[explorer.exe win.trojan bamital-1158 FOUND]

aww man once again i forgot to allow the script on this site which is why sometimes my posts are autowrapped...and i have no option to edit my post.

[explorer.exe win.trojan bamital-1158 FOUND]

Actually just playing the videos in windows might be a problem. Winamp isn't safe and hasn't been for years,(but i use it to record some fm radio station streams) mpc apparenlty isn't safe either I'm finding out after running all these scans.... wmp isnt' safe even according to Microsoft. Maybe i should use vlc now? lol Its not as good as mpc when it comes to user friendliness and fullscreen features but I guess I have no choice.

I mean Microsoft even admits now publicly that videos can be virused and install malware through the video players when you play them, which they are trying to fix while borking their media player at the same time. I mean I've suspected that for years, its been obvious at times, but I guess now its finally publicy confirmed. I would say the same is probably true for mp3 music files also. Which is in many peoples legal rights to download, One argument is for backup of what they already own.(which i do frequently when a cd is damaged or lost) I've bought a bunch of cds this year and have gone to a dozen movies so I don't see a problem especially with so many valid reasons to share information.

Amd chipset drivers have something similar to Dsentry in them now to probe drives to protect from autoplay and autorun exploits and prevent even retail dvds from dialing out. But it seems like the internet is dying unless you go on facebook and twitter with your phone. Most of my friends are not too computer savvy, so they end up not using their pc anymore. It either gets too bogged down infested and slow, hijacked, or it just crashes. All it takes now is visiting a url. And I don't believe its because of the Gov't or RIAA. I think its just hackers being malicious for kicks, or trying to add to their botnets for w/e purposes.

I would use Linux but it just doesn't have great surround sound support when watching videos or DvDs. Extended displays with non hdmi connections have horrible quality, And I use win 7 to play newer games like battlefield 3. (although steam announcing support for ubuntu sounds promising)

Just some thoughts on my mind. Thanks for all your help man I really appreciate it. I was due for a good scanning.

Rich.

[explorer.exe win.trojan bamital-1158 FOUND]

I think maybe i won't install utorrent again. and just use vm in linux. I still can't totally give up windows though. Its still the best for multimedia, with more options and better quality video and sound drivers. and still needed for most games.

[explorer.exe win.trojan bamital-1158 FOUND]

seems to be running good.

[explorer.exe win.trojan bamital-1158 FOUND]

C:\Users\Rick\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\Rick\Downloads\uTorrent.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined

C:\Users\Rick\Downloads\Utorrent Download\ubcd521.iso Win32/PSWTool.KonBoot.A application deleted - quarantined

[explorer.exe win.trojan bamital-1158 FOUND]

found it in the c: directory. Didn't see that in the instructions but remembered from last time I came here for help about a year ago ComboFix 13-07-16.01 - Rick 07/17/2013  21:14:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.4869 [GMT -4:00]
Running from: c:\users\Rick\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Rick\AppData\Local\assembly\tmp
c:\users\Rick\EULA.txt
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-17 02:05 . 2013-07-17 02:05    941720    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{103D5384-834B-4D24-AF38-E4BC36E9EC7A}\gapaengine.dll
2013-07-17 02:05 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20998BA6-ECA2-4259-BDFB-3EAAF391AAF2}\mpengine.dll
2013-07-15 02:09 . 2013-07-15 02:09    --------    d-----w-    c:\users\EverydayCool
2013-07-13 08:14 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 16:58 . 2011-02-25 06:19    2871808    ----a-w-    c:\windows\SysWow64\explorer.exe
2013-07-09 22:14 . 2013-07-09 22:16    --------    d-----w-    c:\windows\system32\MRT
2013-07-09 21:17 . 2013-06-11 23:43    108032    ----a-w-    c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-09 21:17 . 2013-06-11 23:26    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-07-09 21:17 . 2013-06-11 23:43    817664    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17 . 2013-06-11 23:26    1084928    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17 . 2013-06-11 23:25    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-07-09 21:17 . 2013-06-11 23:43    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-07-09 21:17 . 2013-06-11 23:26    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-07-09 21:17 . 2013-06-11 23:25    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-07-09 21:17 . 2013-06-11 23:25    19238912    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-09 21:12 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-09 21:12 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-08 23:07 . 2013-07-08 23:07    --------    d-----w-    C:\FRST
2013-06-30 15:01 . 2013-06-30 15:01    --------    d-----w-    c:\program files (x86)\WinPcap
2013-06-30 14:59 . 2013-06-30 15:01    --------    d-----w-    c:\program files\Wireshark
2013-06-27 18:43 . 2013-06-27 18:44    --------    d-----w-    c:\program files (x86)\Windows Live
2013-06-23 00:11 . 2013-06-23 00:11    --------    d-----w-    c:\program files (x86)\LinuxLive USB Creator
2013-06-19 01:50 . 2013-06-19 01:50    247216    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:56 . 2013-06-18 19:56    --------    d-----w-    c:\program files (x86)\EMET 4.0
2013-06-18 05:18 . 2013-06-18 05:18    --------    d-----w-    c:\program files (x86)\LiveUSB Creator
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 02:39 . 2013-01-26 03:56    290184    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-07-17 02:39 . 2013-01-26 01:41    290184    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-07-17 02:39 . 2013-01-26 01:41    291088    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-07-09 21:10 . 2013-01-25 01:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 21:10 . 2013-01-25 01:05    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-24 04:57 . 2013-01-25 05:12    78277128    ----a-w-    c:\windows\system32\MRT.exe
2013-06-21 08:45 . 2013-03-12 15:20    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 01:50 . 2012-08-31 03:03    139616    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-14 20:19 . 2013-06-14 20:19    549536    ----a-w-    c:\windows\apppatch\EMET.dll
2013-06-14 20:19 . 2013-06-14 20:19    149664    ----a-w-    c:\windows\apppatch\AppPatch64\EMET64.dll
2013-06-04 22:38 . 2013-02-20 00:11    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-06-04 22:38 . 2013-02-20 00:11    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2013-05-13 05:51 . 2013-06-12 00:25    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 00:25    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 00:25    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 00:25    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 00:25    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 00:25    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 00:25    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 00:25    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 00:25    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 00:25    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 01:31    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 01:31    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 00:25    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2013-01-25 01:24    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 00:25    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 00:25    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-01-25 01:03 . 2013-01-25 01:03    14794312    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"EMET Agent"="c:\program files (x86)\EMET 4.0\EMET_agent.exe" [2013-06-14 78496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys;SysWOW64\drivers\ArgusMonitor.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wfpcapture;wfpcapture;c:\windows\System32\Drivers\wfpcapture.sys;c:\windows\SYSNATIVE\Drivers\wfpcapture.sys [x]
R3 WfpCaptureUM;WfpCaptureUM;c:\windows\system32\WfpCaptureUM.exe;c:\windows\SYSNATIVE\WfpCaptureUM.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 pefndis;Microsoft PEF NDIS ETW Provider Driver;c:\windows\system32\DRIVERS\pefndis.sys;c:\windows\SYSNATIVE\DRIVERS\pefndis.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 1131008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347}: NameServer = 68.237.161.12,71.250.0.12
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone]
"Name"="EnableAll"
"Result"=dword:00000000
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-07-17  21:26:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-18 01:26
.
Pre-Run: 299,927,846,912 bytes free
Post-Run: 299,567,235,072 bytes free
.
- - End Of File - - 60ACE05AF52AD17EDC1826C25EF6B3E3
89B5DB6675722B3F1FCF978126515316
 

[explorer.exe win.trojan bamital-1158 FOUND]

ok so, I kept getting commandline Standard stream splitter stopped working messages dozens of times throughout the scan. What I did was just kept clicking "close program" button.

When the scan finished, after all the stages, it didn't pop up with a log file on the screen? where does it save the log to check it created one?

[explorer.exe win.trojan bamital-1158 FOUND]

Here is the other log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2013 7:43:52 PM
System Uptime: 7/13/2013 6:06:48 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0NWWY0
Processor: AMD Phenom II X4 820 Processor | CPU 1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 638 GiB total, 280.913 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AODDriver4.2
Device ID: ROOT\LEGACY_AODDRIVER4.2\0000
Manufacturer:
Name: AODDriver4.2
PNP Device ID: ROOT\LEGACY_AODDRIVER4.2\0000
Service: AODDriver4.2
.
==== System Restore Points ===================
.
RP138: 6/23/2013 6:22:20 AM - Windows Update
RP139: 6/27/2013 5:13:49 AM - Windows Update
RP140: 6/27/2013 2:34:43 PM - Windows Live Essentials
RP141: 6/27/2013 2:34:52 PM - WLSetup
RP142: 6/27/2013 2:42:44 PM - Windows Live Essentials
RP143: 6/27/2013 2:43:40 PM - WLSetup
RP144: 7/1/2013 1:06:02 AM - Windows Update
RP145: 7/4/2013 2:00:32 PM - Windows Update
RP146: 7/8/2013 4:13:51 AM - Windows Update
RP147: 7/9/2013 5:13:50 PM - Windows Update
RP148: 7/9/2013 6:11:23 PM - Windows Update
RP149: 7/9/2013 6:14:09 PM - Windows Update
RP150: 7/13/2013 4:13:36 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
3DMark 11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Age of Conan: Unchained - US version
Aion
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD OverDrive Beta
AMD VISION Engine Control Center
ArgusMonitor
Audacity 2.0.3
Auslogics BoostSpeed
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Broadcom NetXtreme-I Netlink Driver and Management Installer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Counter-Strike: Source
D3DX10
Dell System Detect
Dell System Detect Bootstrapper
EMET 4.0
ESN Sonar
FileHippo.com Update Checker
foobar2000 v1.2.8
Fraps
Futuremark SystemInfo
Gpg4win (2.1.1)
HD Tach version 3
HP Officejet Pro 8600 Basic Device Software
IsoBuster 3.2
Junk Mail filter update
LastPass(uninstall only)
LatencyMon 4.02
LinuxLive USB Creator
LiveUSB Creator (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
MD5 Checker version 4.0.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Message Analyzer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.7.7114 (9eb64ec)
MPC-HC 1.6.8 (64-bit)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NCsoft Launcher
Nero 11 Collection 1
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Mini Repack
Nero 11 PiP Effects 1
Nero 11 v11.2.4.100 (x64)
Nero 11 Video Transitions 1
Nero Backup Drivers
Nexus Mod Manager
NVIDIA PhysX
Origin
PeerBlock 1.1 (r518)
PerformanceTest v8.0
Photo Common
PunkBuster Services
Quake Live Mozilla Plugin
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SoulSeek 157 NS 13e
SpeedFan (remove only)
Steam
Team Fortress 2
TechPowerUp GPU-Z
TERA
THX TruStudio PC
Trillian
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows7FirewallControl (x64) 5.1.7.69
WinPcap 4.1.3
WinRAR 4.20 (64-bit)
Wireshark 1.10.0 (64-bit)
World of Warcraft
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
7/7/2013 1:32:18 AM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/13/2013 6:07:56 PM, Error: Microsoft-Windows-Time-Service [4]  - The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)
7/13/2013 6:07:42 PM, Error: Service Control Manager [7000]  - The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.
7/10/2013 12:58:28 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/10/2013 12:57:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy pefndis Psched rdbss spldr tdx Wanarpv6 WfpLwf
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ===========================
 

[explorer.exe win.trojan bamital-1158 FOUND]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Rick at 20:30:33 on 2013-07-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3879 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\mmc.exe
C:\Users\Rick\AppData\Local\Apps\2.0\1K7HLRXZ.MQ2\CQ98DNZ8.5PV\dell..tion_0f612f649c4a10af_0005.0000_a97905297feaae2c\DellSystemDetect.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\notepad.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [DellSystemDetect] C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
Trusted Zone: dell.com

TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347} : NameServer = 68.237.161.12,71.250.0.12
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920]
R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024]
S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648]
S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376]
.
=============== Created Last 30 ================
.
2013-07-13 08:14:07    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll
2013-07-12 14:27:45    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 16:58:36    2871808    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-07-09 22:14:22    --------    d-----w-    C:\Windows\System32\MRT
2013-07-09 21:17:59    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-09 21:17:58    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17:58    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17:57    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-09 21:17:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-09 21:12:46    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-09 21:12:46    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-08 23:07:29    --------    d-----w-    C:\FRST
2013-07-07 04:27:00    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-07-07 04:27:00    867072    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-07-07 04:27:00    272792    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-07-07 04:27:00    20132248    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-07-07 04:27:00    170232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-07-07 04:27:00    151960    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-07-07 04:27:00    12800    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2013-07-07 04:27:00    124504    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2013-06-30 15:01:34    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-06-30 14:59:52    --------    d-----w-    C:\Program Files\Wireshark
2013-06-23 00:11:36    --------    d-----w-    C:\Program Files (x86)\LinuxLive USB Creator
2013-06-21 08:45:15    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll
2013-06-19 01:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 19:56:36    --------    d-----w-    C:\Program Files (x86)\EMET 4.0
2013-06-18 05:18:29    --------    d-----w-    C:\Program Files (x86)\LiveUSB Creator
2013-06-14 13:47:37    --------    d-----w-    C:\Program Files (x86)\MD5 Checker
.
==================== Find3M  ====================
.
2013-07-13 22:34:02    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-13 22:34:02    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-07-13 22:33:33    291088    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-09 21:10:33    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 21:10:33    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-19 01:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-14 20:19:42    549536    ----a-w-    C:\Windows\apppatch\EMET.dll
2013-06-14 20:19:42    149664    ----a-w-    C:\Windows\apppatch\AppPatch64\EMET64.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 22:38:02    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-06-04 22:38:02    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-20 20:01:55    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-01-25 01:03:32    14794312    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 20:31:19.34 ===============
 

[explorer.exe win.trojan bamital-1158 FOUND]

yes sorry let me repost.

[explorer.exe win.trojan bamital-1158 FOUND]

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

x64-SSODL: WebCheck -

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920]

R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]

R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536]

S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512]

S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136]

S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]

S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024]

S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480]

S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648]

S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]

S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584]

S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376]

.

=============== Created Last 30 ================

.

2013-07-13 08:14:07 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll

2013-07-12 14:27:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-10 16:58:36 2871808 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-07-09 22:14:22 -------- d-----w- C:\Windows\System32\MRT

2013-07-09 21:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-07-09 21:17:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-09 21:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-09 21:17:57 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-09 21:17:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-09 21:12:46 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-09 21:12:46 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-08 23:07:29 -------- d-----w- C:\FRST

2013-07-07 04:27:00 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2013-07-07 04:27:00 867072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2013-07-07 04:27:00 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2013-07-07 04:27:00 20132248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2013-07-07 04:27:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2013-07-07 04:27:00 151960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2013-07-07 04:27:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

2013-07-07 04:27:00 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

2013-06-30 15:01:34 -------- d-----w- C:\Program Files (x86)\WinPcap

2013-06-30 14:59:52 -------- d-----w- C:\Program Files\Wireshark

2013-06-23 00:11:36 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator

2013-06-21 08:45:15 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll

2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-18 19:56:36 -------- d-----w- C:\Program Files (x86)\EMET 4.0

2013-06-18 05:18:29 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator

2013-06-14 13:47:37 -------- d-----w- C:\Program Files (x86)\MD5 Checker

.

==================== Find3M ====================

.

2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-07-13 22:33:33 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-07-09 21:10:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-09 21:10:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-14 20:19:42 549536 ----a-w- C:\Windows\apppatch\EMET.dll

2013-06-14 20:19:42 149664 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 22:38:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-06-04 22:38:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-05-20 20:01:55 0 ----a-w- C:\Windows\ativpsrm.bin

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-25 01:03:32 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

.

============= FINISH: 20:31:19.34 ===============

[explorer.exe win.trojan bamital-1158 FOUND]

Yep.

[explorer.exe win.trojan bamital-1158 FOUND]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-07-2013
Ran by Rick at 2013-07-10 12:58:35 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key deleted successfully.
HKCR\CLSID\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key not found.
C:\Users\Rick\Volumeid.exe => Moved successfully.
Could not find C:\Windows\SysWOW64\explorer.exe.
C:\Windows\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe

==== End of Fixlog ====

[explorer.exe win.trojan bamital-1158 FOUND]

I moved the supposedly infected explorer.exe to a linux lvm partition. Should i move it back and re-scan? Here is the Search log as of now:

Farbar Recovery Scan Tool (x64) Version: 08-07-2013

Ran by Rick at 2013-07-09 22:45:17

Running from E:\

Boot Mode: Safe Mode (minimal)

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe

[2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2013-01-25 00:44] - [2011-02-26 01:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2013-01-25 02:32] - [2010-11-20 08:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2013-01-25 00:44] - [2011-02-26 01:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2013-01-25 00:45] - [2009-10-31 02:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2013-01-25 00:46] - [2009-08-03 01:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2013-01-25 00:44] - [2011-02-26 01:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2013-01-25 00:45] - [2009-10-31 01:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2013-01-25 00:46] - [2009-08-03 01:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009-07-13 19:41] - [2009-07-13 21:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2013-01-25 00:44] - [2011-02-26 02:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2013-01-25 02:32] - [2010-11-20 09:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2013-01-25 00:44] - [2011-02-26 02:26] - 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2013-01-25 00:45] - [2009-10-31 02:38] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2013-01-25 00:46] - [2009-08-03 02:19] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2013-01-25 00:44] - [2011-02-26 02:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2013-01-25 00:45] - [2009-10-31 02:34] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2013-01-25 00:46] - [2009-08-03 02:17] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009-07-13 19:56] - [2009-07-13 21:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

====== End Of Search ======

Thanks again.

Rick.

[explorer.exe win.trojan bamital-1158 FOUND]

I notice it shows a warning for missing explorer.exe  which is one of the files the vscan quarantined.

[explorer.exe win.trojan bamital-1158 FOUND]

Thanks again Maniac, here is the logfile. Sorry it took so long.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-07-2013
Ran by Rick (administrator) on 08-07-2013 19:07:49
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1131008 2012-09-21] (Sphinx Software)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM-x32\...\Winlogon: [shell] explorer.exe [x ] ()
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.)
MountPoints2: {ad58c0c5-669f-11e2-8abf-806e6f6e6963} - D:\autoRcd.exe
MountPoints2: {bbfbb5a4-db75-11e2-b613-842b2b9a14b5} - I:\VZW_Software_upgrade_assistant.exe
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe" [78496 2013-06-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP74DHP&pc=UP74&dt=022613
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\..\Interfaces\{8F6B1E99-F293-421E-B29E-5875B326E12A}: [NameServer]141.155.0.68,207.172.11.72

FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\user.js
FF Homepage: www.yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\support@lastpass.com
FF Extension: WOT - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
FF Extension: trafficlight - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\trafficlight@bitdefender.com.xpi
FF Extension: No Name - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-09-20] ()
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-01] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 WfpCaptureUM; C:\Windows\system32\WfpCaptureUM.exe [20480 2013-02-03] (Microsoft Corporation)
S2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [764416 2012-09-21] (Sphinx Software)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [71616 2013-01-25] (Argotronic UG (haftungsbeschraenkt))
S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [71616 2013-01-25] (Argotronic UG (haftungsbeschraenkt))
S3 CrystalSysInfo; C:\Users\Rick\Downloads\crystal cpuid\SysInfoX64.sys [18128 2007-09-25] ()
S3 CrystalSysInfo; C:\Users\Rick\Downloads\crystal cpuid\SysInfoX64.sys [18128 2007-09-25] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61032 2013-02-03] (Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [24672 2012-07-22] (Resplendence Software Projects Sp.)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60024 2013-02-03] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Rick\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 19:07 - 2013-07-08 19:07 - 00000000 ____D C:\FRST
2013-07-07 00:26 - 2013-07-07 00:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 13:31 - 2013-07-02 13:31 - 01493872 ____A (Sysinternals - www.sysinternals.com) C:\Users\Rick\Desktop\procexp64.exe
2013-07-02 12:30 - 2013-07-02 12:30 - 01529856 ____A C:\Users\Rick\Downloads\SpinRite.iso
2013-07-01 14:41 - 2013-07-01 14:41 - 00000038 ____A C:\Users\Rick\Documents\VZnetworkHelp.txt
2013-07-01 00:21 - 2013-07-08 04:03 - 00000896 ____A C:\Windows\setupact.log
2013-07-01 00:21 - 2013-07-01 00:21 - 00000782 ____A C:\Windows\PFRO.log
2013-07-01 00:21 - 2013-07-01 00:21 - 00000000 ____A C:\Windows\setuperr.log
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-06-30 10:59 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files\Wireshark
2013-06-30 10:59 - 2013-06-30 10:59 - 28087416 ____A (Wireshark development team) C:\Users\Rick\Downloads\Wireshark-win64-1.10.0.exe
2013-06-30 02:02 - 2013-06-30 02:02 - 04396440 ____A (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup403.exe
2013-06-29 22:05 - 2013-06-29 22:05 - 02770017 ____A C:\Users\Rick\Downloads\Snort_2_9_4_6_Installer.exe
2013-06-27 14:43 - 2013-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-26 13:58 - 2013-06-26 01:01 - 00001218 ____A C:\Users\Rick\Documents\fanctrl.sh
2013-06-22 20:11 - 2013-06-22 20:11 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-06-22 20:10 - 2013-06-22 20:11 - 04752558 ____A (LinuxLive USB Creator) C:\Users\Rick\Downloads\LinuxLive USB Creator 2.8.22.exe
2013-06-22 04:46 - 2013-06-30 03:01 - 07990240 ____A (MPC-HC Team                                                 ) C:\Users\Rick\Downloads\MPC-HC.1.6.8.x64.exe
2013-06-20 02:02 - 2013-06-20 02:02 - 22211088 ____A C:\Users\Rick\Downloads\trillian-v5.3.0.16.exe
2013-06-18 15:56 - 2013-06-18 15:56 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-06-18 15:55 - 2013-06-18 15:55 - 08558080 ____A C:\Users\Rick\Downloads\EMET Setup.msi
2013-06-18 01:18 - 2013-06-18 01:18 - 00000000 ____D C:\Program Files (x86)\LiveUSB Creator
2013-06-18 01:14 - 2013-06-18 01:14 - 00078848 ____A C:\Users\Rick\Downloads\MD5 & SHA Checksum Utility.exe
2013-06-18 01:04 - 2013-06-18 01:04 - 00000540 ____A C:\Users\Rick\Documents\MD5 Checker 010441_18062013.txt
2013-06-18 01:02 - 2013-06-18 01:02 - 13080412 ____A C:\Users\Rick\Downloads\liveusb-creator-3.11.8-setup.exe
2013-06-16 01:21 - 2013-06-16 01:21 - 03820480 ____A C:\Users\Rick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 15:29 - 2013-06-15 15:30 - 03739480 ____A (foobar2000.org) C:\Users\Rick\Downloads\foobar2000_v1.2.8.exe
2013-06-14 09:47 - 2013-06-14 09:47 - 00785445 ____A C:\Users\Rick\Downloads\md5checker_setup.zip
2013-06-14 09:47 - 2013-06-14 09:47 - 00001047 ____A C:\Users\Public\Desktop\MD5 Checker.lnk
2013-06-14 09:47 - 2013-06-14 09:47 - 00000000 ____D C:\Program Files (x86)\MD5 Checker
2013-06-14 09:46 - 2013-06-14 09:46 - 00007966 ____A C:\Users\Rick\Downloads\md5checker_code.zip
2013-06-12 15:56 - 2013-06-12 15:56 - 00212992 ____A C:\Users\Rick\Desktop\FWpolicies.wfw
2013-06-11 21:31 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 21:31 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 20:27 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 20:27 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 20:27 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 20:27 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 20:27 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 20:26 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 20:26 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 20:26 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 20:26 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 20:26 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 20:26 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 20:26 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 20:26 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 20:25 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 20:25 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 20:25 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 20:25 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 20:25 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 20:25 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 20:25 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 20:25 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 20:25 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 20:25 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 20:25 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 20:25 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 20:25 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

==================== One Month Modified Files and Folders =======

2013-07-08 19:07 - 2013-07-08 19:07 - 00000000 ____D C:\FRST
2013-07-08 13:33 - 2013-03-19 17:30 - 01056715 ____A C:\Windows\WindowsUpdate.log
2013-07-08 13:33 - 2013-01-26 06:20 - 00000000 ____D C:\Program Files\PeerBlock
2013-07-08 13:20 - 2013-01-25 23:56 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-08 13:20 - 2013-01-25 21:41 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-08 13:18 - 2013-01-25 19:23 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-08 10:28 - 2013-01-25 22:33 - 00000000 ____D C:\Users\Rick\AppData\Roaming\uTorrent
2013-07-08 08:33 - 2013-01-25 22:36 - 00000000 ____D C:\Users\Rick\Downloads\Utorrent Download
2013-07-08 04:10 - 2009-07-14 00:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:10 - 2009-07-14 00:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:03 - 2013-07-01 00:21 - 00000896 ____A C:\Windows\setupact.log
2013-07-08 04:03 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 04:02 - 2013-01-25 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 02:46 - 2013-01-25 21:41 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-07 00:29 - 2013-01-25 01:41 - 00007613 ____A C:\Users\Rick\AppData\Local\Resmon.ResmonCfg
2013-07-07 00:27 - 2013-07-07 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 14:15 - 2013-06-03 20:18 - 00000000 ____D C:\Users\Rick\My Scans
2013-07-04 13:27 - 2013-05-08 21:27 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-02 13:31 - 2013-07-02 13:31 - 01493872 ____A (Sysinternals - www.sysinternals.com) C:\Users\Rick\Desktop\procexp64.exe
2013-07-02 12:30 - 2013-07-02 12:30 - 01529856 ____A C:\Users\Rick\Downloads\SpinRite.iso
2013-07-01 14:41 - 2013-07-01 14:41 - 00000038 ____A C:\Users\Rick\Documents\VZnetworkHelp.txt
2013-07-01 00:21 - 2013-07-01 00:21 - 00000782 ____A C:\Windows\PFRO.log
2013-07-01 00:21 - 2013-07-01 00:21 - 00000000 ____A C:\Windows\setuperr.log
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-06-30 11:01 - 2013-06-30 10:59 - 00000000 ____D C:\Program Files\Wireshark
2013-06-30 10:59 - 2013-06-30 10:59 - 28087416 ____A (Wireshark development team) C:\Users\Rick\Downloads\Wireshark-win64-1.10.0.exe
2013-06-30 10:56 - 2013-02-12 13:02 - 01045072 ____A (BitTorrent Inc.) C:\Users\Rick\Downloads\uTorrent.exe
2013-06-30 03:02 - 2013-04-24 23:15 - 00001119 ____A C:\Users\Rick\Desktop\MPC-HC x64.lnk
2013-06-30 03:02 - 2013-02-04 11:57 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-06-30 03:01 - 2013-06-22 04:46 - 07990240 ____A (MPC-HC Team                                                 ) C:\Users\Rick\Downloads\MPC-HC.1.6.8.x64.exe
2013-06-30 03:00 - 2013-02-04 11:58 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Media Player Classic
2013-06-30 02:03 - 2013-05-08 21:27 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Winamp
2013-06-30 02:03 - 2013-02-22 15:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-30 02:02 - 2013-06-30 02:02 - 04396440 ____A (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup403.exe
2013-06-30 02:02 - 2013-04-29 22:37 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-30 02:02 - 2013-02-01 00:42 - 00000000 ____D C:\Program Files\CCleaner
2013-06-30 02:02 - 2013-01-24 23:30 - 00000000 ____D C:\Windows\Panther
2013-06-29 22:05 - 2013-06-29 22:05 - 02770017 ____A C:\Users\Rick\Downloads\Snort_2_9_4_6_Installer.exe
2013-06-27 14:44 - 2013-06-27 14:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-27 14:42 - 2013-02-01 22:57 - 00000000 ____D C:\Users\Rick\AppData\Local\Windows Live
2013-06-26 01:01 - 2013-06-26 13:58 - 00001218 ____A C:\Users\Rick\Documents\fanctrl.sh
2013-06-25 04:00 - 2009-07-14 01:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 23:53 - 2013-06-06 21:10 - 00000000 ____D C:\Users\Rick\Downloads\ubuntu live cd
2013-06-24 23:34 - 2009-07-14 01:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-22 20:11 - 2013-06-22 20:11 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-06-22 20:11 - 2013-06-22 20:10 - 04752558 ____A (LinuxLive USB Creator) C:\Users\Rick\Downloads\LinuxLive USB Creator 2.8.22.exe
2013-06-22 19:01 - 2013-02-21 10:43 - 00000000 ____D C:\ProgramData\Soulseek
2013-06-21 15:04 - 2013-01-25 14:49 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-20 02:03 - 2013-05-08 21:34 - 00001083 ____A C:\Users\Rick\Desktop\Trillian.lnk
2013-06-20 02:02 - 2013-06-20 02:02 - 22211088 ____A C:\Users\Rick\Downloads\trillian-v5.3.0.16.exe
2013-06-18 15:56 - 2013-06-18 15:56 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-06-18 15:55 - 2013-06-18 15:55 - 08558080 ____A C:\Users\Rick\Downloads\EMET Setup.msi
2013-06-18 01:26 - 2013-06-06 22:51 - 00000000 ____D C:\Users\Rick\AppData\Roaming\gnupg
2013-06-18 01:18 - 2013-06-18 01:18 - 00000000 ____D C:\Program Files (x86)\LiveUSB Creator
2013-06-18 01:14 - 2013-06-18 01:14 - 00078848 ____A C:\Users\Rick\Downloads\MD5 & SHA Checksum Utility.exe
2013-06-18 01:04 - 2013-06-18 01:04 - 00000540 ____A C:\Users\Rick\Documents\MD5 Checker 010441_18062013.txt
2013-06-18 01:02 - 2013-06-18 01:02 - 13080412 ____A C:\Users\Rick\Downloads\liveusb-creator-3.11.8-setup.exe
2013-06-16 01:23 - 2013-01-25 21:16 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-16 01:21 - 2013-06-16 01:21 - 03820480 ____A C:\Users\Rick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 15:33 - 2013-04-30 23:00 - 00000000 ____D C:\Users\Rick\AppData\Roaming\foobar2000
2013-06-15 15:30 - 2013-06-15 15:29 - 03739480 ____A (foobar2000.org) C:\Users\Rick\Downloads\foobar2000_v1.2.8.exe
2013-06-15 15:30 - 2013-04-30 23:00 - 00001035 ____A C:\Users\Public\Desktop\foobar2000.lnk
2013-06-15 15:30 - 2013-04-30 23:00 - 00000000 ____D C:\Program Files (x86)\foobar2000
2013-06-14 21:34 - 2013-02-11 04:41 - 00000000 ____D C:\Users\Rick\Downloads\net card
2013-06-14 09:47 - 2013-06-14 09:47 - 00785445 ____A C:\Users\Rick\Downloads\md5checker_setup.zip
2013-06-14 09:47 - 2013-06-14 09:47 - 00001047 ____A C:\Users\Public\Desktop\MD5 Checker.lnk
2013-06-14 09:47 - 2013-06-14 09:47 - 00000000 ____D C:\Program Files (x86)\MD5 Checker
2013-06-14 09:46 - 2013-06-14 09:46 - 00007966 ____A C:\Users\Rick\Downloads\md5checker_code.zip
2013-06-12 17:08 - 2013-05-08 22:54 - 00016596 ____A C:\Users\Rick\Desktop\autoexec.cfg
2013-06-12 17:00 - 2013-02-21 20:45 - 02095104 ____A C:\Users\Rick\Downloads\QuakeLiveNP_520.msi
2013-06-12 15:57 - 2013-04-05 01:50 - 00060109 ____A C:\Users\Rick\Desktop\outbound rules.txt
2013-06-12 15:56 - 2013-06-12 15:56 - 00212992 ____A C:\Users\Rick\Desktop\FWpolicies.wfw
2013-06-11 23:47 - 2013-01-25 16:58 - 00000000 ____D C:\Users\Rick\AppData\Local\Adobe
2013-06-11 23:47 - 2013-01-24 21:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:47 - 2013-01-24 21:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 21:34 - 2013-02-07 20:37 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-11 21:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 20:27 - 2013-01-25 01:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 10:08 - 2013-06-11 20:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-11 20:26 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-11 20:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-11 20:26 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-11 20:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-11 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-11 20:26 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-11 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\Users\Rick\Volumeid.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 01:58

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2013
Ran by Rick at 2013-07-08 19:08:37
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.2.2.28500)
3DMark 11 (x32 Version: 1.0.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Age of Conan: Unchained - US version (x32)
Aion (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD OverDrive Beta (x32 Version: 4.2.3.0625)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
ArgusMonitor (x32)
Audacity 2.0.3 (x32 Version: 2.0.3)
Auslogics BoostSpeed (x32 Version: 5.4)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlefield: Bad Company™ 2 (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.55.03)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.03)
Counter-Strike: Source (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
EMET 4.0 (x32 Version: 4.0)
ESN Sonar (x32 Version: 0.70.4)
FileHippo.com Update Checker (x32)
foobar2000 v1.2.8 (x32 Version: 1.2.8)
Fraps (x32)
Futuremark SystemInfo (x32 Version: 4.6.0)
Gpg4win (2.1.1) (x32 Version: 2.1.1)
HD Tach version 3 (x32)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
IsoBuster 3.2 (x32 Version: 3.2)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
LastPass(uninstall only) (x32)
LatencyMon 4.02
LinuxLive USB Creator (x32 Version: 2.8)
LiveUSB Creator (remove only) (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MD5 Checker version 4.0.0 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Message Analyzer (Version: 4.0.5950.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MPC-HC 1.6.7.7114 (9eb64ec) (x32 Version: 1.6.7.7114)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Multimedia Card Reader (x32 Version: 1.7.915.93)
NCsoft Launcher (x32 Version: 1.5.19002)
Nero 11 Collection 1 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 3 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 4 (x32 Version: 11.0.11200.12.0)
Nero 11 Mini Repack
Nero 11 PiP Effects 1 (x32 Version: 11.0.11200.12.0)
Nero 11 v11.2.4.100 (x64) (Version: 11.2.4.100)
Nero 11 Video Transitions 1 (x32 Version: 11.0.11200.12.0)
Nero Backup Drivers (Version: 1.0.10000.1.0)
NVIDIA PhysX (x32 Version: 9.12.0613)
Origin (x32 Version: 9.1.11.2678)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PerformanceTest v8.0 (Version: 8.0.1014.0)
PunkBuster Services (x32 Version: 0.988)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
RealUpgrade 1.1 (x32 Version: 1.1.0)
SoulSeek 157 NS 13e (x32)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
Team Fortress 2 (x32)
TechPowerUp GPU-Z (x32)
TERA (x32 Version: 1.41)
THX TruStudio PC (x32 Version: 1.0)
Trillian (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
us Mod Manager (Version: 0.43.1)
Winamp (x32 Version: 5.63 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows7FirewallControl (x64) 5.1.7.69 (Version: 5.1.7.69)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wireshark 1.10.0 (64-bit) (x32 Version: 1.10.0)
World of Warcraft (x32 Version: 5.1.0.16357)
WOT for Internet Explorer (Version: 12.8.2.0)

==================== Restore Points  =========================

12-06-2013 20:57:11 Removed Quake Live Mozilla Plugin
12-06-2013 21:00:59 Installed Quake Live Mozilla Plugin
15-06-2013 05:22:50 Windows Update
18-06-2013 19:55:38 Installed EMET 4.0
19-06-2013 10:23:57 Windows Update
23-06-2013 10:22:20 Windows Update
27-06-2013 09:13:49 Windows Update
27-06-2013 18:34:43 Windows Live Essentials
27-06-2013 18:34:52 WLSetup
27-06-2013 18:42:44 Windows Live Essentials
27-06-2013 18:43:40 WLSetup
01-07-2013 05:06:02 Windows Update
04-07-2013 18:00:32 Windows Update
08-07-2013 08:13:51 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {042A0F7E-8879-4FA9-8048-6A62EB1E222F} - System32\Tasks\Peerblock Start with windows => C:\Program Files\PeerBlock\peerblock.exe [2010-11-06] (PeerBlock, LLC)
Task: {5E5D2B72-79F6-4666-8FC7-8EDFF5210540} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6DEACD07-B021-444D-A1A6-70E182646024} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {7DFE5392-4642-4034-B5B3-D2DC6C4EFD63} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {7FFB17B4-08A9-4D39-B0DF-B02AB7F3F822} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {9095E030-266C-42F0-9441-E547ACF91ED6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {AB5B125C-CBF0-4FDB-AC5F-CF26E3C23AE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C2C8DFD0-81BD-4368-A402-85790ACAEBBA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D925C591-2840-46E4-8106-4A93906099E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D9545D5A-6106-44C7-95C4-2444A90991A5} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe No File

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2013 06:10:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/08/2013 06:07:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1".
Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/08/2013 06:07:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1".
Dependent Assembly OnlineServices,version="11.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/07/2013 04:34:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/07/2013 04:32:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1".
Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/07/2013 04:32:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1".
Dependent Assembly OnlineServices,version="11.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2013 06:49:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1".
Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1".
Dependent Assembly OnlineServices,version="11.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/04/2013 09:17:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/08/2013 07:06:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:06:36 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/08/2013 07:05:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
pefndis
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:
%%31

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (07/08/2013 06:10:06 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/08/2013 06:07:16 AM) (Source: SideBySide)(User: )
Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest

Error: (07/08/2013 06:07:15 AM) (Source: SideBySide)(User: )
Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest

Error: (07/07/2013 04:34:17 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/07/2013 04:32:03 AM) (Source: SideBySide)(User: )
Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest

Error: (07/07/2013 04:32:02 AM) (Source: SideBySide)(User: )
Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest

Error: (07/05/2013 06:49:14 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide)(User: )
Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide)(User: )
Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest

Error: (07/04/2013 09:17:29 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 6143.3 MB
Available physical RAM: 5520.11 MB
Total Pagefile: 12284.78 MB
Available Pagefile: 11670.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:638.44 GB) (Free:283.8 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=5 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9C92424B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=638 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 MB) - (Type=83)
Partition 4: (Not Active) - (Size=292 GB) - (Type=05)

========================================================
Disk: 5 (Size: 4 GB) (Disk ID: 000BB960)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

[explorer.exe win.trojan bamital-1158 FOUND]

Thank you for replying.  As soon as I finish these instructions, hopefully tomorrow, I will let you know. 

Rich.

[explorer.exe win.trojan bamital-1158 FOUND]

Hello all,

 

I think i'm infected with win trojans in explorer.exe     is it safe to just delete? They only come up when i scan the windows ntfs partition from a linux OS.   I use clamav.   What is the best way to remove them?

 

 

top/mnt/Windows/SysWOW64/explorer.exe: Win.Trojan.Bamital-1158 FOUND
/mnt/Windows/SysWOW64/explorer.exe: moved to '/infectedfiles/explorer.exe'
/mnt/Windows/winsxs/x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1

.7600.16385_none_adca1fa537de6f5e/setup_wm.exe: Win.Trojan.588749 FOUND
/mnt/Windows/winsxs/x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7600.16385_none_adca1fa537de6f5e/setup_wm.exe: moved to '/infectedfiles/setup_wm.exe'
/mnt/Windows/winsxs/wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5/explorer.exe: Win.Trojan.Bamital-1158 FOUND
/mnt/Windows/winsxs/wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5/explorer.exe: moved to '/infectedfiles/explorer.exe.001'

 

 

 

Thanks I appreciate the help.

 

Rich.

[Am I still infected?]

Yes, sorry about that Kevin tks for all your help.

[Am I still infected?]

Sorry to have this thread reopened. It turns out NIS was the cause of all my issues. NIS is even worse then i thought now. I would never recommend that program to anybody anymore. NIS 2009 and 2010 were good programs. but 2012 turned into a disaster, and i guess 2013 is even worse. They are back to their old ways crippling pcs.

I was wondering if a subcription to malwarebytes is only good for one pc or can i install on the 3 pcs on my network. Thanks for all your help.

[Am I still infected?]

tks again.

[Am I still infected?]

Would i be able to install microsoft security essentials on windows xp also?

[Am I still infected?]

Tks a whole bunch Kevin. . I've uninstalled all the tools. Used TFC. updated everything with filehippo. (what an awsome tool) I downloaded winpatrol.

I do already use firefox with noscript and adblocker.

I appreciate all your help.. I do use NIS, , but I want to change firewall suites when my subscription runs out in a couple months. I used to use zonealarm but it became a resource hog which is why i swtiched to NIS.....I was wondering if there was any premium suites that you recommend, That are both user friendly and low on resources. tks again Kevin.

[Am I still infected?]

nvm turns out i need to allow that to browse the other pc on the network. Seems like my pc is in working order. is there anything else i need to configure? tks for all your help.

[Am I still infected?]

oh i should add.....that it is going from my computer on port 16339. to port 80 on the other machine. this might be normal.. but i don't want to take any chances nowadays. I guess i can just block it...and see if i can stil share files on the network. if i can't i will just allow it. But i appreciate your input.