Jump to content

Rootkit.0access and Trojan.Dropper.BCMiner


Recommended Posts

I first noticed something was wrong when my browser(firefox) would randomly redirect me and open new tabs. I think it may have been installed by a bogus Adobe Flash installer. Malwarebytes can identify the malware mentioned in the title but cannot remove it. I've read the forum guide and here are the text files generated by the dds program:

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Jake at 12:07:34 on 2012-08-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16361.13384 [GMT 10:00]

.

AV: Sophos Anti-Virus *Enabled/Outdated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Sophos Anti-Virus *Enabled/Outdated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

TB: {ECDEE021-0D17-467F-A1FF-C7A115230949} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Jake\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D82014CD-F068-41D2-AA3A-BC66B5EA044F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D82014CD-F068-41D2-AA3A-BC66B5EA044F}\84F6D656357756564784F6D656 : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{D82014CD-F068-41D2-AA3A-BC66B5EA044F}\A416B6562E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88

TCP: Interfaces\{D82014CD-F068-41D2-AA3A-BC66B5EA044F}\E45445745414257363 : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

TB-X64: {ECDEE021-0D17-467F-A1FF-C7A115230949} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe

mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\3wwrc5wa.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Jake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\3wwrc5wa.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-27 17024]

R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-7 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-7 53920]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-28 8704]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-11 655944]

R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-3-14 167960]

R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-3-14 99864]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2011-3-14 232472]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-24 370688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-3-14 1543192]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-17 2673064]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-19 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-1-13 91464]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-18 1262400]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-6-19 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-6-19 79360]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 135664]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-08-10 23:52:06 -------- d-----w- C:\Users\Jake\AppData\Roaming\Malwarebytes

2012-08-10 23:51:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-10 23:51:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-10 23:51:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-05 21:39:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-05 10:57:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-05 08:01:16 -------- d-----w- C:\Windows\en

2012-08-05 07:58:28 -------- d-----w- C:\Windows\fr

2012-08-05 07:58:20 -------- d-----w- C:\Windows\es

2012-08-05 07:55:25 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-08-05 07:55:19 19720 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-05 07:52:29 -------- d-----w- C:\Users\Jake\AppData\Local\{729198D3-A256-4874-9FA8-E9390B50A313}

2012-08-04 04:53:00 -------- d-----w- C:\Program Files (x86)\Git

2012-08-03 23:16:21 -------- d-----w- C:\Users\Jake\AppData\Roaming\MathematicaPlayer

2012-08-03 23:16:21 -------- d-----w- C:\Users\Jake\AppData\Local\MathematicaPlayer

2012-08-03 23:16:21 -------- d-----w- C:\ProgramData\MathematicaPlayer

2012-08-03 23:15:31 -------- d-----w- C:\Program Files\Common Files\Wolfram Research

2012-08-03 23:15:30 -------- d-----w- C:\ProgramData\Mathematica

2012-08-03 23:15:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research

2012-08-03 23:15:03 93712 ----a-w- C:\Windows\SysWow64\mltcp32.mlp

2012-08-03 23:15:03 88080 ----a-w- C:\Windows\SysWow64\mlshm32.mlp

2012-08-03 23:15:03 79376 ----a-w- C:\Windows\SysWow64\mlmap32.mlp

2012-08-03 23:15:03 370704 ----a-w- C:\Windows\SysWow64\ml32i3.dll

2012-08-03 23:15:03 334352 ----a-w- C:\Windows\SysWow64\mltcpip32.mlp

2012-08-03 23:15:03 260112 ----a-w- C:\Windows\SysWow64\ml32i2.dll

2012-08-03 23:15:03 253968 ----a-w- C:\Windows\SysWow64\ml32i1.dll

2012-08-03 23:15:03 163344 ----a-w- C:\Windows\SysWow64\mlmodule32.dll

2012-08-03 23:14:45 -------- d-----w- C:\Program Files (x86)\Wolfram Research

2012-08-03 22:14:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BFBE4D3-C4FF-47AF-A788-D9F7D0228450}\mpengine.dll

2012-07-28 03:05:55 -------- d-----w- C:\Users\Jake\AppData\Local\{85861ECD-C3D0-47E4-84C5-15F15C30AC02}

2012-07-28 03:03:38 -------- d-----w- C:\Users\Jake\AppData\Local\{F4091B53-3547-44EB-AB41-71D3EDFAB978}

2012-07-28 03:01:36 -------- d-----w- C:\Users\Jake\AppData\Local\{98A7327F-B275-4AC9-8187-77FAEA341443}

2012-07-28 02:59:36 -------- d-----w- C:\Users\Jake\AppData\Local\{ECBA17B5-F51C-43F3-AFC0-B345934E5146}

2012-07-28 02:57:36 -------- d-----w- C:\Users\Jake\AppData\Local\{FF713BBF-3E82-423F-96C7-07C3B3EC8DF2}

2012-07-28 02:55:38 -------- d-----w- C:\Users\Jake\AppData\Local\{7AB68ACB-83DD-4F0E-9F2A-E7750CC14271}

2012-07-28 02:54:10 -------- d-----w- C:\Users\Jake\AppData\Local\{1C11B2BF-B4AC-491E-9F9E-A39247A3EA9F}

2012-07-28 02:52:16 -------- d-----w- C:\Users\Jake\AppData\Local\{B9097DE2-2028-42EB-88AE-2731CFDF5710}

2012-07-26 08:43:30 -------- d-----w- C:\Users\Jake\AppData\Local\{F69F1CFC-297F-4562-8053-9C0978B1BBF0}

2012-07-26 08:41:32 -------- d-----w- C:\Users\Jake\AppData\Local\{3F81F5DD-2334-422C-86CF-AE36AA7BA7C6}

2012-07-26 08:39:11 -------- d-----w- C:\Users\Jake\AppData\Local\{47D82D59-BAB3-45B3-93EC-419F78BDD143}

2012-07-26 08:37:45 -------- d-----w- C:\Users\Jake\AppData\Local\{13F0090B-828C-4492-A5B8-980AD6C8ABE8}

2012-07-26 08:36:31 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c1a289c01cd6b0907\MeshBetaRemover.exe

2012-07-26 08:36:30 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\DSETUP.dll

2012-07-26 08:36:30 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\DXSETUP.exe

2012-07-26 08:36:30 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\dsetup32.dll

2012-07-26 08:35:28 -------- d-----w- C:\Users\Jake\AppData\Local\{51D81CC0-8FCB-4F5B-8A6F-2AE7580BBDCD}

2012-07-26 08:33:39 -------- d-----w- C:\Users\Jake\temp

2012-07-23 06:24:38 -------- d-----w- C:\Users\Jake\AppData\Local\etax2012

2012-07-23 06:23:09 -------- d-----w- C:\Program Files (x86)\etax2012

2012-07-19 16:12:36 -------- d-----w- C:\Users\Jake\AppData\Local\{DE77AE3F-3D10-4180-BAFD-A0121B48BB48}

2012-07-19 16:10:36 -------- d-----w- C:\Users\Jake\AppData\Local\{1E52D5EB-63A3-4601-AFD9-2F808CE975FE}

2012-07-19 09:08:22 -------- d-----w- C:\Users\Jake\AppData\Local\{F0BF4632-7477-4740-9ADA-C93551F27E56}

2012-07-18 11:04:19 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2012-07-18 11:04:19 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2012-07-18 11:04:19 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2012-07-18 11:04:19 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2012-07-18 11:04:14 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2012-07-18 11:04:14 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-07-18 11:04:11 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

2012-07-18 11:04:11 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2012-07-18 11:04:06 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll

2012-07-18 11:04:06 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll

2012-07-18 11:04:06 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-07-18 11:02:42 15128 ----a-w- C:\Users\Jake\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2012-07-17 02:48:20 -------- d-----w- C:\Users\Jake\AppData\Roaming\fltk.org

2012-07-17 02:48:20 -------- d-----w- C:\ProgramData\fltk.org

2012-07-15 07:34:25 -------- d-----w- C:\Users\Jake\AppData\Roaming\Trine2

2012-07-15 07:33:54 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll

2012-07-15 07:33:54 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll

2012-07-13 11:49:44 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2012-07-13 11:49:44 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2012-07-13 11:49:44 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2012-07-13 11:49:43 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2012-07-13 11:49:43 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2012-07-12 14:44:19 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-12 04:10:03 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-12 04:10:03 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-12 04:10:03 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-12 04:10:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-12 04:10:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-12 04:10:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

==================== Find3M ====================

.

2012-08-11 00:35:51 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-08-05 21:39:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-27 09:05:35 291825 ----a-w- C:\Windows\To the Moon Uninstaller.exe

2012-06-25 06:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 05:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 05:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-14 16:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 12:08:12.35 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/01/2012 12:30:53 PM

System Uptime: 11/08/2012 10:35:02 AM (2 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | G53SW

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 3.811 GiB free.

D: is FIXED (NTFS) - 394 GiB total, 168.659 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VirtualBox Host-Only Ethernet Adapter

Device ID: ROOT\NET\0001

Manufacturer: Oracle Corporation

Name: VirtualBox Host-Only Ethernet Adapter

PNP Device ID: ROOT\NET\0001

Service: VBoxNetAdp

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Bluetooth Module

Device ID: USB\VID_13D3&PID_3304\6&1CCE7E0D&0&1

Manufacturer: Atheros Communications

Name: Bluetooth Module

PNP Device ID: USB\VID_13D3&PID_3304\6&1CCE7E0D&0&1

Service: BTHUSB

.

==== System Restore Points ===================

.

RP158: 11/08/2012 10:33:37 AM - Installed Microsoft Fix it 50267

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Professional CS5.5

Adobe Premiere Pro 2.0

Alien Swarm

Amnesia: The Dark Descent

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS WebStorage

Asus_GSeries_Screensaver

AsusVibe2.0

Atheros Client Installation Program

ATK Package

µTorrent

Bastion

Battlecraft Vietnam

Battlefield Vietnam

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

Cinderella2 2.6

CodeBlocks

Complemento Messenger

Complément Messenger

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

DAPlayer 1.0.1.9

Deus Ex: Human Revolution

Diablo III

DirectX 9 Runtime

Dropbox

e-tax 2012

EndNote X4

ExpressGateCloud

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

GameSpy Comrade

GigaPan Upload 1.2.0087

GIMP 2.6.11

Git version 1.7.11-preview20120620

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hazard Perception Test Demo

Hi-Rez Studios Authenticate and Update Service

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)

Intel® Control Center

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 29

Java 7 Update 4

JavaFX 2.1.0

Junk Mail filter update

Just Cause 2

jZip

L.A. Noire

League of Legends

Left 4 Dead 2

LogMeIn Hamachi

Macromedia Flash MX 2004

Malwarebytes Anti-Malware version 1.62.0.1300

Maple 13

Mesh Runtime

Messenger ????

Messenger ?????

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Management Objects

Microsoft Visual C++ 2005 Express Edition - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 14.0.1 (x86 en-GB)

Mozilla Maintenance Service

Mozilla Thunderbird 12.0.1 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Mulimedia Logic

Notepad++

Nuance PDF Reader

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenAL

Overgrowth (remove only)

PDF Settings CS5

PowerISO

Project64 1.6

PunkBuster Services

Python 2.7 matplotlib-1.1.0

Python 2.7 numpy-1.6.1

Python 2.7 PIL-1.1.7

Python 2.7 py2exe-0.6.9

Python 2.7.2

Q.U.B.E. Demo

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Red Faction: Guerrilla

ResearchSoft Direct Export Helper

Rockstar Games Social Club

Roxio AACS Certificate

Roxio CinePlayer

Sanctum

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)

Skype™ 5.9

Sophos Anti-Virus

Sophos AutoUpdate

SQL Server System CLR Types

StarCraft II

Steam

syncables desktop SE

TeamViewer 7

Terraria

The Binding of Isaac

The Ship

The Ship Single Player

The Ship Tutorial

THX TruStudio

To the Moon

Tribes Ascend Open Beta

Trine 2

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Vessel Demo

Weka 3.6.6

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

Wireless Console 3

Wolfram CDF Player (M-WIN-D 8.0.4 2609533)

.

==== Event Viewer Messages From Past Week ========

.

9/08/2012 7:26:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

9/08/2012 7:26:21 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/08/2012 9:39:37 PM, Error: Ntfs [137] - The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.

4/08/2012 3:21:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JENNIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D82014CD-F068-41D2-AA3A-BC66B5EA044F}. The master browser is stopping or an election is being forced.

11/08/2012 12:00:54 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/08/2012 10:37:43 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/08/2012 10:37:43 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

11/08/2012 10:36:31 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

11/08/2012 10:36:31 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

11/08/2012 10:35:29 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

11/08/2012 10:35:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

11/08/2012 10:35:27 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

.

==== End Of File ===========================

Hope you can help.

Thanks.

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Scan complete:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jake [Admin rights]

Mode: Scan -- Date: 08/11/2012 12:53:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] ASUS Patch 10430001.job @ : C:\Windows\AsPatch10430001.exe -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L --> FOUND

[ZeroAccess][FILE] n : c:\users\jake\appdata\local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\n --> FOUND

[ZeroAccess][FILE] @ : c:\users\jake\appdata\local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jake\appdata\local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jake\appdata\local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] e71ed3f9e26943aaece211b96df495cf

[bSP] 177507aede73c8eab31fee7866ebab1f : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

I'm gone for tonight...be back tomorrow am!

----------------------------------------

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Here are the results from the scans:

FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 11-08-2012 19:23:00

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-01-06] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2011-01-06] (Atheros Commnucations)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()

HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-07-31] (Microsoft Corporation)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-14] (Adobe Systems Incorporated)

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-29] (Microsoft Corporation)

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-10] ()

HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [40448 2011-02-24] (Windows ® Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [84464 2010-12-26] ()

HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [907776 2011-01-28] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [494616 2011-03-13] (Sophos Limited)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-01] (CANON INC.)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-26] (LogMeIn Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)

HKU\Jake\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount [33120 2010-08-20] (Alcohol Soft Development Team)

HKU\Jake\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-04] (Skype Technologies S.A.)

HKU\Jake\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL

Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Startup: C:\Users\Jake\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2012-01-30] (Adobe Systems)

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)

2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros)

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations)

2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-26] (LogMeIn Inc.)

2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

3 Macromedia Licensing Service; "C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2012-02-29] ()

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)

4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-28] (Microsoft Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-01-03] ()

2 SAVAdminService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [167960 2011-03-13] (Sophos Limited)

2 SAVService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe" [99864 2011-03-13] (Sophos Limited)

2 Sophos AutoUpdate Service; "C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe" [232472 2011-03-13] (Sophos Limited)

2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [1543192 2011-03-13] (Sophos Limited)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)

2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)

3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-01-06] (Atheros)

1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)

3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298144 2011-01-06] (Atheros)

3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-01-06] (Atheros)

3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-01-06] (Atheros)

3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-01-06] (Atheros)

3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-01-06] (Atheros)

3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279200 2011-01-06] (Atheros)

3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-17] (LogMeIn, Inc.)

3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)

1 SAVOnAccess; C:\Windows\System32\Drivers\SAVOnAccess.sys [144160 2011-04-17] (Sophos Limited)

4 SophosBootDriver; C:\Windows\System32\Drivers\SophosBootDriver.sys [25608 2010-11-18] (Sophos Plc)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-02-20] (Duplex Secure Ltd.)

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-11 19:22 - 2012-08-11 19:23 - 00000000 ____D C:\FRST

2012-08-11 01:07 - 2012-08-11 01:07 - 01439703 ____A (Farbar) C:\Users\Jake\Downloads\FRST64.exe

2012-08-11 00:05 - 2012-08-11 00:05 - 00000060 ____A C:\TempCmd.txt

2012-08-11 00:05 - 2012-08-11 00:05 - 00000000 ____D C:\HiddenBootMount

2012-08-10 18:53 - 2012-08-10 18:53 - 00002463 ____A C:\Users\Jake\Desktop\RKreport[1].txt

2012-08-10 18:10 - 2012-08-10 18:08 - 00012856 ____A C:\Users\Jake\Desktop\Attach.txt

2012-08-10 18:08 - 2012-08-10 18:08 - 00035985 ____A C:\Users\Jake\Desktop\DDS.txt

2012-08-10 17:57 - 2012-08-10 17:57 - 00607260 ____R (Swearware) C:\Users\Jake\Desktop\dds.scr

2012-08-10 17:57 - 2012-08-10 17:57 - 00607260 ____A (Swearware) C:\Users\Jake\Desktop\dds.com

2012-08-10 17:01 - 2012-08-10 17:02 - 00000000 ____D C:\Users\Jake\Desktop\RK_Quarantine

2012-08-10 17:00 - 2012-08-10 17:00 - 01558528 ____A C:\Users\Jake\Downloads\RogueKiller.exe

2012-08-10 17:00 - 2012-08-10 17:00 - 01558528 ____A C:\Users\Jake\Desktop\RogueKiller.exe

2012-08-10 16:40 - 2012-08-10 16:40 - 01932256 ____A (Symantec Corporation) C:\Users\Jake\Downloads\FixTDSS.exe

2012-08-10 16:40 - 2012-08-10 16:40 - 01932256 ____A (Symantec Corporation) C:\Users\Jake\Desktop\FixTDSS.exe

2012-08-10 16:33 - 2012-08-10 16:33 - 00980480 ____A C:\Users\Jake\Downloads\MicrosoftFixit50267.msi

2012-08-10 16:08 - 2012-07-23 19:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jake\Desktop\TDSSKiller.exe

2012-08-10 16:08 - 2010-12-31 07:14 - 00002254 ___RA C:\Users\Jake\Desktop\eula.txt

2012-08-10 15:52 - 2012-08-10 15:52 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Malwarebytes

2012-08-10 15:51 - 2012-08-10 15:51 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-10 15:51 - 2012-08-10 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-10 15:51 - 2012-07-02 19:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-10 15:42 - 2012-08-10 15:42 - 00034941 ____A C:\Users\Jake\Desktop\Result.txt

2012-08-10 15:41 - 2012-08-10 16:08 - 02117108 ____A C:\Users\Jake\Downloads\tdsskiller.zip

2012-08-10 15:40 - 2012-08-10 15:40 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jake\Downloads\abc123.exe

2012-08-10 15:35 - 2012-08-10 15:34 - 00751391 ____A (Farbar) C:\Users\Jake\Desktop\MiniToolBox.exe

2012-08-10 15:34 - 2012-08-10 15:34 - 00751391 ____A (Farbar) C:\Users\Jake\Downloads\MiniToolBox.exe

2012-08-10 15:33 - 2012-08-10 15:34 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jake\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-10 02:08 - 2012-08-10 02:08 - 00000000 ____D C:\Users\Jake\Documents\Rockstar Games

2012-08-10 02:05 - 2012-08-10 02:05 - 00000000 ____D C:\Program Files (x86)\Rockstar Games

2012-08-10 02:05 - 2010-06-01 10:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2012-08-10 02:05 - 2010-06-01 10:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll

2012-08-10 02:05 - 2010-05-25 17:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll

2012-08-10 02:05 - 2010-05-25 17:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2012-08-10 02:05 - 2010-05-25 17:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2012-08-10 02:05 - 2010-05-25 17:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2012-08-10 02:05 - 2010-02-03 16:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll

2012-08-10 02:05 - 2010-02-03 16:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll

2012-08-10 02:05 - 2010-02-03 16:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll

2012-08-10 02:05 - 2009-09-03 23:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll

2012-08-10 02:05 - 2009-09-03 23:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2012-08-10 02:05 - 2009-09-03 23:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll

2012-08-10 02:05 - 2009-09-03 23:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll

2012-08-10 02:05 - 2009-09-03 23:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2012-08-10 02:05 - 2009-03-15 20:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll

2012-08-10 02:05 - 2009-03-15 20:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll

2012-08-10 02:05 - 2009-03-15 20:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll

2012-08-10 02:05 - 2009-03-08 21:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll

2012-08-10 02:05 - 2009-03-08 21:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll

2012-08-10 02:05 - 2009-03-08 21:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll

2012-08-10 02:05 - 2008-10-26 16:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2012-08-10 02:05 - 2008-10-14 12:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll

2012-08-10 02:05 - 2008-10-14 12:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2012-08-10 02:05 - 2008-10-14 12:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll

2012-08-10 02:05 - 2008-10-14 12:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-08-10 02:05 - 2008-10-14 12:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll

2012-08-10 02:05 - 2008-10-14 12:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2012-08-09 00:51 - 2012-08-09 00:52 - 00725146 ____A C:\Users\Jake\Desktop\Untitled-1.fla

2012-08-09 00:38 - 2012-08-09 00:38 - 00000222 ____A C:\Users\Jake\Desktop\L.A. Noire.url

2012-08-07 01:00 - 2012-08-07 01:00 - 04730429 ____A (LinuxLive USB Creator) C:\Users\Jake\Downloads\LinuxLive USB Creator 2.8.14.exe

2012-08-05 13:39 - 2012-08-05 13:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-05 02:57 - 2012-08-05 02:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-05 00:01 - 2012-08-05 00:01 - 00000000 ____D C:\Windows\en

2012-08-04 23:58 - 2012-08-04 23:58 - 00000000 ____D C:\Windows\fr

2012-08-04 23:58 - 2012-08-04 23:58 - 00000000 ____D C:\Windows\es

2012-08-04 23:55 - 2012-03-08 00:40 - 00048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys

2012-08-04 23:52 - 2012-08-04 23:52 - 00000000 ____D C:\Users\Jake\AppData\Local\{729198D3-A256-4874-9FA8-E9390B50A313}

2012-08-03 20:53 - 2012-08-03 20:53 - 00001856 ____A C:\Users\Public\Desktop\Git Bash.lnk

2012-08-03 20:53 - 2012-08-03 20:53 - 00000000 ____D C:\Program Files (x86)\Git

2012-08-03 20:50 - 2012-08-03 20:51 - 15312181 ____A ( ) C:\Users\Jake\Downloads\Git-1.7.11-preview20120620.exe

2012-08-03 19:45 - 2012-08-03 19:45 - 00001855 ____A C:\Users\Jake\Desktop\Nubots - Shortcut.lnk

2012-08-03 19:44 - 2012-08-03 19:45 - 00000000 ____D C:\Users\Jake\Documents\Nubots

2012-08-03 19:44 - 2012-08-03 19:44 - 02077327 ____A C:\Users\Jake\Downloads\nubots-robocup-FinalRoboCupGame2012-6-gb35c181.zip

2012-08-03 15:16 - 2012-08-03 15:16 - 00000000 ____D C:\Users\Jake\AppData\Roaming\MathematicaPlayer

2012-08-03 15:16 - 2012-08-03 15:16 - 00000000 ____D C:\Users\Jake\AppData\Local\MathematicaPlayer

2012-08-03 15:16 - 2012-08-03 15:16 - 00000000 ____D C:\Users\All Users\MathematicaPlayer

2012-08-03 15:15 - 2012-08-03 15:15 - 00000000 ____D C:\Users\All Users\Mathematica

2012-08-03 15:15 - 2012-08-03 15:15 - 00000000 ____D C:\Program Files\Common Files\Wolfram Research

2012-08-03 15:15 - 2011-10-03 00:45 - 00370704 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll

2012-08-03 15:15 - 2011-10-03 00:45 - 00334352 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp

2012-08-03 15:15 - 2011-10-03 00:45 - 00260112 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll

2012-08-03 15:15 - 2011-10-03 00:45 - 00253968 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll

2012-08-03 15:15 - 2011-10-03 00:45 - 00163344 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll

2012-08-03 15:15 - 2011-10-03 00:45 - 00093712 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp

2012-08-03 15:15 - 2011-10-03 00:45 - 00088080 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp

2012-08-03 15:15 - 2011-10-03 00:45 - 00079376 ____A (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp

2012-08-03 15:14 - 2012-08-03 15:14 - 00000000 ____D C:\Program Files (x86)\Wolfram Research

2012-08-03 14:51 - 2012-08-03 14:55 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\Jake\Downloads\CDFPlayer_8.0.4_WIN.exe

2012-08-03 14:50 - 2012-08-03 14:50 - 00118663 ____A C:\Users\Jake\Downloads\PHYS3350 Demos.cdf

2012-08-01 03:34 - 2012-08-01 03:34 - 02311648 ____A (Beepa Pty Ltd) C:\Users\Jake\Downloads\setup.exe

2012-07-30 02:18 - 2012-07-30 02:18 - 11579288 ____A C:\Users\Jake\Downloads\install_flash_player_osx.dmg

2012-07-29 23:49 - 2012-07-29 23:49 - 00228045 ____A C:\Users\Jake\Downloads\super_mario_bros._3.zip

2012-07-27 19:05 - 2012-07-27 19:06 - 00000000 ____D C:\Users\Jake\AppData\Local\{85861ECD-C3D0-47E4-84C5-15F15C30AC02}

2012-07-27 19:03 - 2012-07-27 19:03 - 00000000 ____D C:\Users\Jake\AppData\Local\{F4091B53-3547-44EB-AB41-71D3EDFAB978}

2012-07-27 19:01 - 2012-07-27 19:01 - 00000000 ____D C:\Users\Jake\AppData\Local\{98A7327F-B275-4AC9-8187-77FAEA341443}

2012-07-27 18:59 - 2012-07-27 18:59 - 00000000 ____D C:\Users\Jake\AppData\Local\{ECBA17B5-F51C-43F3-AFC0-B345934E5146}

2012-07-27 18:57 - 2012-07-27 18:57 - 00000000 ____D C:\Users\Jake\AppData\Local\{FF713BBF-3E82-423F-96C7-07C3B3EC8DF2}

2012-07-27 18:55 - 2012-07-27 18:55 - 00000000 ____D C:\Users\Jake\AppData\Local\{7AB68ACB-83DD-4F0E-9F2A-E7750CC14271}

2012-07-27 18:54 - 2012-07-27 18:54 - 00000000 ____D C:\Users\Jake\AppData\Local\{1C11B2BF-B4AC-491E-9F9E-A39247A3EA9F}

2012-07-27 18:52 - 2012-07-27 18:52 - 00000000 ____D C:\Users\Jake\AppData\Local\{B9097DE2-2028-42EB-88AE-2731CFDF5710}

2012-07-26 00:43 - 2012-07-26 00:43 - 00000000 ____D C:\Users\Jake\AppData\Local\{F69F1CFC-297F-4562-8053-9C0978B1BBF0}

2012-07-26 00:41 - 2012-07-26 00:41 - 00000000 ____D C:\Users\Jake\AppData\Local\{3F81F5DD-2334-422C-86CF-AE36AA7BA7C6}

2012-07-26 00:39 - 2012-07-26 00:39 - 00000000 ____D C:\Users\Jake\AppData\Local\{47D82D59-BAB3-45B3-93EC-419F78BDD143}

2012-07-26 00:37 - 2012-07-26 00:37 - 00000000 ____D C:\Users\Jake\AppData\Local\{13F0090B-828C-4492-A5B8-980AD6C8ABE8}

2012-07-26 00:35 - 2012-07-26 00:35 - 00000000 ____D C:\Users\Jake\AppData\Local\{51D81CC0-8FCB-4F5B-8A6F-2AE7580BBDCD}

2012-07-22 22:26 - 2012-07-23 00:50 - 00059552 ____A C:\Users\Jake\Documents\JAKE.TAX

2012-07-22 22:26 - 2012-07-23 00:48 - 00059552 ____A C:\Users\Jake\Documents\JAKE.BAK

2012-07-22 22:24 - 2012-07-22 22:24 - 00000000 ____D C:\Users\Jake\AppData\Local\etax2012

2012-07-22 22:23 - 2012-07-22 22:23 - 00001923 ____A C:\Users\Jake\Desktop\e-tax 2012.lnk

2012-07-22 22:23 - 2012-07-22 22:23 - 00000000 ____D C:\Program Files (x86)\etax2012

2012-07-22 22:21 - 2012-07-22 22:22 - 09369600 ____A C:\Users\Jake\Downloads\etax2012_1.msi

2012-07-19 17:37 - 2012-07-19 18:40 - 00000000 ____D C:\Users\Jake\Desktop\New Games to Be Played

2012-07-19 08:12 - 2012-07-19 08:12 - 00000000 ____D C:\Users\Jake\AppData\Local\{DE77AE3F-3D10-4180-BAFD-A0121B48BB48}

2012-07-19 08:10 - 2012-07-19 08:10 - 00000000 ____D C:\Users\Jake\AppData\Local\{1E52D5EB-63A3-4601-AFD9-2F808CE975FE}

2012-07-19 01:08 - 2012-07-19 01:08 - 00000000 ____D C:\Users\Jake\AppData\Local\{F0BF4632-7477-4740-9ADA-C93551F27E56}

2012-07-18 03:54 - 2012-07-18 03:54 - 00000000 ____D C:\Users\Jake\Documents\Square Enix

2012-07-18 03:04 - 2010-06-01 10:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2012-07-18 03:04 - 2010-06-01 10:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2012-07-18 03:04 - 2010-06-01 10:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2012-07-18 03:04 - 2010-06-01 10:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-07-18 03:04 - 2010-05-25 17:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2012-07-18 03:04 - 2010-05-25 17:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2012-07-18 03:04 - 2010-05-25 17:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2012-07-18 03:04 - 2010-05-25 17:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2012-07-18 03:04 - 2010-05-25 17:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2012-07-18 03:04 - 2010-05-25 17:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2012-07-18 03:04 - 2010-02-03 16:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll

2012-07-17 21:02 - 2012-07-17 21:02 - 03070333 ____A C:\Users\Jake\Downloads\SCP-087-B.zip

2012-07-16 23:07 - 2012-07-16 23:08 - 31044328 ____A C:\Users\Jake\Downloads\SCP - Containment Breach v0.2.1.zip

2012-07-16 22:12 - 2012-07-16 23:14 - 241768337 ____A C:\Users\Jake\Downloads\deathcraft_ii_310512_14983-L4D2.zip

2012-07-16 22:03 - 2012-07-16 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-07-16 22:03 - 2012-07-16 22:03 - 00000000 ____D C:\Windows\SysWOW64\xlive

2012-07-16 22:03 - 2008-07-30 16:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2012-07-16 22:03 - 2008-07-30 16:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll

2012-07-16 22:03 - 2008-07-30 16:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll

2012-07-16 22:03 - 2008-07-30 16:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2012-07-16 22:03 - 2008-07-30 16:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll

2012-07-16 22:03 - 2008-07-30 16:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2012-07-16 22:03 - 2008-07-11 14:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll

2012-07-16 22:03 - 2008-07-11 14:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2012-07-16 22:03 - 2008-07-11 14:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll

2012-07-16 22:03 - 2008-07-11 14:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-07-16 22:03 - 2008-07-11 14:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll

2012-07-16 22:03 - 2008-07-11 14:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2012-07-16 22:03 - 2008-05-29 20:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll

2012-07-16 22:03 - 2008-05-29 20:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2012-07-16 22:03 - 2008-05-29 20:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2012-07-16 22:03 - 2008-05-29 20:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll

2012-07-16 22:03 - 2008-05-29 20:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll

2012-07-16 22:03 - 2008-05-29 20:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2012-07-16 22:03 - 2008-05-29 20:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2012-07-16 22:03 - 2008-05-29 20:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll

2012-07-16 22:03 - 2008-05-29 20:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll

2012-07-16 22:03 - 2008-05-29 20:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2012-07-16 22:03 - 2008-05-29 20:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll

2012-07-16 22:03 - 2008-05-29 20:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2012-07-16 22:03 - 2008-03-04 22:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll

2012-07-16 22:03 - 2008-03-04 22:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2012-07-16 22:03 - 2008-03-04 22:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2012-07-16 22:03 - 2008-03-04 22:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll

2012-07-16 22:03 - 2008-03-04 22:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll

2012-07-16 22:03 - 2008-03-04 22:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2012-07-16 22:03 - 2008-03-04 21:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll

2012-07-16 22:03 - 2008-03-04 21:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2012-07-16 22:03 - 2008-03-04 21:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll

2012-07-16 22:03 - 2008-03-04 21:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2012-07-16 22:03 - 2008-02-05 05:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll

2012-07-16 22:03 - 2008-02-05 05:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2012-07-16 18:48 - 2012-07-16 18:48 - 00000000 ____D C:\Users\Jake\Documents\Amnesia

2012-07-16 18:48 - 2012-07-16 18:48 - 00000000 ____D C:\Users\Jake\AppData\Roaming\fltk.org

2012-07-16 18:48 - 2012-07-16 18:48 - 00000000 ____D C:\Users\All Users\fltk.org

2012-07-16 17:00 - 2012-07-16 16:46 - 00567253 ____A C:\Users\Jake\Desktop\2.1.zip

2012-07-16 16:47 - 2012-07-16 16:47 - 00000000 ____D C:\Users\Jake\Desktop\Left4Uncut

2012-07-16 16:46 - 2012-07-16 16:46 - 00567253 ____A C:\Users\Jake\Downloads\2.1.zip

2012-07-14 23:34 - 2012-07-14 23:34 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Trine2

2012-07-14 23:33 - 2008-05-29 20:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll

2012-07-14 23:33 - 2008-05-29 20:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2012-07-13 03:49 - 2010-02-03 16:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2012-07-13 03:49 - 2010-02-03 16:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2012-07-13 03:49 - 2010-02-03 16:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-07-13 03:49 - 2010-02-03 16:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-07-13 03:49 - 2009-03-08 21:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2012-07-12 06:44 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-12 06:43 - 2012-07-12 06:44 - 00261942 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-12 06:38 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-12 06:38 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-12 06:38 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-12 06:38 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-12 06:38 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-12 06:38 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-12 06:38 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-12 06:38 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-12 06:38 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-12 06:38 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-12 06:38 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-12 06:38 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-12 06:38 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-12 06:38 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-12 06:38 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-12 06:38 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-12 06:38 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-12 06:38 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-12 06:38 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-12 06:38 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-12 06:38 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-12 06:38 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-12 06:38 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-12 06:38 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-12 06:38 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-12 06:38 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-12 06:38 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-12 06:38 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

============ 3 Months Modified Files ========================

2012-08-11 01:09 - 2009-07-13 21:13 - 00807756 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-11 01:07 - 2012-08-11 01:07 - 01439703 ____A (Farbar) C:\Users\Jake\Downloads\FRST64.exe

2012-08-11 00:59 - 2011-02-03 05:57 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-11 00:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-11 00:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-11 00:45 - 2011-06-18 23:39 - 01728160 ____A C:\Windows\WindowsUpdate.log

2012-08-11 00:05 - 2012-08-11 00:05 - 00000060 ____A C:\TempCmd.txt

2012-08-10 22:59 - 2011-02-03 05:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-10 20:08 - 2011-06-18 23:52 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2012-08-10 20:08 - 2011-06-18 23:45 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini

2012-08-10 20:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-10 20:07 - 2009-07-13 20:51 - 00086198 ____A C:\Windows\setupact.log

2012-08-10 18:53 - 2012-08-10 18:53 - 00002463 ____A C:\Users\Jake\Desktop\RKreport[1].txt

2012-08-10 18:08 - 2012-08-10 18:10 - 00012856 ____A C:\Users\Jake\Desktop\Attach.txt

2012-08-10 18:08 - 2012-08-10 18:08 - 00035985 ____A C:\Users\Jake\Desktop\DDS.txt

2012-08-10 17:57 - 2012-08-10 17:57 - 00607260 ____R (Swearware) C:\Users\Jake\Desktop\dds.scr

2012-08-10 17:57 - 2012-08-10 17:57 - 00607260 ____A (Swearware) C:\Users\Jake\Desktop\dds.com

2012-08-10 17:00 - 2012-08-10 17:00 - 01558528 ____A C:\Users\Jake\Downloads\RogueKiller.exe

2012-08-10 17:00 - 2012-08-10 17:00 - 01558528 ____A C:\Users\Jake\Desktop\RogueKiller.exe

2012-08-10 16:40 - 2012-08-10 16:40 - 01932256 ____A (Symantec Corporation) C:\Users\Jake\Downloads\FixTDSS.exe

2012-08-10 16:40 - 2012-08-10 16:40 - 01932256 ____A (Symantec Corporation) C:\Users\Jake\Desktop\FixTDSS.exe

2012-08-10 16:33 - 2012-08-10 16:33 - 00980480 ____A C:\Users\Jake\Downloads\MicrosoftFixit50267.msi

2012-08-10 16:08 - 2012-08-10 15:41 - 02117108 ____A C:\Users\Jake\Downloads\tdsskiller.zip

2012-08-10 16:03 - 2011-06-18 23:47 - 00001646 ____A C:\Windows\System32\ServiceFilter.ini

2012-08-10 16:02 - 2011-06-18 23:28 - 00466196 ____A C:\Windows\PFRO.log

2012-08-10 15:42 - 2012-08-10 15:42 - 00034941 ____A C:\Users\Jake\Desktop\Result.txt

2012-08-10 15:40 - 2012-08-10 15:40 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jake\Downloads\abc123.exe

2012-08-10 15:34 - 2012-08-10 15:35 - 00751391 ____A (Farbar) C:\Users\Jake\Desktop\MiniToolBox.exe

2012-08-10 15:34 - 2012-08-10 15:34 - 00751391 ____A (Farbar) C:\Users\Jake\Downloads\MiniToolBox.exe

2012-08-10 15:34 - 2012-08-10 15:33 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jake\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-10 02:05 - 2011-02-03 06:10 - 00416750 ____A C:\Windows\DirectX.log

2012-08-09 00:52 - 2012-08-09 00:51 - 00725146 ____A C:\Users\Jake\Desktop\Untitled-1.fla

2012-08-09 00:38 - 2012-08-09 00:38 - 00000222 ____A C:\Users\Jake\Desktop\L.A. Noire.url

2012-08-07 01:00 - 2012-08-07 01:00 - 04730429 ____A (LinuxLive USB Creator) C:\Users\Jake\Downloads\LinuxLive USB Creator 2.8.14.exe

2012-08-05 13:39 - 2012-08-05 13:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-05 13:39 - 2012-01-03 00:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-04 23:51 - 2012-02-25 22:32 - 00227840 __ASH C:\Users\Jake\Desktop\Thumbs.db

2012-08-04 22:46 - 2009-07-13 20:45 - 00460296 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-03 20:53 - 2012-08-03 20:53 - 00001856 ____A C:\Users\Public\Desktop\Git Bash.lnk

2012-08-03 20:51 - 2012-08-03 20:50 - 15312181 ____A ( ) C:\Users\Jake\Downloads\Git-1.7.11-preview20120620.exe

2012-08-03 19:45 - 2012-08-03 19:45 - 00001855 ____A C:\Users\Jake\Desktop\Nubots - Shortcut.lnk

2012-08-03 19:44 - 2012-08-03 19:44 - 02077327 ____A C:\Users\Jake\Downloads\nubots-robocup-FinalRoboCupGame2012-6-gb35c181.zip

2012-08-03 15:16 - 2012-01-02 17:32 - 00126208 ____A C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-03 14:55 - 2012-08-03 14:51 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\Jake\Downloads\CDFPlayer_8.0.4_WIN.exe

2012-08-03 14:50 - 2012-08-03 14:50 - 00118663 ____A C:\Users\Jake\Downloads\PHYS3350 Demos.cdf

2012-08-01 03:34 - 2012-08-01 03:34 - 02311648 ____A (Beepa Pty Ltd) C:\Users\Jake\Downloads\setup.exe

2012-07-30 02:18 - 2012-07-30 02:18 - 11579288 ____A C:\Users\Jake\Downloads\install_flash_player_osx.dmg

2012-07-29 23:49 - 2012-07-29 23:49 - 00228045 ____A C:\Users\Jake\Downloads\super_mario_bros._3.zip

2012-07-23 19:22 - 2012-08-10 16:08 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jake\Desktop\TDSSKiller.exe

2012-07-23 00:50 - 2012-07-22 22:26 - 00059552 ____A C:\Users\Jake\Documents\JAKE.TAX

2012-07-23 00:48 - 2012-07-22 22:26 - 00059552 ____A C:\Users\Jake\Documents\JAKE.BAK

2012-07-22 22:23 - 2012-07-22 22:23 - 00001923 ____A C:\Users\Jake\Desktop\e-tax 2012.lnk

2012-07-22 22:22 - 2012-07-22 22:21 - 09369600 ____A C:\Users\Jake\Downloads\etax2012_1.msi

2012-07-17 21:02 - 2012-07-17 21:02 - 03070333 ____A C:\Users\Jake\Downloads\SCP-087-B.zip

2012-07-16 23:14 - 2012-07-16 22:12 - 241768337 ____A C:\Users\Jake\Downloads\deathcraft_ii_310512_14983-L4D2.zip

2012-07-16 23:08 - 2012-07-16 23:07 - 31044328 ____A C:\Users\Jake\Downloads\SCP - Containment Breach v0.2.1.zip

2012-07-16 16:46 - 2012-07-16 17:00 - 00567253 ____A C:\Users\Jake\Desktop\2.1.zip

2012-07-16 16:46 - 2012-07-16 16:46 - 00567253 ____A C:\Users\Jake\Downloads\2.1.zip

2012-07-12 06:44 - 2012-07-12 06:43 - 00261942 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-12 06:44 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-07-12 06:40 - 2012-02-05 15:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 20:21 - 2012-07-10 20:21 - 01232099 ____A C:\Users\Jake\Downloads\hanano1000.zip

2012-07-08 23:58 - 2012-07-08 23:58 - 00073068 ____A C:\Users\Jake\Downloads\Minecontrol.jar

2012-07-08 23:51 - 2012-07-08 23:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf

2012-07-08 23:50 - 2012-07-08 23:50 - 07878008 ____A (Microsoft Corporation) C:\Users\Jake\Downloads\Xbox360_64Eng.exe

2012-07-08 15:38 - 2012-02-11 14:20 - 00000928 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2012-07-08 04:40 - 2012-07-08 04:37 - 58366405 ____A C:\Users\Jake\Downloads\Slender_v0_9_1.zip

2012-07-08 02:30 - 2012-07-08 02:29 - 26598570 ____A C:\Users\Jake\Downloads\Zelda - Ocarina of Time.zip

2012-07-08 02:26 - 2012-07-08 02:26 - 02080797 ____A (Project64 ) C:\Users\Jake\Downloads\setup Project64 1.6.exe

2012-07-08 02:26 - 2012-07-08 02:26 - 02080797 ____A (Project64 ) C:\Users\Jake\Downloads\setup Project64 1.6(1).exe

2012-07-07 00:52 - 2012-07-07 00:52 - 01793169 ____A C:\Users\Jake\Downloads\minecraft_server(2).jar

2012-07-07 00:38 - 2012-07-07 00:37 - 04584956 ____A C:\Users\Jake\Downloads\minecraft.jar

2012-07-07 00:37 - 2012-07-07 00:37 - 01803692 ____A C:\Users\Jake\Downloads\minecraft_server(1).jar

2012-07-05 16:34 - 2012-06-27 01:51 - 00010615 ____A C:\Users\Jake\Desktop\Richards S2 Timetable.xlsx

2012-07-02 19:46 - 2012-08-10 15:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-27 01:05 - 2012-06-27 01:05 - 00291825 ____A C:\Windows\To the Moon Uninstaller.exe

2012-06-27 01:05 - 2012-06-27 01:03 - 77242757 ____A C:\Users\Jake\Downloads\To_the_Moon-1.1_installer.exe

2012-06-25 03:14 - 2012-06-25 03:13 - 28372992 ____A (Cinderella) C:\Users\Jake\Downloads\cindyinstall.exe

2012-06-25 00:30 - 2012-06-25 00:29 - 19322245 ____A C:\Users\Jake\Downloads\Vindiesel.zip

2012-06-24 22:43 - 2012-06-24 22:41 - 28428002 ____A C:\Users\Jake\Downloads\Build_Win32.rar

2012-06-24 22:43 - 2012-06-24 22:41 - 14397761 ____A C:\Users\Jake\Downloads\Cloudbase-7DFPS-win.zip

2012-06-24 22:42 - 2012-06-24 22:40 - 30436107 ____A C:\Users\Jake\Downloads\Past Enemies Win.zip

2012-06-24 22:41 - 2012-06-24 22:40 - 17930623 ____A C:\Users\Jake\Downloads\Robota - Lost (Beta-PC).rar

2012-06-24 22:04 - 2012-06-24 22:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

2012-06-18 18:40 - 2012-06-18 18:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf

2012-06-18 02:21 - 2012-06-18 02:18 - 214613632 ____A (NVIDIA Corporation) C:\Users\Jake\Downloads\301.42-notebook-win7-winvista-64bit-international-whql(1).exe

2012-06-17 02:44 - 2012-06-17 02:43 - 40048216 ____A (Blizzard Entertainment) C:\Users\Jake\Downloads\Diablo-III-Setup-enGB.exe

2012-06-16 03:21 - 2012-06-16 03:20 - 16503720 ____A (Nabi Studios Pte Ltd ) C:\Users\Jake\Downloads\Toribash-3.99-Setup.exe

2012-06-11 19:08 - 2012-07-12 06:44 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-11 20:10 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 20:09 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-11 20:10 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 20:10 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 20:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 20:10 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 20:10 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 20:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 14:53 - 2012-06-05 14:53 - 00000289 ____A C:\Users\Jake\Downloads\run og fix.bat

2012-06-05 02:17 - 2012-06-05 02:17 - 02016122 ____A C:\Users\Jake\Downloads\OvergrowthPathSpaceFix.zip

2012-06-03 20:52 - 2012-06-03 20:52 - 00001895 ____A C:\Users\Jake\Downloads\RL(1).zip

2012-06-03 20:41 - 2012-03-09 01:22 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-06-03 20:41 - 2012-03-09 01:22 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-06-02 23:55 - 2012-01-21 03:37 - 00001018 ____A C:\Users\Jake\Desktop\Dropbox.lnk

2012-06-02 14:19 - 2012-06-18 18:45 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-18 18:45 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-18 18:45 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-18 18:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-18 18:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-18 18:45 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-18 18:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 04:49 - 2012-07-12 06:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-12 06:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-12 06:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-12 06:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-12 06:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-12 06:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-12 06:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-12 06:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-12 06:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-12 06:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-12 06:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-12 06:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-12 06:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-12 06:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-12 06:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-12 06:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-12 06:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-12 06:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-12 06:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-12 06:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-12 06:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-12 06:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-12 06:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-12 06:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-12 06:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-12 06:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-12 06:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-12 06:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 23:36 - 2012-03-26 01:24 - 00003752 ____A C:\Users\Jake\weka.log

2012-06-01 23:21 - 2012-06-01 23:21 - 00010167 ____A C:\Users\Jake\Downloads\timeseries.zip

2012-06-01 21:50 - 2012-07-11 20:09 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 20:09 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 20:09 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 20:09 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 20:09 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 21:19 - 2012-06-18 18:44 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-01 21:15 - 2012-06-18 18:44 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 20:40 - 2012-07-11 20:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 20:09 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 20:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 20:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 01:36 - 2012-06-01 01:36 - 00119948 ____A C:\Users\Jake\Downloads\SUMLauncher_win.zip

2012-06-01 01:30 - 2012-06-01 01:30 - 01116448 ____A C:\Users\Jake\Downloads\GrassArena [4-28-12].zip

2012-06-01 00:08 - 2012-05-31 22:51 - 2125026991 ____A C:\Users\Jake\Downloads\a180-win.exe

2012-05-31 13:13 - 2012-05-31 04:21 - 315470531 ____A C:\Users\Jake\Downloads\StarForge_V0.1.zip

2012-05-30 18:25 - 2012-02-03 15:36 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-28 01:33 - 2012-05-28 01:33 - 00001411 ____A C:\Users\Jake\Downloads\servers.dat

2012-05-26 15:58 - 2012-05-26 15:58 - 00213767 ____A C:\Users\Jake\Downloads\COMP3330 - Report.zip

2012-05-24 13:05 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-23 22:02 - 2012-05-23 22:02 - 00000424 ____A C:\Users\Jake\Downloads\science(5)

2012-05-23 17:09 - 2012-05-23 17:09 - 00000472 ____A C:\Users\Jake\Downloads\science(4)

2012-05-23 01:13 - 2012-05-23 01:10 - 214613632 ____A (NVIDIA Corporation) C:\Users\Jake\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe

2012-05-19 16:02 - 2012-05-19 16:02 - 00000531 ____A C:\Users\Jake\Downloads\science(3)

2012-05-18 23:22 - 2012-05-18 23:22 - 00000424 ____A C:\Users\Jake\Downloads\science(1)

2012-05-18 22:35 - 2012-05-18 22:35 - 00000369 ____A C:\Users\Jake\Downloads\355145a0.ris

2012-05-16 15:54 - 2012-05-16 15:54 - 00000306 ____A C:\Users\Jake\Downloads\GetCitation

2012-05-15 13:49 - 2012-05-15 13:49 - 04109723 ____A C:\Users\Jake\Downloads\MarioAI-src (1)(1).zip

2012-05-15 03:24 - 2012-05-15 03:23 - 04109723 ____A C:\Users\Jake\Downloads\MarioAI-src (1).zip

2012-05-15 03:20 - 2012-05-15 03:19 - 33240976 ____A C:\Users\Jake\Downloads\winzip16-64.exe

2012-05-15 03:16 - 2012-05-15 03:14 - 04109723 ____A C:\Users\Jake\Desktop\MarioAI-src (1).zip

2012-05-15 03:06 - 2012-05-15 03:16 - 00006126 ____A C:\Users\Jake\Desktop\PaperEvolveMLP.java

2012-05-15 03:01 - 2012-05-15 03:16 - 00003749 ____A C:\Users\Jake\Desktop\BasicMyAgentMLP.java

2012-05-15 02:53 - 2012-05-15 03:16 - 00004064 ____A C:\Users\Jake\Desktop\MyAgent.java

2012-05-15 02:48 - 2012-06-18 02:24 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-05-15 02:48 - 2012-06-18 02:24 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-05-15 02:48 - 2012-06-18 02:24 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2012-05-15 02:48 - 2012-01-03 02:44 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2012-05-15 02:48 - 2012-01-03 02:44 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll

2012-05-15 02:48 - 2012-01-03 02:44 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll

2012-05-15 02:48 - 2012-01-03 02:44 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll

2012-05-15 02:48 - 2012-01-03 02:44 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2012-05-15 02:48 - 2011-06-18 23:37 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-05-15 02:48 - 2011-06-18 23:37 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2012-05-15 02:48 - 2011-06-18 23:37 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll

2012-05-15 02:48 - 2011-06-18 23:37 - 00014324 ____A C:\Windows\System32\nvinfo.pb

2012-05-15 01:29 - 2011-03-06 05:45 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

2012-05-15 01:29 - 2011-03-06 05:45 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2012-05-15 01:29 - 2011-03-06 05:45 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2012-05-15 01:29 - 2011-03-06 05:45 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2012-05-15 01:29 - 2011-03-06 05:44 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2012-05-15 01:28 - 2011-03-06 05:44 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2012-05-14 08:21 - 2012-05-14 08:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe

2012-05-14 02:10 - 2012-05-14 02:09 - 00013682 ____A C:\Users\Jake\Downloads\HIPHI-Jake's edit - fix quotes please.tex

2012-05-14 01:05 - 2012-05-14 00:57 - 00013650 ____A C:\Users\Jake\Downloads\COMP3330_Presentation.tex

2012-05-14 00:56 - 2012-05-14 00:56 - 00005487 ____A C:\Users\Jake\Downloads\COMP3330_A1.tex

ZeroAccess:

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L\00000004.@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L\201d3dde

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\00000004.@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\00000008.@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\000000cb.@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\80000000.@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\80000032.@

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\80000064.@

ZeroAccess:

C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}

C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\@

C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L

C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\n

C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 6%

Total physical RAM: 16361.16 MB

Available physical RAM: 15229.73 MB

Total Pagefile: 16359.31 MB

Available Pagefile: 15229.71 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:3.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:168.65 GB) NTFS

3 Drive e: (RECOVERY) (Fixed) (Total:24.98 GB) (Free:11.59 GB) FAT32 ==>[system with boot components (obtained from reading drive)]

5 Drive g: (JAKE'S USB) (Removable) (Total:7.45 GB) (Free:4.66 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 1024 KB

Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 25 GB 1024 KB

Partition 2 Primary 279 GB 25 GB

Partition 0 Extended 394 GB 304 GB

Partition 3 Logical 394 GB 304 GB

==================================================================================

Disk: 0

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 E RECOVERY FAT32 Partition 25 GB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 279 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D DATA NTFS Partition 394 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7647 MB 40 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G JAKE'S USB FAT32 Removable 7647 MB Healthy

==================================================================================

Last Boot: 2012-08-06 13:33

======================= End Of Log ==========================

Search.txt:

Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-11 19:25:56

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-11 22:18:01 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8} moved successfully.

C:\Users\Jake\AppData\Local\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I had some trouble running combofix. Sophos, despite the fact I followed the instructions in your link and turned of on-access scanning, was intercepting combofix, so I uninstalled sophos. It was pretty useless anyway and would never update properly. I'll get a new antivirus when I can.

So then I ran combo fix fine, and had to restart to overcome the registry key marked for deletion error. However, now I can't access the internet. I tried troubleshooting to no avail. I tried to find a repair option as it says on the combofix guide, but their guide was for windows XP and I could not find it in 7. I am posting from another computer now.

Here is the combofix log:

ComboFix 12-08-09.01 - Jake 11/08/2012 23:06:26.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16361.13636 [GMT 10:00]

Running from: c:\users\Jake\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\AsPatch10430001.exe

c:\windows\iun6002.exe

c:\windows\msvcr71.dll

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

D:\install.exe

.

----- File Replicators -----

.

c:\program files (x86)\Git\bin\git.exe

c:\program files (x86)\Git\libexec\git-core\git-add.exe

c:\program files (x86)\Git\libexec\git-core\git-annotate.exe

c:\program files (x86)\Git\libexec\git-core\git-apply.exe

c:\program files (x86)\Git\libexec\git-core\git-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe

c:\program files (x86)\Git\libexec\git-core\git-blame.exe

c:\program files (x86)\Git\libexec\git-core\git-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-bundle.exe

c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe

c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe

c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry.exe

c:\program files (x86)\Git\libexec\git-core\git-clean.exe

c:\program files (x86)\Git\libexec\git-core\git-clone.exe

c:\program files (x86)\Git\libexec\git-core\git-column.exe

c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-commit.exe

c:\program files (x86)\Git\libexec\git-core\git-config.exe

c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-describe.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-diff.exe

c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch.exe

c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe

c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck.exe

c:\program files (x86)\Git\libexec\git-core\git-gc.exe

c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe

c:\program files (x86)\Git\libexec\git-core\git-grep.exe

c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe

c:\program files (x86)\Git\libexec\git-core\git-help.exe

c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-init-db.exe

c:\program files (x86)\Git\libexec\git-core\git-init.exe

c:\program files (x86)\Git\libexec\git-core\git-log.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe

c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge.exe

c:\program files (x86)\Git\libexec\git-core\git-mktag.exe

c:\program files (x86)\Git\libexec\git-core\git-mktree.exe

c:\program files (x86)\Git\libexec\git-core\git-mv.exe

c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe

c:\program files (x86)\Git\libexec\git-core\git-notes.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe

c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe

c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe

c:\program files (x86)\Git\libexec\git-core\git-prune.exe

c:\program files (x86)\Git\libexec\git-core\git-push.exe

c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-reflog.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe

c:\program files (x86)\Git\libexec\git-core\git-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-replace.exe

c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe

c:\program files (x86)\Git\libexec\git-core\git-rerere.exe

c:\program files (x86)\Git\libexec\git-core\git-reset.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe

c:\program files (x86)\Git\libexec\git-core\git-revert.exe

c:\program files (x86)\Git\libexec\git-core\git-rm.exe

c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe

c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-show.exe

c:\program files (x86)\Git\libexec\git-core\git-stage.exe

c:\program files (x86)\Git\libexec\git-core\git-status.exe

c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe

c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-update-index.exe

c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe

c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-var.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe

c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe

c:\program files (x86)\Git\libexec\git-core\git.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))

.

.

2012-08-12 03:22 . 2012-08-12 03:23 -------- d-----w- C:\FRST

2012-08-11 08:05 . 2012-08-11 08:05 -------- d-----w- C:\HiddenBootMount

2012-08-10 23:52 . 2012-08-10 23:52 -------- d-----w- c:\users\Jake\AppData\Roaming\Malwarebytes

2012-08-10 23:51 . 2012-08-10 23:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 23:51 . 2012-08-10 23:51 -------- d-----w- c:\programdata\Malwarebytes

2012-08-10 23:51 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-05 21:39 . 2012-08-05 21:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-05 10:57 . 2012-08-05 10:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-05 08:01 . 2012-08-05 08:01 -------- d-----w- c:\windows\en

2012-08-05 07:58 . 2012-08-05 07:58 -------- d-----w- c:\windows\fr

2012-08-05 07:58 . 2012-08-05 07:58 -------- d-----w- c:\windows\es

2012-08-05 07:55 . 2012-03-08 08:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-08-05 07:55 . 2012-08-05 07:55 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-04 04:53 . 2012-08-04 04:53 -------- d-----w- c:\program files (x86)\Git

2012-08-03 23:16 . 2012-08-03 23:16 -------- d-----w- c:\users\Jake\AppData\Roaming\MathematicaPlayer

2012-08-03 23:16 . 2012-08-03 23:16 -------- d-----w- c:\users\Jake\AppData\Local\MathematicaPlayer

2012-08-03 23:15 . 2012-08-03 23:15 -------- d-----w- c:\program files\Common Files\Wolfram Research

2012-08-03 23:15 . 2012-08-03 23:15 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research

2012-08-03 23:15 . 2012-08-03 23:15 -------- d-----w- c:\programdata\Mathematica

2012-08-03 23:15 . 2011-10-03 08:45 334352 ----a-w- c:\windows\SysWow64\mltcpip32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 93712 ----a-w- c:\windows\SysWow64\mltcp32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 88080 ----a-w- c:\windows\SysWow64\mlshm32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 163344 ----a-w- c:\windows\SysWow64\mlmodule32.dll

2012-08-03 23:15 . 2011-10-03 08:45 79376 ----a-w- c:\windows\SysWow64\mlmap32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 370704 ----a-w- c:\windows\SysWow64\ml32i3.dll

2012-08-03 23:15 . 2011-10-03 08:45 260112 ----a-w- c:\windows\SysWow64\ml32i2.dll

2012-08-03 23:15 . 2011-10-03 08:45 253968 ----a-w- c:\windows\SysWow64\ml32i1.dll

2012-08-03 23:14 . 2012-08-03 23:14 -------- d-----w- c:\program files (x86)\Wolfram Research

2012-08-03 22:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BFBE4D3-C4FF-47AF-A788-D9F7D0228450}\mpengine.dll

2012-07-26 08:36 . 2012-07-26 08:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c1a289c01cd6b0907\MeshBetaRemover.exe

2012-07-26 08:36 . 2012-07-26 08:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\DSETUP.dll

2012-07-26 08:36 . 2012-07-26 08:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\DXSETUP.exe

2012-07-26 08:36 . 2012-07-26 08:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\dsetup32.dll

2012-07-26 08:33 . 2012-07-26 08:33 -------- d-----w- c:\users\Jake\temp

2012-07-23 06:24 . 2012-07-23 06:24 -------- d-----w- c:\users\Jake\AppData\Local\etax2012

2012-07-23 06:23 . 2012-07-23 06:23 -------- d-----w- c:\program files (x86)\etax2012

2012-07-18 11:04 . 2010-06-01 18:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2012-07-18 11:04 . 2010-06-01 18:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2012-07-18 11:04 . 2010-06-01 18:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2012-07-18 11:04 . 2010-06-01 18:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2012-07-18 11:04 . 2010-05-26 01:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-07-18 11:04 . 2010-02-04 00:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2012-07-17 02:48 . 2012-07-17 02:48 -------- d-----w- c:\users\Jake\AppData\Roaming\fltk.org

2012-07-17 02:48 . 2012-07-17 02:48 -------- d-----w- c:\programdata\fltk.org

2012-07-15 07:34 . 2012-07-15 07:34 -------- d-----w- c:\users\Jake\AppData\Roaming\Trine2

2012-07-15 07:33 . 2008-05-30 04:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll

2012-07-15 07:33 . 2008-05-30 04:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll

2012-07-13 11:49 . 2010-02-04 00:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2012-07-13 11:49 . 2010-02-04 00:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2012-07-13 11:49 . 2010-02-04 00:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2012-07-13 11:49 . 2010-02-04 00:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2012-07-13 11:49 . 2009-03-09 05:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2012-07-12 14:44 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-11 12:57 . 2011-06-19 07:52 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-08-05 21:39 . 2012-01-03 08:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 14:40 . 2012-02-05 23:31 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-08 10:27 . 2012-07-08 10:27 40960 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-07-08 10:27 . 2012-07-08 10:27 40960 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-06-27 09:05 . 2012-06-27 09:05 291825 ----a-w- c:\windows\To the Moon Uninstaller.exe

2012-06-25 06:04 . 2012-06-25 06:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-09 05:43 . 2012-07-12 04:10 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-12 04:10 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-12 04:10 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-12 04:09 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-12 04:10 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-12 04:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-12 04:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-19 02:44 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 02:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 02:45 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 02:45 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 02:44 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 02:45 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 02:44 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:50 . 2012-07-12 04:09 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-12 04:09 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-12 04:09 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-12 04:09 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-12 04:09 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 05:19 . 2012-06-19 02:44 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-19 02:44 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:40 . 2012-07-12 04:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-12 04:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-12 04:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-12 04:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 02:25 . 2012-02-03 23:36 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-15 10:48 . 2012-06-18 10:24 8139072 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:48 . 2012-06-18 10:24 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2012-06-18 10:24 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-05-15 10:48 . 2012-06-18 10:24 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:48 . 2012-06-18 10:24 2681664 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:48 . 2012-06-18 10:24 25743168 ----a-w- c:\windows\system32\nvoglv64.dll

2012-05-15 10:48 . 2012-06-18 10:24 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-05-15 10:48 . 2012-06-18 10:24 25248064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:48 . 2012-06-18 10:24 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-05-15 10:48 . 2012-06-18 10:24 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2012-06-18 10:24 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-05-15 10:48 . 2012-06-18 10:24 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-05-15 10:48 . 2012-06-18 10:24 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:48 . 2012-01-03 10:44 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-01-03 10:44 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2012-01-03 10:44 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2012-01-03 10:44 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2012-01-03 10:44 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2011-06-19 07:37 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 10:48 . 2011-06-19 07:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-06-19 07:37 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 09:29 . 2011-03-06 13:45 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-03-06 13:45 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-03-06 13:45 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2011-03-06 13:45 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-03-06 13:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-03-06 13:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-14 16:21 . 2012-05-14 16:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-25 40448]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-12-27 84464]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-01-28 907776]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-13 191304]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-4 548528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 135664]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-19 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-19 79360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\3wwrc5wa.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-Battlecraft Vietnam1.0 BETA - c:\windows\iun6002.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2030384719-4073196898-2692467150-1000\Software\SecuROM\License information*]

"datasecu"=hex:25,9e,53,44,e7,62,32,28,98,ab,cf,6e,5c,c2,b4,f9,f6,2a,0c,8d,cd,

49,45,0b,09,d3,06,59,7e,65,1e,0c,58,96,de,ab,8d,29,57,e9,62,08,8b,20,cb,f5,\

"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-11 23:24:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-11 13:24

.

Pre-Run: 16,135,208,960 bytes free

Post-Run: 17,551,044,608 bytes free

.

- - End Of File - - 686C5B3767404AD56AAAF55B9E66C476

Link to post
Share on other sites

No worries.

I ran combofix again. The internet still won't work. I can connect to my wireless network, and windows says I have internet connection but nothing can access it.

Here is the new combofix log incase you need it:

ComboFix 12-08-09.01 - Jake 12/08/2012 9:52.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16361.14027 [GMT 10:00]

Running from: c:\users\Jake\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))

.

.

2012-08-12 03:22 . 2012-08-12 03:23 -------- d-----w- C:\FRST

2012-08-12 00:01 . 2012-08-12 00:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-12 00:01 . 2012-08-12 00:01 -------- d-----w- c:\users\Shared\AppData\Local\temp

2012-08-12 00:01 . 2012-08-12 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-11 08:05 . 2012-08-11 08:05 -------- d-----w- C:\HiddenBootMount

2012-08-10 23:52 . 2012-08-10 23:52 -------- d-----w- c:\users\Jake\AppData\Roaming\Malwarebytes

2012-08-10 23:51 . 2012-08-10 23:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 23:51 . 2012-08-10 23:51 -------- d-----w- c:\programdata\Malwarebytes

2012-08-10 23:51 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-05 21:39 . 2012-08-05 21:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-05 10:57 . 2012-08-05 10:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-05 08:01 . 2012-08-05 08:01 -------- d-----w- c:\windows\en

2012-08-05 07:58 . 2012-08-05 07:58 -------- d-----w- c:\windows\fr

2012-08-05 07:58 . 2012-08-05 07:58 -------- d-----w- c:\windows\es

2012-08-05 07:55 . 2012-03-08 08:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-08-05 07:55 . 2012-08-05 07:55 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-04 04:53 . 2012-08-04 04:53 -------- d-----w- c:\program files (x86)\Git

2012-08-03 23:16 . 2012-08-03 23:16 -------- d-----w- c:\users\Jake\AppData\Roaming\MathematicaPlayer

2012-08-03 23:16 . 2012-08-03 23:16 -------- d-----w- c:\users\Jake\AppData\Local\MathematicaPlayer

2012-08-03 23:15 . 2012-08-03 23:15 -------- d-----w- c:\program files\Common Files\Wolfram Research

2012-08-03 23:15 . 2012-08-03 23:15 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research

2012-08-03 23:15 . 2012-08-03 23:15 -------- d-----w- c:\programdata\Mathematica

2012-08-03 23:15 . 2011-10-03 08:45 334352 ----a-w- c:\windows\SysWow64\mltcpip32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 93712 ----a-w- c:\windows\SysWow64\mltcp32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 88080 ----a-w- c:\windows\SysWow64\mlshm32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 163344 ----a-w- c:\windows\SysWow64\mlmodule32.dll

2012-08-03 23:15 . 2011-10-03 08:45 79376 ----a-w- c:\windows\SysWow64\mlmap32.mlp

2012-08-03 23:15 . 2011-10-03 08:45 370704 ----a-w- c:\windows\SysWow64\ml32i3.dll

2012-08-03 23:15 . 2011-10-03 08:45 260112 ----a-w- c:\windows\SysWow64\ml32i2.dll

2012-08-03 23:15 . 2011-10-03 08:45 253968 ----a-w- c:\windows\SysWow64\ml32i1.dll

2012-08-03 23:14 . 2012-08-03 23:14 -------- d-----w- c:\program files (x86)\Wolfram Research

2012-08-03 22:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BFBE4D3-C4FF-47AF-A788-D9F7D0228450}\mpengine.dll

2012-07-26 08:36 . 2012-07-26 08:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c1a289c01cd6b0907\MeshBetaRemover.exe

2012-07-26 08:36 . 2012-07-26 08:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\DSETUP.dll

2012-07-26 08:36 . 2012-07-26 08:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\DXSETUP.exe

2012-07-26 08:36 . 2012-07-26 08:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c17fe60e1cd6b0906\dsetup32.dll

2012-07-26 08:33 . 2012-07-26 08:33 -------- d-----w- c:\users\Jake\temp

2012-07-23 06:24 . 2012-07-23 06:24 -------- d-----w- c:\users\Jake\AppData\Local\etax2012

2012-07-23 06:23 . 2012-07-23 06:23 -------- d-----w- c:\program files (x86)\etax2012

2012-07-18 11:04 . 2010-06-01 18:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2012-07-18 11:04 . 2010-06-01 18:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2012-07-18 11:04 . 2010-06-01 18:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2012-07-18 11:04 . 2010-06-01 18:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2012-07-18 11:04 . 2010-05-26 01:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-07-18 11:04 . 2010-05-26 01:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-07-18 11:04 . 2010-02-04 00:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2012-07-17 02:48 . 2012-07-17 02:48 -------- d-----w- c:\users\Jake\AppData\Roaming\fltk.org

2012-07-17 02:48 . 2012-07-17 02:48 -------- d-----w- c:\programdata\fltk.org

2012-07-15 07:34 . 2012-07-15 07:34 -------- d-----w- c:\users\Jake\AppData\Roaming\Trine2

2012-07-15 07:33 . 2008-05-30 04:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll

2012-07-15 07:33 . 2008-05-30 04:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll

2012-07-13 11:49 . 2010-02-04 00:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2012-07-13 11:49 . 2010-02-04 00:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2012-07-13 11:49 . 2010-02-04 00:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2012-07-13 11:49 . 2010-02-04 00:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2012-07-13 11:49 . 2009-03-09 05:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-11 12:57 . 2011-06-19 07:52 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-08-05 21:39 . 2012-01-03 08:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 14:40 . 2012-02-05 23:31 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-08 10:27 . 2012-07-08 10:27 40960 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-07-08 10:27 . 2012-07-08 10:27 40960 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-06-27 09:05 . 2012-06-27 09:05 291825 ----a-w- c:\windows\To the Moon Uninstaller.exe

2012-06-25 06:04 . 2012-06-25 06:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-12 03:08 . 2012-07-12 14:44 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-12 04:10 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-12 04:10 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-12 04:10 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-12 04:09 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-12 04:10 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-12 04:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-12 04:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-19 02:44 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 02:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 02:45 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 02:45 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 02:44 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 02:45 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 02:44 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 12:49 . 2012-07-12 14:38 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 14:38 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 14:38 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 14:38 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 14:38 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 14:38 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 14:38 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 14:38 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 14:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 14:38 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 14:38 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 14:38 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 14:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 14:38 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 14:38 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 14:38 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 14:38 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 14:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 14:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-12 04:09 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-12 04:09 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-12 04:09 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-12 04:09 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-12 04:09 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 05:19 . 2012-06-19 02:44 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-19 02:44 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:40 . 2012-07-12 04:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-12 04:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-12 04:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-12 04:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 02:25 . 2012-02-03 23:36 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-15 10:48 . 2012-06-18 10:24 8139072 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:48 . 2012-06-18 10:24 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2012-06-18 10:24 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-05-15 10:48 . 2012-06-18 10:24 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:48 . 2012-06-18 10:24 2681664 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:48 . 2012-06-18 10:24 25743168 ----a-w- c:\windows\system32\nvoglv64.dll

2012-05-15 10:48 . 2012-06-18 10:24 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-05-15 10:48 . 2012-06-18 10:24 25248064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:48 . 2012-06-18 10:24 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-05-15 10:48 . 2012-06-18 10:24 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2012-06-18 10:24 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-05-15 10:48 . 2012-06-18 10:24 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-05-15 10:48 . 2012-06-18 10:24 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:48 . 2012-01-03 10:44 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-01-03 10:44 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2012-01-03 10:44 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2012-01-03 10:44 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2012-01-03 10:44 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2011-06-19 07:37 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 10:48 . 2011-06-19 07:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-06-19 07:37 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 09:29 . 2011-03-06 13:45 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-03-06 13:45 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-03-06 13:45 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2011-03-06 13:45 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-03-06 13:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-03-06 13:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-14 16:21 . 2012-05-14 16:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-11_13.19.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-19 07:38 . 2012-08-11 22:51 60398 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-08-11 12:59 36400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-11 22:51 36400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-03 01:32 . 2012-08-11 22:51 13276 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2030384719-4073196898-2692467150-1000_UserData.bin

+ 2012-01-25 12:06 . 2012-08-11 13:31 6222 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-08-11 22:49 . 2012-08-11 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-11 13:18 . 2012-08-11 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-11 22:49 . 2012-08-11 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-11 13:18 . 2012-08-11 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-05 01:22 . 2012-08-11 23:47 352642 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-07-14 02:36 . 2012-08-11 23:51 685172 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-08-11 09:09 685172 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-11 23:51 133474 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-08-11 09:09 133474 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-08-11 13:17 426276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-11 13:55 426276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-01-03 01:55 . 2012-08-11 13:17 34920316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2030384719-4073196898-2692467150-1000-8192.dat

+ 2012-01-03 01:55 . 2012-08-11 13:55 34920316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2030384719-4073196898-2692467150-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-25 40448]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-12-27 84464]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-01-28 907776]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-13 191304]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-4 548528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 135664]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-19 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-19 79360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\3wwrc5wa.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2030384719-4073196898-2692467150-1000\Software\SecuROM\License information*]

"datasecu"=hex:25,9e,53,44,e7,62,32,28,98,ab,cf,6e,5c,c2,b4,f9,f6,2a,0c,8d,cd,

49,45,0b,09,d3,06,59,7e,65,1e,0c,58,96,de,ab,8d,29,57,e9,62,08,8b,20,cb,f5,\

"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-12 10:03:38

ComboFix-quarantined-files.txt 2012-08-12 00:03

ComboFix2.txt 2012-08-11 13:24

.

Pre-Run: 17,390,481,408 bytes free

Post-Run: 17,174,605,824 bytes free

.

- - End Of File - - 1AAB1708344FA44F90FF7D01F1B67DB4

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

Okay, done.

Farbar Service Scanner Version: 06-08-2012

Ran by Jake (administrator) on 12-08-2012 at 10:29:54

Running from "C:\Users\Jake\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Please download MiniToolBox, save it to your desktop and run it.

Close all browsers!

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

MrC

Link to post
Share on other sites

Done:

MiniToolBox by Farbar Version: 23-07-2012

Ran by Jake (administrator) on 12-08-2012 at 11:59:46

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)

Hamachi Network Interface = Hamachi (Connected)

VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=5.12.222.195 metric=1 publish=Yes

add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.6 metric=1 publish=Yes

add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.56.1 metric=1 publish=Yes

set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jake-G53

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 14-DA-E9-09-DD-DF

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter

Physical Address. . . . . . . . . : 74-2F-68-3B-68-A2

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::e9c0:cc17:67ab:8264%10(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, 12 August 2012 11:45:30 AM

Lease Expires . . . . . . . . . . : Wednesday, 15 August 2012 11:49:34 AM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 242495336

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8F-5D-FD-74-2F-68-3B-68-A2

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Hamachi Network Interface

Physical Address. . . . . . . . . : 7A-79-05-0C-DE-C3

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2620:9b::50c:dec3(Preferred)

Link-local IPv6 Address . . . . . : fe80::9ddf:8420:f022:ce31%15(Preferred)

IPv4 Address. . . . . . . . . . . : 5.12.222.195(Preferred)

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Lease Obtained. . . . . . . . . . : Sunday, 12 August 2012 11:45:24 AM

Lease Expires . . . . . . . . . . : Monday, 12 August 2013 11:47:31 AM

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 5.0.0.1

DHCPv6 IAID . . . . . . . . . . . : 444234124

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8F-5D-FD-74-2F-68-3B-68-A2

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D82014CD-F068-41D2-AA3A-BC66B5EA044F}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{12E2A948-88B7-48B6-96CF-5B1832F8F3A3}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: UnKnown

Address: 192.168.1.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown

Address: 192.168.1.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown

Address: 192.168.1.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for *"N3çª:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 2ms, Average = 1ms

===========================================================================

Interface List

11...14 da e9 09 dd df ......Realtek PCIe GBE Family Controller

10...74 2f 68 3b 68 a2 ......Atheros AR9002WB-1NG Wireless Network Adapter

15...7a 79 05 0c de c3 ......Hamachi Network Interface

1...........................Software Loopback Interface 1

22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25

5.0.0.0 255.0.0.0 On-link 5.12.222.195 9256

5.12.222.195 255.255.255.255 On-link 5.12.222.195 9256

5.255.255.255 255.255.255.255 On-link 5.12.222.195 9256

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

169.254.0.0 255.255.0.0 On-link 5.12.222.195 9001

169.254.0.0 255.255.0.0 192.168.1.6 192.168.1.2 26

169.254.255.255 255.255.255.255 On-link 5.12.222.195 9256

192.168.1.0 255.255.255.0 On-link 192.168.1.2 281

192.168.1.2 255.255.255.255 On-link 192.168.1.2 281

192.168.1.255 255.255.255.255 On-link 192.168.1.2 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 5.12.222.195 9256

224.0.0.0 240.0.0.0 On-link 192.168.1.2 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 5.12.222.195 9256

255.255.255.255 255.255.255.255 On-link 192.168.1.2 281

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

169.254.0.0 255.255.0.0 5.12.222.195 1

169.254.0.0 255.255.0.0 192.168.1.6 1

169.254.0.0 255.255.0.0 192.168.56.1 1

===========================================================================

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

15 276 2620:9b::/96 On-link

15 276 2620:9b::50c:dec3/128 On-link

15 276 fe80::/64 On-link

10 281 fe80::/64 On-link

15 276 fe80::9ddf:8420:f022:ce31/128

On-link

10 281 fe80::e9c0:cc17:67ab:8264/128

On-link

1 306 ff00::/8 On-link

15 276 ff00::/8 On-link

10 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

If Metric Network Destination Gateway

0 4294967295 2620:9b::/96 On-link

===========================================================================

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 02 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 03 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 04 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 05 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 06 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 07 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 08 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 20 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [File Not found] ()

x64-Catalog5 01 mswsock.dll [File Not found] ()

ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog5 07 mswsock.dll [File Not found] ()

ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog9 01 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 02 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 03 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 04 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 05 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 06 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 07 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 08 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 17 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 18 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 19 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 20 C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:

==================

Error: (08/12/2012 11:45:28 AM) (Source: HiRezSoftwareManagerSvc) (User: )

Description: Service cannot be started. System.InvalidOperationException: Could not start IPC server

at Hirez.Patcher.HiPatchService.InternalStart()

at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/12/2012 11:45:24 AM) (Source: Schedule) (User: )

Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/12/2012 11:19:16 AM) (Source: HiRezSoftwareManagerSvc) (User: )

Description: Service cannot be started. System.InvalidOperationException: Could not start IPC server

at Hirez.Patcher.HiPatchService.InternalStart()

at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/12/2012 11:19:00 AM) (Source: Schedule) (User: )

Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/12/2012 11:11:34 AM) (Source: HiRezSoftwareManagerSvc) (User: )

Description: Service cannot be started. System.InvalidOperationException: Could not start IPC server

at Hirez.Patcher.HiPatchService.InternalStart()

at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/12/2012 11:11:14 AM) (Source: Schedule) (User: )

Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/12/2012 10:05:34 AM) (Source: HiRezSoftwareManagerSvc) (User: )

Description: Service cannot be started. System.InvalidOperationException: Could not start IPC server

at Hirez.Patcher.HiPatchService.InternalStart()

at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/12/2012 10:05:19 AM) (Source: Schedule) (User: )

Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/12/2012 10:03:39 AM) (Source: Schedule) (User: )

Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/12/2012 08:49:42 AM) (Source: HiRezSoftwareManagerSvc) (User: )

Description: Service cannot be started. System.InvalidOperationException: Could not start IPC server

at Hirez.Patcher.HiPatchService.InternalStart()

at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:

=============

Error: (08/12/2012 11:49:36 AM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%10106

Error: (08/12/2012 11:49:36 AM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%10106

Error: (08/12/2012 11:49:35 AM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%10106

Error: (08/12/2012 11:49:35 AM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%10106

Error: (08/12/2012 11:49:31 AM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%10106

Error: (08/12/2012 11:49:31 AM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%10106

Error: (08/12/2012 11:47:34 AM) (Source: Service Control Manager) (User: )

Description: The Windows Update service terminated with the following error:

%%-2147014790

Error: (08/12/2012 11:47:32 AM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:

%%1069

Error: (08/12/2012 11:47:32 AM) (Source: Service Control Manager) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:

%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/12/2012 11:46:01 AM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%10106

Microsoft Office Sessions:

=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)

??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)

??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)

Adobe AIR (Version: 3.1.0.4880)

Adobe Community Help (Version: 3.4.980)

Adobe Download Assistant (Version: 1.0.6)

Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)

Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.62)

Adobe Flash Professional CS5.5 (Version: 11.5)

Adobe Premiere Pro 2.0 (Version: 2.000.000)

Alien Swarm

Amnesia: The Dark Descent

Apple Application Support (Version: 2.1.7)

Apple Mobile Device Support (Version: 5.1.1.4)

Apple Software Update (Version: 2.1.3.127)

ASUS AI Recovery (Version: 1.0.13)

ASUS LifeFrame3 (Version: 3.0.21)

ASUS Live Update (Version: 2.5.9)

ASUS Power4Gear Hybrid (Version: 1.1.44)

ASUS SmartLogon (Version: 1.0.0011)

ASUS Splendid Video Enhancement Technology (Version: 1.02.0031)

ASUS WebStorage (Version: 2.0.46.1429)

Asus_GSeries_Screensaver (Version: 1.0.0001)

AsusVibe2.0 (Version: 2.0.3.585)

Atheros Client Installation Program (Version: 7.0)

ATK Package (Version: 1.0.0008)

µTorrent (Version: 3.1.0)

Bastion (Version: 1.0.2)

Battlecraft Vietnam

Battlefield Vietnam

Blender (Version: 2.62-release)

Bluetooth Win7 Suite (64) (Version: 7.02.000.55)

Bonjour (Version: 3.0.0.10)

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.0

Canon MP495 series MP Drivers

Canon My Printer

Canon Solution Menu EX

Cinderella2 2.6 (Version: 2.6)

CodeBlocks (Version: 10.05)

Complemento Messenger (Version: 15.4.3502.0922)

Complément Messenger (Version: 15.4.3502.0922)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)

Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)

CyberLink LabelPrint (Version: 2.5.1908)

CyberLink Power2Go (Version: 6.1.3602c)

D3DX10 (Version: 15.4.2368.0902)

DAPlayer 1.0.1.9

Deus Ex: Human Revolution

Diablo III (Version: 1.0.3.10057)

DirectX 9 Runtime (Version: 1.00.0000)

Dropbox (Version: 1.4.7)

e-tax 2012 (Version: 6.0.577)

EndNote X4 (Version: 14.0.2.5149)

ExpressGateCloud (Version: 2.6.25.133)

Fast Boot (Version: 1.0.9)

Fresco Logic USB3.0 Host Controller (Version: 3.0.116.3)

Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)

Galerie de photos Windows Live (Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (Version: 15.4.3502.0922)

GameSpy Comrade (Version: 1.5.0.156)

GigaPan Upload 1.2.0087 (Version: 1.2.0087)

GIMP 2.6.11 (Version: 2.6.11)

Git version 1.7.11-preview20120620 (Version: 1.7.11-preview20120620)

Google Chrome (Version: 21.0.1180.75)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Update Helper (Version: 1.3.21.115)

Hazard Perception Test Demo

Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 7.0.0.1118)

Intel® Turbo Boost Technology Monitor (Version: 1.0.400.4)

iTunes (Version: 10.6.1.7)

Java Auto Updater (Version: 2.1.6.0)

Java 6 Update 29 (Version: 6.0.290)

Java 6 Update 31 (64-bit) (Version: 6.0.310)

Java 7 Update 4 (Version: 7.0.40)

Java SE Development Kit 6 Update 31 (64-bit) (Version: 1.6.0.310)

JavaFX 2.0.3 (64-bit) (Version: 2.0.3)

JavaFX 2.0.3 SDK (64-bit) (Version: 2.0.3)

JavaFX 2.1.0 (Version: 2.1.0)

Junk Mail filter update (Version: 15.4.3502.0922)

Just Cause 2

jZip

L.A. Noire

League of Legends (Version: 1.3)

Left 4 Dead 2

LogMeIn Hamachi (Version: 2.1.0.210)

Macromedia Flash MX 2004 (Version: 7)

Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)

Maple 13 (Version: 13.0.0.0)

Mathematica Extras 8.0 (2609412) (Version: 8.0.4)

MATLAB R2010a (Version: 7.10)

Mesh Runtime (Version: 15.4.5722.2)

Messenger ???? (Version: 15.4.3502.0922)

Messenger ????? (Version: 15.4.3502.0922)

Messenger Companion (Version: 15.4.3502.0922)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Games for Windows - LIVE (Version: 3.0.89.0)

Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.19.0)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.10411.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)

Microsoft Visual C++ 2005 Express Edition - ENU

Microsoft Visual C++ 2005 Express Edition - ENU (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.50727.42)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (Version: 1)

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)

Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)

Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)

Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)

Mozilla Firefox 14.0.1 (x86 en-GB) (Version: 14.0.1)

Mozilla Maintenance Service (Version: 14.0.1)

Mozilla Thunderbird 12.0.1 (x86 en-GB) (Version: 12.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)

Mulimedia Logic

My Game Long Name

Notepad++ (Version: 5.9.6.2)

Nuance PDF Reader (Version: 6.00.0041)

NVIDIA 3D Vision Driver 301.42 (Version: 301.42)

NVIDIA Control Panel 301.42 (Version: 301.42)

NVIDIA Graphics Driver 301.42 (Version: 301.42)

NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)

NVIDIA Install Application (Version: 2.1002.75.420)

NVIDIA PhysX (Version: 9.12.0213)

NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)

NVIDIA Update 1.8.15 (Version: 1.8.15)

NVIDIA Update Components (Version: 1.8.15)

OpenAL

Oracle VM VirtualBox 4.1.8 (Version: 4.1.8)

Overgrowth (remove only)

PDF Settings CS5 (Version: 10.0)

PowerISO (Version: 5.0)

Project64 1.6 (Version: 1.6)

PunkBuster Services (Version: 0.986)

Python 2.7 matplotlib-1.1.0 (64-bit)

Python 2.7 numpy-1.6.1 (64-bit)

Python 2.7 PIL-1.1.7 (64-bit)

Python 2.7 py2exe-0.6.9

Python 2.7.2 (64-bit) (Version: 2.7.2150)

Python 2.7.2 (Version: 2.7.2150)

Q.U.B.E. Demo

Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)

Realtek High Definition Audio Driver (Version: 6.0.1.6273)

Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10001)

Red Faction: Guerrilla

ResearchSoft Direct Export Helper

Rockstar Games Social Club (Version: 1.0.6.1)

Roxio AACS Certificate (Version: 1.0.0)

Roxio CinePlayer (Version: 5.8)

Roxio CinePlayer (Version: 5.8.58217.0)

Sanctum

Skype 5.9 (Version: 5.9.123)

SQL Server System CLR Types (Version: 10.0.1600.22)

StarCraft II (Version: 1.4.3.21029)

Steam (Version: 1.0.0.0)

Synaptics Pointing Device Driver (Version: 15.2.16.1)

syncables desktop SE (Version: 5.5.746.11492)

TeamViewer 7 (Version: 7.0.13989)

Terraria

The Binding of Isaac

The Ship

The Ship Single Player

The Ship Tutorial

THX TruStudio (Version: 1.03.00)

To the Moon (Version: 1.0)

Tribes Ascend Open Beta (Version: 1.0.961.0)

Trine 2

Unity Web Player (Version: )

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Vessel Demo

Weka 3.6.6 (Version: 3.6.6)

Windows Live ??? (Version: 15.4.3502.0922)

Windows Live ???? (Version: 15.4.3502.0922)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live Family Safety (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live Messenger Companion Core (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

WinFlash (Version: 2.31.1)

WinZip 16.5 (Version: 16.5.10095)

Wireless Console 3 (Version: 3.0.19)

Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (Version: 8.0.4)

========================= Devices: ================================

Name: VirtualBox Host-Only Ethernet Adapter

Description: VirtualBox Host-Only Ethernet Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Oracle Corporation

Service: VBoxNetAdp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Module

Description: Bluetooth Module

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Atheros Communications

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 14%

Total physical RAM: 16361.16 MB

Available physical RAM: 14007.91 MB

Total Pagefile: 32720.51 MB

Available Pagefile: 30254.77 MB

Total Virtual: 4095.88 MB

Available Virtual: 3965.45 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:16.09 GB) NTFS

2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:167.94 GB) NTFS

6 Drive h: (JAKE'S USB) (Removable) (Total:7.45 GB) (Free:4.66 GB) FAT32

7 Drive r: (RECOVERY) (Fixed) (Total:24.98 GB) (Free:11.59 GB) FAT32

========================= Users: ========================================

User accounts for \\JAKE-G53

Administrator ASPNET Guest

Jake Shared UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Link to post
Share on other sites

I going to ask you to hang on because I'm not an expert in these connection problems and I'm only going to be around tomorrow in the morning for a little bit.

I will be back latter on in the afternoon though.

In the mean time I try to get some insight on the log you posted.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.