Jump to content

ShadMP

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by ShadMP

  1. Thanks, MrC! Only one issue: when I was installing the latest version of Java, my MSE flagged a file: Name: Exploit:Java/CVE-2013-2465 Path: file:_C:\Users\Shad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\fc79ba9-2c7a8c10->File4.class This was also in the quarantine, but dated for yesterday (I'm assuming this is part of the MoneyPak malware we removed?): Name: Trojan:Win32/Urausy.E Path: file:_C:\Users\Shad\AppData\Local\Temp\vqamkfxyjphvvwcphqi.bfg
  2. Log for Security Check: Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 21 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 30.0.1599.66 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. Thanks, MrC. MBAR found no threats, logs are below. The internet, Windows Update, and Windows Firewall all seem to be working. Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.org Database version: v2013.10.06.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686Shad :: DESKTOP [administrator] 10/6/2013 5:38:07 PMmbar-log-2013-10-06 (17-38-07).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 283949Time elapsed: 32 minute(s), 25 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 Java version: 1.6.0_37 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 3.000000 GHzMemory total: 4294107136, free: 2230943744 Downloaded database version: v2013.10.06.05Downloaded database version: v2013.09.30.01=======================================Initializing...------------ Kernel report ------------ 10/06/2013 17:38:02------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\vmbus.sys\SystemRoot\system32\drivers\winhv.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\AtiPcie64.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\??\C:\Windows\system32\Drivers\NEOFLTR_650_16339.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ctxusbm.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\nusb3xhc.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\usbfilter.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\drivers\WmBEnum.sys\SystemRoot\system32\drivers\WmXlCore.sys\SystemRoot\system32\DRIVERS\amdiox64.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\nusb3hub.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\AngelUsb.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\LEqdUsb.Sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\LHidEqd.Sys\SystemRoot\system32\DRIVERS\lvuvc64.sys\SystemRoot\system32\drivers\usbaudio.sys\SystemRoot\system32\DRIVERS\lvrs64.sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\system32\DRIVERS\LMouFilt.Sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\ole32.dll\Windows\System32\oleaut32.dll\Windows\System32\lpk.dll\Windows\System32\Wldap32.dll\Windows\System32\urlmon.dll\Windows\System32\comdlg32.dll\Windows\System32\ws2_32.dll\Windows\System32\user32.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\gdi32.dll\Windows\System32\msvcrt.dll\Windows\System32\usp10.dll\Windows\System32\kernel32.dll\Windows\System32\msctf.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\psapi.dll\Windows\System32\difxapi.dll\Windows\System32\imagehlp.dll\Windows\System32\shlwapi.dll\Windows\System32\normaliz.dll\Windows\System32\rpcrt4.dll\Windows\System32\sechost.dll\Windows\System32\clbcatq.dll\Windows\System32\nsi.dll\Windows\System32\iertutil.dll\Windows\System32\imm32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8004d0e790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007a\Lower Device Object: 0xfffffa8004d11b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80049d1060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa80049ce060Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80049d1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004934b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80049d1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800491a9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa80049ce060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 89A089A0 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 1250242497 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8004d0e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004d0db90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004d0e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004d11b60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: C3072E18 Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 64 Numsec = 3915712 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2004877312 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_64_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished
  4. Was able to run the FRST fix and a log was generated, posted below. The computer boots normally now, I don't see a white screen for a few seconds anymore before the desktop appears. Are there any other steps I should take? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013Ran by SYSTEM at 2013-10-06 17:13:27 Run:1Running from E:\Boot Mode: Recovery============================================== Content of fixlist:*****************HKU\Shad\...\Winlogon: [shell] explorer.exe <==== ATTENTION C:\Users\Shad\AppData\Roaming\settings.iniC:\Users\Shad\AppData\Roaming\i.iniC:\Users\Shad\AppData\Local\Temp\AskSLib.dllC:\Users\Shad\AppData\Local\Temp\converter.exeC:\Users\Shad\AppData\Local\Temp\metaouy0.dllC:\Users\Shad\AppData\Local\Temp\NGMDll.dllC:\Users\Shad\AppData\Local\Temp\NGMResource.dllC:\Users\Shad\AppData\Local\Temp\NGMSetup.exeC:\Users\Shad\AppData\Local\Temp\ose00000.exeC:\Users\Shad\AppData\Local\Temp\pslist.exeC:\Users\Shad\AppData\Local\Temp\Risweb32.exeC:\Users\Shad\AppData\Local\Temp\swt-win32-3349.dllC:\Users\Shad\AppData\Local\Temp\tmp3CA2.exeC:\Users\Shad\AppData\Local\Temp\tmp492.exeC:\Users\Shad\AppData\Local\Temp\tmp52A1.exeC:\Users\Shad\AppData\Local\Temp\tmp57B0.exeC:\Users\Shad\AppData\Local\Temp\tmp78A8.exeC:\Users\Shad\AppData\Local\Temp\tmpDB31.exeC:\Users\Shad\AppData\Local\Temp\tmpFC38.exeC:\Users\Shad\AppData\Local\Temp\unicows.dllC:\Users\Shad\AppData\Local\Temp\uninstall-temp.exeC:\Users\Shad\AppData\Local\Temp\vlc-2.0.1-win32.exeC:\Users\Shad\AppData\Local\Temp\vlc-2.0.2-win32.exeC:\Users\Shad\AppData\Local\Temp\wmpfirefoxplugin.exe ***************** HKU\Shad\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.C:\Users\Shad\AppData\Roaming\settings.ini => Moved successfully."C:\Users\Shad\AppData\Roaming\i.ini" => File/Directory not found.C:\Users\Shad\AppData\Local\Temp\AskSLib.dll => Moved successfully.C:\Users\Shad\AppData\Local\Temp\converter.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\metaouy0.dll => Moved successfully.C:\Users\Shad\AppData\Local\Temp\NGMDll.dll => Moved successfully.C:\Users\Shad\AppData\Local\Temp\NGMResource.dll => Moved successfully.C:\Users\Shad\AppData\Local\Temp\NGMSetup.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\ose00000.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\pslist.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\Risweb32.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmp3CA2.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmp492.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmp52A1.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmp57B0.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmp78A8.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmpDB31.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\tmpFC38.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\unicows.dll => Moved successfully.C:\Users\Shad\AppData\Local\Temp\uninstall-temp.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\vlc-2.0.1-win32.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\vlc-2.0.2-win32.exe => Moved successfully.C:\Users\Shad\AppData\Local\Temp\wmpfirefoxplugin.exe => Moved successfully. ==== End of Fixlog ====
  5. Thank you for your help MrC! Here is the FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-SGUQ2OQ on 06-10-2013 16:18:08Running from E:\Windows 7 Ultimate (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet002ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [POWER PLAN ASSISTANT] - C:\Program Files\PowerPlanAssistant\PowerPlanAssistantLauncher.exeHKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchWinlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKU\Shad\...\Run: [Google Update] - C:\Users\Shad\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-09-18] (Google Inc.)HKU\Shad\...\Run: [Akamai NetSession Interface] - C:\Users\Shad\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Shad\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-11-18] (AMD)HKU\Shad\...\Winlogon: [shell] explorer.exe <==== ATTENTION HKU\VirusRemove\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-11-18] (AMD) ==================== Services (Whitelisted) ================= S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)S2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 AngelUsb; C:\Windows\System32\DRIVERS\AngelUsb.sys [429952 2009-06-10] (Lumanate, Inc.)S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-10-06] ()S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 16:17 - 2013-10-06 16:17 - 00000000 ____D C:\FRST2013-10-06 12:07 - 2013-10-04 21:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shad\Desktop\mbam-setup-1.75.0.1300.exe2013-10-06 12:06 - 2013-10-06 12:06 - 01954124 _____ (Farbar) C:\Users\Shad\Desktop\FRST64.exe2013-10-06 11:20 - 2013-10-06 11:20 - 00000000 ____D C:\Users\Shad\Desktop\DDS2013-10-06 07:14 - 2013-10-06 07:14 - 00032512 _____ C:\Windows\System32\Drivers\hitmanpro37.sys2013-10-06 07:13 - 2013-10-06 07:13 - 00000570 _____ C:\Windows\System32\.crusader2013-10-06 06:50 - 2013-10-06 07:13 - 00000000 ____D C:\ProgramData\HitmanPro2013-10-06 06:50 - 2013-10-06 06:50 - 09879648 _____ (SurfRight B.V.) C:\Users\Shad\Desktop\HitmanPro_x64.exe2013-10-06 06:43 - 2013-10-06 06:43 - 00602112 _____ (OldTimer Tools) C:\Users\Shad\Desktop\OTL.exe2013-10-06 06:41 - 2013-10-06 06:41 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Shad\Desktop\tdsskiller.exe2013-10-06 06:29 - 2013-10-06 06:39 - 00002228 _____ C:\Users\Shad\Desktop\Rkill.txt2013-10-05 09:22 - 2013-10-05 09:22 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Macromedia2013-10-05 09:21 - 2013-10-05 09:22 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Adobe2013-10-05 09:17 - 2013-10-05 09:17 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Google2013-10-05 07:51 - 2013-10-05 08:17 - 00002286 _____ C:\Users\VirusRemove\Desktop\Rkill.txt2013-10-05 07:51 - 2013-10-05 07:51 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\VirusRemove\Desktop\rkill.com2013-10-05 07:51 - 2013-10-05 07:51 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Shad\Desktop\rkill.com2013-10-05 07:51 - 2013-10-05 07:51 - 00000000 ____D C:\Users\VirusRemove\Desktop\rkill2013-10-04 21:45 - 2013-10-04 21:45 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Malwarebytes2013-10-04 21:44 - 2013-10-04 21:49 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-04 21:44 - 2013-10-04 21:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-04 21:44 - 2013-10-04 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-04 21:44 - 2013-10-04 21:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\VirusRemove\Desktop\mbam-setup-1.75.0.1300.exe2013-10-04 21:44 - 2013-04-04 10:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\ICAClient2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\ATI2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\ATI2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\AMD2013-10-04 21:03 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Citrix2013-10-04 21:03 - 2013-10-04 21:03 - 00119080 _____ C:\Users\VirusRemove\AppData\Local\GDIPFONTCACHEV1.DAT2013-10-04 21:03 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Logitech2013-10-04 21:03 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Adobe2013-10-04 21:03 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\VirtualStore2013-10-04 21:02 - 2013-10-04 21:03 - 00000000 ____D C:\users\VirusRemove2013-10-04 21:02 - 2013-10-04 21:02 - 00000020 ___SH C:\Users\VirusRemove\ntuser.ini2013-10-04 21:02 - 2011-11-29 23:47 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Microsoft Help2013-10-04 14:10 - 2013-10-04 20:45 - 00000004 _____ C:\Users\Shad\AppData\Roaming\settings.ini2013-10-02 15:40 - 2013-10-03 14:58 - 00011183 _____ C:\Users\Shad\Desktop\Interviews.xlsx2013-09-16 15:11 - 2013-09-16 15:11 - 00000221 _____ C:\Users\Shad\Desktop\The Elder Scrolls V Skyrim.url2013-09-14 19:51 - 2013-09-14 19:51 - 00000000 ____D C:\ProgramData\Mozilla2013-09-14 19:51 - 2013-09-14 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-09-12 10:59 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-12 10:59 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-12 10:59 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-09-12 10:59 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-12 10:59 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-12 10:59 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-12 10:59 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-12 10:59 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-12 10:59 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-12 10:59 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-12 10:59 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-12 10:59 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-09-12 10:59 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-09-12 10:59 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-09-12 10:59 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-12 10:59 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-12 10:59 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-12 10:59 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-12 10:59 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-12 10:59 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-12 10:59 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-12 10:59 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-12 10:59 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-12 10:59 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-09-12 10:59 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-09-12 09:55 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-12 09:55 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys2013-09-12 09:55 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-09-12 09:55 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-09-12 09:55 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll2013-09-12 09:55 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2013-09-12 09:55 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2013-09-12 09:55 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-09-12 09:55 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2013-09-12 09:55 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2013-09-12 09:55 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-09-12 09:55 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-09-12 09:55 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-09-12 09:55 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-09-12 09:55 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-09-12 09:55 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2013-09-12 09:55 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2013-09-12 09:55 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-09-12 09:55 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-09-12 09:55 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-09-12 09:55 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-09-12 09:55 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-09-12 09:55 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-09-12 09:55 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-09-12 09:55 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-09-12 09:55 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-09-12 09:55 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll ==================== One Month Modified Files and Folders ======= 2013-10-06 16:17 - 2013-10-06 16:17 - 00000000 ____D C:\FRST2013-10-06 12:13 - 2010-09-19 00:42 - 01751279 _____ C:\Windows\WindowsUpdate.log2013-10-06 12:09 - 2010-09-21 23:44 - 00687496 _____ C:\Windows\System32\prfh0816.dat2013-10-06 12:09 - 2010-09-21 23:44 - 00133902 _____ C:\Windows\System32\prfc0816.dat2013-10-06 12:09 - 2010-09-21 23:23 - 00369922 _____ C:\Windows\System32\prfh0804.dat2013-10-06 12:09 - 2010-09-21 23:23 - 00104398 _____ C:\Windows\System32\prfc0804.dat2013-10-06 12:09 - 2010-09-21 23:13 - 00699346 _____ C:\Windows\System32\perfh013.dat2013-10-06 12:09 - 2010-09-21 23:13 - 00133090 _____ C:\Windows\System32\perfc013.dat2013-10-06 12:09 - 2010-09-21 23:04 - 00625722 _____ C:\Windows\System32\perfh01D.dat2013-10-06 12:09 - 2010-09-21 23:04 - 00123890 _____ C:\Windows\System32\perfc01D.dat2013-10-06 12:09 - 2010-09-21 22:56 - 00651990 _____ C:\Windows\System32\perfh007.dat2013-10-06 12:09 - 2010-09-21 22:56 - 00129690 _____ C:\Windows\System32\perfc007.dat2013-10-06 12:09 - 2010-09-21 22:47 - 00631298 _____ C:\Windows\System32\perfh005.dat2013-10-06 12:09 - 2010-09-21 22:47 - 00121938 _____ C:\Windows\System32\perfc005.dat2013-10-06 12:09 - 2010-09-21 22:27 - 00684112 _____ C:\Windows\System32\perfh019.dat2013-10-06 12:09 - 2010-09-21 22:27 - 00132666 _____ C:\Windows\System32\perfc019.dat2013-10-06 12:09 - 2010-09-21 22:19 - 00697262 _____ C:\Windows\System32\perfh010.dat2013-10-06 12:09 - 2010-09-21 22:19 - 00127294 _____ C:\Windows\System32\perfc010.dat2013-10-06 12:09 - 2010-09-21 22:12 - 00396672 _____ C:\Windows\System32\perfh011.dat2013-10-06 12:09 - 2010-09-21 22:12 - 00106538 _____ C:\Windows\System32\perfc011.dat2013-10-06 12:09 - 2010-09-21 22:02 - 00456740 _____ C:\Windows\System32\perfh014.dat2013-10-06 12:09 - 2010-09-21 22:02 - 00077246 _____ C:\Windows\System32\perfc014.dat2013-10-06 12:09 - 2010-09-21 21:50 - 00559924 _____ C:\Windows\System32\perfh008.dat2013-10-06 12:09 - 2010-09-21 21:50 - 00089586 _____ C:\Windows\System32\perfc008.dat2013-10-06 12:09 - 2010-09-21 21:44 - 00671958 _____ C:\Windows\System32\prfh0416.dat2013-10-06 12:09 - 2010-09-21 21:44 - 00128244 _____ C:\Windows\System32\prfc0416.dat2013-10-06 12:09 - 2010-09-21 21:34 - 00697880 _____ C:\Windows\System32\perfh015.dat2013-10-06 12:09 - 2010-09-21 21:34 - 00134990 _____ C:\Windows\System32\perfc015.dat2013-10-06 12:09 - 2010-09-21 21:23 - 00702584 _____ C:\Windows\System32\perfh00C.dat2013-10-06 12:09 - 2010-09-21 21:23 - 00442640 _____ C:\Windows\System32\perfh001.dat2013-10-06 12:09 - 2010-09-21 21:23 - 00130290 _____ C:\Windows\System32\perfc00C.dat2013-10-06 12:09 - 2010-09-21 21:23 - 00079134 _____ C:\Windows\System32\perfc001.dat2013-10-06 12:09 - 2010-09-21 21:17 - 00640334 _____ C:\Windows\System32\perfh00E.dat2013-10-06 12:09 - 2010-09-21 21:17 - 00148460 _____ C:\Windows\System32\perfc00E.dat2013-10-06 12:09 - 2010-09-21 21:01 - 00441542 _____ C:\Windows\System32\perfh00B.dat2013-10-06 12:09 - 2010-09-21 21:01 - 00082298 _____ C:\Windows\System32\perfc00B.dat2013-10-06 12:09 - 2009-07-13 21:13 - 12599248 _____ C:\Windows\System32\PerfStringBackup.INI2013-10-06 12:06 - 2013-10-06 12:06 - 01954124 _____ (Farbar) C:\Users\Shad\Desktop\FRST64.exe2013-10-06 12:00 - 2012-01-15 13:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-06 11:27 - 2010-09-18 22:22 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-48751649-2200319825-1992072656-1000UA.job2013-10-06 11:20 - 2013-10-06 11:20 - 00000000 ____D C:\Users\Shad\Desktop\DDS2013-10-06 11:20 - 2010-09-18 23:04 - 00000000 ____D C:\Users\Shad\Documents\Outlook Files2013-10-06 07:22 - 2009-07-13 20:45 - 00017296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-06 07:22 - 2009-07-13 20:45 - 00017296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-06 07:15 - 2012-01-15 13:20 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-06 07:14 - 2013-10-06 07:14 - 00032512 _____ C:\Windows\System32\Drivers\hitmanpro37.sys2013-10-06 07:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-06 07:14 - 2009-07-13 20:51 - 00181897 _____ C:\Windows\setupact.log2013-10-06 07:13 - 2013-10-06 07:13 - 00000570 _____ C:\Windows\System32\.crusader2013-10-06 07:13 - 2013-10-06 06:50 - 00000000 ____D C:\ProgramData\HitmanPro2013-10-06 06:50 - 2013-10-06 06:50 - 09879648 _____ (SurfRight B.V.) C:\Users\Shad\Desktop\HitmanPro_x64.exe2013-10-06 06:43 - 2013-10-06 06:43 - 00602112 _____ (OldTimer Tools) C:\Users\Shad\Desktop\OTL.exe2013-10-06 06:41 - 2013-10-06 06:41 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Shad\Desktop\tdsskiller.exe2013-10-06 06:39 - 2013-10-06 06:29 - 00002228 _____ C:\Users\Shad\Desktop\Rkill.txt2013-10-05 13:00 - 2011-11-29 14:18 - 00000402 _____ C:\Users\Shad\d3d_antilag.log2013-10-05 13:00 - 2011-01-14 14:26 - 00000000 ____D C:\Program Files (x86)\Steam2013-10-05 10:25 - 2010-09-18 22:47 - 00118724 _____ C:\Windows\PFRO.log2013-10-05 09:22 - 2013-10-05 09:22 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Macromedia2013-10-05 09:22 - 2013-10-05 09:21 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Adobe2013-10-05 09:22 - 2013-08-26 13:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-10-05 09:22 - 2013-08-26 13:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-10-05 09:17 - 2013-10-05 09:17 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Google2013-10-05 09:17 - 2010-09-18 22:23 - 00002630 _____ C:\Users\Shad\Desktop\Google Chrome.lnk2013-10-05 08:17 - 2013-10-05 07:51 - 00002286 _____ C:\Users\VirusRemove\Desktop\Rkill.txt2013-10-05 07:51 - 2013-10-05 07:51 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\VirusRemove\Desktop\rkill.com2013-10-05 07:51 - 2013-10-05 07:51 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Shad\Desktop\rkill.com2013-10-05 07:51 - 2013-10-05 07:51 - 00000000 ____D C:\Users\VirusRemove\Desktop\rkill2013-10-04 21:49 - 2013-10-04 21:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-04 21:49 - 2013-10-04 21:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-04 21:45 - 2013-10-04 21:45 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Malwarebytes2013-10-04 21:44 - 2013-10-04 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-04 21:29 - 2013-10-06 12:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shad\Desktop\mbam-setup-1.75.0.1300.exe2013-10-04 21:29 - 2013-10-04 21:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\VirusRemove\Desktop\mbam-setup-1.75.0.1300.exe2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\ICAClient2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\ATI2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\ATI2013-10-04 21:04 - 2013-10-04 21:04 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\AMD2013-10-04 21:04 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\Citrix2013-10-04 21:03 - 2013-10-04 21:03 - 00119080 _____ C:\Users\VirusRemove\AppData\Local\GDIPFONTCACHEV1.DAT2013-10-04 21:03 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Logitech2013-10-04 21:03 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Roaming\Adobe2013-10-04 21:03 - 2013-10-04 21:03 - 00000000 ____D C:\Users\VirusRemove\AppData\Local\VirtualStore2013-10-04 21:03 - 2013-10-04 21:02 - 00000000 ____D C:\users\VirusRemove2013-10-04 21:02 - 2013-10-04 21:02 - 00000020 ___SH C:\Users\VirusRemove\ntuser.ini2013-10-04 20:45 - 2013-10-04 14:10 - 00000004 _____ C:\Users\Shad\AppData\Roaming\settings.ini2013-10-04 08:53 - 2010-09-18 22:21 - 00000000 ____D C:\Users\Shad\AppData\Local\Deployment2013-10-03 17:15 - 2010-09-18 22:22 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-48751649-2200319825-1992072656-1000Core.job2013-10-03 14:58 - 2013-10-02 15:40 - 00011183 _____ C:\Users\Shad\Desktop\Interviews.xlsx2013-09-26 09:27 - 2010-09-19 09:13 - 00000000 ____D C:\Users\Shad\AppData\Roaming\Mozilla2013-09-25 15:27 - 2010-10-11 10:59 - 00000000 ____D C:\Users\Shad\Desktop\Junk2013-09-25 08:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-09-22 16:31 - 2009-07-13 20:45 - 00492016 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-22 12:56 - 2011-06-26 16:11 - 00000000 ____D C:\Users\Shad\Desktop\Research2013-09-22 06:58 - 2010-09-18 22:06 - 00119080 _____ C:\Users\Shad\AppData\Local\GDIPFONTCACHEV1.DAT2013-09-22 06:57 - 2011-07-19 11:32 - 00000000 ____D C:\Users\Shad\Documents\SPSSInc2013-09-22 06:53 - 2011-07-19 10:48 - 00000000 ____D C:\Users\Shad\AppData\Local\javasharedresources2013-09-22 06:50 - 2011-07-19 10:28 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz2013-09-22 06:50 - 2011-07-19 10:28 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll2013-09-22 06:50 - 2011-07-19 10:28 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm2013-09-22 06:34 - 2010-09-18 22:53 - 00000000 ____D C:\Windows\System32\appmgmt2013-09-17 13:59 - 2011-11-27 22:16 - 00000000 ____D C:\Users\Shad\AppData\Local\Skyrim2013-09-16 19:45 - 2013-01-28 15:49 - 00000000 ____D C:\Users\Shad\AppData\Local\Black_Tree_Gaming2013-09-16 15:11 - 2013-09-16 15:11 - 00000221 _____ C:\Users\Shad\Desktop\The Elder Scrolls V Skyrim.url2013-09-15 10:30 - 2011-07-13 10:02 - 00000000 ____D C:\Users\Shad\AppData\Local\CutePDF Writer2013-09-14 19:51 - 2013-09-14 19:51 - 00000000 ____D C:\ProgramData\Mozilla2013-09-14 19:51 - 2013-09-14 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-09-14 19:51 - 2010-09-19 09:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-13 08:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\th-TH2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sl-SI2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sk-SK2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ro-RO2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\lt-LT2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\hr-HR2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\et-EE2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\bg-BG2013-09-12 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA2013-09-12 10:59 - 2013-07-19 20:10 - 00000000 ____D C:\Windows\System32\MRT2013-09-12 10:57 - 2010-09-21 23:13 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-09-12 10:57 - 2010-09-18 22:43 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-10 08:42 - 2012-04-03 21:39 - 00000000 ____D C:\Users\Shad\AppData\Roaming\vlc Files to move or delete:====================C:\Users\Shad\AppData\Roaming\i.ini Some content of TEMP:====================C:\Users\Shad\AppData\Local\Temp\AskSLib.dllC:\Users\Shad\AppData\Local\Temp\converter.exeC:\Users\Shad\AppData\Local\Temp\DivXSetup.exeC:\Users\Shad\AppData\Local\Temp\DivXWebPlayerInstaller.exeC:\Users\Shad\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exeC:\Users\Shad\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exeC:\Users\Shad\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exeC:\Users\Shad\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\Shad\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Shad\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Shad\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Shad\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Shad\AppData\Local\Temp\metaouy0.dllC:\Users\Shad\AppData\Local\Temp\NGMDll.dllC:\Users\Shad\AppData\Local\Temp\NGMResource.dllC:\Users\Shad\AppData\Local\Temp\NGMSetup.exeC:\Users\Shad\AppData\Local\Temp\ose00000.exeC:\Users\Shad\AppData\Local\Temp\pslist.exeC:\Users\Shad\AppData\Local\Temp\Risweb32.exeC:\Users\Shad\AppData\Local\Temp\SkypeSetup.exeC:\Users\Shad\AppData\Local\Temp\swt-win32-3349.dllC:\Users\Shad\AppData\Local\Temp\tmp3CA2.exeC:\Users\Shad\AppData\Local\Temp\tmp492.exeC:\Users\Shad\AppData\Local\Temp\tmp52A1.exeC:\Users\Shad\AppData\Local\Temp\tmp57B0.exeC:\Users\Shad\AppData\Local\Temp\tmp78A8.exeC:\Users\Shad\AppData\Local\Temp\tmpDB31.exeC:\Users\Shad\AppData\Local\Temp\tmpFC38.exeC:\Users\Shad\AppData\Local\Temp\unicows.dllC:\Users\Shad\AppData\Local\Temp\uninstall-temp.exeC:\Users\Shad\AppData\Local\Temp\vlc-2.0.1-win32.exeC:\Users\Shad\AppData\Local\Temp\vlc-2.0.2-win32.exeC:\Users\Shad\AppData\Local\Temp\wmpfirefoxplugin.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 1Restore point made on: 2013-10-06 08:26:22 ==================== Memory info =========================== Percentage of memory in use: 17%Total physical RAM: 4095.18 MBAvailable physical RAM: 3389.61 MBTotal Pagefile: 4093.33 MBAvailable Pagefile: 3411.05 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.16 GB) (Free:272.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (HP v125w) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 89A089A0)Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=2 GB) - (Type=0C) LastRegBack: 2013-10-01 09:06 ==================== End Of Log ============================
  6. My computer was infected with MoneyPak (FBI notice on some boots and a plain white screen on others; was not able to boot in safe mode, safe mode with networking), and through my readings I was able to boot in safe mode with command prompt, run explorer.exe, and create a new user through which I could run MBAM. I was then able to boot normally, However, when I log into my user account, I still get a plain white screen for a few seconds, after which my usual desktop appears. This did not happen prior to being infected, and the white screen is just like what MoneyPak would show prior to running MBAM. Once the desktop loads, everything seems be running normally, including the internet and Microsoft Security Essentials. I'm wondering if I haven't cleaned all of it out. Any suggestions would be a great help. DDS Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 1.6.0_37Run by Shad at 15:18:50 on 2013-10-06Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2552 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exeC:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Users\Shad\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Users\Shad\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Users\Shad\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Users\Shad\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\ehome\ehRecvr.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = 127.0.0.1:9421;<local>mWinlogon: Userinit = userinit.exe,BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllBHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllBHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\Shad\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Akamai NetSession Interface] "C:\Users\Shad\AppData\Local\Akamai\netsession_win.exe"uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 136.142.57.10 136.142.188.73 136.142.188.76TCP: Interfaces\{2BC47A3A-3967-441A-B56A-440A01287FFE} : DHCPNameServer = 136.142.57.10 136.142.188.73 136.142.188.76Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLFilter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [POWER PLAN ASSISTANT] C:\Program Files\PowerPlanAssistant\PowerPlanAssistantLauncher.exex64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\3d9k9fsh.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\Users\Shad\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Shad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Shad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Shad\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-22 8704]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-6-29 91864]R1 NEOFLTR_650_16339;Juniper Networks TDI Filter Driver (NEOFLTR_650_16339);C:\Windows\System32\drivers\NEOFLTR_650_16339.SYS [2012-5-19 100472]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-1-3 46136]R3 AngelUsb;Angel USB MPEG Device;C:\Windows\System32\drivers\AngelUsb.sys [2009-6-10 429952]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-10-6 32512]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-11-30 54400]S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-1 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-1 57856]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-19 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384].=============== Created Last 30 ================.2013-10-06 15:14:56 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys2013-10-06 14:50:24 -------- d-----w- C:\ProgramData\HitmanPro2013-10-05 18:00:08 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{995C67CD-217C-4319-84DA-4B334E1E071A}\mpengine.dll2013-10-05 05:44:52 -------- d-----w- C:\ProgramData\Malwarebytes2013-10-05 05:44:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-10-05 05:44:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-04 17:00:20 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-12 17:55:38 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys.==================== Find3M ====================.2013-10-05 17:22:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-05 17:22:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-22 14:50:21 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2006-05-03 15:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll2007-02-21 16:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll2008-03-16 18:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll2010-01-07 03:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll.============= FINISH: 15:19:01.71 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.