Jump to content

Recommended Posts

Hello all,

 

I think i'm infected with win trojans in explorer.exe     is it safe to just delete? They only come up when i scan the windows ntfs partition from a linux OS.   I use clamav.   What is the best way to remove them?

 

 

top/mnt/Windows/SysWOW64/explorer.exe: Win.Trojan.Bamital-1158 FOUND
/mnt/Windows/SysWOW64/explorer.exe: moved to '/infectedfiles/explorer.exe'
/mnt/Windows/winsxs/x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1

.7600.16385_none_adca1fa537de6f5e/setup_wm.exe: Win.Trojan.588749 FOUND
/mnt/Windows/winsxs/x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7600.16385_none_adca1fa537de6f5e/setup_wm.exe: moved to '/infectedfiles/setup_wm.exe'
/mnt/Windows/winsxs/wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5/explorer.exe: Win.Trojan.Bamital-1158 FOUND
/mnt/Windows/winsxs/wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5/explorer.exe: moved to '/infectedfiles/explorer.exe.001'

 

 

 

Thanks I appreciate the help.

 

Rich.

Link to post
Share on other sites

Hello Rich! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Thanks again Maniac, here is the logfile. Sorry it took so long.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-07-2013
Ran by Rick (administrator) on 08-07-2013 19:07:49
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1131008 2012-09-21] (Sphinx Software)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM-x32\...\Winlogon: [shell] explorer.exe [x ] ()
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.)
MountPoints2: {ad58c0c5-669f-11e2-8abf-806e6f6e6963} - D:\autoRcd.exe
MountPoints2: {bbfbb5a4-db75-11e2-b613-842b2b9a14b5} - I:\VZW_Software_upgrade_assistant.exe
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe" [78496 2013-06-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP74DHP&pc=UP74&dt=022613
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\..\Interfaces\{8F6B1E99-F293-421E-B29E-5875B326E12A}: [NameServer]141.155.0.68,207.172.11.72

FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\user.js
FF Homepage: www.yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\support@lastpass.com
FF Extension: WOT - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
FF Extension: trafficlight - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\trafficlight@bitdefender.com.xpi
FF Extension: No Name - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-09-20] ()
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-01] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 WfpCaptureUM; C:\Windows\system32\WfpCaptureUM.exe [20480 2013-02-03] (Microsoft Corporation)
S2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [764416 2012-09-21] (Sphinx Software)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [71616 2013-01-25] (Argotronic UG (haftungsbeschraenkt))
S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [71616 2013-01-25] (Argotronic UG (haftungsbeschraenkt))
S3 CrystalSysInfo; C:\Users\Rick\Downloads\crystal cpuid\SysInfoX64.sys [18128 2007-09-25] ()
S3 CrystalSysInfo; C:\Users\Rick\Downloads\crystal cpuid\SysInfoX64.sys [18128 2007-09-25] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61032 2013-02-03] (Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [24672 2012-07-22] (Resplendence Software Projects Sp.)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60024 2013-02-03] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Rick\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 19:07 - 2013-07-08 19:07 - 00000000 ____D C:\FRST
2013-07-07 00:26 - 2013-07-07 00:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 13:31 - 2013-07-02 13:31 - 01493872 ____A (Sysinternals - www.sysinternals.com) C:\Users\Rick\Desktop\procexp64.exe
2013-07-02 12:30 - 2013-07-02 12:30 - 01529856 ____A C:\Users\Rick\Downloads\SpinRite.iso
2013-07-01 14:41 - 2013-07-01 14:41 - 00000038 ____A C:\Users\Rick\Documents\VZnetworkHelp.txt
2013-07-01 00:21 - 2013-07-08 04:03 - 00000896 ____A C:\Windows\setupact.log
2013-07-01 00:21 - 2013-07-01 00:21 - 00000782 ____A C:\Windows\PFRO.log
2013-07-01 00:21 - 2013-07-01 00:21 - 00000000 ____A C:\Windows\setuperr.log
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-06-30 10:59 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files\Wireshark
2013-06-30 10:59 - 2013-06-30 10:59 - 28087416 ____A (Wireshark development team) C:\Users\Rick\Downloads\Wireshark-win64-1.10.0.exe
2013-06-30 02:02 - 2013-06-30 02:02 - 04396440 ____A (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup403.exe
2013-06-29 22:05 - 2013-06-29 22:05 - 02770017 ____A C:\Users\Rick\Downloads\Snort_2_9_4_6_Installer.exe
2013-06-27 14:43 - 2013-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-26 13:58 - 2013-06-26 01:01 - 00001218 ____A C:\Users\Rick\Documents\fanctrl.sh
2013-06-22 20:11 - 2013-06-22 20:11 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-06-22 20:10 - 2013-06-22 20:11 - 04752558 ____A (LinuxLive USB Creator) C:\Users\Rick\Downloads\LinuxLive USB Creator 2.8.22.exe
2013-06-22 04:46 - 2013-06-30 03:01 - 07990240 ____A (MPC-HC Team                                                 ) C:\Users\Rick\Downloads\MPC-HC.1.6.8.x64.exe
2013-06-20 02:02 - 2013-06-20 02:02 - 22211088 ____A C:\Users\Rick\Downloads\trillian-v5.3.0.16.exe
2013-06-18 15:56 - 2013-06-18 15:56 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-06-18 15:55 - 2013-06-18 15:55 - 08558080 ____A C:\Users\Rick\Downloads\EMET Setup.msi
2013-06-18 01:18 - 2013-06-18 01:18 - 00000000 ____D C:\Program Files (x86)\LiveUSB Creator
2013-06-18 01:14 - 2013-06-18 01:14 - 00078848 ____A C:\Users\Rick\Downloads\MD5 & SHA Checksum Utility.exe
2013-06-18 01:04 - 2013-06-18 01:04 - 00000540 ____A C:\Users\Rick\Documents\MD5 Checker 010441_18062013.txt
2013-06-18 01:02 - 2013-06-18 01:02 - 13080412 ____A C:\Users\Rick\Downloads\liveusb-creator-3.11.8-setup.exe
2013-06-16 01:21 - 2013-06-16 01:21 - 03820480 ____A C:\Users\Rick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 15:29 - 2013-06-15 15:30 - 03739480 ____A (foobar2000.org) C:\Users\Rick\Downloads\foobar2000_v1.2.8.exe
2013-06-14 09:47 - 2013-06-14 09:47 - 00785445 ____A C:\Users\Rick\Downloads\md5checker_setup.zip
2013-06-14 09:47 - 2013-06-14 09:47 - 00001047 ____A C:\Users\Public\Desktop\MD5 Checker.lnk
2013-06-14 09:47 - 2013-06-14 09:47 - 00000000 ____D C:\Program Files (x86)\MD5 Checker
2013-06-14 09:46 - 2013-06-14 09:46 - 00007966 ____A C:\Users\Rick\Downloads\md5checker_code.zip
2013-06-12 15:56 - 2013-06-12 15:56 - 00212992 ____A C:\Users\Rick\Desktop\FWpolicies.wfw
2013-06-11 21:31 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 21:31 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 20:27 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 20:27 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 20:27 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 20:27 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 20:27 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 20:27 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 20:27 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 20:26 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 20:26 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 20:26 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 20:26 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 20:26 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 20:26 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 20:26 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 20:26 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 20:26 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 20:25 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 20:25 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 20:25 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 20:25 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 20:25 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 20:25 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 20:25 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 20:25 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 20:25 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 20:25 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 20:25 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 20:25 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 20:25 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

==================== One Month Modified Files and Folders =======

2013-07-08 19:07 - 2013-07-08 19:07 - 00000000 ____D C:\FRST
2013-07-08 13:33 - 2013-03-19 17:30 - 01056715 ____A C:\Windows\WindowsUpdate.log
2013-07-08 13:33 - 2013-01-26 06:20 - 00000000 ____D C:\Program Files\PeerBlock
2013-07-08 13:20 - 2013-01-25 23:56 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-08 13:20 - 2013-01-25 21:41 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-08 13:18 - 2013-01-25 19:23 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-08 10:28 - 2013-01-25 22:33 - 00000000 ____D C:\Users\Rick\AppData\Roaming\uTorrent
2013-07-08 08:33 - 2013-01-25 22:36 - 00000000 ____D C:\Users\Rick\Downloads\Utorrent Download
2013-07-08 04:10 - 2009-07-14 00:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:10 - 2009-07-14 00:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:03 - 2013-07-01 00:21 - 00000896 ____A C:\Windows\setupact.log
2013-07-08 04:03 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 04:02 - 2013-01-25 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 02:46 - 2013-01-25 21:41 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-07 00:29 - 2013-01-25 01:41 - 00007613 ____A C:\Users\Rick\AppData\Local\Resmon.ResmonCfg
2013-07-07 00:27 - 2013-07-07 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 14:15 - 2013-06-03 20:18 - 00000000 ____D C:\Users\Rick\My Scans
2013-07-04 13:27 - 2013-05-08 21:27 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-02 13:31 - 2013-07-02 13:31 - 01493872 ____A (Sysinternals - www.sysinternals.com) C:\Users\Rick\Desktop\procexp64.exe
2013-07-02 12:30 - 2013-07-02 12:30 - 01529856 ____A C:\Users\Rick\Downloads\SpinRite.iso
2013-07-01 14:41 - 2013-07-01 14:41 - 00000038 ____A C:\Users\Rick\Documents\VZnetworkHelp.txt
2013-07-01 00:21 - 2013-07-01 00:21 - 00000782 ____A C:\Windows\PFRO.log
2013-07-01 00:21 - 2013-07-01 00:21 - 00000000 ____A C:\Windows\setuperr.log
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-06-30 11:01 - 2013-06-30 10:59 - 00000000 ____D C:\Program Files\Wireshark
2013-06-30 10:59 - 2013-06-30 10:59 - 28087416 ____A (Wireshark development team) C:\Users\Rick\Downloads\Wireshark-win64-1.10.0.exe
2013-06-30 10:56 - 2013-02-12 13:02 - 01045072 ____A (BitTorrent Inc.) C:\Users\Rick\Downloads\uTorrent.exe
2013-06-30 03:02 - 2013-04-24 23:15 - 00001119 ____A C:\Users\Rick\Desktop\MPC-HC x64.lnk
2013-06-30 03:02 - 2013-02-04 11:57 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-06-30 03:01 - 2013-06-22 04:46 - 07990240 ____A (MPC-HC Team                                                 ) C:\Users\Rick\Downloads\MPC-HC.1.6.8.x64.exe
2013-06-30 03:00 - 2013-02-04 11:58 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Media Player Classic
2013-06-30 02:03 - 2013-05-08 21:27 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Winamp
2013-06-30 02:03 - 2013-02-22 15:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-30 02:02 - 2013-06-30 02:02 - 04396440 ____A (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup403.exe
2013-06-30 02:02 - 2013-04-29 22:37 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-30 02:02 - 2013-02-01 00:42 - 00000000 ____D C:\Program Files\CCleaner
2013-06-30 02:02 - 2013-01-24 23:30 - 00000000 ____D C:\Windows\Panther
2013-06-29 22:05 - 2013-06-29 22:05 - 02770017 ____A C:\Users\Rick\Downloads\Snort_2_9_4_6_Installer.exe
2013-06-27 14:44 - 2013-06-27 14:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-27 14:42 - 2013-02-01 22:57 - 00000000 ____D C:\Users\Rick\AppData\Local\Windows Live
2013-06-26 01:01 - 2013-06-26 13:58 - 00001218 ____A C:\Users\Rick\Documents\fanctrl.sh
2013-06-25 04:00 - 2009-07-14 01:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 23:53 - 2013-06-06 21:10 - 00000000 ____D C:\Users\Rick\Downloads\ubuntu live cd
2013-06-24 23:34 - 2009-07-14 01:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-22 20:11 - 2013-06-22 20:11 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-06-22 20:11 - 2013-06-22 20:10 - 04752558 ____A (LinuxLive USB Creator) C:\Users\Rick\Downloads\LinuxLive USB Creator 2.8.22.exe
2013-06-22 19:01 - 2013-02-21 10:43 - 00000000 ____D C:\ProgramData\Soulseek
2013-06-21 15:04 - 2013-01-25 14:49 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-20 02:03 - 2013-05-08 21:34 - 00001083 ____A C:\Users\Rick\Desktop\Trillian.lnk
2013-06-20 02:02 - 2013-06-20 02:02 - 22211088 ____A C:\Users\Rick\Downloads\trillian-v5.3.0.16.exe
2013-06-18 15:56 - 2013-06-18 15:56 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-06-18 15:55 - 2013-06-18 15:55 - 08558080 ____A C:\Users\Rick\Downloads\EMET Setup.msi
2013-06-18 01:26 - 2013-06-06 22:51 - 00000000 ____D C:\Users\Rick\AppData\Roaming\gnupg
2013-06-18 01:18 - 2013-06-18 01:18 - 00000000 ____D C:\Program Files (x86)\LiveUSB Creator
2013-06-18 01:14 - 2013-06-18 01:14 - 00078848 ____A C:\Users\Rick\Downloads\MD5 & SHA Checksum Utility.exe
2013-06-18 01:04 - 2013-06-18 01:04 - 00000540 ____A C:\Users\Rick\Documents\MD5 Checker 010441_18062013.txt
2013-06-18 01:02 - 2013-06-18 01:02 - 13080412 ____A C:\Users\Rick\Downloads\liveusb-creator-3.11.8-setup.exe
2013-06-16 01:23 - 2013-01-25 21:16 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-16 01:21 - 2013-06-16 01:21 - 03820480 ____A C:\Users\Rick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 15:33 - 2013-04-30 23:00 - 00000000 ____D C:\Users\Rick\AppData\Roaming\foobar2000
2013-06-15 15:30 - 2013-06-15 15:29 - 03739480 ____A (foobar2000.org) C:\Users\Rick\Downloads\foobar2000_v1.2.8.exe
2013-06-15 15:30 - 2013-04-30 23:00 - 00001035 ____A C:\Users\Public\Desktop\foobar2000.lnk
2013-06-15 15:30 - 2013-04-30 23:00 - 00000000 ____D C:\Program Files (x86)\foobar2000
2013-06-14 21:34 - 2013-02-11 04:41 - 00000000 ____D C:\Users\Rick\Downloads\net card
2013-06-14 09:47 - 2013-06-14 09:47 - 00785445 ____A C:\Users\Rick\Downloads\md5checker_setup.zip
2013-06-14 09:47 - 2013-06-14 09:47 - 00001047 ____A C:\Users\Public\Desktop\MD5 Checker.lnk
2013-06-14 09:47 - 2013-06-14 09:47 - 00000000 ____D C:\Program Files (x86)\MD5 Checker
2013-06-14 09:46 - 2013-06-14 09:46 - 00007966 ____A C:\Users\Rick\Downloads\md5checker_code.zip
2013-06-12 17:08 - 2013-05-08 22:54 - 00016596 ____A C:\Users\Rick\Desktop\autoexec.cfg
2013-06-12 17:00 - 2013-02-21 20:45 - 02095104 ____A C:\Users\Rick\Downloads\QuakeLiveNP_520.msi
2013-06-12 15:57 - 2013-04-05 01:50 - 00060109 ____A C:\Users\Rick\Desktop\outbound rules.txt
2013-06-12 15:56 - 2013-06-12 15:56 - 00212992 ____A C:\Users\Rick\Desktop\FWpolicies.wfw
2013-06-11 23:47 - 2013-01-25 16:58 - 00000000 ____D C:\Users\Rick\AppData\Local\Adobe
2013-06-11 23:47 - 2013-01-24 21:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:47 - 2013-01-24 21:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 21:34 - 2013-02-07 20:37 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-11 21:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 20:27 - 2013-01-25 01:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 10:08 - 2013-06-11 20:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-11 20:26 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-11 20:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-11 20:26 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-11 20:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-11 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-11 20:26 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-11 20:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-11 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\Users\Rick\Volumeid.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 01:58

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2013
Ran by Rick at 2013-07-08 19:08:37
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.2.2.28500)
3DMark 11 (x32 Version: 1.0.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Age of Conan: Unchained - US version (x32)
Aion (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD OverDrive Beta (x32 Version: 4.2.3.0625)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
ArgusMonitor (x32)
Audacity 2.0.3 (x32 Version: 2.0.3)
Auslogics BoostSpeed (x32 Version: 5.4)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlefield: Bad Company™ 2 (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.55.03)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.03)
Counter-Strike: Source (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
EMET 4.0 (x32 Version: 4.0)
ESN Sonar (x32 Version: 0.70.4)
FileHippo.com Update Checker (x32)
foobar2000 v1.2.8 (x32 Version: 1.2.8)
Fraps (x32)
Futuremark SystemInfo (x32 Version: 4.6.0)
Gpg4win (2.1.1) (x32 Version: 2.1.1)
HD Tach version 3 (x32)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
IsoBuster 3.2 (x32 Version: 3.2)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
LastPass(uninstall only) (x32)
LatencyMon 4.02
LinuxLive USB Creator (x32 Version: 2.8)
LiveUSB Creator (remove only) (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MD5 Checker version 4.0.0 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Message Analyzer (Version: 4.0.5950.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MPC-HC 1.6.7.7114 (9eb64ec) (x32 Version: 1.6.7.7114)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Multimedia Card Reader (x32 Version: 1.7.915.93)
NCsoft Launcher (x32 Version: 1.5.19002)
Nero 11 Collection 1 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 3 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 4 (x32 Version: 11.0.11200.12.0)
Nero 11 Mini Repack
Nero 11 PiP Effects 1 (x32 Version: 11.0.11200.12.0)
Nero 11 v11.2.4.100 (x64) (Version: 11.2.4.100)
Nero 11 Video Transitions 1 (x32 Version: 11.0.11200.12.0)
Nero Backup Drivers (Version: 1.0.10000.1.0)
NVIDIA PhysX (x32 Version: 9.12.0613)
Origin (x32 Version: 9.1.11.2678)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PerformanceTest v8.0 (Version: 8.0.1014.0)
PunkBuster Services (x32 Version: 0.988)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
RealUpgrade 1.1 (x32 Version: 1.1.0)
SoulSeek 157 NS 13e (x32)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
Team Fortress 2 (x32)
TechPowerUp GPU-Z (x32)
TERA (x32 Version: 1.41)
THX TruStudio PC (x32 Version: 1.0)
Trillian (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
us Mod Manager (Version: 0.43.1)
Winamp (x32 Version: 5.63 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows7FirewallControl (x64) 5.1.7.69 (Version: 5.1.7.69)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wireshark 1.10.0 (64-bit) (x32 Version: 1.10.0)
World of Warcraft (x32 Version: 5.1.0.16357)
WOT for Internet Explorer (Version: 12.8.2.0)

==================== Restore Points  =========================

12-06-2013 20:57:11 Removed Quake Live Mozilla Plugin
12-06-2013 21:00:59 Installed Quake Live Mozilla Plugin
15-06-2013 05:22:50 Windows Update
18-06-2013 19:55:38 Installed EMET 4.0
19-06-2013 10:23:57 Windows Update
23-06-2013 10:22:20 Windows Update
27-06-2013 09:13:49 Windows Update
27-06-2013 18:34:43 Windows Live Essentials
27-06-2013 18:34:52 WLSetup
27-06-2013 18:42:44 Windows Live Essentials
27-06-2013 18:43:40 WLSetup
01-07-2013 05:06:02 Windows Update
04-07-2013 18:00:32 Windows Update
08-07-2013 08:13:51 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {042A0F7E-8879-4FA9-8048-6A62EB1E222F} - System32\Tasks\Peerblock Start with windows => C:\Program Files\PeerBlock\peerblock.exe [2010-11-06] (PeerBlock, LLC)
Task: {5E5D2B72-79F6-4666-8FC7-8EDFF5210540} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6DEACD07-B021-444D-A1A6-70E182646024} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {7DFE5392-4642-4034-B5B3-D2DC6C4EFD63} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {7FFB17B4-08A9-4D39-B0DF-B02AB7F3F822} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {9095E030-266C-42F0-9441-E547ACF91ED6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {AB5B125C-CBF0-4FDB-AC5F-CF26E3C23AE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C2C8DFD0-81BD-4368-A402-85790ACAEBBA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D925C591-2840-46E4-8106-4A93906099E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3572056831-1408111488-1382342558-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D9545D5A-6106-44C7-95C4-2444A90991A5} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe No File

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2013 06:10:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/08/2013 06:07:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1".
Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/08/2013 06:07:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1".
Dependent Assembly OnlineServices,version="11.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/07/2013 04:34:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/07/2013 04:32:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1".
Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/07/2013 04:32:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1".
Dependent Assembly OnlineServices,version="11.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2013 06:49:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Startup,type="win32",version="11.1.0.0"1".
Dependent Assembly Startup,type="win32",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "OnlineServices,version="11.0.0.0"1".
Dependent Assembly OnlineServices,version="11.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/04/2013 09:17:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/08/2013 07:06:36 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:06:36 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/08/2013 07:05:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
pefndis
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:
%%31

Error: (07/08/2013 07:05:19 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (07/08/2013 06:10:06 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/08/2013 06:07:16 AM) (Source: SideBySide)(User: )
Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest

Error: (07/08/2013 06:07:15 AM) (Source: SideBySide)(User: )
Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest

Error: (07/07/2013 04:34:17 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/07/2013 04:32:03 AM) (Source: SideBySide)(User: )
Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest

Error: (07/07/2013 04:32:02 AM) (Source: SideBySide)(User: )
Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest

Error: (07/05/2013 06:49:14 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide)(User: )
Description: Startup,type="win32",version="11.1.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NMDllHost.exe.Manifest

Error: (07/05/2013 06:47:06 AM) (Source: SideBySide)(User: )
Description: OnlineServices,version="11.0.0.0"c:\program files\Portable\nero 11 v11.2.4.100 (x64)\App\Nero\NeroAudioRip.exe.Manifest

Error: (07/04/2013 09:17:29 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 6143.3 MB
Available physical RAM: 5520.11 MB
Total Pagefile: 12284.78 MB
Available Pagefile: 11670.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:638.44 GB) (Free:283.8 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=5 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9C92424B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=638 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 MB) - (Type=83)
Partition 4: (Not Active) - (Size=292 GB) - (Type=05)

========================================================
Disk: 5 (Size: 4 GB) (Disk ID: 000BB960)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

Link to post
Share on other sites

I moved the supposedly infected explorer.exe to a linux lvm partition. Should i move it back and re-scan? Here is the Search log as of now:

Farbar Recovery Scan Tool (x64) Version: 08-07-2013

Ran by Rick at 2013-07-09 22:45:17

Running from E:\

Boot Mode: Safe Mode (minimal)

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe

[2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2013-01-25 00:44] - [2011-02-26 01:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2013-01-25 02:32] - [2010-11-20 08:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2013-01-25 00:44] - [2011-02-26 01:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2013-01-25 00:45] - [2009-10-31 02:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2013-01-25 00:46] - [2009-08-03 01:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2013-01-25 00:44] - [2011-02-26 01:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2013-01-25 00:45] - [2009-10-31 01:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2013-01-25 00:46] - [2009-08-03 01:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009-07-13 19:41] - [2009-07-13 21:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2013-01-25 00:44] - [2011-02-26 02:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2013-01-25 02:32] - [2010-11-20 09:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2013-01-25 00:44] - [2011-02-26 02:26] - 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2013-01-25 00:45] - [2009-10-31 02:38] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2013-01-25 00:46] - [2009-08-03 02:19] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2013-01-25 00:44] - [2011-02-26 02:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2013-01-25 00:45] - [2009-10-31 02:34] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2013-01-25 00:46] - [2009-08-03 02:17] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009-07-13 19:56] - [2009-07-13 21:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

====== End Of Search ======

Thanks again.

Rick.

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

MountPoints2: {ad58c0c5-669f-11e2-8abf-806e6f6e6963} - D:\autoRcd.exe

MountPoints2: {bbfbb5a4-db75-11e2-b613-842b2b9a14b5} - I:\VZW_Software_upgrade_assistant.exe

C:\Users\Rick\Volumeid.exe

Replace: C:\Windows\explorer.exe C:\Windows\SysWOW64\explorer.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-07-2013
Ran by Rick at 2013-07-10 12:58:35 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key deleted successfully.
HKCR\CLSID\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key not found.
C:\Users\Rick\Volumeid.exe => Moved successfully.
Could not find C:\Windows\SysWOW64\explorer.exe.
C:\Windows\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe

==== End of Fixlog ====

Link to post
Share on other sites

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

x64-SSODL: WebCheck -

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920]

R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]

R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536]

S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512]

S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136]

S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]

S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024]

S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480]

S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648]

S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]

S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584]

S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376]

.

=============== Created Last 30 ================

.

2013-07-13 08:14:07 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll

2013-07-12 14:27:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-10 16:58:36 2871808 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-07-09 22:14:22 -------- d-----w- C:\Windows\System32\MRT

2013-07-09 21:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-07-09 21:17:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-09 21:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-09 21:17:57 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-09 21:17:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-09 21:12:46 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-09 21:12:46 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-08 23:07:29 -------- d-----w- C:\FRST

2013-07-07 04:27:00 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2013-07-07 04:27:00 867072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2013-07-07 04:27:00 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2013-07-07 04:27:00 20132248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2013-07-07 04:27:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2013-07-07 04:27:00 151960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2013-07-07 04:27:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

2013-07-07 04:27:00 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

2013-06-30 15:01:34 -------- d-----w- C:\Program Files (x86)\WinPcap

2013-06-30 14:59:52 -------- d-----w- C:\Program Files\Wireshark

2013-06-23 00:11:36 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator

2013-06-21 08:45:15 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll

2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-18 19:56:36 -------- d-----w- C:\Program Files (x86)\EMET 4.0

2013-06-18 05:18:29 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator

2013-06-14 13:47:37 -------- d-----w- C:\Program Files (x86)\MD5 Checker

.

==================== Find3M ====================

.

2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-07-13 22:33:33 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-07-09 21:10:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-09 21:10:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-14 20:19:42 549536 ----a-w- C:\Windows\apppatch\EMET.dll

2013-06-14 20:19:42 149664 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 22:38:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-06-04 22:38:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-05-20 20:01:55 0 ----a-w- C:\Windows\ativpsrm.bin

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-25 01:03:32 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

.

============= FINISH: 20:31:19.34 ===============

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Rick at 20:30:33 on 2013-07-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3879 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\mmc.exe
C:\Users\Rick\AppData\Local\Apps\2.0\1K7HLRXZ.MQ2\CQ98DNZ8.5PV\dell..tion_0f612f649c4a10af_0005.0000_a97905297feaae2c\DellSystemDetect.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\notepad.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [DellSystemDetect] C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
Trusted Zone: dell.com

TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347} : NameServer = 68.237.161.12,71.250.0.12
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920]
R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024]
S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648]
S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376]
.
=============== Created Last 30 ================
.
2013-07-13 08:14:07    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll
2013-07-12 14:27:45    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 16:58:36    2871808    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-07-09 22:14:22    --------    d-----w-    C:\Windows\System32\MRT
2013-07-09 21:17:59    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-09 21:17:58    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17:58    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17:57    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-09 21:17:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-09 21:12:46    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-09 21:12:46    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-08 23:07:29    --------    d-----w-    C:\FRST
2013-07-07 04:27:00    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-07-07 04:27:00    867072    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-07-07 04:27:00    272792    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-07-07 04:27:00    20132248    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-07-07 04:27:00    170232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-07-07 04:27:00    151960    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-07-07 04:27:00    12800    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2013-07-07 04:27:00    124504    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2013-06-30 15:01:34    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-06-30 14:59:52    --------    d-----w-    C:\Program Files\Wireshark
2013-06-23 00:11:36    --------    d-----w-    C:\Program Files (x86)\LinuxLive USB Creator
2013-06-21 08:45:15    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll
2013-06-19 01:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 19:56:36    --------    d-----w-    C:\Program Files (x86)\EMET 4.0
2013-06-18 05:18:29    --------    d-----w-    C:\Program Files (x86)\LiveUSB Creator
2013-06-14 13:47:37    --------    d-----w-    C:\Program Files (x86)\MD5 Checker
.
==================== Find3M  ====================
.
2013-07-13 22:34:02    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-13 22:34:02    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-07-13 22:33:33    291088    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-09 21:10:33    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 21:10:33    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-19 01:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-14 20:19:42    549536    ----a-w-    C:\Windows\apppatch\EMET.dll
2013-06-14 20:19:42    149664    ----a-w-    C:\Windows\apppatch\AppPatch64\EMET64.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 22:38:02    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-06-04 22:38:02    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-20 20:01:55    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-01-25 01:03:32    14794312    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 20:31:19.34 ===============
 

Link to post
Share on other sites

Here is the other log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2013 7:43:52 PM
System Uptime: 7/13/2013 6:06:48 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0NWWY0
Processor: AMD Phenom II X4 820 Processor | CPU 1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 638 GiB total, 280.913 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AODDriver4.2
Device ID: ROOT\LEGACY_AODDRIVER4.2\0000
Manufacturer:
Name: AODDriver4.2
PNP Device ID: ROOT\LEGACY_AODDRIVER4.2\0000
Service: AODDriver4.2
.
==== System Restore Points ===================
.
RP138: 6/23/2013 6:22:20 AM - Windows Update
RP139: 6/27/2013 5:13:49 AM - Windows Update
RP140: 6/27/2013 2:34:43 PM - Windows Live Essentials
RP141: 6/27/2013 2:34:52 PM - WLSetup
RP142: 6/27/2013 2:42:44 PM - Windows Live Essentials
RP143: 6/27/2013 2:43:40 PM - WLSetup
RP144: 7/1/2013 1:06:02 AM - Windows Update
RP145: 7/4/2013 2:00:32 PM - Windows Update
RP146: 7/8/2013 4:13:51 AM - Windows Update
RP147: 7/9/2013 5:13:50 PM - Windows Update
RP148: 7/9/2013 6:11:23 PM - Windows Update
RP149: 7/9/2013 6:14:09 PM - Windows Update
RP150: 7/13/2013 4:13:36 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
3DMark 11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Age of Conan: Unchained - US version
Aion
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD OverDrive Beta
AMD VISION Engine Control Center
ArgusMonitor
Audacity 2.0.3
Auslogics BoostSpeed
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Broadcom NetXtreme-I Netlink Driver and Management Installer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Counter-Strike: Source
D3DX10
Dell System Detect
Dell System Detect Bootstrapper
EMET 4.0
ESN Sonar
FileHippo.com Update Checker
foobar2000 v1.2.8
Fraps
Futuremark SystemInfo
Gpg4win (2.1.1)
HD Tach version 3
HP Officejet Pro 8600 Basic Device Software
IsoBuster 3.2
Junk Mail filter update
LastPass(uninstall only)
LatencyMon 4.02
LinuxLive USB Creator
LiveUSB Creator (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
MD5 Checker version 4.0.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Message Analyzer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.7.7114 (9eb64ec)
MPC-HC 1.6.8 (64-bit)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NCsoft Launcher
Nero 11 Collection 1
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Mini Repack
Nero 11 PiP Effects 1
Nero 11 v11.2.4.100 (x64)
Nero 11 Video Transitions 1
Nero Backup Drivers
Nexus Mod Manager
NVIDIA PhysX
Origin
PeerBlock 1.1 (r518)
PerformanceTest v8.0
Photo Common
PunkBuster Services
Quake Live Mozilla Plugin
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SoulSeek 157 NS 13e
SpeedFan (remove only)
Steam
Team Fortress 2
TechPowerUp GPU-Z
TERA
THX TruStudio PC
Trillian
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows7FirewallControl (x64) 5.1.7.69
WinPcap 4.1.3
WinRAR 4.20 (64-bit)
Wireshark 1.10.0 (64-bit)
World of Warcraft
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
7/7/2013 1:32:18 AM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/13/2013 6:07:56 PM, Error: Microsoft-Windows-Time-Service [4]  - The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)
7/13/2013 6:07:42 PM, Error: Service Control Manager [7000]  - The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.
7/10/2013 12:58:28 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/10/2013 12:57:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy pefndis Psched rdbss spldr tdx Wanarpv6 WfpLwf
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 12:57:17 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please uninstall this application: µTorrent

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ok so, I kept getting commandline Standard stream splitter stopped working messages dozens of times throughout the scan. What I did was just kept clicking "close program" button.

When the scan finished, after all the stages, it didn't pop up with a log file on the screen? where does it save the log to check it created one?

Link to post
Share on other sites

found it in the c: directory. Didn't see that in the instructions but remembered from last time I came here for help about a year ago :) ComboFix 13-07-16.01 - Rick 07/17/2013  21:14:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.4869 [GMT -4:00]
Running from: c:\users\Rick\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Rick\AppData\Local\assembly\tmp
c:\users\Rick\EULA.txt
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-17 02:05 . 2013-07-17 02:05    941720    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{103D5384-834B-4D24-AF38-E4BC36E9EC7A}\gapaengine.dll
2013-07-17 02:05 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20998BA6-ECA2-4259-BDFB-3EAAF391AAF2}\mpengine.dll
2013-07-15 02:09 . 2013-07-15 02:09    --------    d-----w-    c:\users\EverydayCool
2013-07-13 08:14 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 16:58 . 2011-02-25 06:19    2871808    ----a-w-    c:\windows\SysWow64\explorer.exe
2013-07-09 22:14 . 2013-07-09 22:16    --------    d-----w-    c:\windows\system32\MRT
2013-07-09 21:17 . 2013-06-11 23:43    108032    ----a-w-    c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-09 21:17 . 2013-06-11 23:26    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-07-09 21:17 . 2013-06-11 23:43    817664    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17 . 2013-06-11 23:26    1084928    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-09 21:17 . 2013-06-11 23:25    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-07-09 21:17 . 2013-06-11 23:43    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-07-09 21:17 . 2013-06-11 23:26    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-07-09 21:17 . 2013-06-11 23:25    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-07-09 21:17 . 2013-06-11 23:25    19238912    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-09 21:12 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-09 21:12 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-08 23:07 . 2013-07-08 23:07    --------    d-----w-    C:\FRST
2013-06-30 15:01 . 2013-06-30 15:01    --------    d-----w-    c:\program files (x86)\WinPcap
2013-06-30 14:59 . 2013-06-30 15:01    --------    d-----w-    c:\program files\Wireshark
2013-06-27 18:43 . 2013-06-27 18:44    --------    d-----w-    c:\program files (x86)\Windows Live
2013-06-23 00:11 . 2013-06-23 00:11    --------    d-----w-    c:\program files (x86)\LinuxLive USB Creator
2013-06-19 01:50 . 2013-06-19 01:50    247216    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:56 . 2013-06-18 19:56    --------    d-----w-    c:\program files (x86)\EMET 4.0
2013-06-18 05:18 . 2013-06-18 05:18    --------    d-----w-    c:\program files (x86)\LiveUSB Creator
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 02:39 . 2013-01-26 03:56    290184    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-07-17 02:39 . 2013-01-26 01:41    290184    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-07-17 02:39 . 2013-01-26 01:41    291088    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-07-09 21:10 . 2013-01-25 01:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 21:10 . 2013-01-25 01:05    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-24 04:57 . 2013-01-25 05:12    78277128    ----a-w-    c:\windows\system32\MRT.exe
2013-06-21 08:45 . 2013-03-12 15:20    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 01:50 . 2012-08-31 03:03    139616    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-14 20:19 . 2013-06-14 20:19    549536    ----a-w-    c:\windows\apppatch\EMET.dll
2013-06-14 20:19 . 2013-06-14 20:19    149664    ----a-w-    c:\windows\apppatch\AppPatch64\EMET64.dll
2013-06-04 22:38 . 2013-02-20 00:11    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-06-04 22:38 . 2013-02-20 00:11    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2013-05-13 05:51 . 2013-06-12 00:25    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 00:25    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 00:25    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 00:25    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 00:25    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 00:25    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 00:25    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 00:25    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 00:25    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 00:25    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 01:31    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 01:31    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 00:25    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2013-01-25 01:24    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 00:25    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 00:25    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-01-25 01:03 . 2013-01-25 01:03    14794312    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"EMET Agent"="c:\program files (x86)\EMET 4.0\EMET_agent.exe" [2013-06-14 78496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys;SysWOW64\drivers\ArgusMonitor.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wfpcapture;wfpcapture;c:\windows\System32\Drivers\wfpcapture.sys;c:\windows\SYSNATIVE\Drivers\wfpcapture.sys [x]
R3 WfpCaptureUM;WfpCaptureUM;c:\windows\system32\WfpCaptureUM.exe;c:\windows\SYSNATIVE\WfpCaptureUM.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 pefndis;Microsoft PEF NDIS ETW Provider Driver;c:\windows\system32\DRIVERS\pefndis.sys;c:\windows\SYSNATIVE\DRIVERS\pefndis.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 1131008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347}: NameServer = 68.237.161.12,71.250.0.12
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone]
"Name"="EnableAll"
"Result"=dword:00000000
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-07-17  21:26:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-18 01:26
.
Pre-Run: 299,927,846,912 bytes free
Post-Run: 299,567,235,072 bytes free
.
- - End Of File - - 60ACE05AF52AD17EDC1826C25EF6B3E3
89B5DB6675722B3F1FCF978126515316
 

Link to post
Share on other sites

Well done!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Users\Rick\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\Rick\Downloads\uTorrent.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined

C:\Users\Rick\Downloads\Utorrent Download\ubcd521.iso Win32/PSWTool.KonBoot.A application deleted - quarantined

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.