00000000 ____D C:\Users\Rick\Downloads\Utorrent Download 2013-07-08 04:10 - 2009-07-14 00:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-08 04:10 - 2009-07-14 00:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-08 04:03 - 2013-07-01 00:21 - 00000896 ____A C:\Windows\setupact.log 2013-07-08 04:03 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-08 04:02 - 2013-01-25 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-07 02:46 - 2013-01-25 21:41 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-07-07 00:29 - 2013-01-25 01:41 - 00007613 ____A C:\Users\Rick\AppData\Local\Resmon.ResmonCfg 2013-07-07 00:27 - 2013-07-07 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-04 14:15 - 2013-06-03 20:18 - 00000000 ____D C:\Users\Rick\My Scans 2013-07-04 13:27 - 2013-05-08 21:27 - 00000000 ____D C:\Program Files (x86)\Winamp 2013-07-02 13:31 - 2013-07-02 13:31 - 01493872 ____A (Sysinternals - www.sysinternals.com) C:\Users\Rick\Desktop\procexp64.exe 2013-07-02 12:30 - 2013-07-02 12:30 - 01529856 ____A C:\Users\Rick\Downloads\SpinRite.iso 2013-07-01 14:41 - 2013-07-01 14:41 - 00000038 ____A C:\Users\Rick\Documents\VZnetworkHelp.txt 2013-07-01 00:21 - 2013-07-01 00:21 - 00000782 ____A C:\Windows\PFRO.log 2013-07-01 00:21 - 2013-07-01 00:21 - 00000000 ____A C:\Windows\setuperr.log 2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files (x86)\WinPcap 2013-06-30 11:01 - 2013-06-30 10:59 - 00000000 ____D C:\Program Files\Wireshark 2013-06-30 10:59 - 2013-06-30 10:59 - 28087416 ____A (Wireshark development team) C:\Users\Rick\Downloads\Wireshark-win64-1.10.0.exe 2013-06-30 10:56 - 2013-02-12 13:02 - 01045072 ____A (BitTorrent Inc.) C:\Users\Rick\Downloads\uTorrent.exe 2013-06-30 03:02 - 2013-04-24 23:15 - 00001119 ____A C:\Users\Rick\Desktop\MPC-HC x64.lnk 2013-06-30 03:02 - 2013-02-04 11:57 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2013-06-30 03:01 - 2013-06-22 04:46 - 07990240 ____A (MPC-HC Team ) C:\Users\Rick\Downloads\MPC-HC.1.6.8.x64.exe 2013-06-30 03:00 - 2013-02-04 11:58 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Media Player Classic 2013-06-30 02:03 - 2013-05-08 21:27 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Winamp 2013-06-30 02:03 - 2013-02-22 15:58 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-30 02:02 - 2013-06-30 02:02 - 04396440 ____A (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup403.exe 2013-06-30 02:02 - 2013-04-29 22:37 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-06-30 02:02 - 2013-02-01 00:42 - 00000000 ____D C:\Program Files\CCleaner 2013-06-30 02:02 - 2013-01-24 23:30 - 00000000 ____D C:\Windows\Panther 2013-06-29 22:05 - 2013-06-29 22:05 - 02770017 ____A C:\Users\Rick\Downloads\Snort_2_9_4_6_Installer.exe 2013-06-27 14:44 - 2013-06-27 14:43 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-06-27 14:42 - 2013-02-01 22:57 - 00000000 ____D C:\Users\Rick\AppData\Local\Windows Live 2013-06-26 01:01 - 2013-06-26 13:58 - 00001218 ____A C:\Users\Rick\Documents\fanctrl.sh 2013-06-25 04:00 - 2009-07-14 01:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-24 23:53 - 2013-06-06 21:10 - 00000000 ____D C:\Users\Rick\Downloads\ubuntu live cd 2013-06-24 23:34 - 2009-07-14 01:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-22 20:11 - 2013-06-22 20:11 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator 2013-06-22 20:11 - 2013-06-22 20:10 - 04752558 ____A (LinuxLive USB Creator) C:\Users\Rick\Downloads\LinuxLive USB Creator 2.8.22.exe 2013-06-22 19:01 - 2013-02-21 10:43 - 00000000 ____D C:\ProgramData\Soulseek 2013-06-21 15:04 - 2013-01-25 14:49 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2013-06-20 02:03 - 2013-05-08 21:34 - 00001083 ____A C:\Users\Rick\Desktop\Trillian.lnk 2013-06-20 02:02 - 2013-06-20 02:02 - 22211088 ____A C:\Users\Rick\Downloads\trillian-v5.3.0.16.exe 2013-06-18 15:56 - 2013-06-18 15:56 - 00000000 ____D C:\Program Files (x86)\EMET 4.0 2013-06-18 15:55 - 2013-06-18 15:55 - 08558080 ____A C:\Users\Rick\Downloads\EMET Setup.msi 2013-06-18 01:26 - 2013-06-06 22:51 - 00000000 ____D C:\Users\Rick\AppData\Roaming\gnupg 2013-06-18 01:18 - 2013-06-18 01:18 - 00000000 ____D C:\Program Files (x86)\LiveUSB Creator 2013-06-18 01:14 - 2013-06-18 01:14 - 00078848 ____A C:\Users\Rick\Downloads\MD5 & SHA Checksum Utility.exe 2013-06-18 01:04 - 2013-06-18 01:04 - 00000540 ____A C:\Users\Rick\Documents\MD5 Checker 010441_18062013.txt 2013-06-18 01:02 - 2013-06-18 01:02 - 13080412 ____A C:\Users\Rick\Downloads\liveusb-creator-3.11.8-setup.exe 2013-06-16 01:23 - 2013-01-25 21:16 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-06-16 01:21 - 2013-06-16 01:21 - 03820480 ____A C:\Users\Rick\Downloads\battlelog-web-plugins_2.1.7_115.exe 2013-06-15 15:33 - 2013-04-30 23:00 - 00000000 ____D C:\Users\Rick\AppData\Roaming\foobar2000 2013-06-15 15:30 - 2013-06-15 15:29 - 03739480 ____A (foobar2000.org) C:\Users\Rick\Downloads\foobar2000_v1.2.8.exe 2013-06-15 15:30 - 2013-04-30 23:00 - 00001035 ____A C:\Users\Public\Desktop\foobar2000.lnk 2013-06-15 15:30 - 2013-04-30 23:00 - 00000000 ____D C:\Program Files (x86)\foobar2000 2013-06-14 21:34 - 2013-02-11 04:41 - 00000000 ____D C:\Users\Rick\Downloads\net card 2013-06-14 09:47 - 2013-06-14 09:47 - 00785445 ____A C:\Users\Rick\Downloads\md5checker_setup.zip 2013-06-14 09:47 - 2013-06-14 09:47 - 00001047 ____A C:\Users\Public\Desktop\MD5 Checker.lnk 2013-06-14 09:47 - 2013-06-14 09:47 - 00000000 ____D C:\Program Files (x86)\MD5 Checker 2013-06-14 09:46 - 2013-06-14 09:46 - 00007966 ____A C:\Users\Rick\Downloads\md5checker_code.zip 2013-06-12 17:08 - 2013-05-08 22:54 - 00016596 ____A C:\Users\Rick\Desktop\autoexec.cfg 2013-06-12 17:00 - 2013-02-21 20:45 - 02095104 ____A C:\Users\Rick\Downloads\QuakeLiveNP_520.msi 2013-06-12 15:57 - 2013-04-05 01:50 - 00060109 ____A C:\Users\Rick\Desktop\outbound rules.txt 2013-06-12 15:56 - 2013-06-12 15:56 - 00212992 ____A C:\Users\Rick\Desktop\FWpolicies.wfw 2013-06-11 23:47 - 2013-01-25 16:58 - 00000000 ____D C:\Users\Rick\AppData\Local\Adobe 2013-06-11 23:47 - 2013-01-24 21:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 23:47 - 2013-01-24 21:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 21:34 - 2013-02-07 20:37 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-11 21:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-06-11 20:27 - 2013-01-25 01:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-08 10:08 - 2013-06-11 20:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 10:07 - 2013-06-11 20:26 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 10:06 - 2013-06-11 20:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 10:06 - 2013-06-11 20:26 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 10:06 - 2013-06-11 20:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 08:28 - 2013-06-11 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 07:42 - 2013-06-11 20:26 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 07:40 - 2013-06-11 20:26 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 07:40 - 2013-06-11 20:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 07:40 - 2013-06-11 20:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 07:40 - 2013-06-11 20:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 07:13 - 2013-06-11 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Files to move or delete: ==================== C:\Users\Rick\Volumeid.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 01:58 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2013 Ran by Rick at 2013-07-08 19:08:37 Running from E:\ Boot Mode: Safe Mode (minimal) ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 3.2.2.28500) 3DMark 11 (x32 Version: 1.0.3) Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.171) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) Age of Conan: Unchained - US version (x32) Aion (HKCU) AMD Accelerated Video Transcoding (Version: 12.5.100.21219) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2012.1219.1521.27485) AMD Media Foundation Decoders (Version: 1.0.71219.1540) AMD OverDrive Beta (x32 Version: 4.2.3.0625) AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485) ArgusMonitor (x32) Audacity 2.0.3 (x32 Version: 2.0.3) Auslogics BoostSpeed (x32 Version: 5.4) Battlefield 3™ (x32 Version: 1.5.0.0) Battlefield: Bad Company™ 2 (x32 Version: 1.0.0.0) Battlelog Web Plugins (x32 Version: 2.1.7) Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.55.03) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485) CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485) CCC Help Czech (x32 Version: 2012.1219.1520.27485) CCC Help Danish (x32 Version: 2012.1219.1520.27485) CCC Help Dutch (x32 Version: 2012.1219.1520.27485) CCC Help English (x32 Version: 2012.1219.1520.27485) CCC Help Finnish (x32 Version: 2012.1219.1520.27485) CCC Help French (x32 Version: 2012.1219.1520.27485) CCC Help German (x32 Version: 2012.1219.1520.27485) CCC Help Greek (x32 Version: 2012.1219.1520.27485) CCC Help Hungarian (x32 Version: 2012.1219.1520.27485) CCC Help Italian (x32 Version: 2012.1219.1520.27485) CCC Help Japanese (x32 Version: 2012.1219.1520.27485) CCC Help Korean (x32 Version: 2012.1219.1520.27485) CCC Help Norwegian (x32 Version: 2012.1219.1520.27485) CCC Help Polish (x32 Version: 2012.1219.1520.27485) CCC Help Portuguese (x32 Version: 2012.1219.1520.27485) CCC Help Russian (x32 Version: 2012.1219.1520.27485) CCC Help Spanish (x32 Version: 2012.1219.1520.27485) CCC Help Swedish (x32 Version: 2012.1219.1520.27485) CCC Help Thai (x32 Version: 2012.1219.1520.27485) CCC Help Turkish (x32 Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.1219.1521.27485) CCleaner (Version: 4.03) Counter-Strike: Source (x32) D3DX10 (x32 Version: 15.4.2368.0902) EMET 4.0 (x32 Version: 4.0) ESN Sonar (x32 Version: 0.70.4) FileHippo.com Update Checker (x32) foobar2000 v1.2.8 (x32 Version: 1.2.8) Fraps (x32) Futuremark SystemInfo (x32 Version: 4.6.0) Gpg4win (2.1.1) (x32 Version: 2.1.1) HD Tach version 3 (x32) HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0) IsoBuster 3.2 (x32 Version: 3.2) Junk Mail filter update (x32 Version: 16.4.3508.0205) LastPass(uninstall only) (x32) LatencyMon 4.02 LinuxLive USB Creator (x32 Version: 2.8) LiveUSB Creator (remove only) (x32) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MD5 Checker version 4.0.0 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Message Analyzer (Version: 4.0.5950.0) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MPC-HC 1.6.7.7114 (9eb64ec) (x32 Version: 1.6.7.7114) MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Multimedia Card Reader (x32 Version: 1.7.915.93) NCsoft Launcher (x32 Version: 1.5.19002) Nero 11 Collection 1 (x32 Version: 11.0.11200.12.0) Nero 11 Kwik Themes 3 (x32 Version: 11.0.11200.12.0) Nero 11 Kwik Themes 4 (x32 Version: 11.0.11200.12.0) Nero 11 Mini Repack Nero 11 PiP Effects 1 (x32 Version: 11.0.11200.12.0) Nero 11 v11.2.4.100 (x64) (Version: 11.2.4.100) Nero 11 Video Transitions 1 (x32 Version: 11.0.11200.12.0) Nero Backup Drivers (Version: 1.0.10000.1.0) NVIDIA PhysX (x32 Version: 9.12.0613) Origin (x32 Version: 9.1.11.2678) PeerBlock 1.1 (r518) (Version: 1.1.0.518) PerformanceTest v8.0 (Version: 8.0.1014.0) PunkBuster Services (x32 Version: 0.988) Quake Live Mozilla Plugin (x32 Version: 1.0.520) RealDownloader (x32 Version: 1.3.2) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0) RealPlayer (x32 Version: 16.0.2) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) RealUpgrade 1.1 (x32 Version: 1.1.0) SoulSeek 157 NS 13e (x32) SpeedFan (remove only) (x32) Steam (x32 Version: 1.0.0.0) Team Fortress 2 (x32) TechPowerUp GPU-Z (x32) TERA (x32 Version: 1.41) THX TruStudio PC (x32 Version: 1.0) Trillian (x32) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) us Mod Manager (Version: 0.43.1) Winamp (x32 Version: 5.63 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (x32 Version: 16.4.3508.0205) Windows Live Essentials (x32 Version: 16.4.3508.0205) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3508.0205) Windows Live Mail (x32 Version: 16.4.3508.0205) Windows Live MIME IFilter (Version: 16.4.3508.0205) Windows Live Photo Common (x32 Version: 16.4.3508.0205) Windows Live PIMT Platform (x32 Version: 16.4.3508.0205) Windows Live SOXE (x32 Version: 16.4.3508.0205) Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205) Windows Live UX Platform (x32 Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205) Windows Live Writer (x32 Version: 16.4.3508.0205) Windows Live Writer Resources (x32 Version: 16.4.3508.0205) Windows7FirewallControl (x64) 5.1.7.69 (Version: 5.1.7.69) WinPcap 4.1.3 (x32 Version: 4.1.0.2980) WinRAR 4.20 (64-bit) (Version: 4.20.0) Wireshark 1.10.0 (64-bit) (x32 Version: 1.10.0) World of Warcraft (x32 Version: 5.1.0.16357) WOT for Internet Explorer (Version: 12.8.2.0) ==================== Restore Points ========================= 12-06-2013 20:57:11 Removed Quake Live Mozilla Plugin 12-06-2013 21:00:59 Installed Quake Live Mozilla Plugin 15-06-2013 05:22:50 Windows Update 18-06-2013 19:55:38 Installed EMET 4.0 19-06-2013 10:23:57 Windows Update 23-06-2013 10:22:20 Windows Update 27-06-2013 09:13:49 Windows Update 27-06-2013 18:34:43 Windows Live Essentials 27-06-2013 18:34:52 WLSetup 27-06-2013 18:42:44 Windows Live Essentials 27-06-2013 18:43:40 WLSetup 01-07-2013 05:06:02 Windows Update 04-07-2013 18:00:32 Windows Update 08-07-2013 08:13:51 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {042A0F7E-8879-4FA9-8048-6A62EB1E222F} - System32\Tasks\Peerblock Start with windows => C:\Program Files\PeerBlock\peerblock.exe [2010-11-06] (PeerBlock, LLC) Task: {5E5D2B72-79F6-4666-8FC7-8EDFF5210540} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {6DEACD07-B021-444D-A1A6-70E182646024} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {7DFE5392-4642-4034-B5B3-D2DC6C4EFD63} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation) Task: {7FFB17B4-08A9-4D39-B0DF-B02AB7F3F822} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {9095E030-266C-42F0-9441-E547ACF91ED6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {AB5B125C-CBF0-4FDB-AC5F-CF26E3C23AE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {C2C8DFD0-81BD-4368-A402-85790ACAEBBA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.) Task: {D925C591-2840-46E4-8106-4A93906099E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {D9545D5A-6106-44C7-95C4-2444A90991A5} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe No File ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/08/2013 06:10:06 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/08/2013 06:07:16 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1". Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/08/2013 06:07:15 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1". Dependent Assembly OnlineServices,version="11.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 04:34:17 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 04:32:03 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1". Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 04:32:02 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1". Dependent Assembly OnlineServices,version="11.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/05/2013 06:49:14 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/05/2013 06:47:06 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1". Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/05/2013 06:47:06 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1". Dependent Assembly OnlineServices,version="11.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/04/2013 09:17:29 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (07/08/2013 07:06:36 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2013 07:06:36 PM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (07/08/2013 07:05:20 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy pefndis Psched rdbss spldr tdx Wanarpv6 WfpLwf Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: %%1068 Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: %%1068 Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: %%1068 Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: %%31 Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: %%1068 Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: %%31 Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: %%31 Microsoft Office Sessions: ========================= Error: (07/08/2013 06:10:06 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe Error: (07/08/2013 06:07:16 AM) (Source: SideBySide)(User: ) Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest Error: (07/08/2013 06:07:15 AM) (Source: SideBySide)(User: ) Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest Error: (07/07/2013 04:34:17 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe Error: (07/07/2013 04:32:03 AM) (Source: SideBySide)(User: ) Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest Error: (07/07/2013 04:32:02 AM) (Source: SideBySide)(User: ) Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest Error: (07/05/2013 06:49:14 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe Error: (07/05/2013 06:47:06 AM) (Source: SideBySide)(User: ) Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest Error: (07/05/2013 06:47:06 AM) (Source: SideBySide)(User: ) Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest Error: (07/04/2013 09:17:29 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 6143.3 MB Available physical RAM: 5520.11 MB Total Pagefile: 12284.78 MB Available Pagefile: 11670.37 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:638.44 GB) (Free:283.8 GB) NTFS (Disk=0 Partition=2) Drive e: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=5 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 9C92424B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=638 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=500 MB) - (Type=83) Partition 4: (Not Active) - (Size=292 GB) - (Type=05) ======================================================== Disk: 5 (Size: 4 GB) (Disk ID: 000BB960) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================

Thank you for replying. As soon as I finish these instructions, hopefully tomorrow, I will let you know. Rich.

Hello all, I think i'm infected with win trojans in explorer.exe is it safe to just delete? They only come up when i scan the windows ntfs partition from a linux OS. I use clamav. What is the best way to remove them? top/mnt/Windows/SysWOW64/explorer.exe: Win.Trojan.Bamital-1158 FOUND /mnt/Windows/SysWOW64/explorer.exe: moved to '/infectedfiles/explorer.exe' /mnt/Windows/winsxs/x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1 .7600.16385_none_adca1fa537de6f5e/setup_wm.exe: Win.Trojan.588749 FOUND /mnt/Windows/winsxs/x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7600.16385_none_adca1fa537de6f5e/setup_wm.exe: moved to '/infectedfiles/setup_wm.exe' /mnt/Windows/winsxs/wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5/explorer.exe: Win.Trojan.Bamital-1158 FOUND /mnt/Windows/winsxs/wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5/explorer.exe: moved to '/infectedfiles/explorer.exe.001' Thanks I appreciate the help. Rich.

Yes, sorry about that Kevin tks for all your help.

Sorry to have this thread reopened. It turns out NIS was the cause of all my issues. NIS is even worse then i thought now. I would never recommend that program to anybody anymore. NIS 2009 and 2010 were good programs. but 2012 turned into a disaster, and i guess 2013 is even worse. They are back to their old ways crippling pcs. I was wondering if a subcription to malwarebytes is only good for one pc or can i install on the 3 pcs on my network. Thanks for all your help.

tks again.

Would i be able to install microsoft security essentials on windows xp also?

Tks a whole bunch Kevin. . I've uninstalled all the tools. Used TFC. updated everything with filehippo. (what an awsome tool) I downloaded winpatrol. I do already use firefox with noscript and adblocker. I appreciate all your help.. I do use NIS, , but I want to change firewall suites when my subscription runs out in a couple months. I used to use zonealarm but it became a resource hog which is why i swtiched to NIS.....I was wondering if there was any premium suites that you recommend, That are both user friendly and low on resources. tks again Kevin.

nvm turns out i need to allow that to browse the other pc on the network. Seems like my pc is in working order. is there anything else i need to configure? tks for all your help.

oh i should add.....that it is going from my computer on port 16339. to port 80 on the other machine. this might be normal.. but i don't want to take any chances nowadays. I guess i can just block it...and see if i can stil share files on the network. if i can't i will just allow it. But i appreciate your input.